IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Concerns Arise as Connecticut Puts Health Records Online

May 3 was the deadline for independent health-care providers to register with Connie, Connecticut's Health Information Exchange. But at the 11th hour, some are sounding alarms.

Medicine,Doctor,Working,With,Computer,Notebook,At,Desk,In,The
Shutterstock
(TNS) — May 3 was the deadline for independent health care providers to register with Connie, Connecticut's Health Information Exchange. But at the 11th hour, some are sounding alarms.

The idea of a health information exchange is to have all health information gathered in one place and made available to every practitioner involved with a single patient. Hospitals in the state had to connect this time last year. Forty-six other states have an exchange up and running. The law behind Connie was created in 2017 as part of a biannual budget agreement, though Connie wouldn't form for several more years.

But Connecticut's system has been plagued with delays, questions about patient privacy and communication issues — raising concerns among independent health care practitioners.

Julie Conner, a registered dietitian who works with people with eating disorders, said, "They called me and said we've not heard back from you. You need to hook up into the system, which is going to allow us to access your medical records." She said her practice was first called in early March of this year. "I'm not going to hand over (information) without patients giving disclosure that they are permitting me to hand over their medical records."

Conner said she works with sensitive clients with mental health issues they don't discuss with anyone else. She was worried about who else would have access to the information gathered by Connie. She was surprised that this was the first time she heard about the law and wasn't sure what would happen if she didn't comply or who else would be able to see the records.

"What's going to happen with this database? How often does something like this get breached?" Conner said. "Who can get into the system?"

Conner isn't alone in her concerns. Doctors, health care policy experts and privacy advocates have been tracking the development of Connie for years. They say Connie has not been clear about what controls there would be on what health care providers would access, which parts of the medical record, or whether private companies would be able to see full medical records, including the results of any genetic testing a person may have undergone.

"Connie asks that lab, imaging and medication data be sent into Connie along with provider medical records, including the names of all patients," said Dr. Susan Israel, a psychiatrist and patient privacy advocate. "It does not enable patients to choose which of their providers will see their records."

What's going on?

Work on the health information exchange started 16 years and $43 million ago, according to CT Examiner. Connie is the fourth attempt to develop a health information exchange, according to CT Mirror reporting.

In 2021 the state axed a UConn-developed system The state then purchased a system developed for Maryland's health information system, tossing out roughly $20 million in work by UConn, according to Connecticut Health I-Team reporting. Connie replaced the UConn system. Instead of a university affiliate, a nonprofit overseen by the state would run the system.

"We actually did meetings with consumer groups, and we mocked up some educational materials," said Ellen Andrews, executive director of the CT Health Policy Project, a consumer advocacy organization. "That was all under one of the previous incarnations of this thing. That died when they moved to Connie, to the new nonprofit."

If you haven't heard of Connie you aren't alone. Connie has primarily engaged with hospital systems, medical associations and larger independent health care providers, like big nursing homes or primary care offices. Mark Thompson, executive director of the Fairfield County Medical Association, said that until recently Connie had been relying on doctors to communicate the existence of the system to patients. He said that about a month ago his association met with Connie, and they told him it was no longer on doctors to do outreach.

"Our answer back to them was, 'Well, you better have an immediate campaign to let patients know who you are and give an explanation of the pros and cons,'" Thompson said. "You need to let people know that if they don't want to do this, they can opt out."

Conner said that once Connie got in touch with her, she immediately began telling patients about the opt out option. Patients are considered default "opt-in" if they receive care in Connecticut. To keep your data out of the system you need to get in touch with Connie.

"It's unacceptable that people do not know about this. That's my major thing. Why can't everyone get a postcard in the mail?" Conner said. "They certainly did that enough during COVID."

Privacy issues

Connie has a history of running afoul of privacy concerns. Earlier this year, social workers and psychological associations questioned the need to include behavioral health information in the state's health information exchange. Steven Wanczyk-Karp, director of the Connecticut chapter of the National Association of Social Workers, told CT Examiner that turning over a client list was a breach of professional confidentiality.

In previous years, privacy advocates raised concerns about Connie selling "subscriptions" to private companies, including insurance companies, to access medical records. In an emailed statement to CT Insider, Connie's executive director denied the system would sell subscriptions.

"Connie's operations are currently funded through state and federal funds, as are many other HIEs across the nation," wrote Jenn Searls, executive director of Connie. Searls left open the possibility of fees for access. "For HIEs that are funded in-part or not-at-all by government agencies, they have implemented HIE-participant (providers, health care organizations, hospital systems, etc.) fees that help the HIE operate deploying the latest, innovative technology, which is critical to ensuring the security, privacy, and protection of patient data exchange."

