Is access to healthcare records a problem?

Did you know that HIPAA (the Health Insurance Portability and Accountability Act) not only protects your healthcare records privacy, it also protects your access to your healthcare records in a safe and easy manner? If you did not, you are not alone. Unfortunately, despite having this law in place, some patients encounter significant hurdles when they try to access their healthcare records. Our team of 5 students from Harvard University is working with the Department of Health and Human Services (HHS) to streamline the process of helping patients access their health records. (read more about our project here).

Our first instinct was to try and understand this problem from people who have the most frequent interactions with the healthcare system — patients (especially those who require long term or frequent care), healthcare providers (doctors, hospital administrators, etc.) and patient advocates — to understand their experience with the healthcare records system. However, as we started to talk more amongst ourselves about what healthcare record access meant to us individually, we began to notice that within our group, some of us cared much more than others about having easy access to our healthcare records. We began to recognize that this could be reflective of the broader society, which made us realize that we should talk to people who do not have frequent interactions with the healthcare system; people who rarely thought about having access to their healthcare records.

People We Talked To

To explore the experience of the “average” person, we talked with people who were at South Station, shopping malls and areas around Harvard Square. We also reached out to friends at school and relatives who lived in different states. We ended up talking to many people from different demographics, professional backgrounds and different levels of engagement with the healthcare system, which gave us wide range of viewpoints to think about.

To understand the view point from within the medical community, we talked to legal experts, patient advocates and doctors. Some of the experts we talked to include:

Daniel Sands  MD Co-founder, Society for Participatory Medicine

Daniel Sands MD Co-founder, Society for Participatory Medicine

Regina Holliday,  Patient rights advocate

Regina Holliday, Patient rights advocate

Deven McGraw  Chief Regulatory Officer, Ciitizen

Deven McGraw Chief Regulatory Officer, Ciitizen

Finally, to expand our reach, we leveraged the power of the internet to conduct an online survey that asked people what they thought about their healthcare data. With the help of friends on Twitter, we received over 180 responses in the first two weeks.

Takeaways

After three weeks of talking to people and analysing the online survey results, we’ve gained a lot of unique insights from talking to people with a wide range of different perspectives. Here are 5 key takeaways we had: 

1. There’s a general lack of engagement and understanding surrounding health data.

“UPMC sends so much stuff to be honest. The information is there all of the time. I don’t really know and I don’t have any interest to be frank.” 

For many people we spoke to, especially those who were young and had little pre-existing healthcare conditions, the thought of accessing their healthcare records only crossed their minds when they were asked for it (i.e. when they moved, for school, etc.). These requests tend to be one-off requests. While many acknowledged that the process could be tedious, long-drawn and painful, they usually just went through it once and forgot about it.Many people were not aware what rights they had to access that information. 

2. People are concerned about their data being used for employer and insurance discrimination and identity theft.

“A hospital can get screwed no problem [in regards to losing health data].”

Understandably, many people are worried about having sensitive information leaked and for the world to see. However, beyond the point of keeping personal information and medical records private, many people were much more worried about the downstream implication of that healthcare data leak — would someone be able to use that information to discriminate against them? 

3. There is power in knowing your rights under HIPAA.

“If you can’t see the data, you can’t make choices.” 

When patients don’t know what rights they are entitled to - for example, that they can request their providers email them their healthcare records - they interact with the healthcare system in a very passive manner, accepting whatever restrictions placed upon them with little idea of what a reasonable alternative could be. If patients are aware of the rights they have under HIPAA, they are likely to feel more confident using them to make certain requests when they speak to their doctors. This gives them more agency over their own healthcare. 

4. Health operates on a spectrum.

“I’ve only had like two surgeries in my lifetime. I just kind of rely on the doctors.”

 As we engaged with more healthcare advocates and empowered patients, it became increasingly clear that we all transition along the spectrum between healthy and unhealthy throughout our lives. Most people, in the healthier years of their lives, rarely think about needing access to their healthcare records. However, as they or their loved ones fall ill, or grow older, interacting with the healthcare records system—and learning how to navigate the complexities — becomes increasingly difficult to avoid. 

