The McKinsey “2,750 times” statistic is a pretty
good proxy for the amount of your personal health data that is NOT protected by
HIPAA and currently is broadly unprotected from sharing and use by third
However, there is bipartisan legislation in front of Congress that offers expanded privacy protection for your personal health data. Senators Klobuchar & Murkowski have introduced the “Protecting Personal Health Data Act” (S.1842). The Act would extend protection to much personal health data that is currently not already protected by HIPAA (the Health Insurance Portability and Accountability Act of 1996).
In this essay, we will look in the rear-view mirror to see
how HIPAA has provided substantial protections for personal clinical data — but
with boundaries. We’ll also take a look out the windshield — the Wild West of
unprotected health data.
Then in a separate post, we’ll describe and comment on the
pending “Protect Personal Health Data Act”.
On Episode 3 of HardCore Health, Jess & I start off by discussing all of the health tech companies IPOing (Livongo, Phreesia, Health Catalyst) and talk about what that means for the industry as a whole. Zoya Khan discusses the newest series on THCB called, “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?”, which follows & discuss the legislation being passed on data privacy and protection in Congress today. We also have a great interview with Paul Johnson, CEO of Lemonaid Health, an up-and-coming telehealth platform that works as a one-stop-shop for a virtual doctor’s office, a virtual pharmacy, and lab testing for patients accessing their platform. In her WTF Health segment, Jess speaks to Jen Horonjeff, Founder & CEO of Savvy Cooperative, the first patient-owned public benefit co-op that provides an online marketplace for patient insights. And last but not least, Dr. Saurabh Jha directly address AI vendors in health care, stating that their predictive tools are useless and they will not replace doctors just yet- Matthew Holt
Matthew Holt is the founder and publisher of The Health Care Blog and still writes regularly for the site.
TEFCA will succeed where previous national health information exchange efforts have failed only if it puts patients’ and families’, and/or their fiduciary agents, in control of health technology. This is the only path to restore trust in physicians, and to ensure accurate and complete data for treatment and research.
As physicians and patient advocates, we seek a longitudinal health record, patient-centered in the sense of being independent of any particular institution. An independent health record is also essential to enhancing competition and innovation for health services. TEFCA Draft 2 is the latest in a decade of starts down the path to an independent longitudinal health record, but it still fails to deal with the problems of consent, patient matching, and regulatory capture essential for a national-scale network. Our comments on regulatory capture will be filed separately.
We strongly support the importance in Draft 2 of Open APIs, Push, and a relationship locator service. We also strongly support expanding the scope to a wider range of data sources, beyond just HIPAA covered entities in order to better serve the real-world needs of patients and families.
However, Draft 2 still includes design practices such as the lack of patient transparency, lack of informed consent, and a core design based on involuntary surveillance. This institution-centered design barely works at a community level and leaves out many key real-world participants. It is wishful thinking to believe that it will work with expanded participant scope and on a national scale.
Electronic health records (EHRs) are a polarizing issue in health reform. In their current form, they are frustrating to many physicians and have failed to support cost improvements. The current round of federal intervention is proposed rulemaking pursuant to the 21st Century Cures Act calls for penalties for “information blocking” and for technology that physicians and patients could use “without special effort.”
The proposed rules are over one thousand pages of technical jargon that aims to govern how one machine communicates with another when the content of the communication is personal and very valuable information about an individual. Healthcare is a challenging and unique industry when it comes to interoperability. Hospitals spend lavishly on EHRs and pursue information blocking as a means to manipulate the physicians and patients who might otherwise bypass the hospital on the way to health reform. The result is a broken market where physicians and patients directly control trillions of dollars in spending but have virtually zero market power over the technology that hospitals and payers operate as information brokers.
What follows below are comments by Patient Privacy Rights on the proposed rule. The common thread of our comments is the need to treat patients and physicians, not the data brokers, as the real stakeholders.
Comments to the ONC Rule
Overview: 21st Century health care innovation, policy, and practice is increasingly dependent on personal information. This is obvious with respect to machine learning and risk adjustment, but personal information is now central to the competitive strategy for most of the health care economy, clinical as well as research. ONC’s drafting of this rule reflects the importance of competition to innovation and cost containment.
Office of the National Coordinator (ONC) and the Centers for Medicare and
Medicaid (CMS) have proposed final rules on
interoperability, data blocking, and other activities as part of implementing
the 21st Century Cures Act. In this series, we will explore ideas
behind the rules, why they are necessary and the expected impact. Given that
these are complex and controversial topics are open to interpretation, we
invite readers to respond
with their own ideas, corrections and opinions.
