One consequence of giving patients ownership of their records is that they need a way to control access to those records.
Historically, signing over control of your health care to the professionals implied complete trust in the experts to do what was best for you. For many, what happened depended as much on where they lived than on what they wanted.
In patient-centric care, patients have choice and decision-making is shared – “no decision about me without me”. In this world, ultimate control over who to trust lies with the patient.
Breaching information barriers
Patients can be frustrated to visit a clinic only to find it without access to lab results, previous side effects of medication, MRI and X-ray images, or clinical letters that they know are filed down the road.
The inability to share information between organisations creates repetition and delay leading to adverse impact on costs and outcomes.
As articulated by National Voices, patients have complex and individualistic webs of care, but they expect the participants to know their test results, medication history and what happened when.
A typical patient journey may involve various health services, social care, voluntary services, family members and friends.
To enable webs of care using electronic health records, organisational boundaries should not create the barriers to information flow that they do today.
Making patients the data controller
For effective webs of care to be established as the norm in scalable communities, such as in assisted living, patients need an agreed way to communicate their wishes (who can access what aspects of records when and where).
They also need empowerment to give and withdraw consent as and when they wish. Such control might increase the patient’s level of trust in distributed access to their records.
Conveyance of the patient’s consent using interoperability standards allows others to see who they trust, irrespective of that person’s status or organisational affiliation.
With such a mechanism in place, the patient would become the data controller for uses of their records beyond the perimeter of the originating organisation.
If patients are not well enough to do this themselves, a mechanism for delegation of that responsibility to another named person is required.
miConsent shows the way
Realising webs of care depends on services for managing (a) personal identity - efficiently resolving electronic ID and authentication concerns and (b) patient-controlled consent.
The former is a common problem and the mechanisms to achieve it are continuing to evolve and improve.
Regarding (b), in 2011 the UK Technology Strategy Board funded the miConsent project as part of its Trusted Digital Services Programme which has specified how to register and enforce patient-controlled consent to access selected distributed records.
It uses international standards including extensible access control mark-up language (XACML) and the HL7 Consent Directive.
The miConsent project demonstrates how patient consent can be established and enforced across care webs. With the patient at the centre, authenticated individuals can see the information they need, tracking the patient’s journey across organisation boundaries.
Tim Benson – Abies Ltd
Paul Cooper – IMS MAXIMS
Pete Burnap – Cardiff University Sintero Project
Ed Conley – Cardiff University Sintero Project
