COVID-19 and the Need for a National Health Information Technology Infrastructure

The need for timely, accurate, and reliable data about the health of the US population has never been greater. Critical questions include the following: (1) how many individuals test positive for severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2) and how many are affected by the disease it causes—novel coronavirus disease 2019 (COVID-19) in a given geographic area; (2) what are the age and race of these individuals; (3) how many people sought care at a health care facility; (4) how many were hospitalized; (5) within individual hospitals, how many patients required intensive care, received ventilator support, or died; and (6) what was the length of stay in the hospital and in the intensive care unit for patients who survived and for those who died. In an attempt to answer some of these questions, on March 29, 2020, Vice President Mike Pence requested all hospitals to email key COVID-19 testing data to the US Department of Health and Human Services (HHS).¹ The National Healthcare Safety Network, an infection-tracking system of the CDC, was tasked with coordinating additional data collection through a new web-based COVID-19 module. Because reporting is optional and partial reporting is allowed, it is unclear how many elements of the requested information are actually being collected and how they will be used. Although the US is one of the most technologically advanced societies in the world and one that spends the most money on health care, this approach illustrates the need for more effective solutions for gathering COVID-19 data at a national level.

The COVID-19 pandemic should prompt questions about the basic notions, norms, and assumptions that have long governed health and health care of the US population. Key information needed by the White House Task Force is only possible through widespread data collection, aggregation, and analysis. This comes with a price, in terms of financial considerations and trade-offs involving significant changes to the nation’s existing health information technology (IT) and legal infrastructure to gather and analyze data. Most of these changes are technically possible but currently illegal or socially unacceptable. Will the COVID-19 crisis change current expectations for privacy, confidentiality, continuous monitoring of individuals’ locations and activities, and strategic but focused government intervention?

The US health system is unarguably overdue for a real-time, technology-driven, surveillance and reporting infrastructure to respond effectively to public health emergencies. In 2001, an effort was made to design the National Health Information Infrastructure, a comprehensive, knowledge-based system capable of providing critical information to make sound decisions during emergencies.² However, this vision was not fully operationalized. Such an infrastructure would involve a collection of interconnected health care nodes, with each node representing a health care organization using an electronic health record (EHR). These nodes could be a private practice of 1 physician or a large medical center with thousands. Creating such a virtual infrastructure is foundational to health of the nation.

More than 95% of US hospitals now use EHRs, which creates an opportunity to develop a nationwide real-time data collection infrastructure. In addition, many state or regional health information exchanges (HIEs) can facilitate the collection, exchange, and analysis of clinical and administrative data between health care organizations and clinicians.

Although the infrastructure for robust and rapid information collection and exchange is available, many legal and social barriers must be overcome before the US can realize the full potential of this infrastructure. For example, many HIEs rely on an opt-in model of patient consent (ie, each patient must agree to having their data from each visit shared) before authorizing the exchange of data. In other cases, health care organizations are reluctant to participate fully in these exchanges due to concerns about losing patients and the revenue stream attached to their care. Because of potential concerns related to privacy, the vast majority of HIEs do not retain copies of this information, which could be used to create a community-wide, longitudinal patient record. In addition, Congress has prohibited HHS from funding the development or promotion of a national patient identifier since 1998. Without such a unique identifier, health care organizations interested in exchanging patient information need to rely on unreliable and often temporary patient identifying characteristics to find the appropriate patient’s record. Taken together, these rules, regulations, and social norms make the widespread collection and exchange of patient information far less than optimal during normal times and totally ineffective during times of crisis.

A national health IT infrastructure with a revised set of rules, regulations, and social norms could enable collection of real-time patient-level data from health care organizations across the US. Currently, data from a limited number of anonymous individuals with internet-connected thermometers are being used to create a national map of “fever levels” to look for trends,³ and cautious estimates are being made from the influenza surveillance system of the CDC. Neither of these efforts are likely to be accurate and reliable COVID-19 illness–reporting systems. Having reliable clinical data from multiple sources that describe patients from every health care organization could be far more helpful in managing public health emergencies.

