Electronic Health Records: PHR Opportunities for Public Health – Part 1
In this podcast, Dr. Ken Mandl discusses electronic health records and personally-controlled health records. Dr. Mandl leads the IndivoHealth personally-controlled health record project, the original reference model for the Microsoft, Google, and Dossia personal health records (PHRs or PCHRs). He has successfully used PHRs for immunization and influenza, leads efforts in real-time surveillance systems, and is currently adapting personal health records for longitudinal and genomic research. The lecture was given at CDC on June 19, 2009. Created: 9/10/2009 by Coordinating Center for Health Information Service (CCHIS), Healthy Healthcare Settings Goal Team, Office of Strategy and Innovation.
Date Released: 6/3/2010. Series Name: Public Health Lecture Series.
Electronic Health Records: PHR Opportunities for Public Health – Part 1
[Announcer] This podcast is presented by the Centers for Disease Control and Prevention. CDC - safer, healthier people.
[Dr. Mandl] Well, thank you. And this -- that very warm welcome means a lot to me. It's been a privilege over the last six or so years to not only be involved in the CDC as a grantee through an RO1 grant and then a Center of Excellence in Public Health Informatics that I co-direct, but also it's been really a highlight for me to serve in an advisory capacity to the CDC. It's been wonderful to be able to interact, to watch the CDC grow in this area and to have Les step over into a dual academic and governmental role so that now we have a true counterpart to connect these activities to.
So let me start by taking it up to a high level and reminding you what we're really talking about here is that there's --there are activities emanating from the White House now around healthcare reform, and we can include in that health reform, we can include wellness. Let's think broadly. But there's money being spent on something called healthcare reform right now, and one piece of that is electronic records. I urge us to think about electronic records as serving the needs of health and new models of healthcare delivery, rather than as an end unto themselves. And for that reason, I'm gonna talk about some approaches that I have toward developing these technologies in ways that promote that kind of flexibility so that when interesting things are happening here, for example, and we're getting enlightened as to how to manage population health, we can use these technologies. These technologies are flexible and support innovation. So we have to be able to support innovation in the way we deliver healthcare, in the way we reach out to individuals. The health information technology has to do that.
So, a lot of this is gonna be linked to the money, okay? And we need to have a more efficient healthcare system. So we need to think about health information technology. It will serve us well to think about it linked to the finances which are the ultimate goal for at least the next few years, to get those under control. It's gonna be very important for us to be a healthy nation.
We also have to support a shift to activity that's happening outside the traditional health system. I don't think that's a foreign concept here. But let's remember that patients, consumers, are becoming more educated. They have more access to resources. They have more access to technology. And they have more access to each other.
Let me just give you a small example. TuDiabetes is a very popular social networking site for patients with diabetes. And on that site -- it's like Facebook for diabetes -- on that site, people are interacting with each other, they're learning about pumps and glucometers. They're learning about insulin doses. They're learning about diets. They are talking to each other. They really are managing disease in very interesting ways.
Here's some data. Over one year, members in just -- we pulled some data off the site. Ten selected geographically and demographically diverse states spent about 54,000 hours online at the site. Okay? The average time on-site per member was just over six minutes per visit. Okay? At least half of these were returning members. Had we attempted to provide this much face time in the traditional health system, even assuming an unrealistically low reimbursement rate of a hundred dollars per hour, the cost would have been five million dollars.
Okay, so that's a back-of-the-envelope calculation, but just to demonstrate that people are out there doing stuff. We actually have the opportunity to help shape that experience for them and to help actually interject a framework that is healthcare-based. What's happening in those online communities currently is really not attached to the healthcare system, or the public health system, in a significant way.
So let's think about electronic technologies. The major focus right now of the Obama administration and the Office of the National Coordinator of Health Information Technologies on electronic medical records. Now, what are electronic medical records? They're these -- they're basically like, it's sort of like your version of Microsoft Office for your office for health. And what do they do? They do a bunch of things for you. They help you with your documentation for your visits. They help you do billing. They help you integrate laboratory information systems. They help you do -- manage your medications. Maybe some communication capabilities, maybe not. But this is really where the focus is.
What we've learned from Dr. Blumenthal in a paper he published in The New England Journal in 2008 is that actually only about four percent of primary care practices have sort of fully functional electronic health records. In 2009, just a couple months ago, we learned that only about one point five percent of hospitals have these full record systems in place. So, one conclusion that people might make is that this is because doctors are Luddites and are scared of technology and don't like technology and won't adopt technology.
