Consumer privacy laws are not to blame for health care's biggest mess

  • Venture capitalist Bill Gurley pointed out that some medical images still live on faxes.
  • He blamed privacy rules for that, but the real culprit is the web of financial incentives that are pushing hospitals to adopt outdated technologies that are not designed for information sharing.
Blend Images | Brand-X | Getty Images

One of the biggest problems in health care is the difficulty of sharing medical records between providers. This makes it hard for patients to shop around for better care and cheaper prices.

The tech community often blames a set of patient privacy laws called HIPAA for the problem, and suggests that weakening those laws, plus providing better technology for sharing digital files, is the cure.

But while current privacy rules aren't perfect and could use a refresh, they are not the main reason it's so hard to share patient information. Instead, blame vendors selling incompatible systems and market dynamics that punish hospitals for letting patients switch providers.

How we got here

The tech industry's viewpoint was summarized over the weekend by Silicon Valley venture capitalist Bill Gurley, who pointed out on Twitter that the "MRI industry," meaning medical imaging, still lives on "sneaker net and faxes." He was surprised that the files couldn't be shared online, as they are "not even that large."

Gurley went on to blame HIPAA for this issue, which is often referred to in the industry as a failure of health data interoperability.

There are many things wrong with this thesis.

First, before HIPAA, there were no laws in place to ensure that consumers could access their own health information at all. We have rights to access this information because of, and not despite, HIPAA.

Second, lawmakers took on this issue in a big way with legislation passed in 2009 known as the HITECH Act. That provided incentives, followed by penalties, that were designed to modernize health care by pushing clinics and hospitals to adopt digital, and not paper-based, medical records.

That effort didn't work out as regulators hoped. Millions of Americans today, including Gurley, are still finding that their medical records can't be efficiently shared between doctors. And all that is leading to potentially fatal medical errors and a ton of waste.

But privacy rules aren't to blame.

So what is? First, look at competing vendors, such as Cerner and privately held Epic Systems, who sold proprietary software that isn't designed to talk to competing systems (although these companies are now making more of an effort to open up). Many of these vendors developed tools that prioritized billing over providing patient care.

But some blame should also go to the hospitals that acquired these systems, which support their own bottom line. Many are still wedded to the "fee-for-service" model of care, which rewards them for pricey tests and procedures, rather than for outcomes. These fee-for-service hospitals are fighting to retain patients, rather than providing them with easy access to health information that they could theoretically take to a different health system with more affordable prices or better quality care.

As Bob Kocher, a health-focused investor and one of the key architects of the Affordable Care Act put it, "They [some hospitals] have not wanted features that make it easier to share information."

The shift to a new kind of health care, which rewards hospitals based on patients getting better, will most likely result in the kind of changes we're looking for. Taking away privacy protections will not.

WATCH: Investing in health care cures