Taking Medical Records to the Bank

by Chris Dimick


Banking health data like a financial transaction is the simplest solution to healthcare’s networking challenges says William Yasnoff, founder of the Health Record Banking Alliance.


There are a lot of plans for regional and, eventually, nationwide health information exchange, but at the core of them all is the search for a system that can deliver a patient’s record completely, privately, and securely whenever and wherever needed. Much of that task rests on the health information exchange (HIE) model behind the national health information network.

The debate on HIE models is far from over, but the relatively new health record banking model is gaining more attention. Proponents say the model, based generally on financial banking, is the simplest solution to most data exchange problems. Whether it solves enough of them is still to be shown. Several states that are considering or planning health record banks may be the first to find out.

What Is a Health Record Bank?

A health record bank operates in a broad sense like a financial bank. It is an electronic repository developed to collect, store, and distribute a patient’s health records. To date, no health record bank has been built or tested, but the proposed model would function along the following lines.

Patients or payers would pay a fee to establish an account with a health record bank of their choosing. Each time a patient visits a healthcare facility, records from that encounter would be fed by the provider into the patient’s health record bank. Patients could also submit their own health data into the bank. Patients would have full access to their records through an online user interface designed by their bank, most likely linked through the Internet.

Patients would determine who has consent to retrieve their health records. Providers could access a patient’s health record bank to retrieve data, but only if approved by the patient. The bank also could be free to patients, paid for by advertising or other sources.

Perhaps the model’s biggest proponent is William Yasnoff, MD, PhD, managing partner of NHII Advisors and founder of the Health Record Banking Alliance. He says the concept of the health record bank is simple: it would offer comprehensive information to providers about an individual, controlled by that individual, and stored in one secure location.

Because the patient directly controls access to his or her information, the need for complex discussions about each state’s rules for exchange is unnecessary. The burden for consent is on the patient.

“You don’t have to have endless meetings and discussions and data-sharing agreements and millions of dollars in legal fees,” Yasnoff says. “By using this simple construct—which is consistent with individual medical privacy—you are able to eliminate this whole layer of just maddeningly complex policy discussions about who should see what when.”

A Different Approach

The banking model differs significantly from two common current models for health data exchange networks: the distributed (or federated) model and the centralized model.

In the distributed model, the patient’s records live in the facilities where they were created. Different facilities link together into a network for the purpose of exchanging data. When a provider wants to access a patient’s records held at other organizations, it sends an electronic request to the network. Several regional health information organizations (RHIOs) have adopted this model.

In the centralized model, participating organizations store a patient’s data on a centralized database. They form a community that links to the database for health information exchange, submitting and withdrawing records. Though the centralized repository is similar to that of the health record bank model, control over the record lies with the providers, who own and manage the record.

Putting Patients in Control

Patient-centered control is a central feature of the health record bank model. Patients would decide which healthcare organizations can access their records, and they could limit access to specific records.

With the records in one centralized location, it would be much easier to define access to the record than in a distributed model, Yasnoff says. Currently, patients have little control over who can access their record. “Under HIPAA, whoever has the information gets to decide who gets to see that information,” he says. “So, really, that takes away all of your privacy rights, because you don’t know who is seeing your information and who is making decisions about it.”

Organizers of distributed systems face the difficult problem of creating one set of policies for where and when information can be exchanged. Differing state and federal laws only enhance this problem for wider networks. But one set of policies will never cover everyone, Yasnoff says, because people have differing privacy needs. The easier solution is to put the information back under the control of the patient, in one centralized location.

But a nationwide health information network will never succeed, Yasnoff says, unless patients have control over how their information is exchanged. Today, many go to great lengths to hide information from certain providers in order to control access anyway. Several surveys show people partake in information-hiding behaviors because they do not want a doctor to know all their medical details, Yasnoff says. Those are the people who would fight politically to prevent any national network that didn’t allow patients the right to control their records, he says.

The thought of personal information whizzing around the country without a patient’s knowledge would spook many consumers into action against a distributed model. “Even if it were successfully implemented, which I know it can’t be, and somehow paid for, which I don’t think is likely because it is ridiculously expensive, I think that the lack of patient control will lead to its political demise,” Yasnoff says.

How Much Control Is Too Much Control?

Making patients the gatekeepers of their information may encourage trust among consumers, but it could have the opposite effect on providers. Patients may withhold data that could be important to their treatment, which would likely erode physician confidence in the record. This has been a concern in Washington state, as officials there build physician support for a state health record bank.

