The letter informed me that my medical record was stored on a laptop that was stolen.
This wasn't my first experience dealing with identity theft. Nor will it be my last.
When I was 17 and applying for federal student aid, I learned my social security number and name had been appropriated and used to apply for credit cards.
Since I wasn't in my thirties living in the Midwest, this was relatively easy to clear up. I just had to prove my identity and then reapply for student loans (overlay heavy sarcasm here). I had to take back possession of my data.
Studying Shakespeare with an SMCM contingent in England during the summer between my junior and senior year of college, someone in London made a copy of my debit card and used it to bookroll a pub crawl in Ireland.
Again, relatively easy to clear up, as my Passport didn’t have a Dublin entry stamp in it, but I was missing some money for awhile (again, insert sarcastic overtones). Again, I had to take back possession of my data.
Why am I not more concerned about my identity or medical history being accessed inappropriately, even stolen?
Because it’s already happened. To millions of us.
My world didn’t end. Identity theft can be debilitating, yes.
So can injury, illness, and not being able to remember what medications you’re allergic to and get that information transferred to your new ankle surgeon.
The simple fact is, if identity theft hasn’t happened to you yet, it probably will. Sooner or later. Most likely more than once. This is, literally, the price we pay in an interconnected, web-linked world.
Even worse is the way the healthcare industry co-opts my personal health data.
To the healthcare industry...
Why do I have to take back my healthcare data from you in broken pieces and recreate the trail of my personal health narrative the same way I have to repossess my financial data from identity thieves?Being able to access my information anywhere means it is slightly more vulnerable, but only slightly more so. And that’s a price I’m willing to pay to access my bank account online from anywhere I am in the world.
The banking comparison has been made often, but isn’t yet tired (or tested), since no PHR provider has built out offerings with a comparable level of service to what many financial institutions provide.
Banks have taken reasonable steps to ensure the safety and security of my account, both online and offline.
I trust my bank enough to walk up to an ATM machine and put in a small portion of data and pull out cash. Is that transaction risk free? Of course not. But my risk has been offset ENOUGH for me to believe the benefits outweigh the potential risks.
Other online commerce platforms have done the same. I no longer fear using my credit cards online - in fact, if I can't use PayPal or a credit card, you're not likely to get my business.
As I select my next doc, if you're not using email, you probably won't get my business.
I’m willing to pay a similar price to be able to access my health data and craft a personal health narrative online from anywhere I am in the world.
We need to stop pretending healthcare is the industry in which our vulnerability opens us up to the most potential for avaricious theft and misuse of data.
This is a naive, overly simplistic excuse used to dismiss the end value of using personal health records and giving consumers shared control over the co-creation of a personal health narrative.
Get over it. We already co-create our personal health narrative – what do you think a history and physical interview consists of? The doc asking questions, the patient giving largely subjective answers, and then that information being ‘objectified’ and codified into that provider’s medical record.
What slays me is that we do this over and over and over.
Talk about inefficiencies and misaligned incentives rampant in our healthcare system...we have to recreate meaningful interactions and establish a solidified platform of shared data at the beginning of EACH and every visit with a healthcare provider.
And it's not new information, building on backstory to establish timely relevance, it's the same old H&P data that's stored 500 other places in disjointed medical records.
If my doc could access my personal health narrative and then ask questions directly relevant to my history (“Still having trouble falling asleep?”) we might actually get somewhere in the 2.45 minutes she has to sit and talk with me before tearing off a prescription sheet.
This is an old, tired argument.
We’ve been trying to get PHRs implemented for 40 years, yes. Currently less than 2% of the American population is using them, yes (per Revolution Health's Jeff Gruen at WHCC). But the pace of adoption will accelerate.
We won’t be able to limit the exponential growth of personal health data for long.
Personal health narratives are becoming increasingly interwoven into the daily societal lexicon. Presidential candidates are sharing details about emotional struggles related to infidelity and the battle to quit smoking.
Let’s get real. We’re comfortable accessing our health information. More than that, we don’t just want to access it, we want to share it.
If you’re having a hard time imagining widespread personal health exhibitionism, wander anywhere near someone talking in public on a cell phone. Chances are you’ll overhear more personal health/wellness information than you’d ever gain from stealing his/her medical records.