So, here's a radiologist using some pretty advanced technology. Radiologists like technology. Here's a robotic surgery tool. When I go around hospitals, I actually see a lot of technology that I barely understand and I see people using it in quite facile ways. I also see people using personal technologies, iPhones and mobile devices, and personally, I don't actually believe right now that the main barrier is the lack of willingness to adopt useful technologies. So, one issue is that the technologies that have been available to date in electronic medical records come from a handful of vendors. They've tended to be expensive. They're very tough to integrate into physician workflows, they reduce productivity, and they've been difficult to customize or integrate across systems. So, if you have one product from one vendor and one product from another vendor, very hard to get them to talk to each other, exchange data in any kind of way. So, this has, I think, been a barrier. So, in a paper that I published with my colleague Zak Kohane a couple of months ago in The New England Journal which we called "No Small Change for the Health Information Economy," we suggested that health information technology, including the technology in physicians' offices, should look a lot more like an iPhone than it really does now.
And what do I mean by that? I mean actually something very specific. Not just that it should be really beautiful-looking, but also that it should be essentially a platform. It should be a platform, and that we can have on that platform, applications. So, all those little squares on the iPhone, if you don't use one, are applications that you can buy from the iPhone applications store for about 99 cents. And they do things that you want, because -- and you know you want to do them because you paid for them. They'll manage your to-do list and your calendars. They'll be games.
When we submitted this paper in January of 2009, there were 10,000 applications for the iPhone. When it was published in March, there were 25,000 applications for the iPhone. Most recently -- I checked a couple weeks ago -- there were 50,000 applications made for the iPhone. So, we put out a statement just yesterday, actually, that details a bit more about what we mean, about how this platform should look. And if anyone's interested in it, it's in chip.org/platform. And I'm happy to talk about that later. But the basic idea is that you have a common interface, so the iPhone offers a platform, and it lets software developers build substitutable applications. And when I say substitutable, I mean you can take it, you can buy it, it's not that expensive, and you can throw it away. And then you can get another one that does it better. Okay? So, if you don't like your to-do-list application, you throw it away and you buy another one for 99 cents. Okay? What this does is it pushes innovation to the edges. Everyone making to-do-list applications for you has to compete with each other. They've got to get the price down, and they've got to actually make something that you want to use. All right? So it avoids -- there's no vendor lock. You do have the platform -- some platforms, actually, they get you locked into the platform. That's a whole other interesting set of issues, but once you're committed to a platform, the innovation capabilities are actually quite unlimited. And it's -- you have no shrinking -- no switching costs, really, very low, and you avoid vendor lock.
So, what kinds of platforms are out there? Well, there's two major axes, I think, where you could look for how to have a platform. One is whether the platform is open, like an open-source platform, and one is proprietary, like the iPhone platform. It's highly proprietary. Okay? And there's a whole debate there which I'm not coming down on one side or the other of right now.
The other is provider-centered versus patient-centered. Okay? So you could have a platform that's running on a patient's data, or you could have a platform that's running on a doctor's office's data or a hospital's data. And those actually look rather different, although many of the principles are the same. So the substitutable model is important, whichever one of these axes, and whichever side of the axis you're on.
Let me talk about why, to date, the institutional models, the platforms that are running -- they're not platforms, but the systems that are running on provider data have had problems. Okay? The problem is that hospitals and institutions, they don't want to share data with each other. Okay? So in Boston, Care Group, which has Beth Israel Deaconess in it, and Partners, which has Mass General and Brigham, they don't share data with each other. They're down the street from each other. They're within, you know, a quarter of a mile, but they don't share data. So if you show up in one emergency department, you don't have the data from the other emergency department available there. Why? Because this data are controlled by Chief Information Officers who perceive the data as proprietary, that there are issues of competition. Privacy has been used as an excuse, and it is one if you put data into a health information exchange cloud, there are a lot of issues with identifiability and who's gonna have access to that data. HIPAA has been used as an excuse not to share the data, although if you read HIPAA, it actually encourages you to share data electronically with patients. And there's no dedicated resources to do so, and this stuff is actually not cheap if you have to have a model that involves multiple institutions. Also, if you have a model in a traditional health information exchange, unless there's only one system that's managing all these hospitals, you need data-use agreements between all these hospitals. So that's N-squared data-use agreements with full legal, often needing to be renewed annually. So there are issues.