Searls said Connie was able to monitor which users were accessing data and that patients could request an account of who had access to their information. She said that health care providers could see a patient's entire healthcare record and that there were no restrictions on what parts they could see.

"The etc. concerns me — who will be able to see our data?" wrote Andrews in an email to CT Insider. "They have not ruled out any users."

CT Insider asked Searls whether insurers could see the entire medical record, rather than just the portion of a medical record related to a claim.

"Health insurance companies have access to medical records on a limited basis," Searls wrote. She outlined certain protected classes of data, including addiction and psychiatric information that were subject to more stringent protection. "Typically, a health insurer has access to medical records necessary to verify the information members provide, but only as much as needed to determine eligibility for coverage."

CT Insider shared Searls' responses with Andrews, who disagreed that the statements implied any real protection for patients.

"They confirm that they have access to the whole record to use for whatever purpose they want, including marketing, setting barriers to service, flagging when patients seek care outside their panel," Andrews said. "The fact that HIPPA allows fees to access legally-allowable information, which is everything, is no protection."

Israel said that to protect patients Connie, needed to make sure that insurers were bound by legal agreements not to use patient data for anything but claims and payments. Beyond that, patients needed to have more control of their data.

"They should be the ones to give permission for which of their providers to send their records into Connie in the first place, and which providers can see their records," Israel said. "They should be able to segment out certain very intimate data from the wider medical record."

While Connie does feature an opt-out option for patients, Israel said it wasn't clear if they could opt out of the "Master Patient index," which includes some information and the providers a patient sees. Providers have specialties, like trauma, LGBTQ health and reproductive health services so associating a patient with a provider on a master index could reveal sensitive medical information whether or not any other information is in the system.

On a practical level, it's not clear how Connie would be able to limit which health care providers see patient data, said Thompson. He explained that patients routinely hop practices for a lot of reasons, including dislike of particular doctors.

"You tell me after the first visit that you don't want to be a patient of mine anymore," Thompson said. "I don't know how quickly that switch is going to get toggled in the Connie system so I don't have access to your data anymore ... I just don't see how they're going to control it."

Legal and financial liabilities

Thompson supports the overall goal of Connie and believes Searls has done well at "an impossible job." But he also worries that the whole system subjects doctors to increased legal and financial risks. He said members of his organization had been told by their electronic medical record providers that they would have to pay monthly fees to maintain a connection with Connie. The bigger worry was the legal agreement doctors were made to sign.

"For a physician, it's an 80-page agreement," Thompson said. "There are some aspects of the agreement that significantly increase the business risk for the participation. Jenn Searls is very nice and very polite. She says we hear what you're saying, but it's a one contract fits all. There's no negotiation."

Thompson was also worried about what failure to connect, or send records, into Connie might mean for a doctor. He likened the prescription reporting system, which made doctors vulnerable to fines for failing to report prescriptions to the state system. He worries that failure to connect with Connie will result in similar legal liability and is not clear if unauthorized access to certain parts of a medical record would result in fines or fees.

Searls did not clarify whether there were consequences for failing to connect with Connie.

"As this is a state-mandated deadline, Connie does not have a role in determining consequences for providers who do not meet the deadline," she wrote. "Connie is dedicated to supporting and assisting providers in meeting the mandate and successfully connecting to our state HIE."

Is data currently being exchanged between providers?

It's not totally clear if Connie is actually exchanging data between providers yet. Searls said 30 hospitals, over 100 physician practices, nursing facilities and imaging centers were connected so far. Earlier this year, Connie administrators claimed they had about 75 percent of the hospitals in the state. Searls said Connie was "deemed operational" in May 2021.

But Thompson, who met with Searls last month, asked if data was actually moving through the system and was unable to get a clear answer.

"Until information starts flowing, it's not real for a lot of folks," Thompson said. "And we still don't have a handle on when information is going to start going into Connie."

CT Insider tried to clarify with Searls whether Connie was running.

"Yes," Searls wrote. "OHS designated Connie as the Statewide Health Information Exchange, and operations commenced on May 3, 2021."

Andrews said that this didn't answer the question.

"Are providers treating patients accessing the records to improve our care? If they were, it would be headlines they would be promoting everywhere," Andrews wrote. "You can chase them forever, and you'll never get a straight answer."

© 2023 The Hour (Norwalk, Conn.). Distributed by Tribune Content Agency, LLC.