New Patient Privacy Rights CTO wants to shake group's anti-tech image

By Neil Versel
06:52 am
Share

Adrian GropperThe Patient Privacy Rights Foundation, the organization founded by Texas psychiatrist Dr. Deborah Peel, is trying to shed the perception that it is anti-health IT by naming physician-entrepreneur Dr. Adrian Gropper its first-ever chief technology officer.

Gropper, who founded picture archiving and communications system (PACS) vendor Amicas in 1996 and launched ill-fated personal health records (PHR) company MedCommons in 2004, and has had a hand in the creation of the Direct Project for health information exchange, tells MobiHealthNews that he will be advocating for greater patient control over their own care. "I want to move to have patients being first-class citizens in everything that happens, and not just in health information exchange," Gropper says.

Gropper has been advising PPR for more than a year, but the Austin, Texas-based organization recently decided to bring him on in a formal role as CTO. Like Peel, Gropper is working on a volunteer basis, he says.

Peel has been called a Luddite by some in the health IT industry who believe her relentless focus on patient control of health information and criticism of data mining has impeded progress toward building a connected health system. Gropper, who is based in Watertown, Mass., believes that perception is out of date. "I think that PPR has turned the corner [on health IT] as much as the world is turning the corner," he says.

Gropper says a lot of his work on health IT standards and policy at the federal and state levels is facilitating this change. Gropper helped develop a secure email system for Direct and was involved in the creation of Blue Button+, an initiative to translate the plain text of the Blue Button format into a more user-friendly, patient-controllable format.

The Office of the National Coordinator for Health Information Technology (ONC) is considering whether to recommend Blue Button+ for Stage 3 of the "meaningful use" EHR incentive program.

Gropper calls transfers by Blue Button "patient-directed exchange," while Blue Button+ is "patient-mediated," in his opinion.

"Blue Button+ does not control what it is that's being exchanged," explains Gropper. Users can exchange any kind of data that an EHR can accept, Gropper explains. "It's not like Blue Button because the patient is not in the middle," he says. "The patient does not have to be involved [in the transfer of data]."

"It's half a solution to segmentation of records," Gropper continues. PPR has long been pushing for EHR vendors to allow patients to "segment" out sensitive parts of their records – data on mental health treatment or sexually transmitted infections, for example – that may not be relevant to other healthcare encounters.

Segmentation has two components: the splitting of records into segments and the sharing of appropriate parts with designated users. Gropper says Blue Button+ facilitates the latter. "Blue Button+ is the key to patient-mediated exchange," Gropper asserts.

Blue Button+, which is compatible with the OAuth open authorization protocol, also can address a lingering concern in health information exchange, according to Gropper: "How do you solve this problem of patient ID that's been dogging data sharing for years?" He answers his own question. "Blue Button+ can centralize authorization," Gropper says, while Direct e-mail addresses can serve as patient identifiers index. Patients can have more than one address for the purpose of segmentation.

Gropper does not think about HIE in terms of security, but rather in terms of privacy. "This is the critical story from PPR," he says.

Although Peel has warned about unencrypted data on mobile devices, proper controls such as encryption and policies against storing personal health information on smartphones, tablets and laptops can make mobile technology just as safe as fixed systems. "There's nothing magical about mobile in terms of security," Gropper says.

On May 13 in Mountain View, Calif., Gropper will debate Arien Malec, VP of clinical solutions strategy at RelayHealth, McKesson's health information connectivity subsidiary, about the best approach data liberation. According to the session description from the conference, a Health 2.0 production called Health:Refactored, "Are we better off relying on patient access and control, or should we be building from the base of provider systems?"

Gropper believes in patient control, while Malec, who coordinated development of the Direct Project at ONC, will be arguing the opposite viewpoint on behalf of the CommonWell Health Alliance. That alliance, announced in March, is an interoperability partnership between McKesson, Cerner, Allscripts Healthcare Solutions, athenahealth and Greenway Medical Technologies.

The Society of Participatory Medicine, which has no formal relationship with PPR to date but does have similar goals, questioned whether CommonWell was committed to allowing patients to access their own health data. "Interoperability may be a 'cornerstone' of health care, as your website puts it, but it is only an enabler. In order to achieve the long-standing public policy goal of patient-centered care, health information technology must enable provider-patient partnership through data access," that organization said in a letter last month.

Share