After 15 years and millions of wasted tax dollars, Connecticut finally has an operational health information exchange (HIE). The system that will hold all our medical information should improve patients’ lives, but the way it’s funded creates serious privacy and mistrust concerns. The Office of Health Strategy (OHS) is now taking public comment on their HIE’s proposed privacy policy.
Ideally, an HIE allows clinicians treating a patient to share medical records, so they are all on the same page. It should reduce medical errors and fragmented care. But HIEs have an enormous responsibility to protect patients. Polls have found that Americans want their providers to have access to their electronic medical records, but they are very concerned about privacy and inappropriate access. If Connecticut’s HIE only gave clinicians treating patients access to only their patient’s records, it would be valuable and this article would end here.
Unfortunately, OHS and Connie, the nonprofit OHS set up to run the HIE, are selling access to our medical records through subscriptions. So far, insurers and large health systems that make money by reducing our healthcare costs are able to buy subscriptions to the system. Access to others may be coming; researchers and app developers have already expressed interest. Connie’s board of directors has only representatives from insurers, large health systems, and state agencies. While insurers and large health systems have access now, patients can’t access their own records on Connie.
This is not a theoretical threat. Soon after the OHS announcement, a consumer contacted me because he is concerned. Someone he was dating, not a provider, was able to look him up in a large database of medical records and learned about his medical conditions.
The foundation of the doctor-patient relationship is that you can tell your doctor anything, no matter how sensitive, and it stays confidential. Doctors can give the best care because patients can be honest about their history, needs, and risks. Access beyond that trusted relationship compromises the quality of care and undermines patient trust in physicians. The challenges of COVID vaccine resistance underscore the already deep and often deserved mistrust of the medical system in many communities.
The second problem is that state law requires within a year that all Connecticut hospitals and labs must connect to Connie and all other providers must connect within two years. If you get any healthcare in Connecticut, your records will be in the system. While consumers can opt-out of Connie, they have to be aware of the change and know how to exercise their rights. Even when people opt-out, Connie acknowledges that some information will be disclosed anyway. Connie has not answered advocates’ questions about how much will be available and who will have access.
There are no plans for a consumer engagement or education campaign to let people know that this is happening. A robust public education campaign is essential as Connie will affect every Connecticut resident. However, people exercising their right to opt-out of the system would lower the value of Connie’s paid subscriptions.
Unfortunately, this sort of deception is not new in Connecticut state government. It worked when Connecticut Medicaid placed hundreds of thousands of members into PCMH Plus, a new payment model that gives large health systems half of any savings they are able to generate by reducing members’ costs of care. Under political pressure, the notices sent to members were edited to remove any reference to that risk. As members weren’t told about the dangers, very few opt-ed out of the system. In an absurd circular argument, the state then posited that the low opt-out numbers are evidence that members like the program.
Connie says that they comply with all federal and state laws governing privacy and access to medical records. However, HIPAA, the main law that covers medical record privacy, is badly out-of-date. It was signed into law by President Clinton in 1996, long before electronic medical records or big data existed.
While hacks into medical record systems are too common, OHS and Connie are inviting the scariest players in, for a price. The state needs to reconsider Connie’s costs and their financing plan. Selling our medical records is a poison pill that undermines any potential benefit of their HIE, erodes the doctor-patient relationship, and adds to mistrust of the entire healthcare system. Find another way.
Ellen Andrews, PhD, is the executive director of the CT Health Policy Project. Follow her on Twitter @CTHealthNotes.
The views, opinions, positions, or strategies expressed by the author are theirs alone, and do not necessarily reflect the views, opinions, or positions of CTNewsJunkie.com.
