Creating Space for Patients’ Voices in Health Care

Between 2016 and 2022, over 26 percent of drugs approved by the U.S. Food and Drug Administration (FDA) were labeled based on outcomes reported directly from patients. Despite a trend toward using patient-reported information in clinical practice, health care outcomes in the United States are not traditionally assessed by taking stock of patients’ voices.

In a recent article, Sharona Hoffman and Andy Podgurski of Case Western Reserve University discuss the legal and regulatory implications of relying on patient reports of their health status to inform health care practice and administration.

Hoffman and Podgurski argue that privacy laws should be revised to include more protections for patient information. Even as the health care industry becomes more data-driven, they contend that regulatory agencies should exercise caution before introducing requirements for patient-reported outcomes. Looking ahead, Hoffman and Podgurski propose strategies for integrating patient-reported data into health care practice, research, and regulation.

When patients describe their health status or “health-related quality of life” without input from providers and others, they provide what are known as “patient-reported outcome measures” (PROMs).

Often collected through patient questionnaires, PROMs may inform providers’ choice of diagnoses and treatments, clinical research, drug and device regulation, and insurance assessments. Providers may, for example, lack sufficient information to evaluate patient levels of pain or treatment outcomes. PROMs, Hoffman and Podgurski argue, can fill these data gaps.

PROMs can benefit providers and patients. When evaluated alongside information reported by providers and administrators, Hoffman and Podgurski note, PROMs can empower patients and encourage clinical decision-making informed by the symptoms, side effects, and health outcomes that most important to patients.

Beyond clinical settings, PROMs can also support regulatory agencies’ research and oversight functions.

FDA, for example, “recommends PROMs in many circumstances” and is authorized by statute to include patient-reported data in studies of different uses for FDA-approved drugs. Research relying on PROMs, Hoffman and Podgurski explain, can add value as FDA develops medical devices and evaluates the effectiveness of products approved for use in clinical care.

The Centers for Medicare and Medicaid Services (CMS) has also endorsed PROM use in certain settings. CMS, for instance, has launched several initiatives to include PROMs in programs designed to compensate Medicare and Medicaid providers for the quality of care they provide. Hoffman and Podgurski report, however, that federal programs promoted by CMS’s initiatives have only used PROM data in limited capacities.

Despite the promise of early stages of PROM use, integrating PROMs into health care practice and regulation is associated with considerable risks and challenges.

PROMs should be “reliable, responsive, and valid” to add value, Hoffman and Podgurski contend. They raise concerns, however, about the quality, completeness, and reliability of patient-reported data. Patients may, for example, not finish questionnaires or respond in ways that reflect a desire to please or discomfort with their provider. Interpreting PROMs may also burden health care providers, especially those who lack the time and training to incorporate PROMs into their practice.

Considering the quantity and sensitivity of patient-reported data, using PROMs may also compromise patient privacy.

PROMs are covered by privacy laws, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which prevents “covered entities” from releasing patient data without their consent. Hoffman and Podgurski caution, though, that HIPAA regulations have notable exceptions.

Covered entities may, for instance, disclose patients’ medical data without their permission for purposes related to health care operations, which include treatments, payments, or public health activities. Even when patient information is covered by HIPAA or altered to remove identifying information, Hoffman and Podgurski explain that data sets are vulnerable to hacking and disclosure without patient consent.

Given current gaps in privacy laws and internal security systems, Hoffman and Podgurski question whether adequate safeguards exist to protect PROMs.

For PROMs to address significant data gaps, Hoffman and Podgurski propose several legal and policy strategies for minimizing the risks associated with PROM implementation.

Recognizing that PROMs may capture a wealth of highly personal information. Hoffman and Podgurski first advocate privacy law reform. Under current regulations, entities that receive patients’ medical information with their consent or through an exception to HIPAA may indirectly gain access to PROMs.

To prevent unnecessary PROM disclosures, Hoffman and Podgurski also recommend modifications to the “minimum necessary provision” of HIPAA’s Privacy Rule. They propose amending the rule to ensure that clinical teams only release PROMs when entities submit a specific request that justifies their need for PROM use. Implementing a default rule to withhold PROMs, Hoffman and Podgurski contend, would promote honest patient responses and reduce administrative burdens for health care providers who would otherwise have to sort through a high volume of unnecessary data.

Anticipating that the sensitivity of the data contained in PROMs will only increase as technology develops, Hoffman and Podgurski encourage agencies to update PROM guidelines for regulated entities with best practices for safeguarding data.

Hoffman and Podgurski recognize that the current risks of PROMs outweigh the benefits of mandating their use in regulatory practices. Instead, they recommend that FDA and CMS collaborate with experts to issue guidance to ensure that entities that elect to use PROMs can provide reliable  data. Both FDA and CMS, Hoffman and Podgurski advise, should improve oversight to ensure that PROM uses comply with existing regulations and are appropriate for the context in which they are used.

Although it remains uncertain whether PROMs will realize their potential, Hoffman and Podgurski offer these proposals as practical steps for addressing the shortcomings of PROMs and creating more space for patients’ voices in health care administration.