Copyright 1999 Federal Document Clearing House, Inc.
Federal Document Clearing House Congressional Testimony
July 20, 1999
SECTION: CAPITOL HILL HEARING TESTIMONY
LENGTH: 2977 words
HEADLINE:
TESTIMONY July 20, 1999 PAUL D. CLAYTON SENIOR INFORMATICIST
HOUSE WAYS AND MEANS HEALTH PATIENT CONFIDENTIALITY
BODY:
Statement of Paul D. Clayton, Ph.D., Senior
Informaticist, Intermountain Health Care, Salt Lake City, Utah, on behalf of the
American Hospital Association Testimony Before the Subcommittee on Health of the
House Committee on Ways and Means Hearing on Confidentiality of Health
Information July 20, 1999 Mr. Chairman, I am Paul D. Clayton, PhD, senior
informaticist at Intermountain Health Care (IHC) in Salt Lake City, UT. IHC is
an integrated health care delivery system that operates in Utah, Idaho and
Wyoming. The IHC system includes 23 hospitals, 78 clinics and physician offices,
23 outpatient primary care centers, 16 home health agencies, and 400 employed
physicians. In addition, our system operates a large Health Plans Division with
enrollment of 475,000 directly insured, plus 430,000 who use our networks
through other insurers. I am testifying today on behalf of the American Hospital
Association (AHA), which represents nearly 5,000 hospitals, health systems,
networks, and other providers of care. We appreciate this opportunity to present
our views on an issue important to hospitals, health systems, and the patients
they serve: the confidentiality of protected health information. PROTECTING
PATIENTS' TRUST Every day, thousands of Americans walk through the doors of
America's hospitals. Each and every one of them provides caregivers information
of the most intimate nature. They provide this information under the assumption
that it will remain confidential. It is critical that this trust be maintained.
Otherwise, patients may be less forthcoming with information about their
conditions and needs - information that is essential for physicians and other
caregivers to know in order to keep people well, ease pain, and treat and cure
illness. If caregivers are not able to obtain and share patients' medical
histories, test results, physician observations, and other important
information, patients will not receive the most appropriate, high-quality care
possible. Our members consider themselves guardians of this information. That is
why AHA has long supported the passage of strong federal legislation to
establish uniform national standards for all who use patients' personal medical
information - what we refer to as protected health information. We have been
asked to focus our comments today on how hospitals use and protect patient
information to enhance the quality of the patient care they deliver. Our
longstanding principles for the confidentiality of health information cover a
broader range of critical patient privacy issues, and we have attached them for
your information. We will measure any federal privacy legislation against these
principles in their entirety. Confidentiality of health information is an issue
that affects all of us personally. We live in a time of rapidly advancing
technological improvement, when the world seems to get smaller as computers get
more powerful and databases get bigger. This technological change can be
positive - it has led to significant improvements for both health care providers
and their patients - but it worries people who are justifiably concerned about
how information about them will be used. In health care, we must take the steps
necessary to protect that information from those who would misuse it. We need
strong, uniform federal legislation to do it. First and foremost, because we as
hospitals and health systems put our patients first, we must restore and
maintain people's trust in the privacy and confidentiality of
their personal health information. Federal
legislation can do this by establishing a uniform national standard for the
protection of this information - including genetic information - a standard that
balances patient privacy with the need for information to flow freely among
health care providers. PRIVACY AND HEALTH CARE OPERATIONS Health care is
increasingly provided by groups and systems of providers, as opposed to
individual providers. These new systems create opportunities for real
improvements, but they rely heavily on a free flow of information among
providers. Patient confidentiality is of the utmost importance. But in order to
ensure that care can be coordinated and the patient's experience is as seamless
as possible, information must be accessible to all providers who treat the
patient. There is very little disagreement that access to information is
important in the delivery of care to patients, and in the system of payment for
that care. Controversy has developed, however, over the definition of "health
care operations" - those essential functions performed by providers to ensure
that they maintain and improve the quality of the care they deliver, train
current and future caregivers, and adhere to the laws and regulations that
govern these daily activities. AHA believes that protected health information
must be available to providers so that these functions can be performed
efficiently and effectively. INFORMATION BREEDS HEALTH CARE SUCCESS STORIES At
IHC, we believe, as does the AHA, that individuals who are making decisions that
affect the health of another person must know about past medical and family
history, allergies to drugs, previous diagnostic results, current medications,
previous surgeries or therapies, and chronic and acute problems. Because the
primary caregiver is not present all the time, because others are asked for
consultive opinions, and because humans have limited memory, access to medical
record information dramatically affects the level of care that can be provided.
