Health info exchanges: Promises and possibilities

In many countries, getting medical treatment is way more tedious than opening a bank account. Here in the Philippines, you will most likely be asked to fill out a handful of forms. At a moment’s notice, you must be able to recall your entire medical history because your life may very well depend on it (a forgotten allergy could spell your doom!). Every visit to the hospital is like betting your life on your own fickle memory.

There are those who say that data-intensive systems (DIS) could be the key to this problem. A DIS is basically a system that accumulates, stores, processes, and/or streams large volumes of data. It is usually the go-to solution of governments and companies that seek to improve the delivery of basic social services and business operations. Examples of DIS include national identification systems, voter registries, SIM card registration systems, and smart city projects.

In the field of medicine, health information exchanges (HIE) are the most common DIS. With them in place, one can imagine healthcare providers having unimpeded access to a person’s medical data anytime and anywhere in the country. Accomplishing patient information forms would be a thing of the past.

Today, several countries use HIEs openly. Each one consists of a platform where the medical records of patients are integrated and stored. The records may be accessed electronically and can be shared between participating health care providers. Some of the primary benefits of an HIE, include: (a) giving physicians a holistic view of a patient’s medical history, thereby eliminating duplicitous laboratory tests, misdiagnoses, and inaccurate prescriptions; and (b) giving health professionals, researchers, and policy-makers access to large datasets from which relevant statistics and reports can be generated. Those figures, in turn, are invaluable to health policy and program development.

Make no mistake, though. DIS and HIEs are not without issues. A DIS can rely too much on the data it collects, while failing to appreciate context and human emotions. This leads to overly narrow and rigid interpretations of data. Other common issues relate to profiling, surveillance, function creep, and discrimination. HIEs are no different. Accessible medical data isn’t only great for patients and healthcare providers. Identity thieves and hackers are quite fond of them, too. With all these news about HIE-related data breaches making the headlines, you know it isn’t just paranoia.

Meanwhile, electronic medical records (EMR) stored in HIEs—the digital iterations of paper-based health records—are also vulnerable to human and technical errors. Sometimes, they result in encoding and retrieval glitches, with misdiagnoses still occasionally rearing its nasty head. Then there’s the problem with access itself: EMRs are unreliable in areas with weak internet connectivity.

In environments with no strong legal safeguards, an HIE is easily abused. The precious database may be used by companies for marketing purposes, or worse, profiling and surveillance in the case of governments.

The Philippine Health Information Exchange

Here in the Philippines, we have the Philippine Health Information Exchange (PHIE), which began back in 2016 but remains in a testing phase until today. It is a component of the government’s eHealth strategy towards universal healthcare and operates under the supervision of the Department of Health (DOH), the Philippine Health Insurance Corporation (PhilHealth), the Department of Science and Technology (DOST), and perhaps now, even the Department of Information and Communications Technology (DICT).

The objective of the PHIE is similar to that of other HIEs which is ultimately to improve healthcare service delivery. Privacy advocates remain apprehensive, though, because of some concerns that cannot be easily set aside:

There is no credible assurance that the government is more equipped today and better prepared to handle and secure large amounts of data.
The privacy program of the DOH—like most other agencies—is still being developed.
The Universal Health Care Act calls for the establishment of a health information system (HIS) which shall collect more data points than the PHIE. More personal data essentially means more privacy risks.
It is likely that the PHIE (and/or the HIS) will be linked to the country’s national ID registry once the latter becomes operational. This could mean more data breaches and more frequent misuse (or abuse) of data.

Proponents are quick to point out though that having a data protection law in place offers some degree of comfort. Provisions that afford security measures being embedded in the policies governing the PHIE can also be reassuring, just like having the National Privacy Commission around to guide the implementers of the system.

Way Forward

HIEs like the PHIE can help address the inefficiencies of a health care system even if they cannot provide all the solutions to its problems. To make sure that happens and to steer clear of negative consequences, the different stakeholders need to be involved in all relevant planning, monitoring, and evaluation processes. Policy gaps should also be identified and addressed.

These apply to other DIS, too, which are set to influence powerful and life-changing innovations in their respective fields or sectors. Amid their much-touted benefits, they could still pose a threat to people’s rights and freedoms if not properly regulated.

The application of good old-fashioned ethics will be critical, together with basic respect for human rights, and the will to effect meaningful change in the health sector as well as in people’s lives.

For more information about this issue, check out this briefing paper by the Foundation for Media Alternatives.

-----------------------------------------------

Maris Miranda is a Certified Information Privacy Manager. A former member of the Privacy Policy Office of the National Privacy Commission, she now serves as a resource speaker and consultant on privacy and data protection.