Federated Personal Health Records – The Quest For Use Cases

Last week we wrote about India’s Health Leapfrog and the role of Health Stack in enabling that (you can read it here). Today, we talk about one component of the National Health Stack – Federated Personal Health Records: its design, the role of policy and potential use cases.

Overview

A federated personal health record refers to an individual’s ability to access and share her longitudinal health history without centralised storage of data. This means that if she has visited different healthcare providers in the past (which is often the case in a real life scenario), she should be able to fetch her records from all these sources, view them and present them when and where needed. Today, this objective is achieved by a paper-based ‘patient file’ which is used when seeking healthcare. However, with increasing adoption of digital infrastructure in the healthcare ecosystem, it should now be possible to do the same electronically. This has many benefits – patients need not remember to carry their files, hospitals can better manage patient data using IT systems, patients can seek remote consultations with complete information, insurance claims can be settled faster, and so on. This post is an attempt to look at the factors that would help make this a reality.

What does it take?

There are fundamentally three steps involved in making a PHR happen:

  1. Capture of information – Even though a large part of health data remains in paper format, records such as diagnostic reports are often generated digitally. Moreover, hospitals have started adopting EMR systems to generate and store clinical records such as discharge summaries electronically. These can act as starting points to build a PHR.
  2. Flow of information- In order to make information flow between different entities, it is important to have the right technical and regulatory framework. On the regulatory front, the Personal Data Protection Bill which was published by MeitY in August last year clearly classifies health records as sensitive personal data, allows individuals to have control over their data, and establishes the right to data portability. On the technical front, the Data Empowerment and Protection Architecture allows individuals to access and share their data using electronic consent and data access fiduciaries. (We are working closely with the National Cancer Grid to pilot this effort in the healthcare domain. A detailed approach along with the technical standards can be found here.)
  3. Use of information – With the technical and regulatory frameworks in place, we are now looking to understand use cases of a PHR. Indeed, a technology becomes meaningless without a true application of it! Especially in the case of PHR, the “build it and they will come” approach has not worked in the past. The world is replete with technology pilots that don’t translate into good health outcomes. We, in iSPIRT,  don’t want to go down this path. Our view is that only pilots that emerge from a clear focus on human-centred design thinking have a chance of success.

Use cases of Personal Health Records

Clinical Decision Making

Description: Patient health records are primarily used by doctors to improve quality of care. Information about past history, prior conditions, diagnoses and medications can significantly alter the treatment prescribed by a medical professional. Today, this information is captured from any paper records that a patient might carry (which are often not complete), with an over-reliance on oral histories – electronic health records can ensure decisions about a patient’s health are made based on complete information. This can prove to be especially beneficial in emergency cases and systemic illnesses.

Problem: The current fee-for-service model of healthcare delivery does not tie patient outcomes to care delivery. Therefore, in the absence of healthcare professionals being penalised for incorrect treatment, it is unclear who would pay for such a service; since patients often do not possess the know-how to realise the importance of health history.

Chronic Disease Management

Description: Chronic conditions such as diabetes, hypertension, cardiovascular diseases, etc. require regular monitoring, strict treatment adherence, lifestyle management and routine follow-ups. Some complex conditions even require second opinions and joint decision-making by a team of doctors. By having access to a patient’s entire health history, services that facilitate remote consultations, follow-ups and improve adherence can be enabled in a more precise manner.

Problem: Services such as treatment adherence or lifestyle management require self-input data by the patient, which might not work with the majority. Other services such as remote consultations can still be achieved through emails or scanned copies of reports. The true value of a PHR is in providing complete information (which might be missed in cases of manual emails/ uploads, especially in chronic cases where the volume and variety of reports are huge) – this too requires the patient to understand its importance.

Insurance

Description: One problem that can be resolved through patient records is incorrect declaration of pre-existing conditions, which causes post-purchase dissonance. Another area of benefit is claims settlement, where instant access to patient records can enable faster and seamless settlement of claims. Both of these can be use cases of a patient’s health records.

Problem: Claim settlement in most cases is based on pre-authorisation and does not depend solely on health records. Information about pre-existing conditions can be obtained from diagnostic tests conducted at the time of purchase. Since alternatives for both exist, it is unclear if these use cases are strong enough to push for a PHR.

Research

Description: Clinical trials often require identifying the right pool of participants for a study and tracking their progress over time. Today, this process is conducted in a closed-door setting, with select healthcare providers taking on the onus of identifying the right set of patients. With electronic health records, identification, as well as monitoring, become frictionless.

