The rise of COVID-19 in many ways pushed the American healthcare system to the limit and into the future. For doctor’s visits today, instead of finding a babysitter, looking for a parking spot, and then having to sit in a crowded waiting room, many Americans are now accustomed to being able to “phone it in” for their medical appointments.
Each week there are new stories about how telehealth is helping everyday Americans and making healthcare more accessible. Recently, a dermatologist relayed how he was able to examine a longtime patient’s burn wounds and provide timely instructions as to what the patient should do next. Also, I have heard promising stories of increased access to mental health services—a critical component for maintaining a healthy mind during this pandemic.
COVID-19 is a key reason for the leap into technology-supported healthcare. But in this new frontier, we must balance the safety and security of the doctor-patient relationship with the ability to easily access our own health records.
When the 21st Century Cures Act became law in late 2016, it made great strides to improve the interoperability of healthcare data and electronic health records. Both as a physician and a patient, I have long been frustrated by the difficulty of efficiently accessing patient records. This experience drove me to write this part of the law.
Patients should control their records. It’s easy to change a credit card or phone number, but biometric indicators and identifying traits are permanent. To safeguard against identity theft, discrimination and preserve individual privacy, patient records must be secure. Security measures should not come at the detriment of usability. If a patient and their doctor have difficulty accessing electronic health records, the patient’s care will suffer.
This March, the Office of the National Coordinator for Health Information Technology released the final rule required by the Cures Act. This rule eliminates information-blocking and calls for developing standardized application programming interfaces that allow patients to seamlessly access their electronic health information. These APIs are required to adhere to the same security protocols that banking apps utilize.
In many ways, COVID-19 has exemplified why EHR interoperability and the modernization of our public health data infrastructure are essential. The flow of data between clinical care and public health systems often relies on dated technology, such as paper submissions and faxes, and individuals are stuck in the middle navigating paper, emails, phone calls and patient portals. Our antiquated processes slow the tracking of the invisible enemy we know face, COVID-19.
Digitizing information introduces unique vulnerabilities. Information may be stored in perpetuity and transferred virtually anywhere. As a result, nefarious actors work to uncover this information and use it against patients, doctors or healthcare organizations. In recent years, the market for stolen personal information has grown. This demand is exacerbated by COVID-19 and the lack of preparation for the flood of COVID-19-related cyberattacks.
While we cannot legislate away cybercriminals, we can reduce their ability to steal personal information by passing a federal privacy law and offering incentives for stronger cybersecurity. HIPAA governs healthcare information and must be applied in conjunction with a single national privacy standard.
Technological advances transcend sector-specific prescriptions to provide greater benefits for patients and providers. Now is the time to debate and enact privacy and security standards.
Negotiations for a federal privacy law are ongoing. Just like everything else, COVID-19 has slowed down these discussions. Congress must get back to the negotiating table to do the job for which we were elected. If healthcare professionals can go to work each day under difficult circumstances, Congress can come together to write the laws that protect them and their patients.