July 14, 2009

Eprivacy is a vital aspect of healthcare. To insure against related problems, a few principles offer guidance. Or so we claimed last week. True, we showed how clearly allocating ownership and responsibility over data can lead to practical solutions for Internet-based physician recommendations. As vexing this issue can be to patients and physicians alike, it pales however compared to the three major challenges of eprivacy in healthcare.

Stemming from the promises of data sharing, these challenges are intimately linked with the larger question of how to finance and deliver healthcare.

First read David Leonhardt on his "prostate cancer test" (*). Although known treatment costs vary in a 25 to 1 ratio, "no one really knows which is best. Rigorous research has been scant." No wonder Barry Meier tells of "a plan to spend $1.1 billion in comparing the effectiveness of competing drugs, medical devices, operations and other treatments for specific health conditions" (**). This is part of the current attempt by the Obama administration to tackle healthcare in the US, but make no mistake. The challenge is the same for all countries and calls for sharing health data.

Indeed for Andy Kessler "electronic medical records would make it easier to conduct [such] studies [...] in combination with data mining and search technology" (***). But he goes one step further. "By allowing automated tracking of patients over time, electronic health records would set the stage for early detection and preventive medicine".

To raise the issue of eprivacy in this context will be resented by many as churlishly thwarting benevolent, urgent goals. Beware though, this is the same argument used by those who will excuse all behaviors in the name of security. We are the first to acknowledge the benefits of the Shared Information Society. It does not follow we should be oblivious to the inherent conflict between sharing, eprivacy and money.

According to Sandeep Jauhar, many physicians feel money matters to be ever more harmful to higher medical ideals. "We were trained to think like caregivers, not businesspeople" (****). Yet the practice of medicine has always been compensated. Would Naaman's cure by Elisha be so famous if the prophet had accepted Namaan's gift, proffered according to custom? The deeper truth about physicians' frustration is that their latitude on how to exercise their profession is narrower by the day. Patient compliance aside, and again Naaman's initial reluctance to follow Elisha's low cost prescription was fairly typical, today's physicians are routinely and mercilessly second-guessed by insurance companies and malpractice lawyers.

The irony is unmistakable. The more physicians are forced to share patient encounters with adversarial reviewers, the more physicians drive up costs in order to fend off lawsuits by ordering unnecessary tests and procedures. The clue has been planted. Please tell, who decides what is unnecessary and when? Assuming "the current standard of care" is a practical reality, I venture that everyone agrees the earlier one settles what it entails in a specific case, the better, having a jury decide on it being the worst possible outcome.

This is as far as the consensus goes and perhaps, if someone with no medical education may be so bold as to suggest, this is one reason why healthcare efficiency is so lacking. In the US at least, too many decisions about what the current standard of care ought to be are made in hindsight.

Current standards of care ought to be determined before physicians ever meet the patient, expressed as clear rules based on observable facts. This principle does not tell the parties involved how to agree on standards, only that the physician be told before hand in operational terms.

Physicians might fear such a corpus of rules will turn them into pure automata. But does expertise decrease as textbooks get thicker? Besides reality is messy, each specific case has the potential to fall outside of the rules. If it happens, the physician should now be protected from back seat drivers, who have already had their say. Perhaps their rules will apply, but against the physician's better judgment. Warned in advance, the latter will remain free to follow in Pasteur's footsteps and fight against received opinion.

Conversely insurance companies and malpractice lawyers will cry foul. Reality is so messy, it is quite hard to come up with clear rules which can be taught and applied. Medicine is an art as well as a science. Precisely. The principle we propose focuses on rules, which are scientific, and eliminates reviews, reduced to arcane disputes about artistic tastes. Crucially one would not be able to infer criminal negligence without the breaking of a rule.

Our principle presents three benefits. First it balances the digitization of medical records, borne by physicians and hospitals, with the programming of the rules of standards of care, borne by insurance companies. When mandating a reform, it helps to spread the misery. Second it delivers powerful automated tools to the physician desk. Last but not least it decreases, if not eliminates, the need to share encounter data. When this data is held in an electronic medical record system, it is simpler, faster, safer to download the rules for local execution than to copy the data into yet another remote system. And contrary to patient related data, rules about standards of care gain from endless replication.

What we just said about medical oversight carries over to preventive medicine. To implement "automated tracking of patients over time", let any such mandate be turned into clear rules to be sent for execution at the site holding a patient's electronic records. If such a rule generates an alert, an insurer will receive it per the patient's prior consent but the majority of the patients will be protected from unnecessary data sharing.

Local execution of rules can be extended to the ultimate challenge. When it comes to search technology, Daniel Tunkelang has excellent advice to give, "to search, ask" (*****). "Rather than guessing what users need, [...] provide users with opportunities to clarify and elaborate their intent." The reader has already guessed. If one wants to study the performance of a drug, isn't it natural to require one states one's purpose clearly, i.e. as a downloadable rule? Once again data sharing reduces to cumulating statistics over local patient records without infringing on their privacy.

I admit not all medical research can be based on rule sharing. To find patterns which defy prediction, one shares data over a sample set to enable central pattern recognition. Notice that when looking for the unknown, it is dangerous to restrict access to a patient's data. Effective de-identification is therefore futile. But extending the sample size to an entire population is wasteful. Our last principle is thus to treat access to patient data as seriously as access to a patient body and model data mining experiments on drug trials, with special consent and reasonable limits on sample size.

There is no denying the pull of certain trends. As Miguel Helft quotes Paul Saffo, a "veteran Silicon Valley forecaster" (******), "everyone wants to be in the cloud", i.e. to let service providers gather data for remote processing. One however needs not follow trends blindly. The cloud stands for the Internet and I firmly believe on its creative power. I just happen to think the cloud is a threat to eprivacy.

The way forward is often to turn a threatening trend on its head. Is health information technology a government mandate? Do not let it be shrunk down to electronic health records, demand the digitization of standards of care. Well conceived rules are no burden. Downloadable digital rules compel their writers to clarity and modesty, free their targets to focus on what is unique in each patient and preserve eprivacy.

Is the cloud overcasting the future? Prevent data evaporation. Pray for a gentle rain of rules to grow local information crops.

Philippe Coueignoux

• (*) ............ In Health Reform, a Cancer Offers an Acid Test, by David Leonhardt (New York Times) - July 8, 2009
• (**) .......... Panel Lists Priorities in Comparing Medical Treatment, by Barry Meier (New York Times) - July 1, 2009
• (***) ........ A Pound of Cure, by Andy Kessler (Technology Review) - July-August, 2009
• (****) ..... A Doctor by Choice, a Businessman by Necessity, by Sandeep Jauhar (New York Times) - July 7, 2009
• (*****) ... To Search, Ask, by Daniel Tunkelang (Technology Review) - July-August, 2009
• (******) . Reaching for the cloud, by Miguel Helft (New York Times) - July 12, 2009