The other problem is that -- so, because the hospitals don't share data, and because there's no electronic flow to individuals, if a patient goes and requests their records at each place, what happens is they just get a stack of records at each place. Okay? So we have, even in those low percentage of -- Boston is pretty wired, so we're all wired. Even so, we still give records on paper to our patients if they need to bring their records somewhere else.
So, what we developed over the last about 14 years is a different approach, an approach whereby the patient can request their data from each hospital electronically. Okay? So, our project is called Indivo, so I'll refer to Indivo as the personal health record here. So, the Indivo server, basically, is kind of like a Quicken -- does anyone here use Quicken? Has anyone here ever used Quicken? A bunch of people. So, Quicken lets you put some software on your desktop, and then connect to your bank account, your investment account, your retirement account, and bring all that data in locally to a particular piece of software where you can run all kinds of analytics on the data across all those different accounts -- and your bank and your investment firm, they don't have anything to do with each other. They don't have agreements with each other for these data to come together. The individual owns the data and integrates it themselves. So, here, the point is that you can integrate your data. Does this need to be done with you being a computer jockey and clicking your way through everything? Not necessarily. It's really your rights to the data that allow it to be integrated. This could be done with a signature at check-in at these places. All right? So this is not necessarily something that's gonna divide around digital-divide issues. This can happen with a signature at check-in. So, the data comes together in a single record, and that record looks a lot like a comprehensive record over space and time. Now, the interesting thing about this is that the collection of these records looks an awful lot like a population-health database that's actually integrated across sites of care. So, it's really on this principle that we got very interested in this because we saw a link between what's going on on the clinical side and what's going on on the population side. Not only do you have these records, but you actually have communications links with each of these individuals. So, a personally controlled health record stores all of an individual's information in a container with patient control, interoperability, and open standards. And we wrote about this in 2001 in the British Medical Journal. Okay? And this was about three years into our National Library of Medicine Grant to begin to create these technologies. So it's a container to store and share your personal health. It's kind of a virtual medical home, and it's a place where services, including public health, can reach individuals. So, the patients can access their record. They can grant access to others; that's specific to their role. They can grant access to selected portions of their record. They can store their record in a location of their choice. And they can annotate in the record. And in the Indivo system, you can't delete. We leave that there. Microsoft and Google have implemented -- everyone's got a different policy about what you can do, whether you can change the data, how much control you have over the data. I think Microsoft actually lets you change professionally sourced data right now in the system. We sort of keep that intact so that it becomes useful later. But this is an issue of how much personal control is the right amount.
So, Indivo, the system we developed here, and this was developed with, initially, funding from the National Library of Medicine, but we've also had significant investment by the CDC since 2004, is an open-source, personally controlled health record built to public standards, and we've got many deployments. At Children's, we're making this available now to all our patients, and we're a tertiary-care pediatric hospital of large size at Harvard Medical School. MIT, we deployed for all students and employees. Dossia is a consortium of some very large companies, including Walmart, AT&T, and Intel, which got together to produce electronic health, personal health records, and give them to their employees for employee health promotion plans. And they used the Indivo software, and there are also some interesting experiments going on in the academic side at McMaster and McGill. We have a new release of this coming out this summer.
I'll just show you briefly just, this thing actually exists. It has screen shots. I don't really do software demonstrations, but let me just tell you about a few verbs that you need to know in order to navigate the personally controlled health-record world. One is subscribe. So, subscribe is I go to a new place, and now I subscribe to that data source. I get the data from my free-standing surgical suite or from my primary-care clinician or from my pharmacy. I subscribe. Like Quicken, I set up an ongoing link to that data that is updated and on some regular tempo, to be determined. You can share the record. Okay? You can share the record. This becomes very important. If you are aging, you may share that with your adult child who's managing your care. You may share this with your physician, who might have no electronic record, or may have access only to the record from their own electronic health-record system and not to the other systems where you may have integrated across multiple sites of care. And you can export. This is your data. You can take it out of one system, put it into another, stick it on a thumb drive. You can do what you like with it. We built an open system. There are now proprietary systems out there -- Google and Microsoft -- but we think it can be -- it's very interesting to work with an open system because we can extend it. We are in control of the code. We can extend it to provide new capabilities. The open standards allow ready information exchange. Open APIs, and I'll show you what I mean by that. That's the layer out to these developers who can create these innovative applications. And open source allows compatible and adaptable deployments. We sort of hammered these principles home in two meetings, one in 2006, one in 2007. CDC was well represented at both. We invited 100 people each year. And this was the first time Google and Microsoft were ever in the room together, thinking about personal health records. Neither had a business plan yet, but they knew they were interested in this space. The Dossia folks had sort of just started to come together as a consortium, knew they wanted to do something in this space. And there were a number of federal agencies, including some that were actually quite far along, like the Veterans Administration, who had a version of a personal health record, not a portable one, but one that was used in very interesting ways. We got together, and in 2006, we said, you know, the personal control model is very important. You can't sell the data back to people -- it's their data. You can't charge them for the use of it. And you really shouldn't be accessing it without their permission. This is their data. In 2007, we said the platform’s very important. Now, what happened is within a very short time after these meetings, we ended up with three very, very similar platforms, with important differences, which I'm not going to go into now, but they're very interesting. Some are technical. Some are more social. Some are business model. But basically, HealthVault, which is the Microsoft version of this, which is almost exactly like the 2005 version of Indivo. In fact, it launched with a lot of the Indivo software code in the product. The Google model, which was re-implemented and renamed as Google Health. The Google Health model is implemented on their own servers, and with some very interesting technologies, some of which are supplied by a company that was called SafeNet at the time and is now called INVIDA, that does very interesting decision support that uses claims data, electronic health-record data, and now personal health-record data, as well. And Dossia, which is this large consortium of employers.
