Categories

Category: Data

Health Data Outside HIPAA: The Wild West of Unprotected Personal Data

Deven McGraw
Vince Kuraitis

By VINCE KURAITIS and DEVEN McGRAW

This post is part of the series “The Health Data Goldilocks Dilemma: Privacy? Sharing? Both?”

“…the average patient will, in his or her lifetime, generate about 2,750 times more data related to social and environmental influences than to clinical factors”

McKinsey analysis

The McKinsey “2,750 times” statistic is a pretty good proxy for the amount of your personal health data that is NOT protected by HIPAA and currently is broadly unprotected from sharing and use by third parties.

However, there is bipartisan legislation in front of Congress that offers expanded privacy protection for your personal health data. Senators Klobuchar & Murkowski have introduced the “Protecting Personal Health Data Act” (S.1842). The Act would extend protection to much personal health data that is currently not already protected by HIPAA (the Health Insurance Portability and Accountability Act of 1996). 

In this essay, we will look in the rear-view mirror to see how HIPAA has provided substantial protections for personal clinical data — but with boundaries. We’ll also take a look out the windshield — the Wild West of unprotected health data.

Then in a separate post, we’ll describe and comment on the pending “Protect Personal Health Data Act”.

Continue reading…

HardCore Health Podcast| Episode 3, IPOs, Privacy, & more!

On Episode 3 of HardCore Health, Jess & I start off by discussing all of the health tech companies IPOing (Livongo, Phreesia, Health Catalyst) and talk about what that means for the industry as a whole. Zoya Khan discusses the newest series on THCB called, “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?”, which follows & discuss the legislation being passed on data privacy and protection in Congress today. We also have a great interview with Paul Johnson, CEO of Lemonaid Health, an up-and-coming telehealth platform that works as a one-stop-shop for a virtual doctor’s office, a virtual pharmacy, and lab testing for patients accessing their platform. In her WTF Health segment, Jess speaks to Jen Horonjeff, Founder & CEO of Savvy Cooperative, the first patient-owned public benefit co-op that provides an online marketplace for patient insights. And last but not least, Dr. Saurabh Jha directly address AI vendors in health care, stating that their predictive tools are useless and they will not replace doctors just yet- Matthew Holt

Matthew Holt is the founder and publisher of The Health Care Blog and still writes regularly for the site.

Remembering the Real Stakeholders: Patient Privacy Rights Comments to TEFCA Draft 2

Deborah C. Peel
Adrian Gropper

By ADRIAN GROPPER, MD and DEBORAH C. PEEL, MD

TEFCA will succeed where previous national health information exchange efforts have failed only if it puts patients’ and families’, and/or their fiduciary agents, in control of health technology. This is the only path to restore trust in physicians, and to ensure accurate and complete data for treatment and research.

As physicians and patient advocates, we seek a longitudinal health record, patient-centered in the sense of being independent of any particular institution. An independent health record is also essential to enhancing competition and innovation for health services. TEFCA Draft 2 is the latest in a decade of starts down the path to an independent longitudinal health record, but it still fails to deal with the problems of consent, patient matching, and regulatory capture essential for a national-scale network. Our comments on regulatory capture will be filed separately.

We strongly support the importance in Draft 2 of Open APIs, Push, and a relationship locator service. We also strongly support expanding the scope to a wider range of data sources, beyond just HIPAA covered entities in order to better serve the real-world needs of patients and families.

However, Draft 2 still includes design practices such as the lack of patient transparency, lack of informed consent, and a core design based on involuntary surveillance. This institution-centered design barely works at a community level and leaves out many key real-world participants. It is wishful thinking to believe that it will work with expanded participant scope and on a national scale.

Continue reading…

Remembering the Real Stakeholders: Patient Privacy Rights Comments on the Proposed CMS Regulation Pursuant to the Cures Act

Deborah C. Peele
Adrian Gropper

By ADRIAN GROPPER, MD and DEBORAH C. PEEL, MD

Electronic health records (EHRs) are a polarizing issue in health reform. In their current form, they are frustrating to many physicians and have failed to support cost improvements. The current round of federal intervention is proposed rulemaking pursuant to the 21st Century Cures Act calls for penalties for “information blocking” and for technology that physicians and patients could use “without special effort.”

The proposed rules are over one thousand pages of technical jargon that aims to govern how one machine communicates with another when the content of the communication is personal and very valuable information about an individual. Healthcare is a challenging and unique industry when it comes to interoperability. Hospitals spend lavishly on EHRs and pursue information blocking as a means to manipulate the physicians and patients who might otherwise bypass the hospital on the way to health reform. The result is a broken market where physicians and patients directly control trillions of dollars in spending but have virtually zero market power over the technology that hospitals and payers operate as information brokers.

What follows below are comments by Patient Privacy Rights on the proposed rule. The common thread of our comments is the need to treat patients and physicians, not the data brokers, as the real stakeholders.

Comments to the ONC Rule

Overview: 21st Century health care innovation, policy, and practice is increasingly dependent on personal information. This is obvious with respect to machine learning and risk adjustment, but personal information is now central to the competitive strategy for most of the health care economy, clinical as well as research. ONC’s drafting of this rule reflects the importance of competition to innovation and cost containment.

