Saturday, January 31, 2009

(Confidential) Letter to self - and you, and you, and you... ?

Hi PJ,

I'm wondering if you can help with something that's been troubling me a bit...?

You know that as a nurse (and future patient!) confidentiality (which increasingly relies on the security of ICT systems) is of course vital to your profession and professionalism both in theory and practice. Quite rightly take this for granted and you could be in serious trouble, with your job in jeopardy.

I’ve been wondering about the way that Jo-public views their personal health information and clinical record and how these views have evolved over the past decade and how they will change in the next 5, 10 .... years? A change that will have major implications for definitions and the meanings of record, access, sharing, personalised, and professional. This is also one of those slippery slopes; since it will be very difficult to get that emerging genie back in the bottle. The clinical record even with new consent models will increasingly make it a currency for exchange within a *wider* community given the rise of electronic and personal health records, Health 2.0, 3.0…. By 'community' I mean one not just restricted to health and social care organizations, but one that could be much more extensive.

There are a lot of tools out there in the public domain that enable the creation of new portals, services to which other agencies can add value. This is not a problem: 'value-added services' is one definition of progress.

The problem is the pace of change and the extent.


Health has always been commodified. Recently on the news I heard that a kidney is probably worth 1.5 million dollars.

Perhaps for the ‘professions’ given the sanctity of clinical records this is the
ultimate trip?

Any thoughts or directions to references…?

Many thanks and best regards,

'Your other half'
P.S. People had better be careful when they mix personalised and professional - that's quite a potent concoction. I wonder if you can sell it?

<->

Additional links / reading:

Nursing & Midwifery Council - Standards

Viewpoint Paper

A Research Agenda for Personal Health Records (PHRs)
David C. Kaelber, Ashish K. Jha, Douglas Johnston, Blackford Middleton and David W. Bates
Journal of the American Medical Informatics Association, Volume 15, Issue 6, November-December 2008, Pages 729-736.

Abstract:

Patients, policymakers, providers, payers, employers, and others have increasing interest in using personal health records (PHRs) to improve healthcare costs, quality, and efficiency. While organizations now invest millions of dollars in PHRs, the best PHR architectures, value propositions, and descriptions are not universally agreed upon. Despite widespread interest and activity, little PHR research has been done to date, and targeted research investment in PHRs appears inadequate. The authors reviewed the existing PHR specific literature (100 articles) and divided the articles into seven categories, of which four in particular— evaluation of PHR functions, adoption and attitudes of healthcare providers and patients towards PHRs, PHR related privacy and security, and PHR architecture—present important research opportunities. We also briefly discuss other research related to PHRs, PHR research funding sources, and PHR business models. We believe that additional PHR research can increase the likelihood that future PHR system deployments will beneficially impact healthcare costs, quality, and efficiency.


From the above:

Markle Foundation http://www.markle.org

Robert Wood Johnson Foundation http://www.rwjf.org


Considering something ‘ELSE’: Ethical, legal and socio-economic factors in medical imaging and medical informatics
Penny Duquenoy, Carlisle George, Anthony Solomonides
Computer Methods and Programs in Biomedicine, Volume 92, Issue 3, December 2008, Pages 227-237.

Abstract:
The focus on the use of existing and new technologies to facilitate advances in medical imaging and medical informatics (MIMI) is often directed to the technical capabilities and possibilities that these technologies bring. The technologies, though, in acting as a mediating agent alter the dynamics and context of information delivery in subtle ways. While these changes bring benefits in more efficient information transfer and offer the potential of better healthcare, they also disrupt traditional processes and practices which have been formulated for a different setting. The governance processes that underpin core ethical principles, such as patient confidentiality and informed consent, may no longer be appropriate in a new technological context. Therefore, in addition to discussing new methodologies, techniques and applications, there is need for a discussion of ethical, legal and socio-economic (ELSE) issues surrounding the use and application of technologies in MIMI. Consideration of these issues is especially important for the area of medical informatics which after all exists to support patients, healthcare practitioners and inform science. This paper brings to light some important ethical, legal and socio-economic issues related to MIMI with the aim of furthering an interdisciplinary approach to the increasing use of Information and Communication Technologies (ICT) in healthcare.

Situation-Based Access Control: Privacy management via modeling of patient data access scenarios
Mor Peleg, Dizza Beimel, Dov Dori, Yaron Denekamp
Journal of Biomedical Informatics, Volume 41, Issue 6, December 2008, Pages 1028-1040.

Abstract:
Access control is a central problem in privacy management. A common practice in controlling access to sensitive data, such as electronic health records (EHRs), is Role-Based Access Control (RBAC). RBAC is limited as it does not account for the circumstances under which access to sensitive data is requested. Following a qualitative study that elicited access scenarios, we used Object-Process Methodology to structure the scenarios and conceive a Situation-Based Access Control (SitBAC) model. SitBAC is a conceptual model, which defines scenarios where patient’s data access is permitted or denied. The main concept underlying this model is the Situation Schema, which is a pattern consisting of the entities Data-Requestor, Patient, EHR, Access Task, Legal-Authorization, and Response, along with their properties and relations. The various data access scenarios are expressed via Situation Instances. While we focus on the medical domain, the model is generic and can be adapted to other domains.


Patient Information Advisory Group - PIAG: http://www.advisorybodies.doh.gov.uk/piag/

Picker Inst. http://www.pickereurope.org/