5. The world is complex and so is the Electronic Health Records (EHR) infrastructure.

“We have a topsy turvy system. No other country has this. No other country has what we are going through.”

The social, cultural and political complexities of our reality are mirrored in the intricacies of our EHR infrastructure. As healthcare providers shift to digitized records, the EHR systems hospitals put in place may not always be connected to one another because of how complicated the whole process is: getting the EHR systems up and running, to transferring piles and piles of medical data from converting physical copies into digital ones, and to ensuring there is sufficient security for data protection.

Some Parting Thoughts 

The one key insight for our team was that health operates on a spectrum.People transition between healthy and unhealthy states throughout their lives, and this affects how they care about many things, including healthcare. Even if they don’t care about healthcare now, it is likely that they eventually will have to. While this is an obvious point, it frames how we need to approach solutions. 

Having this point made clear during our user research made us rethink the ambivalence some of us felt earlier about having easy access to our own healthcare records. It is true; many of us are healthy and young, and we may not see a need to access our healthcare records now. But what happens when we eventually fall ill at some point in time in our lives, and suddenly need all the past medical data that we thought was insignificant? Would we know where, or how, to get them? Would we be able to anticipate the difficulties we might face in getting them, especially under time pressure? 

Thinking along these lines helped us uncover a group of people that overlapped between the two initial groups that we identified — people who were transitioning from being healthy to being sick, and may need to start access and transferring their healthcare records more frequently — and we decided that it might be interesting to follow this thread and think about ways we could help to make this transition easier for them.

Bobby, David, Jen, Manasi, Rridhee

Does the Healthcare privacy law work in practice?

Have you ever tried to get your personal health care information from a health care provider, only to be frustrated by consent forms, lack of electronic communication, or simply outright refusal to comply? Often such excuses are devolve into ‘We can’t do [your request here] because of HIPAA’, and such misinterpretations of the law are more common than you think.

Even if you’ve been spared from such experiences, you’ve probably still visited the doctor’s office at some point in the last 15 years and interacted with this piece of legislation. Remember that form they asked you to sign but you just skimmed (or didn’t read at all)? Most of us know it as ‘that privacy rights thing’, and it’s actually a small part of a big piece of legislation called the Health Insurance Portability and Accountability Act (HIPAA).

What exactly is HIPAA? To start, it’s legislation, passed by congress in 1996, finalized in 2003, substantially amended in 2009 and further augmented in 2013, designed to protect and improve the healthcare system for all Americans. From its beginning, HIPAA has been marred by skepticism from the healthcare industry. Some skeptics saw it as another bureaucratic barrier to providing efficient healthcare, while others wondered how these complex rules and regulations could be effectively enforced. In the intervening years, the healthcare industry has had time to adapt but many of the early criticism still stand, and now joined by a growing list of tech-related complications.

How HIPAA is often perceived in our cultural consciousness. Cartoon retrieved from:    https://www.physicianspractice.com/hipaa/downside-hipaa-compliance-practice

How HIPAA is often perceived in our cultural consciousness. Cartoon retrieved from: https://www.physicianspractice.com/hipaa/downside-hipaa-compliance-practice

In fact, HIPAA constitutes five titles, but most people focus on Title II: HIPAA Administrative Simplification. Title II seeks to establish a national standard for the transfer of electronic records and  ensure healthcare information databases are secure. This part of HIPAA is where most of the criticism is directed towards. It is also where we come in.

The Harvard Team

From Left to Right: Jen, Bobby, Amy, Manasi, Rridhee, David. Not pictured: Shannon, Benno

From Left to Right: Jen, Bobby, Amy, Manasi, Rridhee, David. Not pictured: Shannon, Benno

We are a team of five Harvard students in DPI-663: Technology and Innovation in Government, a Harvard Kennedy School field course designed where students conduct original research to solve real problems in government. This Spring, we are partnering with Amy Gleason, Shannon Sartin, and Benno Schmidt, three members of the Digital Service at the U. S. Department of Health and Human Services. Together, we will be tackling the challenge of helping both patients and providers navigate this oft-misunderstood legislative labyrinth. 