Continue reading…

ONC & CMS Proposed Rules – Part 6: Payer Data Requirements

Nikki Kent
Dave Levin

By DAVE LEVIN, MD and NIKKI KENT

The Office of the National Coordinator (ONC) and the Centers for Medicare and Medicaid (CMS) have proposed final rules on interoperability, data blocking, and other activities as part of implementing the 21st Century Cures Act. In this series, we will explore ideas behind the rules, why they are necessary and the expected impact. Given that these are complex and controversial topics are open to interpretation, we invite readers to respond with their own ideas, corrections and opinions.

Interventions to Address Market Failures

Many of the rules proposed by CMS and ONC are evidence-based interventions aimed at critical problems that market forces have failed to address. One example of market failure  is the long-standing inability for health care providers and insurance companies to find a way to exchange patient data. Each has critical data the other needs and would benefit from sharing. And, as CMS noted, health plans are in a “unique position to provide enrollees a complete picture of their clams and encounter data.” Despite that, technical and financial issues, as well as a general air of distrust from decades of haggling over reimbursement, have prevented robust data exchange. Remarkably, this happens in integrated delivery systems which, in theory, provide tight alignment between payers and providers in a unified organization.

With so much attention focused on requirements for health IT companies like EHR vendors and providers, it is easy to miss the huge impact that the new rules is likely to have for payers. But make no mistake, if implemented as proposed, these rules will have a profound impact on the patient’s ability to gather and direct the use of their personal health information (PHI). They will also lead to reduced fragmentation and more complete data sets for payers and providers alike.

Overview of Proposed CMS Rules on Information Sharing and Interoperability

The proposed CMS rules affect payers, providers, and patients stating that they:

  • Require payers to make patient health information available electronically through a standardized, open application programming interface (API)
  • Promote data exchange between payers and participation in health information exchange networks
  • Require payers to provide additional resources on EHR, privacy, and security
  • Require providers to comply with new electronic notification requirements
  • Require states to better coordinate care for Medicare-Medicaid dually eligible beneficiaries by submitting buy-in data to CMS daily
  • Publicly disclose when providers inappropriately restrict the flow of information to other health care providers and payers

Continue reading…

Snoop Last Year’s Bayer G4A Startups, Then Apply

SPONSORED POST

By JESSICA DA MASSA, WTF HEALTH

With the application deadline for Bayer’s G4A Partnerships program coming up on Friday, I thought I’d throw out a little inspiration to would-be applicants by featuring an interview I did with one of last year’s program participants at the grand-finale Launch Event.

Not only was this a great party, but a microcosm of the G4A program experience itself: a way to meet Bayer execs en-masse, an opportunity to sell directly to key decision-makers across Bayer’s various global business units, and a chance to feed off the energy of like-minded innovators eager to see ‘big health care’ change for the better.

While the G4A program itself has changed a bit this year to be more streamlined and to allow for bespoke deal-making that may or may not involve giving up equity (my favorite new feature), startups questioning whether or not they have what it takes should take a look at some alums.

There’s a playlist with nearly two dozen interviews waiting for you here if you’re REALLY up for some procrastinating, or you can click through and just check out my chat with Joe Curcio, CEO of KinAptic. A healthtech startup taking wearables to the bleeding edge, Joe shows us a mock-up of the KinAptic ‘smart shirt’ which features their real innovation: printed ink electronics that look and feel like screenprinting ink, but work bi-directionally to both collect data from the body AND apply signals back to it. Is it AI-enabled? Did you have to ask? Listen in for a mindblowing chat about how this tech can change diagnostic analysis and treatment and completely redefine our current limitations when it comes to healthcare wearables.Once you’re inspired, don’t forget to head over to www.g4a.health and fill out your own application for this year’s partnership program.

Jessica DaMassa is the host of the WTF Health show & stars in Health in 2 Point 00 with Matthew Holt

We Are Not A Dashboard: Contesting The Tyranny Of Metrics, Measurement, And Managerialism

By DAVID SHAYWITZ

The dashboard is the potent symbol of our age. It offers the elegant visualization of data, and is intended to capture and represent the performance of a system, revealing at a glance current status, and pointing out potential emerging concerns. Dashboards are a prominent feature of most every “big data” project I can think of, offered by every vendor, and constructed to provide a powerful sense of control to the viewer. It seemed fitting that Novartis CEO Dr. Vas Narasimhan, a former McKinsey consultant, would build (then tweet enthusiastically about) “our new ‘control tower’” – essentially a multi-screen super dashboard – “to track, analyse and predict the status of all our clinical studies. 500+ active trials, 70+ countries, 80 000+ patients – transformative for how we develop medicines.” Dashboards are the physical manifestation of the ideology of big data, the idea that if you can measure it you can manage it.

I am increasingly concerned, however, that the ideology of big data has taken on a life of it’s own, assuming a sense of both inevitability and self-justification. From measurement in service of people, we increasingly seem to be measuring in service of data, setting up systems and organizations where constant measurement often appears to be an end in itself.