Problem: Participants in clinical trials represent a very niche segment of the population. It is unclear how this would expand into a mainstream use of PHR.

Next steps

We are looking for partners to brainstorm for more use cases, build prototypes, test and implement them. If you work or wish to volunteer in the Healthtech domain and are passionate about improving healthcare delivery in India, please reach out to me at [email protected].

Data Privacy and Empowerment in Healthcare

Technology has been a boon to healthcare. Minimally-invasive procedures have significantly increased safety and recovery time of surgeries. Global collaboration between doctors has improved diagnosis and treatment. Rise in awareness of patients has increased the demand for good quality healthcare services. These improvements, coupled with the growing penetration of IT infrastructure, are generating huge volumes of digital health data in the country.

However, healthcare in India is diverse and fragmented. During an entire life cycle, an individual is served by numerous healthcare providers, of different sizes, geographies, and constitutions. The IT systems of different providers are often developed independently of each other, without adherence to common standards. This fragmentation has the undesirable consequence of the systems communicating poorly, fostering redundant data collection across systems, inadequate patient identification, and, in many cases, privacy violations.

We believe that this can be addressed through two major steps. Firstly, open standards have to be established for health data collection, storage, sharing and aggregation in a safe and standardised manner to keep the privacy of patients intact. Secondly, patients should be given complete control over their data. This places them at the centre of their healthcare and empowers them to use their data for value-based services of their choice. As the next wave of services is built atop digital health data, data protection and empowerment will be key to transforming healthcare.

Numerous primary health care services are already shifting to smartphones and other electronic devices. There are apps and websites for diagnosing various common illnesses. This not only increases coverage but also takes the burden away from existing infrastructures which can then cater to secondary and tertiary services. Data shared from devices that track steps, measure heartbeats, count calories or analyse sleeping patterns can be used to monitor behavioural and lifestyle changes – a key enabler for digital therapeutic services. Moreover, this data can not only be used for monitoring but also for predicting the onset of diseases! For example, an irregular heartbeat pattern can be flagged by such a device, prompting immediate corrective measures. Thus, we see that as more and more people generate digital health data, control it and utilise it for their own care, we will gradually transition to a better, broader and preventive healthcare delivery system.

In this context, we welcome the proposed DISHA Act that seeks to Protect and Empower individuals in regards to their electronic health data. We have provided our feedback on the DISHA Act and have also proposed technological approaches in our response. This blog post lays out a broad overview of our response.

As our previous blog post articulates the principles underlying our Data Empowerment and Protection Architecture, we have framed our response keeping these core principles in mind. We believe that individuals should have complete control of their data and should be able to use it for their empowerment. This requires laying out clear definitions for use of data, strict laws to ensure accountability and agile regulators; thus, enabling a framework that addresses privacy, security and confidentiality while simultaneously improving transparency and interoperability.

While the proposed DISHA Act aligns broadly with our core principles, we have offered recommendations to expand certain aspects of the proposal. These include a comprehensive definition of consent (open standards, revocable, granular, auditable, notifiable, secure), distinction between different forms of health data (anonymization, deidentification, pseudonymous), commercial use of data (allowed for benefit but restricted for harm) and types and penalties in cases of breach (evaluation based on extent of compliance).

Additionally, we have outlined the technological aspects for implementation of the Act. We have used learnings from the Digital Locker Framework and Electronic Consent Framework (adopted by RBI’s Account Aggregator), previously published by MeitY. This involves the role of Data Fiduciaries – entities that not only manage consent but also ensure that it aligns with the interests of the user (and not with those of the data consumer or data provider). Data Fiduciaries only act as messengers of encrypted data without having access to the data – thus their prime task remains managing the Electronic Data Consent. Furthermore, we have highlighted the need to use open and set standards for accessing and maintaining health records (open APIs), consented sharing (consent framework) and maintaining accountability and traceability through digitally verified documents. We have also underscored the need for standardisation of data through health data dictionaries, which will open up the data for further use cases. Lastly, we have alluded to the need to create aggregated anonymised datasets to enable advanced analytics which would drive data-driven policy making.

We look forward to the announcement and implementation of the DISHA Act. As we move towards a future with an exponential rise in digital health data, it is critical that we build the right set of protections and empowerments for users, thus enabling them to become engaged participants and better managers of their health care.

We have submitted our response. You can find the detailed document of our response to DISHA Act below