A D IFFERENT APPROACH TO PAT IENT CONSENT
@FHIR_FURORE #FHIR #FHIRDEVDAYS2016 @PATIENTSCO
AIM: ADOPTION OF PRIVACY LABELS BY FHIR COMMUNITY
http://build.fhir.org/consent-example-pkb.html http://build.fhir.org/consent.html
Pharmaceuticals
Pharmacies
Secondary care/Hospital Community teams
Employers
Relatives
GP
Charities & Patient Advocacy Groups
Government & Commissioning bodies
Researchers
Social services
Mobile device and app developers
Patient
Primary care services
Specialist services
THE PROBLEM – SPECIALISATION CREATES FRAGMENTATION
• Integration and consent based on institutions trusting each other… this trust cannot scale
• Patient excluded from data and consent but is de facto integrator across institutional silos
Hospital services
GP
Current ways to empower the patient gives them access to lots of information in lots of places, e.g. patient access to primary care physician information or hospital information on a patient portal.Fundamentally flawed:• The patient doesn’t own the data• Often read-only• Tied to an organisation or a software provider• Multiple sites, multiple logins• Patient can’t share information with anyone
else• They are not portable
TRADITIONAL PATIENT PORTALS REPLICATE FRAGMENTATION
Apps and devices
Pharmaceuticals
Pharmacies
Secondary care/hospitals
Primary care health services
Employers
Relatives
GP
Charities & Patient Advocacy Groups
Government & Commissioning bodies Researchers
Mobile device and app developers
Community teams
Specialist services
Social services
THE SOLUTION – INTEGRATE ON THE PATIENT
BUT… TRADITIONAL PRIVACY MODELS NOT FIT FOR PATIENT• Patient does not
understand the medical terms
• Consent axes not clinically useful
SOLUTION: PRIVACY LABELS
• Granular consent to share information driven by the patient
• Legally auditable ‘break glass’
• Permissions for secondary usages of data
ABOUT PATIENTS KNOW BEST
PKB IS A SOCIAL ENTERPRISE
Patients Know Best is our mission statement. We achieve this by each person:1. Owning a copy of all health information about them2. Understanding what this information means3. Using this understanding to make a shared decision with family and professionalsThe person owns all health data in his or her PKB account. Control over access to the data is legally enforced through this ownership and technically enforced through encryption. No one can decrypt these health data without the permission of the person.
SECURE AND SAFE• All information stored on the secure NHS N3
network in the UK, or in-country servers in other territories
• Can be used in any secure environment in any country
• Overcomes liability and data protection as the patient is sharing their copy of their information
• Information encrypted in transit and storage
• Unique private key encryption, so only the people the patient trusts can see the information
• Full medico-legal audit trail
• ISO 27001 compliant in the UK HIPAA in the USA
ACCESSIBLE AND INCLUSIVE
Translated into 19 languages and can be changed between versions instantly
• Cloud-based - No installation required or infrastructure• Designed for simplicity of use• Access information offline• Dedicated smartphone app• Compatible with all browsers
OUR DEPLOYMENTS
80+ live sites across the UK• Hospitals• CCGs• Mental health• Community services• Local Authorities (social services)• Charities• Specialist centres• Device manufacturers• Pharmaceuticals• Software providers
7 Countries worldwide
PATIENT-CONTROL AND PRIVACY LABELS: THEORY
4 PRIVACY LABELS
Each data point labelled into one of: general, mental, sexual or social care• No more than four: too complicated• No sub-divisions: reduces privacy
Defaults for most patients not to need to do anything• Team authorship e.g. everything psychiatry team
enters is labelled as mental health• Overrides by code e.g. CD4+ count is “sexual health”
because it is for HIV patients
Patient can override anything• E.g. make a discussion “sexual health” even though it
started with a
NO CONSENT NO ACCESS
NO CONSENT NO ACCESS
This initially worries professionals but• Patient can already to hide from professional• With control, patients open up more of their record• Pediatric features allow protecting children
Power of control but not burden of control• Delegated access means professional can change permissions
on behalf of patient• Break-the-glass for emergencies (with logs and alerts to later
punish misuse)
Patient can completely disable sharing• E.g. for celebrity or privacy-conscious patient• Go through informed consent process so understand safety
implications• Switches off break-the-glass, delegated access, and sharing
with anyone (except the patient)
PATIENT-CONTROL AND PRIVACY LABELS: PRACTICE
SECURE SINGLE INTEGRATED DIGITAL CARE RECORD (IDCR)Hospitals• Chelsea & Westminster Hospital NHS Foundation Trust• The Hillingdon Hospitals NHS Foundation Trust• Imperial College Healthcare NHS Trust• London North West Healthcare NHS Trust• Royal Brompton & Harefield NHS Foundation Trust• The Royal Marsden NHS Foundation Trust• University College London Hospitals NHS Foundation
Trust• West Middlesex Hospital NHS TrustCommunity• Central and North West London NHS Foundation Trust• Central London Community Healthcare NHS Trust• Ealing Integrated Care Organisation• Hounslow & Richmond Community Healthcare NHS