When we say consumers aren’t ready to accept these privacy risks – I have one question for you: Which consumers are you asking?
Are you asking those of us who visit a doc more than 2x a year for a preexisting condition?
Are you asking those of us who have 2.345 kids and need to tote information from allergist to pediatrician to orthopedist to dentist and back home again?
Are you asking those of us who have a ‘zebra’ condition that requires we be an active, participatory partner in care in order to help educate our docs about what works and what doesn’t?
Perhaps as a consumer I am "20 years ahead," as one friend put it this weekend.
We were discussing a concept for a killer app SaaS portal that partners with existing Health 2.0 and 3.0 companies and provides a backend PHR function.
The debate got rowdy when we started discussing how long it will take for the same percentage of the American public to use PHRs with the same self-assured, immediately assumed utility we use Google (8M health searches a day via Google, by the way).
My argument was that maybe I’m 2 years ahead, but not 20.
Still, this is giving consumers some control but not the tools that allow us to cross-pollinate that data across various brick-and-mortar and virtual healthcare delivery interactions.
I told him to try one simple, personal means test: Gather all his records from the past 5 years of doctors visits and try to get them transferred to a GP here in Holland. See how long that takes. Say goodbye to the rest of your calendar year.
Even if he does just call physicians’ offices and request faxed records, good luck getting all the coding and billing info and getting complete access once you tell them you’re in Holland. You’ll bear the burden of proof for demonstrating that you’re ‘you’ and you want access to records.
Personal health record developers – take notes. Don't try to limit my access to my own information.
Make the web-based platform easy enough for me to use so that I can email records right to my doctor or hospital.
As soon as someone provides a PHA (personal health application) with a bare minimum level of security and the portability I’m looking for, I'm there. And I’m your number one evangelist, your ‘ground zero’ patient tester.
If one doesn't enter the market fast enough, well, perhaps I'll just create it.
And that’s another important distinction.
There’s a reason PHRs and EMRs aren’t working. They aren’t enough. What we need most isn't a PHR. It’s a multi-functional PHA.
It's an opensource, multifaceted killer app, an SaaS portal that provides a single access point to multiple health/wellness nodes like American Well, Organized Wisdom, and Phreesia.
To entrepreneurs (and especially Google and Microsoft) - forget the PHR.
Give consumers an offering that provides a single gateway for me to access health content, wellness communities, and perform related purchase (commerce) activities. Give me FreeMED combined with functionalities for patients.
These tools are great starts, (hat tip to The Healthcare IT Guy) but they're missing the consumer-centric coherence that's essential to 'nexthealth' or Health 4.0 (content, community, commerce, and continuity).
I can't go any one place, access a single personal health application, and do anywhere near everything I want/need to do with my personal health data.
Here's just one example of how consumer interaction with the system would change: Imagine what would happen if I could login to a single PHA portal and resend claims/insurance data to the medical billing company that's trying to charge me full price for a covered visit?
Then the industry would REALLY have to adapt to meet consumer demands.
To developers - give me this capability and more.
Go straight for a PHA that lets me chat with a doc online, print out a Wisdom Card, and schedule an appointment. Let me login to SugarStats.com from your portal, and simultaneously export my latest glucose readings to 1. my linked PHR, 2. my mobile phone, and 3. my doc.
Give me the access, let me create the record, let me download information, let me access communities, let me show my doc or nurse how to pull up my PHA on the web and create shared meaning – let me be your disruptive innovation embodied.
Give me some of the responsibility for maintaining my health. Start with letting me access my own health record.
If you can't even let me maintain my own PHA, how are you ever going to loosen the hold on the reins for me to take a proactive role in working towards my personal wellness goals?
If you don’t, well, someone else will just have to accelerate that 20 year timeline.
Crazy? Sure is. Most game-changing innovations are.
From George van Antwerp @WHCC:
“Data is only exciting if you can do something with it.” [Reed Tuckson]
Final food for thought, from "How to Fix the Web," by Rob Scoble, Fast Company, May 2008:
"It’s time that we stop hoarding customers and their information in silos for fear of them straying. If you love them, set them free.”
PS - If you think keeping my records offline keeps me safe, think again...