Skip to content Skip to navigation

One-on-One with Palo Alto Medical Foundation CMIO Paul Tang, M.D., Part II

October 28, 2008
by root
| Reprints
In this part of our interview, Tang discusses the different scenarios in which clinicians could be presented with PHR data.

In September, the AHIC Successor organization announced its new board of directors. The news marked a major development in the groups move from a public entity to a public/private partnership, established in cooperation with the U.S. Department of Health and Human Services. The board has been tasked with developing a unified approach in creating an “effective, interoperable nationwide health information system.” One of the 15 new board members is Paul Tang, M.D., M.S., vice president and CMIO with Palo Alto Medical Foundation in California. HCI Editor-in-Chief Anthony Guerra recently chatted with Tang about his vision for AHIC 2.0.


AG: You're talking about a record that was created by a medical organization and sealed in a PDF-type way. I'm thinking of a personal health record that a patient has control over and feeds information into. Can a clinician trust a record like that?

PT: When you say the patient feeds information into it, do they enter information by hand or is it imported?

AG: Well, I guess we could take either scenario.

PT: Okay, let’s say it was imported. They’ve been seen at the Cleveland Clinic, at the Mayo Clinic and by Dr. Smith down the hall – all of whom have EHRs. And the PHR that this patient has is a certified PHR. That means that when they import stuff in from the Cleveland Clinic and from Dr. Smith’s office, then I know this certified PHR does not allow imported data to be changed. Furthermore, I know that if the patient chooses to block access to data in certain categories, there will be a flag that tells me there is something hidden.

Under these conditions, I can trust that when a patient imports data, the data is intact and secure. I have to have confidence in the integrity of the data in the PHR, and one of the ways that you create that confidence is through a certification process for PHRs.

AG: How would a patient enter information in their PHR that was generated by a physician who is still paper based?

PT: Okay, there is an area where the PHR stores patient-entered data, and as long as it’s labeled as such, then it’ll be accepted by physicians just like any other patient-reported data. For example, when patients give me their history, I know it’s in their own words. But physicians understand how to interpret that information; we deal with that all the time. But I have to know the authenticity and the integrity of each piece of information in the PHR and its source. And if I have that information, I can trust it.

Now let’s go to another extreme. In this PHR, a patient can edit or delete anything in there. So they may be able to import something from the Cleveland Clinic or Dr. Smith’s office, but they can go in and edit it. Well the doc probably won’t view that as helpful, and could not rely on the information to decide whether to repeat tests that, in theory, were in the PHR. The physician is on the hook for making decisions based on information. I mean that’s what your license and malpractice liability is based upon. You have to make an appropriate decision at the time, and the only way you can justify that is by having information that you trust.

AG: So it’s going to be up to the physicians to decide, in the future as we go down this road, it’s going to be up to the physicians or the hospitals to come up with policies that let them determine if A, B, or, C criteria are met, so then you can take action off of that data. If not you can not. You will be liable for a test result is in a medical record that the patient brings in and you didn’t verify that that couldn’t be tampered with, but somehow those results were altered in the data transfer from the medical organization to the patient or the patient manipulated them. If you take action, there is negative consequences.

PT: Right. So that’s what the physician weighs in her head to say, do I believe this result. In a PHR where it’s actually, let’s say a Word document, then can you make decisions based on what’s in that Word document? People will be uncomfortable doing so. Versus can you make decisions based on the information in a certified PHR that imports information from other EHRs? I think I can describe for you certification criteria that would make me comfortable in saying, I'm going to rely on that data without repeating that myself. Each person is going to have to decide for themselves.