Heathcare Information Technology: Where does patient privacy fit into Green Mountain Care?

by Rob Roper

Montpelier – The most interesting part of the Green Mountain Care briefing on Heath Information Technology was what wasn’t said.

Hunt Blair, Deputy Commissioner, Health Care Reform, and Dr. David Cochran, President of Vermont Information Technology Leaders gave a two-part presentation that lasted for over two hours and fifteen minutes and covered a range of topics regarding potential opportunities efficiencies for gathering and disseminating medical information. Not once during either presentation did the presenters mention nor did the board ask about how patient privacy figures into this technological equation. This, on a day when the lead headline in the Burlington Free Press was about a doctor who violated the privacy of a woman who was not his patient.

True North Reports asked about patient privacy in the Q&A session and received the following answer from Dr. Cochran. “There is a set of expectations… that basically require… a certified electronic health record that has the capability and the requirements to keep that information secure so it can’t be breached and accessed. Now, acknowledge here that most privacy breaches are actually done by people who have permission to get access to that information.”

He went on, “So, there are policies and there are agreements that we have with practices that make clear what the responsibilities are, and one of the pieces that we actually do with practices is a security/privacy risk assessment that trains about how to do this. We do this because one, frankly, of our concerns is that small practices in particular may not have appreciation for the risks associated with the information they hold and some of the steps that they need to do to make sure that that’s protected.”

Cochran also referred specifically to the Health Information Exchange, which he asserted has very strong privacy protections, the data actually being held in a “security tank” located in Utah and/or Denver. “[They] are very protected, and that becomes a important piece of maintaining that security for us in the exchange. Information in transit is, of course, encrypted, so it’s protected that way…. This is why we have something called the information exchange rather than simply the internet — so that we can actually ensure that there are some mechanisms in place that are controllable.”

What was striking about the formal presentation was the demonstrated lack of technology in doctors’ offices today. Board member Al Gobeille recounted a story about visiting a doctor’s office that each morning took all the paper files of that day’s patients and laid them in a line. At the end of the day, all those paper files had to go back into their cabinets. If anyone canceled an appointment, it was a tremendous hassle.

This was in stark contrast to Gobeille’s own restaurants, which he said compiled considerable data via computer on every table’s order. That data is then used to streamline orders, set menus, etc. The data and the ability to use technology makes for a more efficient business and a better customer experience. The hope is this sort of innovation can be applied to healthcare.

The difference is that the information Gobielle is collecting in his restaurants isn’t creating specific files on what each of his individual customers eats, complete with identities attached. Therein lies the danger and the balance that needs to be reached between medical efficiency and patient privacy.