Who "owns" patient data?

One of the first hurdles that we had to clear as a SaaS company was the objection of providers who were accustomed to keeping their data within their offices. We called it "storing data in the broom closet", since in many offices the actual physical location of their server was no more secure than a utility closet. While the data was certainly NOT secure, it was accessible, or at least perceived as such.



In fact, there are many problems with that arrangement, among them:

• Dismal disaster recovery (DR) options. I once heard that 60% of magnetic tape backups are unusable, although that number may be high. More conservative estimates vary between 10% and 50%. Within medical offices, where there generally is no dedicated IT staff, I would lean toward the higher estimates.


• Lack of security. It would be easy for a disgruntled employee to unplug a few cables and carry the whole server out the door, or just bring in a laptop and wirelessly copy data from the server.


• Risk of physical damage. Hundreds of medical offices were devastated by Hurricane Katrina, for example, and permanently lost huge amounts of irreplaceable patient information.

So, over time, our customers have accepted the fact that they are better off letting AdvancedMD keep their data for them, as long as we provide methods (standard data exports, ODBC access, etc.) for them to get access to it.

Now doctors are being faced with more dispersal of patient information, in the form of electronic prescribing systems, RHIOs, HIEs, PHRs, etc. I'm not a doctor (obviously), but I have to believe that this new sharing of data is a little disconcerting for some.

In the Summer 2008 issue of JHIM, Richard D. Lang, EdD, writes in "Blurring the Lines: Who Owns the Medical Data Home?" (HIMSS membership required) about the very objection that we used to face, but applied in a slightly different way.

Dr. Lang says:

Healthcare IT is evolving from a physician-centric model to
a collection of disparate patient-centric applications where
all constituents contribute to a mélange of databases that
serve people and processes in many different ways. By electronically
diffusing the traditional patient record, this new model blurs
the long-established medical data home.

As a true SaaS company, AdvancedMD assumes ownership of the provider's physical data, even though conceptually the data remains the property of the provider. Similarly, if a practice contracts with a billing service, the lines of ownership become further blurred, as the billing service assumes ownership of whatever data it needs to effectively bill for the practice's services. In that scenario, the billing service contracts with AdvancedMD, not the providers, so we are an additional level removed from the actual healthcare practitioner.

For eight years, we've proven that this data model can work, and, in fact, it works extremely well. It almost seems natural that, over time, patient information will continue to be further dispersed among interested parties that play a role in the patient's care.

As a patient, I kind of like the idea of spreading my information around, as long as it's secure. The next time I need to see a PCP and can't even remember who I saw last, wouldn't it be great if my new doctor could access my medical history without me having to remember it?

I have to believe that AdvancedMD's customers are better prepared for this "brave new world" than those who are still stuck in their broom closets.