A Declaration of Health Data Rights: Can't argue with it, but it's only a first step

I'm joining the party a day or two late, and am supporting:

A Declaration of Health Data Rights

In an era when technology allows personal health information to be more easily stored, updated, accessed and exchanged, the following rights should be self-evident and inalienable. We the people:

• Have the right to our own health data
• Have the right to know the source of each health data element
• Have the right to take possession of a complete copy of our individual health data, without delay, at minimal or no cost; if data exist in computable form, they must be made available in that form
• Have the right to share our health data with others as we see fit

These principles express basic human rights as well as essential elements of health care that is participatory, appropriate and in the interests of each patient. No law or policy should abridge these rights.

So, my first reaction: This is obvious stuff, right?  Say what you will about The People's Republic of Massachusetts, local law requires prompt provision of medical records to patients at nominal cost, and in the vast majority of cases, the rules are followed and everyone's happy.  In my own little world here in Boston, MA, The Hub of the Universe, I've never had a problem getting health data -- or pathology slides, or anything else -- released to me or shared with other clinicians when needed.  But, then, I suppose I'm an outlier: my physician is part of a totally wired multispecialty group practice, which has been wired for years and years; and I'm both an industry guy and a lawyer, so I know how to speak up when I need something, and perhaps folks are more apt to listen.  (Reminds me of the semi-apocryphal story of a classmate of mine who saw the "law student" stamp across the top of his medical chart at Mass. General years ago.)

Upon reflection, I realized that not everyone -- whether in Massachusetts or elsewhere -- has the same ease of access, and while the declaration is sort of a no-brainer, it is important to put it out there, and I'm happy to join the folks who got this thing going, including Adam Bosworth, David Kibbe, Jamie Heywood and Gilles Frydman (forgive me for leaving other names off this short list).  I discussed the Declaration with Gilles Frydman, who agreed that it is just a first step, but a critically important one to take while the national dialogue is focused on electronic health records.

Additional steps down the path will have to include other common-sense guarantees that are already enacted into law here and there, including guarantees concerning the rights of patients to obtain test results through their physicians or otherwise, the ability of patients to correct errors in their records (so we don't have easily-accessible garbage), as well as easy access to interoperable electronic health records and non-tethered personal health records.

There are good reasons why some physician notes in some patient records should not be shared with patients or family members (a subject for another day), but this Declaration is focused on data -- not free-text notes -- so those notes would not be covered.

What other rights along these lines would you like to see guaranteed?

Update 6/27/09:  Many supporters have signed onto the Declaration.  One notable exception: Jen McCabe, who was in on some early drafts, but feels strongly that the darn thing doesn't go far enough.  Jen has blogged about her thoughts on the subject and has laid out her own more comprehensive patients' healthcare information rights manifesto.

I agree with Jen's sense that the Declaration is a first step, a baby step, and that there's a lot farther to go.  However, I see this first step less as a near-futile gesture, and more a real first step, a way to to get the conversation moving at a time when it can converge meaningfully with parallel conversations about implementation of ARRA / HITECH Act / Son of HIPAA provisions.  As the old saying goes: A journey of 1,000 miles begins with one step.

Here's what I would like to see providers who are prepared to sign onto the Declaration do as a next step: Without waiting for government action, initiate a campaign to amend their HIPAA Notice of Privacy Practices (NPP) (perhaps now, perhaps as part of the NPP amendment that will have to be rolled out once the Son of HIPAA regs are finalized by next February) to incorporate into a standard form contract that binds the providers the next steps that Jen calls for now and that most, if not all endorsers of the Declaration would also agree are necessary and important.  This simple, yet far-reaching step, would have a greater impact than an endorsement by a provider organization.  These should include guarantees of the "common sense" rights articulated above as well as the following patient rights:

• The right to correct erroneous data -- and a mechanism for noting disagreements with clinicians
• The right to control access to data -- access for all purposes: care, payment, secondary use (including clinical research and marketing)

In the past, non-standard NPPs were drafted and distributed by patient advocacy groups for patients to use and add to their providers' NPP forms.  However, patient-specific NPPs are unadministrable.  In order for this to work, there needs to be adoption form the provider side, either as a result of new regulation, or as the result of a populist follow-on to the Declaration.

As I wrote above: Please join in; what other rights would you like to see guaranteed as part of the Declaration?  What are your thoughts on this approach?

David Harlow
The Harlow Group LLC
Health Care Law and Consulting