First, the data from a national health IT infrastructure could efficiently generate more accurate estimates of real-time disease burden and need for resources, such as hospital personnel, personal protective equipment, intensive care unit beds, and ventilators.

Second, data from this infrastructure may be able to identify new and better therapies by comparing treatment outcomes based on patient-, physician-, and institution-specific factors. When needed, this information could help in allocating limited resources to areas of greatest need and treating patients with the greatest chance of survival.

Third, in public health emergencies, limited data sets could be collected on a local, state, or regional basis to enable public health officials to identify hotspots, restrict large gatherings, limit individuals’ movement, and allocate limited health care resources. The health IT infrastructure from Singapore, Taiwan, and Korea, in part, contributes to the ability of those countries to test, track, trace, and quarantine individuals with COVID-19.^4-6

Fourth, if the clinical data from the health IT infrastructure could be linked to cell phone–based location data, several critical interventions to control the pandemic could be possible. For instance, researchers in England recently developed a model that described how government health care workers could identify infected individuals and their recent contacts and isolate them until healthy.⁷

Fifth, a recent US report proposes features and capabilities of a national surveillance system to mitigate the current COVID-19 pandemic wave.⁸ A national health IT infrastructure could serve as an essential foundation for the public health–based surveillance strategies that it proposes.

Such widespread government-driven surveillance and intervention seems impossible in the US, considering issues of personal privacy and choice. The public would be rightly concerned that once the control of these freedoms are relinquished to such an entity, they may never be regained. To maintain adequate trust, the most intrusive health IT infrastructure functions could be limited to times of public health emergencies. For example, in Taiwan, a National Health Insurance (NHI) database provided the Taiwan CDC with the capability to rapidly identify new patterns of symptoms or clustered cases and their sources while maintaining high security and strict privacy controls.⁹ The IT system permitted data sharing only for purposes of controlling the epidemic, enforced 1-way only transmission of relevant information from other government departments into the NHI database, and did not allow anyone outside the health system to access health records or other personal information. Governance of the most restrictive aspects of the infrastructure could be overseen by a bipartisan public and private consortium that includes experts representating wide-ranging legal, social, political, technical, and ethical points of view.

The privacy, legal, and ethical trade-offs warrant further consideration, even though in an era of eroded trust, some discussions will be difficult. Recently, HHS issued limited waivers to facilitate the nation’s ability to care for patients during the COVID-19 pandemic. These changes show how regulations can be modified during extraordinary times. With a sharp focus on maximizing benefits of scarce resources, treating everyone equally, and prioritizing efforts to save lives while maintaining trust and confidentiality, a national health IT infrastructure could meet the highest ethical standards. It is time to make some difficult decisions and exploit and enhance existing technical capability to build and deploy these solutions. Given the severity and immediacy of the COVID-19 pandemic, the US should no longer rely on outdated laws, social norms, or potentially inaccurate modalities to obtain timely, accurate, and reliable health information essential to save lives.

Corresponding Author: Dean F. Sittig, PhD, UT-Memorial Hermann Center for Healthcare Quality & Safety, 6410 Fannin St, UTPB 1100.43, Houston, TX 77030 (dean.f.sittig@uth.tmc.edu).

Published Online: May 18, 2020. doi:10.1001/jama.2020.7239

Conflict of Interest Disclosures: Dr Sittig reports personal fees from health information technology consulting and legal expert consulting outside the submitted work. Dr Singh reports funding from the Houston Veterans Administration (VA) Health Services Research and Development (HSR&D) Center for Innovations in Quality, Effectiveness, and Safety (CIN13-413), the VA HSR&D Service (CRE17-127; Presidential Early Career Award for Scientists and Engineers USA 14-274), the VA National Center for Patient Safety, the Agency for Healthcare Research and Quality (RO1HS27363), and the Gordon and Betty Moore Foundation.

Disclaimer: The views expressed in this article do not represent the views of the US Department of Veterans Affairs or the US government.