May 2007

RFID and the coming medical records storm

On my way to Columbus, OH to present on the topic of privacy and medical records, I read several interesting pieces in The Economist (28 April 2007) in a special report on telecoms. One article was particularly interesting and timely given the subject of my presentation. It discussed the current/future applications of RFID (Radio Frequency Identification) technology in health care. Commonly used as Tattle-Tape(tm) to prevent theft from retail stores and libraries, the chips are now the size of bits of powder.

It noted that wireless technologies are not new in medical care – the pacemaker is a machine that can be adjusted wirelessly – but that the trend will be toward ubiquitous integration, including deep inside our own bodies. RFID chips will communicate with other devices in the examination room as well as outside of the doctor’s office to provide a 24/7 health monitoring program. Our cell phones will be the go-between for our body and our physician. We could be blissfully unaware of any changes to our health when our phone rings to notify us we are scheduled for a visit to the family doctor or even providing directions to the nearest emergency room for an evaluation.

But notification is not the only purpose RFID chips and other similar technologies can provide. Smart chips planted near a tumor can wirelessly power up to burn any new cancer cell growth in a particular area. Chips in the digestive tract can measure the absorption of medication and alert the pharmacist to needed changes in dosage and strength.

Today, the question is how do we protect privacy while providing access to information that can move medical advances forward and allow us to better understand historic patterns in public health? In the coming years the question will shift to how do we protect privacy when there is no separation of the patient and their medical record? What happens when a person is not only the subject of study but also the document itself? What will the medical record look like? What exactly will come to the archives?

Currently, HIPAA and the Privacy Rule are trying to balance the issues of privacy protection and research use. Formulated during the rise of the electronic medical record, the legislation and regulation may become as quickly outdated as Zip drives. It will be seen as a solution based on what the needs were, not what the needs will be. The act also presumes a government’s responsibility to its citizens to aid in privacy protection. Yet, in a wirelessly networked world the government-citizen relationship is blurred and the emphasis on geographic location will wane as the demand for information and the privileges afforded by technology will rise.

Perhaps the very technology that scuttles our notion of a medical record will be the solution to privacy and access. Long vilified as a potential breach to privacy, the RFID and similar technologies could be the literal key to access. Those with permission to review medical records or to provide access to others will be the only ones able to gain access to the information. Individuals will be able to opt-in to have their information included in studies or databanks depending on their preferences without the need for patient consent forms each time a researcher submits a proposal to a review board. Perhaps the technology will ultimately give the individual what the HIPAA legislation cannot, immediate control over who can and cannot have access to their medical history.

And of course, there will be a setting to send it all to the archives.

MAC presentation

If you are attending the Midwest Archives Conference in Columbus, OH this week, I’ll be giving a talk at the session “Like Navigating through Pea Soup: Privacy Concerns in Academic and Medical Records” on Friday, May 4th at 10:15 am. My talk is titled “Hiding Information or Providing Access to Archives (HIPAA): Protected Health Information in University Archives.” It is mostly a review of the Privacy Rule and the different approaches archives take in managing collections with PHI but it also tries to look further ahead to ways we can work with the Privacy Rule based on precedents set in other federally regulated issues (e.g. copyright & IRBs) as a way for us to try and move the HIPAA conversation forward. It is the product of my previously mentioned look at the HIPAA legislation.

I’ve uploaded a copy of the PowerPoint presentation for those who are interested.