Long time (well very long time) readers of THCB will remember my extreme frustration with Patients Privacy Rights founder Deborah Peel who as far as I can tell spent the entire 2000s opposing electronic health data in general and commercial EMR vendors in particular. I even wrote a very critical piece about her and the people from the World Privacy Forum who I felt were fellow travelers back in 2008. And perhaps nothing annoyed me more than her consistently claiming that data exchange was illegal and that vendors were selling personally identified health data for marketing and related purposes to non-covered entities (which is illegal under HIPAA).
However, in recent years Deborah has teamed up with Adrian Gropper, whom I respect and seemed to change her tune from “all electronic data violates privacy and is therefore bad”, to “we can do health data in a way that safeguards privacy but achieves the efficiencies of care improvement via electronic data exchange”. But she never really came clean on all those claims about vendors selling personally identified health data, and in a semi-related thread on THCB last week, it all came back. Including some outrageous statements on the extent of, value of, and implications of selling personally identified health data. So I’ve decided to move all the relevant comments to this blog post and let the disagreement continue.
What started the conversation was a throwaway paragraph at the end of a comment I left in which I basically told Adrian to rewrite what he was saying in such a way that normal people could understand it. Here’s my last paragraph
As it is, this is not a helpful open letter, and it makes a bunch of aggressive claims against mostly teeny vendors who have historically been on the patients’ side in terms of accessing data. So Adrian, Deborah & PPR need to do a lot better. Or else they risk being excluded back to the fringes like they were in the days when Deborah & her allies at the World Privacy Forum were making ridiculous statements about the concept of data exchange.
Here’s Deborah’s first comment Continue reading “Is Deborah Peel up to her old tricks?”
Filed Under: THCB
Tagged: Deborah Peel, HIPAA, Matthew Holt, patient data, Patient Privacy Rights, Privacy
Nov 23, 2014
Join me in attacking an endemic problem in health care today by Hacking HIPAA. I am crowdfunding the development of a new legal form to be used on and after September 23, 2013 to allow patients to opt-in to easier health care communications – a Common Notice of Privacy Practices that is patient-focused. (Text me, please! Email me, please! etc.)
Depending on how much support this project garners, we can attack some related problems as well. Contributions at any level are welcome; contributions at the levels designated on the Hacking HIPAA Medstartr page get you a seat at the virtual table, voicing your concerns that need to be met in the CNPP and in follow-on projects.
I’m working on this project with two leading health care open source software developers, Ian Eslick and Fred Trotter. Check out Fred’s video intro to the project on the Medstartr page – you can find Ian and Fred online via the links on the project page, too.
Here’s an excerpt from the crowdfunding project page:
Right now we have the worst of all worlds with regards to patient privacy in healthcare. Patients are frequently subject to sub-standard security and privacy practices AND healthcare innovators are unable to deliver solutions that would be useful to patients because their technical approaches are uncomfortably novel for health care bureaucrats. Patients end up getting poor security and no innovation, the worst of all options. This problem is going to get worse before it gets better, since the new Omnibus HIPAA Rule will make cloud hosting of health care projects untenable very soon.
Continue reading “Hacking HIPAA”
Filed Under: Tech
Tagged: data sharing, David Harlow, Hacking HIPAA, HIPAA Omnibus Rule, HITECH Act, MedStartr, patient data, Patients, Physicians
Jun 26, 2013
You probably saw some of the headlines last week where Box announced that is supporting HIPAA and HITECH compliance, signing Business Associate Agreements, (BAAs) and integrating with several platform app partners such as Doximity, drchrono, TigerText, and Medigram to help seed its new healthcare ecosystem. I also announced that I was formally advising Box on their healthcare strategy.
I was drawn to Box because of all the lessons I learned at Google building a consumer-directed, personal health record (PHR), Google Health. Google Health allowed you to securely store, organize and share all of your medical records online and control where your data went and how it was managed. It was unlike the other PHRs in the industry that were tethered to the provider or payor or part of an Electronic Health Record (EHR) system.