So, Clayton Christensen is a professor of Harvard Business School who's credited with inventing the concept of disruptive innovation. So, he writes about Indivo in his current book, called "The Innovator's Prescription," saying that Indivo or something like it is a very important component of the health system, going forward. He sees it as a disruptive technology. And if we have time later, I'll get into a little bit about what's meant by disruptive technologies, but these are technologies that start simple and then end up making their way up the food chain and assuming more and more functions as they go. He also saw it as analogous to what was going on at Toyota around manufacturing, where initially, quality was very difficult to manage because the data never came together at the point in the assembly line where it needed to be, and so the data started moving along with the car at Toyota. So that's, I guess, the automotively controlled health-record equivalent. But, you know, this had actually been already invented in other fields. It's very hard to pull a lot of data together from all over the place right when you need it. That actually takes a lot of engineering and agreement and policy.
So here's a picture of the platform model of personal health records. So, in the platform model, here in the middle is the repository. Okay? So the repository is where you've got a secure copy of your own data. Okay? That's the stuff in the middle, this pinkish stuff in the middle. You can -- you've got controls on there to share access with others - with other people, with software applications, with public health agencies. You might share, for example, data about influenza symptoms with the CDC. You might share data about your COX-2 inhibitor prescriptions with the FDA.
There are many applications that might connect, like those iPhone apps, drop onto your iPhone interface, that might connect to your data. Disease management tools, wellness applications, clinical-research management tools, social networking, public health. And underneath are all the different data sources. So, through that subscription verb that I talked about, you keep bringing in new data sources. Turns out to be very simple to set up the standards to get those data into the record. Turns out to be a little difficult still to get the data to flow. And we can talk about that briefly. If you're interested in seeing more about the Indivo model specifically, it's up at indivohealth.org. And there's a new version coming out very, very soon.
So, let's talk about what we might be able to do from a public health perspective with some of these technologies. So, again, we've got this platform. Okay? Does the platform concept hold up? Can we make electronic health record technology look a little like an iPhone? Is that possible?
Well, you can't see this, but you can see that there are a lot of entries. And I can tell you that if I had a bigger screen, those entries would go down to the sub-basement. And what is this? This is the Microsoft HealthVault website, showing the partner companies that are developing applications that connect to HealthVault. Okay? These companies are largely completely independent of Microsoft. They are making their applications compatible with the platform. Does Microsoft know something about platforms? Yes, they do. Windows is a fairly successful platform. But Windows is not what they use for their health record.
Essentially, this is really, this platform is -- they used to say that HealthVault is a personally controlled health record. Most recently, they're saying it's an operating system. I think what they really mean is it's a platform for healthcare applications. So, there is real evidence going out there in the business world that there are scores of applications that are being developed for personal health records. I don't think there's any public health applications on this list the last time I checked, but I haven't checked in a couple of weeks. But, interesting opportunities. Some companies are creating these applications against all three of the standard personal health-record platforms now -- Goggle, Microsoft, and the sort of Indivo Dossia one, as well.
So, there's also the idea of using these data in a surveillance model. Okay? So, surveillance gives you -- is something that you may want to do across these records. Now, one initial inclination of many would be to say, "Look, I've got these records on my server. I can de-identify the data, or anonymize it, or aggregate it in a way that protects identity, and I can just look at all the data, and therefore I'll know how many people are immunized and how many people had a visit for influenza, and how many people are on a COX-2 inhibitor medication. But we take a slightly different point of view. We think that it really pays to have consented approach to surveillance when you're using personal health records. Okay?
