Hippocratic Oath 2.0
Spotlight on physician-led solutions to the problems facing medicine.
About three years ago, a woman walked into my office whom I never met (for the sake of this piece, we will call her Jane). She was guarded, quiet, shy. Although I asked numerous times what I could do for her, she would simply shrug her shoulders. Every visit was a guessing game but soon enough I would earn her trust and come to understand why her behavior was guarded. I learned she was part of a sex traffic ring and the man who accompanied her, was trafficking her. Eventually, she would escape the horrible situation she was in however gaining her trust took time. I remember telling her during each visit repeatedly (there were nearly twenty of them in six months' time), “You can trust me. I promise you, there is no one on this planet who will know about the conversations taking place between you and me in this exam room. ” I would later come to find this to be untrue.
Nearly a year after this, in the middle of some random sleepless night, I was strolling through Twitter. I stumbled across a post that caught my attention pertaining to the selling of healthcare data. This was the first time since becoming a physician that I learned corporations actively purchase patient healthcare data, stripped of identifying information. I instantly thought about Jane.
Perhaps I was naive, however, I was clueless to this process. My patients’ personal data (that I spend hours entering in the electronic medical record daily), meant only for the purpose of delivering healthcare, was being read, purchased and advantageously used by third party companies for profit. I had to run this process through my head systematically to understand.
A patient comes to see me, the physician. The patient tells me their concerns, complaints, symptoms. I diagnose them. The patient and I discuss the treatment plan. I prescribe any needed medications, physical therapy, diagnostic testing, etc. I answer the patient’s questions. The patient leaves. I document the events of the encounter like a journal that allows me to track past visit complaints, ongoing medical conditions, and treatment plans. What once was a journal of documents meant only to be read by myself, other healthcare workers and the patient, is sold to the highest bidder. In addition to this, I learned patient prescription information is also tracked and sold. I instantly fell back into my twelve-year-old self. I felt the same sense of mortification as I did when my brother took my diary to school and shared it with all of his friends. Just as I did then, I felt completely violated however this time it was on behalf of my patients.
While sharing my disappointment around this new revelation with a fellow physician colleague, I learned about HPEC and it’s birth story. When Dr. Leah Houston, an emergency room physician and founder of HPEC, moved across the country to take a job in a new hospital system, she would come to learn that her medical credentials (more on this below) were still being used by her former employer inappropriately to bill for services rendered by mid-level providers. While Jane’s data was being sold for third party profit, Dr. Houston’s data was being used for profit by this former healthcare system. This IS medical credential identity theft. This event, although devastating, gave birth to the concept of HPEC.
Now to understand HPEC, physicians first need to understand the tangible value existing to the education gained from both medical school and residency. Upon graduating from medical school, a physician is assigned a set of numbers unique to them. These unique sets of numbers ultimately grant physicians the authority to practice medicine in the United States. The most common are: medical license number, NPI (National Provider Identification), and PTAN (Provider Transaction Account Number, used for Medicare billing). Our education is our product development. Our services as physicians are our finished product. Our unique numbers are like our patent, i.e. our intellectual property. These are our credentials.
These numbers we earned and OWN are equivalent to a personal social security number. They allow hospital systems to bill for and be reimbursed for services rendered. Without these numbers, there is no financial flow into the system. However, when we become employed by a healthcare system, we give these numbers away to be used at their discretion. This creates a shift of power from the physician to the system he/she works for. This is how the healthcare system has become so powerful.
So, what is the solution? Again, enter HPEC.
HPEC uses blockchain technology in order to achieve two main purposes. One, to protect the confidentiality and privacy of the patient physician relationship, and two, to restore ownership and control of our hard-earned credentials.
Let us use Jane as an example. Jane comes in to see me, her physician. This encounter is then documented by me, in a chart note stored in the electronic medical record physicians have been forced into using. Each patient has their own digital chart in which chart notes, diagnostic and test results, etc are stored. Today without Jane’s permission or mine that chart is then stripped of identifying information such as name, social security number, medical record number, and date of birth, and then packaged and electronically sold to third party companies for data collection. The time physicians spend charting, documenting, data entering, is so information can be easily packaged and delivered when purchased. For instance, if a pharmaceutical company wants to know how many women in any region have a history of breast cancer, with use of the EMR, that data can now be easily compiled by a data analyst to be sold for other’s use.
HPEC is the technology that will prevent this from happening. After each patient-encounter, HPEC will translate the associated chart note into a digital code that only myself, other healthcare workers and the patient could access. Each chart note becomes a link in a chain. The next encounter will create yet another piece of the link, using part of the code from the first to recreate a new one. This continues to the point where a full chain is formed. In order for this to be read by another (i.e., decoded), permission is required from one of the two owners, the physician who created the note or the patient to whom the note pertains. Unless granted permission, those trying to access the patient's chart, would see nothing more than a complex series of unique numbers. Thus rendering it useless.
To describe HPEC’s other main feature, let’s use Dr. Houston as an example. If blockchain technology for credentialing existed when she moved from one hospital system to another she would have been able to deny access to the previous system’s use of her billing information. In addition to this, she would have been notified immediately if a billing encounter was entered fraudulently under her credentialing numbers. HPEC will allow physicians to remain the sole owner of our unique credentialing numbers and furthermore, allow us to grant and revoke permission to the systems employing us. As a result any transaction made inappropriately after we left a system could easily be identified and denied. This would be very similar to how a credit card transaction can be denied upon learning a transaction is fraudulent.
Many of us think that HIPAA is a privacy act, but I was shocked to learn from Patient Privacy Rights that it is actually more of a regulation around the storage and selling of our patients electronic private health information. Digitally protecting patient information and our credentials needs to be reflected in how we view the Hippocratic Oath as we move forward in the future. It is incumbent upon us to protect our patients in the new digitally driven medical system. It is our responsibility to ensure what is shared between the patient and the physician, whether stripped of identifying information or not, remains private and confidential. Patients have a right to know this model of data purchasing is happening, making it the physician’s duty to prevent it. We must learn about, adopt and endorse the tools that help us protect our patients' privacy. HPEC is the building tool to get us there.
Just as the healthcare system has been carried into the digital era, so is it time for the Hippocratic Oath to do so as well. Never has there been more of a time than now for the Hippocratic Oath to be updated to it’s 2.0 version so that patient safety can remain above all else.
HPEC will achieve this for us. Click on this link to invest in the future of healthcare.
Follow Dr. Megan Babb on Twitter @MeganBabb1522 and @mbabb1522 on Instagram