Sound good? Well, it was in theory. The big issue with Google Health was aggregating your data from the disparate sources that stored data on you. We had to create a ton of point-to-point integrations with large health insurance companies, academic medical centers, hospitals, medical practices and retail pharmacy chains. All of these providers and payors were covered entities in the world of HIPAA and were required to verify a patient’s identity before releasing any data to them electronically. It was a very bumpy user experience for even the most super-charged, IT savvy consumer.
Continue reading “Box Picking Up Where Google Health Left Off”
Filed Under: Health 2.0, THCB
Tagged: Box, CCD, EHR, HIPAA, HIT, HITECH Act, medical record aggregation, Missy Krasner, patient data, personal health records
May 3, 2013
It’s called Blue Button+ and it works by giving physicians and patients the power to drive change.
The US deficit is driven primarily by healthcare pricing and unwarranted care. Social Security and Medicare cuts contemplated by the Obama administration will hurt the most vulnerable while doing little to address the fundamental issue of excessive institutional pricing and utilization leverage. Bending the cost curve requires both changing physicians incentives and providing them with the tools. This post is about technology that can actually bend the cost curve by letting the doctor refer, and the patient seek care, anywhere.
The bedrock of institutional pricing leverage is institutional control of information technology. Our lack of price and quality transparency and the frustrating lack of interoperability are not an accident. They are the carefully engineered result of a bargain between the highly consolidated electronic health records (EHR) industry and their powerful institutional customers that control regional pricing. Pricing leverage comes from vendor and institutional lock-in. Region by region, decades of institutional consolidation, tax-advantaged, employer-paid insurance and political sophistication have made the costliest providers the most powerful.
Continue reading “ONC Holds A Key To the Structural Deficit”
Filed Under: Tech, THCB
Tagged: Adrian Gropper, Blue Button, Clay Shirky, Costs, EHR, entitlement reform, HHS, HIT, Interoperability, Meaningful Use, ONC, open data, patient data, Stage 2 Direct EHR connectivity
Apr 7, 2013
The EHR vendor lock-in business model is under attack by frustrated physicians and patients and the reality that health care cost and quality are more opaque than ever. Doug Fridsma of ONC politely talks of the need to move from vertical integration of health care services to horizontal integration where patients can choose with their feet. Farzad Mostashari calls for moral behavior and price transparency. The Society for Participatory Medicine says “Gimme My DAM Data” and Patient Privacy Rights asks HHS to allow physicians to prescribe health IT without interference from the institution or the vendor.
The vendors’ response is a charm offensive called CommonWell Health Alliance with a pastel .org website. The website is presumably the official source of information about CommonWell and it lays out the members’ strategy to preserve the vendor lock-in business model for a few $Billion more. Ok, maybe more than a few.
The core of the CommonWell strategy is to avoid giving patients their data in a timely and convenient way.
Continue reading “The #CommonWell Open Discussion Forum”
Filed Under: OP-ED, Tech, THCB
Tagged: Adrian Gropper, BlueButton, CommonWell, CommonWell Health Alliance, Direct Project, Doug Fridsma, EHR, EHR vendors, Farzad Mostashari, HHS, patient data, Society for Participatory Medicine, Transparency
Mar 18, 2013
We’ve written about the Recovery Audit Contracts (RAC) program previously and thought it would be worthwhile to check back in on recent news in this space. According to CMS, in FY 2012, RAC auditors collected $2.29B in 2012, nearly three times the amount recouped in 2011.
What’s apparent from this data is that a large step up in audit activity is obviously occurring, which will only accelerate in 2013 as auditors begin looking at evaluation and management (E&M) CPT codes commonly used by family physicians outside of the hospital setting. In fact, when we match this CMS data against the latest results from the American Hospital Association’s RACTrac survey of 2,260 hospitals, it’s even more obvious that the level of activity around responding to requests for patient charts and managing the audit process is growing at an extremely rapid pace.
Continue reading “From ZPICS to RADVS: The Alphabet Soup of Patient Charts and Payment Tracking”
Filed Under: The Business of Health Care
Tagged: alphabet soup, Conor Green, Evaluation and Management, patient charts, patient data, Recovery Audit Contracts, TripleTree
Jan 9, 2013