Our 2023 #DEIA survey is now open! Click here to participate!
Posted May 21, 2009
OK, it’s a trick question. The answer, as with much data and all personal data, is “it’s contextual”… which is basically a fancy way of saying “it depends”. This CNet News article from yesterday throws up some of the questions, in a US-centric context, though there are many more, and even those it raises, the article doesn’t necessarily resolve.
So, what do I mean by contextual? Well, I’ve already given one example of that; the CNet News article (entitled “What you need to know about e-health records”) is fairly useful if you’re in the US healthcare system – but a lot of it is irrelevant if you aren’t. One huge contextual factor is which country you live in, with the associated factors like that country’s attitude towards state- vs. privately-funded healthcare, preventive medicine, health insurance, family doctors, privacy law and so on.
Here are a few more examples of contextuality which the CNet article illustrates:
* at a “political” level, Electronic Patient Records (EPRs) ‘mean’ money. If you’re a techno vendor only interested in cornering a chunk of President Obama’s stimulus package for commercial gain, the data is incidental (in fact, paying to secure it only reduces your bottom line): what’s important is the subsidy;
* if you’re an insurer, EPRs mean being able to get sufficient detail to judge – automatically if at all possible – whether a given treatment is covered under the policy or not. In that context, the distinction between “cancer which has spread to the brain” and “cancer which has spread to the spine” may well be irrelevant, as the article notes;
* if you’re the patient or the physician, of course, that distinction might be highly relevant… but in the example given, the data in the EPR was ambiguous because it was designed primarily to meet the insurer’s requirements, rather than those of the other relevant stakeholders.
So what EPRs mean depends on things like who you are, what you’re doing with the data, where you’re doing it, why you’re doing it, and very often even when you’re doing it… (it’s one thing to need data urgently in the heat of emergency treatment – it’s another to need it forensically post mortem).
Why’s all this an issue? Well, as the CNet article points out, the stimulus package is driving a lot of efforts to standardise EPRs and make them portable, interoperable and consistent. At a syntactic level, that raises one set of problems (which experience suggests are solvable with time and effort). At a semantic level, as the contextual examples show, the problems are of a quite different order of difficulty.
That’s the point at which the technical work on interoperability needs to be complemented by work on contextual factors like policy, regulatory measures, user consent and control, and matching purpose of collection against purpose of use. These are the kinds of question we have worked on for some time in the Liberty Alliance Public Policy Expert Group (PPEG), and which I confidently hope will continue to grow into a compelling work stream under the Kantara Initiative. Also in the Kantara structure there is a proposal for a Health Information Assurance (HIA) Work Group, whose draft charter you can find here. I will be adding a draft charter for the Privacy and Public Policy Work Group (P3WG) within the next few days, and that will include a goal of effective liaison with the HIA group.
Precisely because EPRs raise so many issues – both within and between different national healthcare and regulatory systems – this work needs to be able to draw on a broad range of expertise. Please have a good look around the Kantara website; there are many levels at which you can participate in this work, and I would encourage anyone with a stakeholder interest in EPRs to do so.
–posted by Robin Wilton, Director of Privacy and Public Policy, Liberty Alliance