In some cases, the absence of information increases the cost of diagnosis and
treatment by causing tests to be repeated because the results of an earlier
tests are not available. Among the benefits of improved access are an enhanced
ability to generate bills and collect payment, and to transmit information to
payers and analyze the costs of providing care. Care is also improved when a
caregiver has access to the medical record. A physician or other health care
worker who knows what drugs a patient is taking, a list of previous problems, a
history of family predisposition to certain illnesses, and current laboratory
results, will make better decisions about how to diagnose and treat a patient.
At IHC, we have, for the past 14 years, used clinical data systems to
substantially improve patient care in a wide range of circumstances. Here are a
few examples. Improved timing of delivery of pre-operative antibiotics to
prevent serious post-operative wound infections. Our wound infection rate fell
from 1.8 percent to 0.4 percent, representing, at just one of our 23 hospitals,
more than 50 patients per year who now do not suffer serious, potentially life-
threatening infections. We also saved the cost of treating those infections,
which, at that hospital, was estimated at $750,000. Improved support for
inpatient prescriptions. A computerized order entry system warns physicians, at
the time they place the order, of potential allergies and drug-to-drug
interactions. It also calculates ideal dose levels, using the patient's age,
weight, gender, and estimates of patient-specific drug-absorption and excretion
rates, based on laboratory values. That system has reduced allergic reactions
and overdoses by more than two-thirds. Improved management of mechanical
respirators for patients with acute respiratory distress syndrome. In the most
seriously ill category of these patients, mortality rates fell from more than 90
percent to less than 60 percent. Improved management of diabetic patients in an
outpatient setting. The proportion of patients brought to normal blood sugar
levels improved from less than 30 percent to more than 70 percent. Major studies
of diabetes demonstrate that this kind of shift in blood sugar translates to
significantly less blindness, kidney failure, amputation and death. Others
indicate it should reduce the cost of treatment for diabetes patients by about
$1,000 per patient per year. Improved treatment of community-acquired pneumonia.
By helping physicians more appropriately identify patients who needed
hospitalization, choose appropriate initial antibiotics, and start antibiotic
therapy quickly, we were able to reduce inpatient mortality rates by 26 percent.
That translates into about 20 lives saved at 10 small rural IHC hospitals when
we first worked on this aspect of care. It also reduced costs by more than 12
percent. Accountability for health care delivery performance. IHC has begun to
assemble and report medical outcomes, patient satisfaction outcomes, and cost
outcomes for major clinical care processes that make up more than 90 percent of
our total care delivery activities. We aggregate and report those data at the
level of individual physicians; practice groups; hospitals; regions; and for our
entire system. We use the results to hold each health care professional and our
system accountable for the care we deliver to our patients, and to set and
achieve care improvement goals. We believe that this system will eventually
allow IHC to accurately report our performance at community, state and national
levels, and help individuals and groups make better health care choices. All of
the examples above were successful because patient information - not just
individual patient information, but also information about populations of
patients - was available, and flowed smoothly among the providers that needed
it. POTENTIAL DISRUPTIONS TO THE FREE FLOW OF INFORMATION There are two
provisions in various patient privacy proposals that could have the unintended
effect of placing enormous barriers in front of providers' ability to
appropriately use information for these and similar purposes. The first is what
has been referred to as the "opt out," where patients would have the ability to
prevent providers from sharing the patient's information regardless of how
important such a disclosure might be. The problem with such an opt out is that
it sacrifices hospitals' ability to deliver high-quality care to the individual
involved, as well as to other patients. For example, IHC's laboratory analyzers
feed directly into our computer system. When we committed to that link, we not
only significantly improved our ability to deliver excellent care to all of our
patients, but also necessarily lost our ability to process blood laboratory
tests without using the electronic medical record. In addition, a patient who
might decide to prevent his or her records from being shared among providers is,
effectively, reducing the quality of health care he or she may receive in the
future. This is because, without access to that patient's records, providers
simply cannot make well-informed decisions. At the same time, removing the
patient's treatment information as a factor in overall health care statistics
degrades the overall integrity of the health care information flow. In other
words, if less is known, less can be learned, and the overall quality of care
could be affected. The second potential problem we see being discussed is a
requirement, included in several patient privacy proposals, that providers must
limit the scope of medical information disclosures to no more than what is
necessary for the specific purpose of the disclosure. Penalties would be levied,
according to the proposals, presumably if too much information were to be
provided. Health care providers, who deal with a mountain of information every
day, simply cannot be expected to determine the exact need for every piece of
information and the exact measurement of information that may be required to
meet that need. The threat of penalties makes the proposals worse, and is sure