Picture3.png

Jen Chen is a second-year Master in Public Policy (MPP) candidate at the Harvard Kennedy School (HKS). Jen hails from sunny island Singapore, where she will return to work in the government after graduation. Jen spent four years in East Asia (Beijing and Tokyo), focusing on regional affairs and trade relations. She is now focusing on digital governance and tech development at HKS. 

David Leftwich is a first-year Master in Public Policy (MPP) candidate at the Harvard Kennedy School. Born and raised in Pittsburgh, PA, he graduated from the University of Pittsburgh in the spring of 2018. In the past, David has interned with USAID, the Hudson Institute, and the State Department. David hopes to focus on digital governance and bringing more user-centered design to policy. 

Manasi Maheshwari is a sophomore at Harvard College studying computer science with a secondary in economics. From Fremont, CA, she has interned for CA-D17 Congressman Ro Khanna’s congressional campaigns and as a software engineer improving user experience with chatbots. With a desire to focus on human-centered design in policy, she is interested applying technology to improve government practices.

Rridhee Malhotra is a second year Master in Public Policy candidate at the Harvard Kennedy School. She is from India and before HKS worked for four and a half years with Government of India on the world’s largest digital identity program called Aadhaar to deliver public services and cut down corruption in supply chain. After Kennedy School, she hopes to build systems which effectively manage the trade-offs between risks and opportunities of collecting data. 

Robert ‘Bobby’ Wang is a masters student at the Harvard Graduate School of Design. He came to the USA from his small home of New Zealand six years ago to pursue a degree in industrial design at RISD. Since graduating he has practiced as both a designer and engineer in the tech sector. He’s now in grad school focusing on the intersection of humans and technology.

The Problem

Our client for this semester, the U.S. Department of Health and Human Services, framed the problem this way:


 ‘The HIPAA privacy rule was designed to provide patients with access to their entire medical history, while simultaneously protecting the patient from the unnecessary disclosure of their medical information. HIPAA, however, is often used as the justification for not sharing medical information—even when the patient is requesting their own medical history. From the perspective of patients and clinicians, why is a healthcare policy designed to increase the portability of a patient's medical history also a roadblock to accessible and interoperable medical information?’

Ready, Set, Go.

We wanted to experience potential issues with HIPAA firsthand, and we all attempted to retrieved our own health records. It was surprisingly simple to get our own health records online within minutes. 

However, upon some reflection, we became wary that this ease comes from the privileged positions that we hold. We all have access to top-tier healthcare providers with quick and easy access to personal information. This was confirmed by Amy, our HHS collaborator. She pointed out that most Americans do not have access to such systems and have to call in, or even make in-person visits, to retrieve their medical information. 

More importantly, Amy informed us that these databases are flawed. Often, they contain incomplete patient histories without the details of each doctor’s visit. Further, they do not always include visits to medical providers outside of their health care system. The process of transferring information between caregivers can also be difficult, and HIPAA has commonly been cited as a reason for the reluctance to transfer the patient’s information — even thoughHIPAA allows patient record transfer among physicians, if they are treating the same patient.

The Longwood Medical and Academic Area contains a number of medical and research institutions and will serve as a great resource in our research.Image retrieved from:    https://www.jumpshell.com/boston-neighborhoods/longwood-medical-area

The Longwood Medical and Academic Area contains a number of medical and research institutions and will serve as a great resource in our research.Image retrieved from: https://www.jumpshell.com/boston-neighborhoods/longwood-medical-area

Moving Forward

Our next step is to talk with caregivers, administrators, doctors, patients, and researchers. Fortunately, we live in Boston, which has one of the highest concentrations of medical and research facilities in the country. 

Do you have firsthand experience with HIPAA? Have you had challenges getting access to your medical information?  Let us know at david_leftwich@student.hks.harvard.edu.

Bobby Chen, David Leftwich, Jen Chen, Manasi Maheshwari, & Rridhee Malhotra