Public-health researchers, officials and medical professionals rely on data to track outbreaks, advance research, and evaluate prospective treatments. One critical source of patient data comes from electronic health records (EHRs).  EHR data in the U.S. has traditionally been siloed within hospital IT systems, but the federal government and key healthcare stakeholders have recently ramped up efforts to implement greater EHR data-sharing capabilities and improve patient access to their own electronic health information.  Though the potential public-health benefits of EHR interoperability are many, these stakeholders must carefully balance these benefits against their imperative to protect and maintain the privacy of patient health data.

Public-Health Benefits of Interoperability

Electronic exchange of de-identified EHR data has already yielded real-world public-health benefits.  For example, effective sharing of patient data can play a major role in large-scale responses to pandemics such as COVID-19.  A group of medical professionals published an article in the Journal of the American Medical Informatics Association illustrating the importance of cross-border data sharing in responding to pandemics.  The authors note that EHR travel screening questionnaires can help identify patients who have recently visited areas where community spread is present.  This travel data can be used to track the spread of the disease and evaluate the effectiveness of travel restrictions and other mitigation measures.  Based on this data, public-health leaders can determine how to allocate resources such as masks and pop-up hospitals.

Researchers can also use large-scale patient data to evaluate the efficacy of potential treatments.  A team of researchers at Columbia University analyzed 30 years of medical records (representing over six million patients) to determine the effectiveness of hydroxychloroquine as a treatment for patients hospitalized with COVID-19.  Recognizing the utility of EHR data as a tool for pandemic research, several EHR vendors – including Epic and Cerner (through its HealtheDataLab) – are making aggregated patient data available to researchers in the search for treatments and vaccines for COVID-19.

For medical providers, data-sharing across sites enables more efficient patient care, which in turn helps manage patient loads.  The U.K.’s National Health Service recently contracted for Cerner to supply its Millennium EHR system in the temporary Nightengale Hospital in London.  Providers at Nightengale Hospital can access patient records and results from other sites due to data-sharing capabilities between the temporary hospital and other providers in the Barts Health NHS Trust, which already incorporates data from local and community care providers via Cerner’s Health Information Exchange.  Providers at the pop-up hospital plan to use this data to “drive quicker discharge of recovered patients and maximi[z]e hospital capacity.”

Access to unified EHR datasets, when properly leveraged, can even help to triage patients.  In Israel, Maccabi Healthcare Services – in a partnership with AI company Medial EarlySign – is using data gleaned from millions of Maccabi’s patient health records to predict which of its 2.4 million members are high-risk for severe COVID-19 complications, so those patients can be fast-tracked for testing.  Maccabi is currently talking to U.S. entities about using the system to fast-track their own patients for testing.

Balancing The Public-Health Benefits Against Patient Privacy Considerations

Patient privacy should be top-of-mind when leveraging EHR data in pursuit of the aforementioned (or other) public-health benefits.   Legal frameworks such as the Health Insurance Portability and Accountability Act (HIPAA) and the EU’s General Data Protection Regulation (GPDR) safeguard individuals’ rights with respect to the exchange of their protected health information (“PHI”) (which includes individually identifiable health information generated by certain covered entities).  While privacy laws could have the effect of stemming the flow of EHR data-sharing, these laws are intended to strike a balance between individual rights and the public health: The U.S. Department of Health and Human Services (HHS) describes HIPAA as “balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.”[1]   Thus, these privacy laws should not prevent use of EHR data for the public good if the proper measures are taken with respect to individual patients’ data.

To ensure such measures are in place, EHR interoperability stakeholders must consider a couple of key issues:

  1. De-Identifying Patient Data

Entities using and sharing EHR data may use proper de-identification or anonymization techniques to steer clear of privacy law violations.  Different laws present different legal frameworks for proper protection of EHR data.  In the U.S., HHS clarifies that HIPAA “does not restrict the use or disclosure of de-identified health information, as it is no longer considered protected health information.”  De-identification refers to the process of removing personal identifiers that could be used to trace data back to the individual.   This can include removal of names, geographic identifiers smaller than a state, telephone numbers and e-mail addresses, medical record numbers, and other types of potentially identifying data.

From a European perspective, Recital 26 of the GDPR states that “the principles of data protection should…not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable.”  Anonymization under GDPR is a difficult standard to achieve: Data is not treated as anonymous under the GDPR unless both (1) the data is anonymized in such a way as to make identification of the subject impossible (or extremely impractical), even for the party responsible for anonymizing the data, and (2) the process is irreversible. However, the GDPR also includes the concept of “pseudonymization” that may be useful in mitigating the legal risks posed by data-sharing. Article 4(5) of the GDPR defines as “the processing of personal data in such a manner that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately.”  Because pseudonymized data may be re-identifiable if the “additional information” is not properly separated from the de-identified data set, it poses a greater risk than anonymization.  Nevertheless, if the proper technical and organizational measures are implemented to protect pseudonymized data, such data may be usable for public-health purposes: under some circumstances, Article 6(4)(e) of the GDPR permits the processing of pseudonymized data “for a purpose other than that for which the personal data [was] collected.”

When using patient data for public-health purposes, the data should be protected to the most secure extent that still allows the research, and the user and sharer of such data should query whether their strategy of de-identification, anonymization or psuedonymization (in conjunction with the data security measures discussed below) is sufficient to protect patient privacy.

  1. Data Security

Securing patient data is critical.  Although patient data is less likely to be subject to HIPAA or the GDPR if it is de-identified and/or aggregated, even de-identified and aggregated data should be secured to mitigate the risk that the data could be traced back to individual patients in the event of a security breach.  The steps to properly secure EHR data can be largely broken into three categories: (1) physical safeguards (e.g., locks on servers and laptops), (2) administrative safeguards (e.g., designing comprehensive security plans, conducing security trainings), and (3) technical safeguards (e.g., firewalls, two-factor authentication).  When storing and sharing EHR data, some combination of all three categories of safeguards is likely needed to ensure proper data security.

Conclusion

Although obstacles remain in the push to implement EHR interoperability, the public-health benefits of effective patient data-sharing are undeniable.  Aggregated patient data can enable nimbler pandemic responses, streamline the research process, and help hospitals provide more efficient and effective treatment.  With the pandemic driving stakeholders across the healthcare industry to make patient data more accessible, large-scale aggregated EHR data may someday be widely available to benefit public health efforts.  At the same time, the use and sharing of such data presents real questions of privacy, and safeguards will need to be put in place to protect and secure patient data.  As we move toward a world with more readily accessible healthcare data, it will be important to maintain a balance that maximizes the public-health benefits of such data while also upholding the privacy rights of individuals.

[1] In recognition of this balance, and in light of the acute public-health needs presented by the COVID-19 pandemic, HHS announced that it would relax HIPAA enforcement against certain covered entities that chose to participate in Community-Based Testing Sites during the pandemic.