Last week, I had the opportunity to testify before the Green Mountain Care Board, a Vermont state institution tasked with ‘ensuring that changes in the health system improve quality while stabilizing costs.’ I spoke briefly about a proposed policy change that would make it simpler for patients to give consent to all of their care providers who want to access their electronic health record via the VT state health information exchange (VHIE). I wrote down my comments and submitted them, and I thought I’d include them here (embellished a little bit after the fact):
2/13/14 Green Mountain Care Board comments – Consent Policy change
I’m Katie McCurdy. I’m a patient and user experience designer, and I live in Burlington. I’m speaking today both as a chronic patient and as a designer who spends a fair amount of time studying systems and human behavior. I’m speaking in favor of the global consent policy change.
As a patient, I have experienced negative consequences when information was not immediately available to my providers at the time when they need it.
Example 1: A few years ago I was in a position of seeing multiple providers – a number of specialists and a primary care doctor – in an attempt to get a diagnosis. These providers all used different EMR systems. I ended up having the same exact same bloodwork done multiple times, in multiple locations, within a very short time period.
Example 2: When I moved to a new city, I had to have new diagnostic testing done because the previous results weren’t readily available. I had to pay more money and had to have a somewhat upsetting test re-performed, because it was easier to re-do the test rather than jump through the hoops to get my records sent.
Example 3: I traveled last year to see a few specialists. In order to try to minimize duplicate testing, I carried around all of my results in this heavy binder. I was *the* expert in my health history, Johnny on the spot with my results. But that burden was on me. And I am a very atypical patient – most patients do not carry around huge binders of their records, and they shouldn’t have to.
What I have experienced is similar to what many other patients have experienced: when there exists friction in a system making it at all difficult to access prior records or records from other systems, providers are going to do the most efficient thing – which is often to simply reorder the test or procedure instead of jumping through hoops to obtain it. This results in waste and contributes to the high cost of healthcare. By removing much of this friction through this consent policy change, we simplify the experience for patients and give providers access to the information they need, when they need it.
If I’m going to see a new doctor in Vermont, and I make an appointment with that doctor, I don’t want to fill in 37 intake forms. I don’t want to have to provide individual consent forms for each provider I see in VT. I don’t do that at Fletcher Allen – when I make a new appointment with doctor in that system, they can automatically see my history. That’s the magic and promise of health information exchanges; that information can flow freely through the system and that it is conveniently, immediately available to care providers.
As a designer looking at this from a product standpoint: I know that most people don’t want to have to heavily customize a product. They just don’t have time. People like things that ‘work’ out of the box. We have the opportunity here to offer a system that ‘just works’ and that is simple and efficient for patients.
Finally, I did have comments about the suggestion from the ACLU that care providers should have to ‘click a checkbox’ every time they access a patient record. As a designer who works on websites and apps, many of these containing highly sensitive and personal health information, I understand the underlying need to ensure that those who access the records are doing so deliberately and only in the course of caring for a patient. However, there are some usability and behavioral reasons why an additional checkbox is not an ideal solution:
- It adds a repetitive step that providers will take over and over throughout each day; this repetition will quickly lose any meaning, negating the very reason for including it in the first place
- Adding another ‘click’ means adding time to access the record (and increasing the possibility for errors if they submit without the checkbox clicked) – time that providers don’t have to spare
I suggest that the board and VITL take into account the underlying concern of the ACLU – that care providers will access a patient record in error or malevolently – and find alternative ways to help mitigate these concerns that do not add time or effort to the process of accessing patient information. Some ideas:
- Incorporate language into the sign-on screen that reminds providers about privacy concerns
- Make buttons or other calls-to-action more descriptive – instead of the ‘Continue’ button that many people mentioned in the board meeting, make the button say ‘I have consent to view this record’ (well maybe something more brief, but you get the idea.) The language could surround the button as well.
- Find other key moments to incorporate this language, as needed.
- Incorporate a function into the VHIE for providers who accidentally access a patient record – so they can say ‘I accessed this record by mistake’ and that fact is logged,instead of the system having to guess whether an accidental access occurred or not.
- I believe VITL is already thinking in this direction, but I believe the best possible security mechanism for this system would be to provide patients with proactive notifications of who is accessing their record. If they believe a person or institution is accessing it in error or with harmful intentions, the patient can flag that and take action. Let patients help with this difficult problem, and give them some transparency and ownership in the process.