“The idea of giving control to the patient, for a lot of my colleagues, was a really hard one for them to wrap their heads around,” says James Hereford, chair of the Health Information Infrastructure Advisory Board (HIIAB), a group created by Washington state legislators to develop a health record bank. Washington physicians were concerned about not having access to data they needed if it were under the control of patients.

Hereford has been addressing their fears by describing that through metadata management and other audit trails, physicians could see the sources of data and “treat it appropriately,” he says. Through metadata, physicians could at least see if patients had deleted or changed information in a record, and then use their judgment on whether to trust the record. However, patients would still have the ability to exclude information from their health record bank.

Physicians worry about any system that would allow patients to change medical information in their record. Yasnoff agrees that any record editing has to be carefully controlled to ensure physicians have confidence in the information. A health record bank could be designed so that patients cannot modify information that has been deposited by providers, he says. Patients could make notes in the record, which would be viewed alongside the records generated by providers.

Scalable, but Not Invincible

Getting people to use an HIE system is its own challenge, whether you are convincing a hospital community to take part in a distributed model or convincing a consumer to open a health record bank account. But Yasnoff believes that health record banks have the best chance at succeeding. In fact, he believes that networks built on the distributed model will likely fail.

That’s because they aren’t suitable for large volumes of traffic, he says. In the distributed model, patients’ health records live in different healthcare provider systems. A provider who wants to call up a patient’s complete medical record in a distributed model network would query all providers who may hold data on the patient—a doctor’s office, a hospital emergency room, a lab, and others.

That might work in a small network, but what about when the nationwide health information network is constructed, Yasnoff asks. If it uses this distributed model, a provider would query the entire nation.

“The idea is that when you show up for care, there would be a query to the scattered [distributed] model and there would be a list of every place you have ever been, and then there would be secondary queries out to all those places,” Yasnoff says.

“Theoretically, you could have gotten care anywhere in the world,” he notes, “so the scattered model has to have real-time query interoperability with every health information system in the world. That is going to be difficult.”

Lynn Dierker sees those challenges, but she doesn’t believe networks built on distributed models are doomed. Dierker, RN, is project director for the State-Level Health Information Exchange Consensus Project, research funded by the Office of the National Coordinator for Health Information Technology to provide guidance to state and federal HIE developments. And while she sees the positives that the health record bank model offers, she doesn’t consider it the end-all answer to HIE barriers.

“There are challenges inherent in the model of having one place for all your records as well as in the distributed model,” Dierker says. Regardless of the exchange model, she notes that all HIE systems face some similar problems. Financing is a big one; so is interoperability.

Fewer Pieces, Simpler Connectivity

The problem of establishing interoperability between different healthcare providers remains for health record banks and distributed models alike. Hospitals, doctor’s offices, pharmacies, and other entities require standards to electronically submit information into a health record bank, just as they require standards to exchange information in a distributed model system.

Interoperability problems are simplified with a health record bank, Yasnoff says. Providers would develop one interface with one entity in order to exchange information. They would go to a single source to retrieve information, in contrast to the distributed model, where information must be assembled from multiple sources.

“If you leave all the information where it is, you then, for a given patient, have hundreds of sources of information,” Yasnoff says. “And the idea of querying hundreds of sources of information and integrating it every time a patient needs to be seen is just monstrously complex and expensive.”

The simplicity of a health record bank network, however, could be complicated if multiple banks develop with different standards-based interfaces. In the absence of that standard, or its universal adoption, providers would be required to develop multiple interfaces. But even so, interoperability would still be simpler for health record banks, Yasnoff says, because there would be fewer interfaces required overall.

Dierker notes that while the health record bank model may be straightforward, developing it into a national system still has its challenges. “The bigger challenges then become who sets up the interfaces between the different record banks. Who does the indexing and standardization that needs to happen?” she says.

Washington State’s Pilot Bank

Giving consumers control over their records was the main reason Washington state officials decided to pursue the health record bank model. In 2005 the state legislature passed a bill that created the Health Information Infrastructure Advisory Board (HIIAB), charged with developing a strategy for the adoption and use of electronic medical records and to facilitate health information exchange within the state.

After studying the various health data exchange models, the HIIAB board recommended the construction of a health record bank. This model offered the most consumer control with the least inherent flaws, says James Hereford, executive vice president of Group Health Cooperative and the chair of HIIAB. Heavy consumer involvement on the HIIAB board also played a role in the selection.

