Health Information Blocking–Example 1

For-profit healthcare providers, hospitals, health IT developers and EHR vendors are using subtle (the “letter of the law”) and not so subtle (health information blocking) methods to keep the Protected Health Information (PHI) in our designated record sets from us, the patients. The practice of health information blocking, where those in control of our PHI knowingly interfere and intentionally limit access and exchange of our PHI, is widespread. I have personally witnessed these practices repeatedly.  Our government calls my observations “anecdotal” and does not seem  in any hurry to convert the “anecdotal” observations into empirical scientific data.  This would require “engaging” patients to report the abuses.  In the blocking report cited above, our government does not call for patient input to document specific blocking, but rather chooses to only work with members of HICUP (BB Brigade acronym for those who are engaged in the business of health care in the USA). In this blog post, I will present my first health information blocking example, an “anecdotal” observation that can be investigated further, if the government wanted to unearth the truth.

Health Information Blocking Example: My Unshareable Mammogram Image

After getting my yearly mammogram at the local hospital imaging lab recently, I requested an electronic copy of the mammogram image file and was given a CD that I was told contained my image file.  Upon arriving home, I put the disk into my CD drive and planned to transfer the image to my Personal Health Record (PHR).  I was shocked to find that my xray image was “packaged” into an executable program that allowed me to view and print this image from the CD but did not allow me to save the image for sharing. The save option in the program had been intentionally disabled!

health information blocking example

Let’s look at the law and my rights.  In Individuals’ Right under HIPAA to Access their Health Info 45 CFR § 164.524:

“The Privacy Rule requires a covered entity to provide the individual with access to the PHI in the form and format requested, if readily producible in that form and format, or if not, in a readable hard copy form or other form and format as agreed to by the covered entity and individual”

This read-only (a letter of the law interpretation of “readable”) executable file was not a format that I agreed to.  I was given no choice.  The Medical Records personnel informed me that the mammogram image I received on the CD is the only format they had available. They were trying to convince me that other image formats are not  “readily producible”.  I find this very hard to believe since the read-only executable program is an add-on program provided by a third party software company different from the GE Healthcare and Cerner Electronic Medical Record databases I observed when I inspected my Protected Health Information (PHI) on a computer in the Medical Records Office of the hospital.

They never asked me what format I preferred.  I would have taken any standard image format commonly available (DCM, JPEG, etc) of sufficient resolution to be worthwhile for evaluation by another healthcare provider.   This “packaged’ read-only electronic copy is on a media that could become obsolete in the near future when I might need it.  To add insult to injury, I was told this “packaged” read-only copy was to guarantee that I, the patient, wouldn’t tamper with it!!!!  Since they had the original, I don’t see where this concern is valid.

I had also requested for EHR patient portal signup and after giving my email address, I was told I would receive an invitation.  When I signed in to my portal, the mammogram image was nowhere to be found.   I called the hospital medical records office and requested that my mammogram image file be placed on my EHR patient portal so that I could email it to myself. I was told that this was not an option.   I asked if they could send it to me by email.  They again said they could not send it to me because it was insecure and they had to safeguard my privacy.

Again quoting from the above online HIPAA government website:

Do individuals have the right under HIPAA to have copies of their PHI transferred or transmitted to them in the manner they request, even if the requested mode of transfer or transmission is unsecure?
Yes, as long as the PHI is “readily producible” in the manner requested, based on the capabilities of the covered entity and transmission or transfer in such a manner would not present an unacceptable level of security risk to the PHI on the covered entity’s systems, such as risks that may be presented by connecting an outside system, application, or device directly to a covered entity’s systems (as opposed to security risks to PHI once it has left the systems). For example, individuals generally have a right to receive copies of their PHI by mail or e-mail, if they request.”

The mammogram “report” (one healthcare professional’s interpretation of the image) was sent to my general practitioner who placed it on his EHR patient portal so that I could electronically download it. I asked my general practitioner if he got a copy of my mammogram image file and he said no. I then asked him why not? He simply shrugged his shoulders. Obviously our government’s hope for “interoperability” within the private healthcare industry is not filtering down in any “meaningful” way to the patient.

The Bottom Line

I believe that the above situation is an example of health information blocking.  Withholding  access to my actual mammogram image file in a format that is readily shared for coordination of care is an  intentional act to keep the actual file from the patient.  The hospital medical records office personnel simply told me to take what they gave me and go away.

A read-only packaged program that contains my mammogram image is not the same as getting a copy of the high resolution image file.    In the world of non-proprietary software, it would actually be easier to electronically copy the original mammogram image than it would be to place it in a third party software program.  This, of course, assumes that sharing health records electronically with patients is a goal.

Leave a Reply

Your email address will not be published.