Interventions to Address Market Failures
Many of the rules proposed
by CMS and ONC are evidence-based interventions aimed at critical problems that
market forces have failed to address. One example of market failure is the long-standing inability for health care
providers and insurance companies to find a way to exchange patient data. Each
has critical data the other needs and would benefit from sharing. And, as CMS
noted, health plans are in a “unique position to provide enrollees a complete
picture of their clams and encounter data.” Despite that, technical and
financial issues, as well as a general air of distrust from decades of haggling
over reimbursement, have prevented robust data exchange. Remarkably, this happens
in integrated delivery systems which, in theory, provide tight alignment between
payers and providers in a unified organization.
With so much attention
focused on requirements for health IT companies like EHR vendors and providers,
it is easy to miss the huge impact that the new rules is likely to have for
payers. But make no mistake, if implemented as proposed, these rules will have
a profound impact on the patient’s ability to gather and direct the use of
their personal health information (PHI). They will also lead to reduced
fragmentation and more complete data sets for payers and providers alike.
Overview of Proposed CMS Rules on Information
Sharing and Interoperability
The proposed CMS rules
affect payers, providers, and patients stating that they:
Require payers to make
patient health information available electronically through a standardized,
open application programming interface (API)
Promote data exchange
between payers and participation in health information exchange networks
Require payers to provide
additional resources on EHR, privacy, and security
Require providers to comply
with new electronic notification requirements
Require states to better
coordinate care for Medicare-Medicaid dually eligible beneficiaries by
submitting buy-in data to CMS daily
Publicly disclose when
providers inappropriately restrict the flow of information to other health care providers and payers
With the application deadline for Bayer’s G4A Partnerships program coming up on Friday, I thought I’d throw out a little inspiration to would-be applicants by featuring an interview I did with one of last year’s program participants at the grand-finale Launch Event.
Not only was this a great party, but a microcosm of the G4A program experience itself: a way to meet Bayer execs en-masse, an opportunity to sell directly to key decision-makers across Bayer’s various global business units, and a chance to feed off the energy of like-minded innovators eager to see ‘big health care’ change for the better.
While the G4A program itself has changed a bit this year to be more streamlined and to allow for bespoke deal-making that may or may not involve giving up equity (my favorite new feature), startups questioning whether or not they have what it takes should take a look at some alums.
There’s a playlist with nearly two dozen interviews waiting for you here if you’re REALLY up for some procrastinating, or you can click through and just check out my chat with Joe Curcio, CEO of KinAptic. A healthtech startup taking wearables to the bleeding edge, Joe shows us a mock-up of the KinAptic ‘smart shirt’ which features their real innovation: printed ink electronics that look and feel like screenprinting ink, but work bi-directionally to both collect data from the body AND apply signals back to it. Is it AI-enabled? Did you have to ask? Listen in for a mindblowing chat about how this tech can change diagnostic analysis and treatment and completely redefine our current limitations when it comes to healthcare wearables.Once you’re inspired, don’t forget to head over to www.g4a.health and fill out your own application for this year’s partnership program.
Jessica DaMassa is the host of the WTF Health show & stars in Health in 2 Point 00 with Matthew Holt
The dashboard is the potent symbol of our age. It offers the elegant visualization of data, and is intended to capture and represent the performance of a system, revealing at a glance current status, and pointing out potential emerging concerns. Dashboards are a prominent feature of most every “big data” project I can think of, offered by every vendor, and constructed to provide a powerful sense of control to the viewer. It seemed fitting that Novartis CEO Dr. Vas Narasimhan, a former McKinsey consultant, would build (then tweet enthusiastically about) “our new ‘control tower’” – essentially a multi-screen super dashboard – “to track, analyse and predict the status of all our clinical studies. 500+ active trials, 70+ countries, 80 000+ patients – transformative for how we develop medicines.” Dashboards are the physical manifestation of the ideology of big data, the idea that if you can measure it you can manage it.
I am increasingly concerned, however, that the ideology of big data has taken on a life of it’s own, assuming a sense of both inevitability and self-justification. From measurement in service of people, we increasingly seem to be measuring in service of data, setting up systems and organizations where constant measurement often appears to be an end in itself.