Currently, the pilot for the bank is being constructed. The first health records are expected to be stored and exchanged starting in January 2009, according to Hereford. “We are in the process of talking to potential pilot participants and also developing as clear as possible—as one can be—a concept and technology that really has never been created before,” he says.

HIIAB intends to launch other pilot banks. The vision is for several health record banks to operate in various parts of the state and that every resident would have access to a bank, according to Hereford.

Many Questions Still to Answer

The plan is still in its infancy. It has not yet been determined who will own, operate, and fund the pilot bank or any other banks in the future. The banks could be a public utility, operated by the state, or a privately operated and funded enterprise governed by preset standards and regulations, Hereford says.

HIIAB will develop a preliminary set of regulations, with more regulations to follow from a yet-to-be-determined entity. Communities of healthcare providers might also assemble into a RHIO to run a health record bank in Washington.

Through the pilot phase, HIIAB hopes to engage various healthcare stakeholders and get advice on how the banks should work. For now, HIIAB is using state funding to launch the pilot and searching for community partners to also contribute in the future. “We want to change the way healthcare works. We want to make sure that consumers are much more a part of it,” Hereford says.

Regulators TBD

Part of standardization is regulation, and questions remain about who would oversee health record banks and what sort of consumer protections would be in place to protect patients.

RHIOs could be the perfect entity to oversee and regulate a health record bank, Yasnoff says. If a for-profit entity develops a record bank, a RHIO could serve as a multistakeholder, nonprofit community organization that could supervise the operation of the bank. RHIO regulation could offer the confidence and trust necessary for consumers to deposit health information.

Initially, the regulations on the health record bank could be defined in the operating contract between the bank and the overseeing RHIO, Yasnoff suggests. “By contract, the health record bank entity working in a given community will have to abide by certain rules or their contract will be canceled and they will be out of business,” he says.

Eventually, state and federal regulations would take over. A current bill in Congress—HR 2991: Independent Health Record Trust Act of 2007—proposes a regulatory framework for health record banks.

Who Puts up the Money?

Who would finance a health record bank? It could be entrepreneurs in the private sector. It could be state governments, like Washington state, or RHIOs that provide seed money. Long-term funding generally is expected to come from payers and patients.

Consumers would be willing to pay for a health record bank, Yasnoff says, because they get control over access. In a 2007 survey conducted by the Louisville Health Information Exchange and the Noblis Center for Health Innovation, 24 percent of respondents said they would pay an average of $5 per month for a health record bank account.

The number is encouraging because it shows demand for the service, Yasnoff says. He does not expect banks to require complete financing through individual subscriptions.

Other funding sources could come from advertising in the health record bank and secondary uses of health data (e.g., population health studies), presumably done only with patient consent.

While some RHIOs based on a distributed model have considered charging consumers, most expect funding to come from organizations, state and federal funds, and health insurers. Making patients pay for the ability to have complete heath records brings up some ethical questions, Dierker notes. “What about those patients that are fragile, can’t afford it, aren’t with the program, don’t have any money?” she asks. “What happens to their records?”

“A Problem That Has Never Been Solved”

In the end, data exchange must succeed at the local level, and stakeholders are likely to choose the method with which they are most comfortable. Dierker was involved in the formation of CoRHIO, the Colorado network linking four of the state’s major hospital systems. That group found the distributed model worked best for the independent west. “The western culture isn’t very prone to ‘Let’s put all our data all in one repository,’” she says. “That sort of approach doesn’t really fly.”

In order for a centralized system, like a health record bank, to work, providers must agree to put their data into the same pot. That can be a difficult decision. “It was much more attractive [for CoRHIO stakeholders] to think that one owns and controls data where it lives, and that it is shared in this [distributed] model,” according to Dierker.

The first health record banks will face this and other questions. Washington state plans to implement its first health record bank in January 2009, with several other states likely to follow. The risks are high for any bank start-up, whether it’s privately or federally funded. But Yasnoff expects health record banks will flourish.

“I think on paper you can demonstrate that there is a business case. But until you actually build one and operate it, it is still not proven,” he says. “But I want to contrast this with the scattered [distributed] model approach. There are numerous examples of folks that have tried to approach the problem in that way and have failed.

“The fact is, this idea of delivering comprehensive records at the point of care, this is a problem that has never been solved.”

Chris Dimick (chris.dimick@ahima.org) is staff writer at the Journal of AHIMA.


Article citation:
Dimick, Chris. "Taking Medical Records to the Bank" Journal of AHIMA 79, no.5 (May 2008): 24-29.