Adoption and non-adoption of a shared electronic summary record in England: a mixed-method case study

Publisher version: http://www.bmj.com/content/340/bmj.c3111.full?sid=fcb22308-64fe-4070-9067-15a172b3aea

What Makes Health Data Privacy Calculus Unique? Separating Probability from Impact

Patient health data is heavily regulated and sensitive. Patients will sometimes falsify data to avoid embarrassment resulting in misdiagnoses and even death. Existing research to explain this phenomenon is scarce with little more than attitudes and intents modeled. Similarly, health data disclosure research has only applied existing theories with additional constructs for the healthcare context. We argue that health data has a fundamentally different cost/benefit calculus than the non-health contexts of traditional privacy research. By separating the probability of disclosure risks and benefits from the impact of that disclosure, it is easier to understand and interpret health data disclosure. In a study of 1590 patients disclosing health information electronically, we find that the benefits of disclosure are more difficult to conceptualize than the impact of the risk. We validate this using both a stated and objective (mouse tracking) measure of patient lying

Summary care record early adopter programme: an independent evaluation by University College London.

Benefits The main potential benefit of the SCR is considered to be in emergency and unscheduled care settings, especially for people who are unconscious, confused, unsure of their medical details, or unable to communicate effectively in English. Other benefits may include improved efficiency of care and avoidance of hospital admission, but it is too early for potential benefits to be verified or quantified. Progress As of end April 2008, the SCR of 153,188 patients in the first two Early Adopter sites (Bolton and Bury) had been created. A total of 614,052 patients in four Early Adopter sites had been sent a letter informing them of the programme and their choices for opting out of having a SCR. Staff attitudes and usage The evaluation found that many NHS staff in Early Adopter sites (which had been selected partly for their keenness to innovate in ICT) were enthusiastic about the SCR and keen to see it up and running, but a significant minority of GPs had chosen not to participate in the programme and others had deferred participation until data quality improvement work was completed. Whilst 80 per cent of patients interviewed were either positive about the idea of having a SCR or ?did not mind?, others were strongly opposed ?on principle?. Staff who had attempted to use the SCR when caring for patients felt that the current version was technically immature (describing it as ?clunky? and ?complicated?), and were looking forward to a more definitive version of the technology. A comparable technology (the Emergency Care Summary) introduced in Scotland two years ago is now working well, and over a million records have been accessed in emergency and out-of-hours care. Patient attitudes and awareness Having a SCR is optional (people may opt out if they wish, though fewer than one per cent of people in Early Adopter sites have done so) and technical security is said to be high via a system of password protection and strict access controls. Nevertheless, the evaluation showed that recent stories about data loss by government and NHS organisations had raised concerns amongst both staff and patients that human fallibility could potentially jeopardise the operational security of the system. Despite an extensive information programme to inform the public in Early Adopter sites about the SCR, many patients interviewed by the UCL team were not aware of the programme at all. This raises important questions about the ethics of an ?implied consent? model for creating the SCR. The evaluation recommended that the developers of the SCR should consider a model in which the patient is asked for ?consent to view? whenever a member of staff wishes to access their record. Not a single patient interviewed in the evaluation was confident that the SCR would be 100 per cent secure, but they were philosophical about the risks of security breaches. Typically, people said that the potential benefit of a doctor having access to key medical details in an emergency outweighed the small but real risk of data loss due to human or technical error. Even patients whose medical record contained potentially sensitive data such as mental health problems, HIV or drug use were often (though not always) keen to have a SCR and generally trusted NHS staff to treat sensitive data appropriately. However, they and many other NHS patients wanted to be able to control which staff members were allowed to access their record at the point of care. Some doctors, nurses and receptionists, it seems, are trusted to view a person?s SCR, whereas others are not, and this is a decision which patients would like to make in real time

Facilitating patient and administrator analyses of electronic health record accesses

The past two decades in the United States have ushered in an era of increasing ubiquity of digitized healthcare as the speed and sophistication of technology follows an ever-growing trend. Electronic health records (EHRs) are an integral part of the growing healthcare industry which offers ease of access and new functionality while simultaneously causing worries over their privacy and security. In an effort to address these concerns, much legislation has been enacted in order to tighten the oversight and requirements for accessing protected health information (PHI). Most recently, the Department of Health and Human Services has released rulemaking which requires providers utilizing EHRs to comply with patients’ requests for logs of the accesses to their records. In this work, we outline our system for complying with this regulation while easing the burden of compli- ance for providers and simultaneously providing patients with informative and satisfying information about why their accounts were accessed. We implement a system called the Multiview Audit Interface (MAI) which utilizes recent research in the data mining and anomaly detection communities to provide a unified interface for conveniently using these algorithms for patients and administrators. We then test this system on a de- identified access log from Northwestern Memorial Hospital containing months of audit data. We construct a framework for implementing these algorithms as modules, thereby recycling existing code, encouraging multi-faceted comprehensions of their results, and offering an easy-to-use interface that administrators and patients can use alike. We demonstrate the the power of three modules currently implemented and show how the extensibility of the framework can be harvested to develop modules in the future

Interpreting patient-Specific risk prediction using contextual decomposition of BiLSTMs: Application to children with asthma