There are other data sources where I think consent may take a different form. But is there reason to believe the consented model might work? Well, I think so. So, we surveyed people using personally controlled health records. So, this was not an abstract, like a Gallup poll. This was a -- this was really of people actively using this technology. Would you share your data for population health and public health? So, 34 percent were very agreeable; 35 percent were moderately agreeable. 21 percent were somewhat agreeable. And after a whole year of using this thing, only nine percent said that they were not agreeable to sharing. Okay?
So, compare this to, say, a health information exchange where you had an opt-in and an opt-out model, and we didn't do anything particularly to really promote this or have an advertising campaign to talk about how great it is to share with public health. These were people's natural inclinations. Okay? So I would argue that even using a consented model, we actually have the opportunity to engage citizens in public health that benefits the population-level health and also their own individual health, using entirely new models. We have to remember that consent, however, is not necessarily enough. Okay? Consent is not necessarily enough.
Patrick Taylor, a colleague of mine at Children's Hospital -- he's an Assistant General Counsel -- wrote this paper in Nature and pointed out that consent is potentially fraud.
For example, clicking through all those screens that just come up on your computer -- I agree, I agree -- does not necessarily constitute consent in a way that will produce a good end state, and also, enticing people to consent with various benefits, like money, may also not ultimately serve their best interests and may not produce the best results, in terms of health outcomes, in terms of health disparities. And it's a very interesting paper that was published in Nature that looks at this issue of consent.
We could use personally controlled health records for registries, so think of an immunization registry. Now, immunization registries are -- there are a number of very successful ones. But let's just think about for a moment, a slightly different model of an immunization registry, one where the personally controlled health record would be the record of record, so in other words, what we do now is -- if a patient is bopping around amongst providers, they have the equivalent of the personally controlled health record, which is that little blue or yellow immunization book. Okay? It's portable, it stays subscribed to data for multiple sources -- the nurse practitioner or physician writes that stuff in. And they can share it with whomever they like. They can also lose it and not -- forget to bring it, and it doesn't get updated, and so there are reasons to make this electronic. But, you know, that model exists. Imagine if we did that with a personal health record. And that's your blue book. And everyone writes to the same point. Okay? This is a little different than saying every electronic health record system records whatever immunizations it does, and then we bring them together according to inter-operable standards. It's an alternative model. It may have just as many issues in getting implemented, but think about it as one potential way.
Another really good candidate for something where the record of record is in one place, and the one place has to be somewhere. The one place probably won't be on a government server, probably. It could be, but it probably won't be given people's, given Americans' preferences, in polls, at least. It probably won't be on any one institutional server. Google and Microsoft would love it to be on their servers, because then you can build all these services around it. And that might be a fine place for it to be, depending on what the policies are around it. But think about it -- if you had your medication list or your immunization record in one place and you built all the services around it, think about which headaches you would avoid. One big headache in health information exchange is identifying -- you know, there's no identifier for patients that's universal. There is one for docs, which -- it's not used very effectively yet, but at least it's there. Most docs are registered with a provider identification number. Patients don't have one and are not likely to have one anytime soon. So if I have a health information exchange and I move to another and someone's trying to put my two records together, they have to use a probabilistic pattern match against my name and demographic characteristics, which is – you know, it turns out to be significantly problematic. Whereas if the individual is identifying themselves, there are potentially ways to start to get around the authentication issue.
There are other ways to think about personally controlled health records in a registry model that's more traditional. Traditional immunization registry, some of which work very, very well. The personally controlled health record could feed information in about vaccine effects, for example, from personally controlled health records. And the other important piece is the personally controlled health record could serve as a channel back to the patient for decision support, like you need an immunization. Okay? So, we actually built that in Massachusetts, where you can take your personally controlled health record, push a button, send a de-identified copy of your immunization record up to a server at the Department of Public Health, get back rules, get back a set of recommendations for whether you're up-to-date or not, and when your next shot should be. Turns out to be fairly complicated. The immunization rules are very, very, very complicated if you're not 100 percent standard, and there are many exceptions. So it takes a lot of work to get up-to-date, but once you've done it, you've done it, and it would be very interesting to think about how to make authoritative sources, decision support like that, universally accessible.
[Announcer]For the most accurate health information, visit www.cdc.gov or call 1-800-CDC-INFO, 24/7.