My worries, it turns out, are hardly original. I’ve been delighted to discover over the past year what feels like an underground movement of dissidents who question the direction we seem to be heading, and who’ve thoughtfully discussed many of the issues that I stumbled upon. (Special hat-tip to “The Accad & Koka Report” podcast, an independent and original voice in the healthcare podcast universe, for introducing me to several of these thinkers, including Jerry Muller and Gary Klein.)
The Office of the National Coordinator (ONC) and the Centers for Medicare and Medicaid (CMS) have proposed final rules on interoperability, data blocking, and other activities as part of implementing the 21st Century Cures Act. In this series, we will explore the ideas behind the rules, why they are necessary and the expected impact. Given that these are complex and controversial topics open to interpretation, we invite readers to respond with their own ideas, corrections, and opinions. In part five of this series, we look at how competition unlocks innovation, and how the proposed rules may disrupt the balance between innovation, intellectual property (IP), and supporting business models.
The recent publication of proposed rules by ONC and CMS set off a flurry of activity. In anticipation of their implementation, the health care industry is wrestling with many questions around business models. What practices inhibit competition and innovation? How do we balance the need for competition while protecting legitimate intellectual property rights? How can vendors ensure profit growth when pricing is heavily regulated? In this article, we will examine how competition unlocks innovation and the possible disruptions the proposed rules may bring for innovation, intellectual property (IP) and supporting business models.
In most markets, innovation is driven forward by competition. Businesses compete on equal footing, and their investment in R&D drives innovation forward. Innovation in health care has been dramatically outpaced by other markets, leading to an urgent need for both disruptive and evolutionary innovation.
What is inhibiting health care innovation? The rules identify a combination of tactics employed in health care that restrict the free flow of clinical data, such as:
These tactics slow innovation by contributing to an
environment where stakeholders resist pushing the boundaries — often because
they are contractually obligated not
to. The legislation and proposed rules are designed to address the ongoing
failure of the market to resolve these conflicts.
As the rules are finalized, we will continue to monitor whether
the ONC defines these practices as innovation stifling and how they will
implement regulations — both carrot and stick — to move the industry forward.
The Office of the National Coordinator (ONC) and the Centers for Medicare and Medicaid (CMS) have proposed final rules on interoperability, data blocking and other activities as part of implementing the 21st Century Cures Act. In this series, we will explore ideas behind the rules, why they are necessary and the expected impact. Given that these are complex and controversial topics open to interpretation, we invite readers to respond with their own ideas, corrections and opinions.
When it comes to sharing health data, the intent of the 21st Century Cures Act is clear: patients and clinicians should have access to data without special effort or excessive cost. To make this a reality, the act addresses three major areas: technical architecture, data sets and behaviors. Part two of our series looked at how APIs address technical issues while part three covered the new data requirements. In this article, we delve into information blocking. A companion podcast interview with ONC expert Michael Lipinski provides an even deeper dive into this complex topic.
Blocking Comes in Many Forms
The Public Health Services Act (PHSA) broadly defines information blocking as a practice that is “likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information.” The overarching assumption is information will be shared though the Act does authorize the Secretary to identify reasonable and necessary exceptions.
The proposed rules focus on “technical requirements as well as the actions and practices of health IT developers in implementing the certified API.” Information blocking can come in a variety of forms. It can be direct and obvious (“No you can’t have this data ever!”) or indirect and subtle (“Sure, you can have the data, but it will cost you $$$ and we won’t be able to get to your request for at least 12 months.”). The proposed rules are designed to address both. This passage illustrates some of the concerns:
“Health IT developers are in a
unique position to block the export and portability of data for use in
competing systems or applications, or to charge rents for access to the basic
technical information needed to facilitate the conversion or migration of data
for these purposes.”
Three government experts on a health tech conference panel discuss
the urgency of releasing actionable data; all are women. A more senior
official, another woman, gives a TED-style talk making the same case. And a
four-person, private-sector panel debates privacy and ethics; three of the four
Health Datapalooza, a conference begun with government
sponsorship a decade ago, proclaims its goal as “data liberación” – freeing
health data from deep within federal agencies and giving it to patients and
entrepreneurs. But in 2019, women’s “liberación” seems to have become an
Interestingly, while women’s status in tech was the focus of
a plenary panel on diversity and inclusion, the panelists seemed oblivious to
the robust participation of women in their own meeting.
To put some data behind my subjective impressions, I went
back and examined the list of speakers, who came from a wide range of organizations
and included individual patient activists. I counted 89 men and 99 women. Liberación,