Background: Predictive modeling with longitudinal electronic health record (EHR) data offers great promise for accelerating personalized medicine and better informs clinical decision-making. Recently, deep learning models have achieved state-of-The-Art performance for many healthcare prediction tasks. However, deep models lack interpretability, which is integral to successful decision-making and can lead to better patient care. In this paper, we build upon the contextual decomposition (CD) method, an algorithm for producing importance scores from long short-Term memory networks (LSTMs). We extend the method to bidirectional LSTMs (BiLSTMs) and use it in the context of predicting future clinical outcomes using patients' EHR historical visits. Methods: We use a real EHR dataset comprising 11071 patients, to evaluate and compare CD interpretations from LSTM and BiLSTM models. First, we train LSTM and BiLSTM models for the task of predicting which pre-school children with respiratory system-related complications will have asthma at school-Age. After that, we conduct quantitative and qualitative analysis to evaluate the CD interpretations produced by the contextual decomposition of the trained models. In addition, we develop an interactive visualization to demonstrate the utility of CD scores in explaining predicted outcomes. Results: Our experimental evaluation demonstrate that whenever a clear visit-level pattern exists, the models learn that pattern and the contextual decomposition can appropriately attribute the prediction to the correct pattern. In addition, the results confirm that the CD scores agree to a large extent with the importance scores generated using logistic regression coefficients. Our main insight was that rather than interpreting the attribution of individual visits to the predicted outcome, we could instead attribute a model's prediction to a group of visits. Conclusion: We presented a quantitative and qualitative evidence that CD interpretations can explain patient-specific predictions using CD attributions of individual visits or a group of visits. - 2019 The Author(s).This work is supported in part by Sidra Medicine under grant (SDR200043). The funder had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript.Scopu

The Electronic Patient Records System as Technology-in-Practice: The Impact of the Implementation of New Technology on the Routines and Structures in a Health Care Setting.

Adopting new technologies, such as electronic patient records (EPR) systems, is essential for improving inefficient practices and increasing productivity while reducing costs. However, studies show that many organizations fail to adopt technologies with demonstrable advantages. The relationship between technology and work transformation in complex organizations is poorly understood and further theoretical development is needed to advance our knowledge. This research draws on Orlikowski’s (2000) model of technology-in-practice, which suggests that the use of technology depends on how people interact with the technology and with each other over time and enact structures in social contexts. This study looks at how routines change when an EPR is implemented in a private hospital in Greece and how the technology is changed by the routines surrounding its use, aiming to explore the role of agents in implementing and using technologies in health organizations. It is conducted in two stages and is based on interpretive epistemology. Twenty-two semi-structured interviews and over twenty hours of onsite observation were conducted and analysed using a thematic approach. The findings show that the uptake of the EPR improved the performance of particular routines, the communication within the hospital, the productivity and service quality. However, in some departments different individuals introduced variations in the use of the technology and the surrounding routines. This study highlights the role of agents in implementing, using and changing a technology and refers to the technological, organizational and interpretive conditions influencing their actions. It helps researchers to understand that when a technology is integrated in complex networks, its use is less malleable than in contexts where individual actions are independent and users can shape it to fit their needs. It also emphasizes the need for designing technologies that fit the needs of end users, adequate training, strong leadership and clinician engagement in the change process

Not So Private

Federal and state laws have long attempted to strike a balance between protecting patient privacy and health information confidentiality on the one hand and supporting important uses and disclosures of health information on the other. To this end, many health laws restrict the use and disclosure of identifiable health data but support the use and disclosure of de-identified data. The goal of health data de-identification is to prevent or minimize informational injuries to identifiable data subjects while allowing the production of aggregate statistics that can be used for biomedical and behavioral research, public health initiatives, informed health care decision making, and other important activities. Many federal and state laws assume that data are de-identified when direct and indirect demographic identifiers such as names, user names, email addresses, street addresses, and telephone numbers have been removed. An emerging reidentification literature shows, however, that purportedly de-identified data can—and increasingly will—be reidentified. This Article responds to this concern by presenting an original synthesis of illustrative federal and state identification and de-identification laws that expressly or potentially apply to health data; identifying significant weaknesses in these laws in light of the developing reidentification literature; proposing theoretical alternatives to outdated identification and de-identification standards, including alternatives based on the theories of evolving law, nonreidentification, non-collection, non-use, non-disclosure, and nondiscrimination; and offering specific, textual amendments to federal and state data protection laws that incorporate these theoretical alternatives

The devil's in the detail: Final report of the independent evaluation of the Summary Care Record and HealthSpace programmes

professionals, NHS staff, service users, citizens, academics and evaluation scholars. It should be read in conjunction with our Year 1 reports on the SCR programme (May 2008) 1 and data quality (May 2008). 2 2. The SCR is an electronic summary of key health data, currently drawn from a patient’s GP-held electronic record and accessible over a secure Internet connection by authorised healthcare staff. It is one of a suite of innovations being introduced as part of the National Programme for IT in the English National Health Service (NHS) and delivered via a central ‘Spine’. Policy documents published in 2005-8 anticipated a number of benefits of the SCR, including: 3-6 a. Better care (i.e. the SCR would improve clinical decision-making); b. Safer care (i.e. the SCR would reduce risk of harm, especially medication errors); c. More efficient care (e.g. the SCR would make consultations quicker); d. More equitable care (i.e. the SCR would be particularly useful in patients unable to communicate or advocate for themselves); e. Reduction in onward referral (e.g. the SCR would avoid unnecessary ambulanc

Going Rogue: Mobile Research Applications and the Right to Privacy

This Article investigates whether nonsectoral state laws may serve as a viable source of privacy and security standards for mobile health research participants and other health data subjects until new federal laws are created or enforced. In particular, this Article (1) catalogues and analyzes the nonsectoral data privacy, security, and breach notification statutes of all fifty states and the District of Columbia; (2) applies these statutes to mobile-app-mediated health research conducted by independent scientists, citizen scientists, and patient researchers; and (3) proposes substantive amendments to state law that could help protect the privacy and security of all health data subjects, including mobile-app-mediated health research participants