Who Has A Say In Cal INDEX Project?

The Patients Whose PHI is Stockpiled Appear Overlooked
Lucy Johns
ljohns@metacosmos.org

With impeccable timing - while you were on vacation - two of California's biggest health insurance companies announced the creation of Cal INDEX, a gigantic database of personal health information. Anthem Blue Cross and Blue Shield of California will collect your medical records from your providers of health services, combine them with the billing records from those providers, and presto! Everything about your health any provider wants to know is there for the asking.

Wouldn't that be great when you land in an ER unconscious? The doctors and nurses identify you with a couple of keyboard taps so they can treat you appropriately? You are referred to a specialist and her staff supplies all she needs to know before you open your mouth to say what's wrong? Sounds efficient, sounds convenient, sounds like about time.

Of course you will be able to see what those providers will see about you or your family members, right? And be able to check who looks at your or their personal health information? Wrong. 

You, the patient, will not have access to your own personal health information in this database. You, the patient, will not be able to correct misinformation, update information, protect information you'd rather not be passed around. You, the patient, will never know who has looked at your records, when or why.  This database has everything about you except your permission to share. 

The benefits of electronic health information exchange have been proclaimed for decades. Now that doctors and hospitals get paid by Medicare and Medicaid when they engage in electronic health information exchange, it could be predicted that your provider would shift from paper and faxing and phoning to zapping records instantly where they appear to be needed.

This would save time and trees, prevent duplication of expensive services when you forgot or were unable to tell about them, let strangers to your condition better understand whether their prescriptions would clash with drugs you're already taking. The result would be higher quality care and lowered costs. 

And your privacy? Well, it wasn't so well-guarded anyway and the lure of social media and electronic banking has lulled many people into indifference about who knows what about them. 

PHI reveals your identity and signals your personhood more than any other information about you. When you post details of your life online, you choose to. When you bank or pay bills on your mobile and something goes wrong, you can be made whole with a new credit or debit card. But suppose your medical identity is stolen – the fate of nearly two million people in 2013 – resulting in false medical records that are called up when you're unconscious in that ER?

PHI is also different in how it is perceived by those who regulate it and those who now have it. The latest federal committee grappling with standards for health information exchange in cyberspace starts with this "Health Information Technology Architecture Principle: The patient owns his or her data." Nevertheless, neither the owners of this new California Blue Cross Blue Shield database nor the providers who will send your PHI along appear to understand this principle. For their purposes, laudable as those may be, they own your PHI. 

There are a few things you can do about this. Alert your legislators and ask for public hearings.  You can also ask your health service providers what their internal policies are about sending your PHI to the Cal Index and tell them you want to be involved in the process. 

According to the Cal INDEX press release, you will, one day, receive a letter saying you can opt out.  But Cal INDEX doesn't want you opting out. This will weaken its value to the insurance companies that want to monitor every medical encounter you have. If and when you get that letter, read it carefully and discuss it with family, friends, colleagues, neighbors, experts you might know. Judge for yourself whether you trust the assertions about privacy, security and benefits you will find there. Remember: your PHI represents yourself. According to federal experts, you own it. Decide for yourself who can see that information. 

Lucy Johns is a San Francisco-based healthcare consultant.