Trust
Social care• London Borough of Brent• London Borough of Central London• London Borough of Ealing• London Borough of Harrow• London Borough of Hillingdon• London Borough of Hounslow• Tri-Borough (City of Westminster, Royal Borough of
Kensington & Chelsea, London Borough of Hammersmith & Fulham)
Mental health• Central and North West London NHS
Foundation Trust• West London Mental Health TrustPayers• Brent CCG• Harrow CCG• Hillingdon CCG• Central London CCG• Ealing CCG• Hammersmith and Fulham CCG• Hounslow CCG• West London CCGOther• North West London Whole Systems
Integrated Care• Co-ordinate My Care (London wide)• Urgent Care Centres (CareUK and LCW)• 111 service• London Ambulance Service• Third Sector Organisations (National,
London wide and local)
1.COORDINATED CARE
TEAMS
SYMPTOM TRACKERS, MEASUREMENTS AND RESULTS
FEATURES:• Lab results and
information direct to the patient from all connected sources with full medico-legal audit trail
• Monitor symptoms at home, take measurements and share
• Track medication compliance
BENEFITS:• Reduced burden on
telephone service or follow-up appointments to send and discuss results
• Removes unnecessary duplication of tests
• Prevent unplanned admissions through early identification of problems
• Medication reconciliation increase patient safety and reduces adverse events
TELEHEALTH, SOFTWARE/APP AND DEVICE CONNECTIVITY
FEATURES:• Over 100+ consumer and
medical devices connected
• Digital ecosystem through open APIs integrating a wide range apps and software, from decision support, health coaching and condition specific apps
BENEFITS:• Cost effective at home
monitoring, e.g. cheaper to provide blood pressure cuff then some someone to take reading
• Supports junior staff leading patient care
• Increase engagement with patients through device connectivity
• Create a future-proof and scalable solution through a marketplace of apps that support every patient
W H AT C A N B E AC H I V E D W I T H A PAT I E N T- CO N T R O L L E D R E CO R D ?2. COMMUNICATION
Encounters• Across all channels (online and offline)• All care settings (primary, secondary,
tertiary, home care and social care)• Messages start with the privacy label of the
author (e.g. diabetician writes general health and psychiatrist writes mental health)
• Patient can change if the encounter’s contents become more private
• Online encounters already reducing offline encounters costs while increasing speed and safety
COMMUNICATION
3. CARE PLANNING
SHARED CARE PLANNING
FEATURES:• Complete assessments and
reviews remotely• Update care plans remotely
and collaboratively, e.g. change medication regimes
• Embed video, podcast, webpages or other multimedia information resources
• Capture national datasets, PROMS and PREMS from multiple stakeholders
• Ability to create patient registries
4. RESEARCH
RESEARCH
• 92% of patients want to open up their record for research
• Government disease registries and patient disease non-profits can get data from the patient…
• ... By first giving something to the patient
• This cooperation with the patient builds a complete record: all the institution-entered data as well patient-entered and device-measured data
AIM: ADOPTION OF PRIVACY LABELS BY FHIR COMMUNITY
http://build.fhir.org/consent-example-pkb.html http://build.fhir.org/consent.html
“ ”
THANK YOU@FHIR_FURORE
#FHIR#FHIRDEVDAYS2016
@PATIENTSCO
I really like this service... having a way of interacting with clinicians that mirrors how people use online facilities is brilliant
CIE / PKB DEMONSTRATION
Patient Bertie Bulldog logs in to see full record
Discussions page shows all encounters and privacy labels
Diagnosis page shows all conditions and privacy labels
Laboratory page shows all test results
And each test result…
…has privacy labels for each valueThe source of a test result is more private than the test result is, e.g. a full blood count ordered by a GP vs a GUM clinic.
Hospital pre-configures which specialties assign their data to which privacy labels for test results transferred automatically via HL7 API.
Patient can change individual test result valuesPKB will eventually allow a patient to classify all test results (e.g. all CD4 counts) as private regardless or who ordered them (e.g. GP vs GUM clinic).
Patient can see which teams have access to which privacy labels
Professional logging in can see data based on privacy label permissions
Professional logging in can see data based on privacy label permissions
Professional logging in can see data based on privacy label permissions
Professional logging in can see data based on privacy label permissions
If patient changes permissions...
...changes what team sees
COMPARISON OF SHARING
HOW A PROFESSIONAL CAN GAIN ACCESS TO THE RECORD
NWL professional without access to patient’s record
Professional can get explicit consent...Click “Ask for access”
...or document existing implicit consent...Click “Ask for access”
...or break the glassClick “Ask for access”
The implicit consent process allows documenting and proceeding to accessNo need to wait for patient permission, just legal audit trail and notification for patient of what happened.