My worries, it turns out, are hardly original. I’ve been delighted to discover over the past year what feels like an underground movement of dissidents who question the direction we seem to be heading, and who’ve thoughtfully discussed many of the issues that I stumbled upon. (Special hat-tip to “The Accad & Koka Report” podcast, an independent and original voice in the healthcare podcast universe, for introducing me to several of these thinkers, including Jerry Muller and Gary Klein.)

Continue reading…

ONC & CMS Proposed Rules – Part 5: Business Models

Grant Barrick
Dave Levin

By DAVE LEVIN, MD and GRANT BARRICK

The Office of the National Coordinator (ONC) and the Centers for Medicare and Medicaid (CMS) have proposed final rules on interoperability, data blocking, and other activities as part of implementing the 21st Century Cures Act. In this series, we will explore the ideas behind the rules, why they are necessary and the expected impact. Given that these are complex and controversial topics open to interpretation, we invite readers to respond with their own ideas, corrections, and opinions. In part five of this series, we look at how competition unlocks innovation, and how the proposed rules may disrupt the balance between innovation, intellectual property (IP), and supporting business models.  

____________

The recent publication of proposed rules by ONC and CMS set off a flurry of activity. In anticipation of their implementation, the health care industry is wrestling with many questions around business models. What practices inhibit competition and innovation? How do we balance the need for competition while protecting legitimate intellectual property rights? How can vendors ensure profit growth when pricing is heavily regulated? In this article, we will examine how competition unlocks innovation and the possible disruptions the proposed rules may bring for innovation, intellectual property (IP) and supporting business models.

Unlocking Innovation via Competition

In most markets, innovation is driven forward by competition. Businesses compete on equal footing, and their investment in R&D drives innovation forward. Innovation in health care has been dramatically outpaced by other markets, leading to an urgent need for both disruptive and evolutionary innovation.

What is inhibiting health care innovation? The rules identify a combination of tactics employed in health care that restrict the free flow of clinical data, such as:

  • NDAs
  • Confidentiality Clauses
  • Hold-harmless Agreements
  • Licensing Language

These tactics slow innovation by contributing to an environment where stakeholders resist pushing the boundaries — often because they are contractually obligated not to. The legislation and proposed rules are designed to address the ongoing failure of the market to resolve these conflicts.

As the rules are finalized, we will continue to monitor whether the ONC defines these practices as innovation stifling and how they will implement regulations — both carrot and stick — to move the industry forward.

Continue reading…

ONC & CMS Proposed Rules – Part 4: Information Blocking

By DAVE LEVIN MD

The Office of the National Coordinator (ONC) and the Centers for Medicare and Medicaid (CMS) have proposed final rules on interoperability, data blocking and other activities as part of implementing the 21st Century Cures Act. In this series, we will explore ideas behind the rules, why they are necessary and the expected impact. Given that these are complex and controversial topics open to interpretation, we invite readers to respond with their own ideas, corrections and opinions.

____________

When it comes to sharing health data, the intent of the 21st Century Cures Act is clear: patients and clinicians should have access to data without special effort or excessive cost. To make this a reality, the act addresses three major areas: technical architecture, data sets and behaviors. Part two of our series looked at how APIs address technical issues while part three covered the new data requirements. In this article, we delve into information blocking. A companion podcast interview with ONC expert Michael Lipinski provides an even deeper dive into this complex topic.

Information Blocking Comes in Many Forms

The Public Health Services Act (PHSA) broadly defines information blocking as a practice that is “likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information.” The overarching assumption is information will be shared though the Act does authorize the Secretary to identify reasonable and necessary exceptions.

The proposed rules focus on “technical requirements as well as the actions and practices of health IT developers in implementing the certified API.” Information blocking can come in a variety of forms. It can be direct and obvious (“No you can’t have this data ever!”) or indirect and subtle (“Sure, you can have the data, but it will cost you $$$ and we won’t be able to get to your request for at least 12 months.”). The proposed rules are designed to address both. This passage illustrates some of the concerns:

“Health IT developers are in a unique position to block the export and portability of data for use in competing systems or applications, or to charge rents for access to the basic technical information needed to facilitate the conversion or migration of data for these purposes.”

Continue reading…

XX Marks the Spot: Why Did Women Tech Experts Rule at DC Health Data Confab?

By MICHAEL L. MILLENSON

Three government experts on a health tech conference panel discuss the urgency of releasing actionable data; all are women. A more senior official, another woman, gives a TED-style talk making the same case. And a four-person, private-sector panel debates privacy and ethics; three of the four are female.

Health Datapalooza, a conference begun with government sponsorship a decade ago, proclaims its goal as “data liberación” – freeing health data from deep within federal agencies and giving it to patients and entrepreneurs. But in 2019, women’s “liberación” seems to have become an unspoken sub-theme.

Interestingly, while women’s status in tech was the focus of a plenary panel on diversity and inclusion, the panelists seemed oblivious to the robust participation of women in their own meeting.

To put some data behind my subjective impressions, I went back and examined the list of speakers, who came from a wide range of organizations and included individual patient activists. I counted 89 men and 99 women. Liberación, indeed.

Continue reading…

Registration

Forgotten Password?