to inhibit the free flow of important information. In addition, proper
safeguards should already be in place that would prevent the misuse of patient
information, so that requiring providers to justify each disclosure would be
unnecessary. Proper policies and procedures will ensure that patient information
is used only where it is needed to benefit the health care services provided to
an individual patient, or to improve the overall health care system through
statistics and analysis. SAFEGUARDING PATIENT INFORMATION IHC and the AHA
support strong, uniform federal confidentiality standards that buttress our
health care delivery and clinical research work. IHC has placed appropriate
protection of patient confidentiality and privacy at the forefront of our
institutional values. Those values complement a parallel mission to provide the
best possible health maintenance and disease treatment to those who trust their
care to our hands. Achieving this requires the use of population-level patient
data as well as individual patient data. IHC uses enforceable corporate policy
to maintain confidentiality not just for patients, but for health care
professionals and employees as well, in those areas that are clearly health care
delivery operations (such as direct patient care delivery; billing for services;
quality review of individual patient records, including mortality and morbidity
conferences; resource planning; unit performance evaluation; quality improvement
and disease management; and retrospective epidemiologic evaluations of program
performance). The core of these policies and enforcement activities include: We
require every employee, health care professional, researcher or volunteer to
sign a confidentiality agreement stating that they will only look at or share
information for the specific purpose of performing their health care delivery
assignment on behalf of our patients. We require each new employee to undergo
training in IHC confidentiality policies, which are set forth in a manual that
numbers more than 60 pages and represents more than five years of discussion and
cross-testing. We impose consequences - including termination - for improper use
or handling of confidential information. To the extent that we have implemented
an electronic medical record, we are able to monitor access to patient records
(an ability not available for paper records). We use that system as one
important method of monitoring and enforcing our confidentiality policy. We
utilize software controls, including warnings on log-on screens, unique log-on
passwords, and computerized audit trails. In the near future, we hope to bring
on-line the ability of all patients to review a list of every individual who has
accessed their electronic medical record for any purpose. We segregate our
electronic databases, separating patient identifiers from the remainder of the
clinical record. Outside of direct patient care and individual record review for
quality assurance, most health care delivery operations do not require access to
identifiable data. IHC's data access policies regulate access to patient
information using strict "need to know" criteria by job description. While we
afford tight access control to all of our information, the identifiable portion
of the record receives the highest level of protection. We are studying ways to
segregate the core clinical record itself, so that particularly sensitive
information - for example, HIV status, reproductive history, or mental health
status - are only available on a strict "need to know" basis, even to the
front-line care delivery team. In addition, we require full institutional review
board (IRB) review, approval and on-going oversight for any research project
that involves experimental therapy, patient randomization among treatment
options, or patient contact for research purposes. Indeed, the IHC system has 12
IRBs, but we do not look to them as our sole - or even our primary - means to
protect confidentiality. Most of the risks to patient confidentiality come in
day-to-day care, as physicians and nurses routinely access identifiable patient
medical records, both paper and electronic, to deliver care. Instead, we rely
upon the extensive array of enforceable policies and procedures listed above. If
IRB review of each of these health care operations were required, many - if not
most - of the operational care delivery and health outcome improvements
described earlier could not function on a day-to-day basis. The volume of review
would be staggering, far beyond the capacity of any reasonable system of
individual review and follow-up oversight. CONCLUSION As an integrated health
care delivery system, IHC is responsible for the health outcomes of the patients
who seek care from our system. In order to treat our patients and improve the
health outcomes of the entire population we serve, we must be able to share
information among IHC entities - our physicians, our hospitals, and our health
plans. IHC has developed state-of-the- art electronic medical records and common
databases to facilitate this communication, to make sure our physicians have
complete information when treating patients . We have put in place an extensive
array of enforceable confidentiality protections that are constantly updated and
improved. We urge this panel to ensure that confidentiality legislation does not
unintentionally prevent the creation of these common internal, operational
databases, or limit the types of data that can be shared within an integrated
delivery system. Such action would severely limit a health system's ability to
measure and improve the health care it delivers. The outstanding care that
physicians, nurses and others deliver at IHC and in hospitals and health systems
across America relies more and more on coordination of care and on effective
quality improvement. Individually identifiable health information is integral to
such operations, and the free flow of this information - properly safeguarded
from misuse - is critical to our ability to continue providing high-quality
health care for patients and communities.
LOAD-DATE:
July 21, 1999 
