By ADRIAN GROPPER, MD
The HHS Office of National Coordinator (ONC) hosted a well-attended Annual Meeting this week. It’s a critical time for HHS because regulations authorized under the almost unanimous bi-partisan 21stC Cures Act, three and a half years in the making, are now facing intense political pressure for further delay or outright nullification. HHS pulled out all of the stops to promote their as yet unseen work product.
Myself and other patient advocates benefited from the all-out push by ONC. We were given prominent spots on the plenary panels, for which we are grateful to ONC. This post summarizes my impressions on three topics discussed both on-stage and off:
- Patient Matching and Unique Patient Identifiers (UPI)
- Reaction to Judy Faulkner’s Threats
- Consumer App Access and Safety
Each of these represents a different aspect of the strategic interests at work to sideline patient-centered practices that might threaten the current $Trillion of waste.
The patient ID plenary panel opened the meeting. It was a well designed opportunity for experts to present their perspectives on a seemingly endless debate. Here’s a brief report. My comments were a privacy perspective on patient matching, UPI, and the potential role of self-sovereign identity (SSI) as a new UPI technology. The questions and Twitter about my comments after the panel showed specific interest in:
- The similarity of “enhanced” surveillance for patient matching to the Chinese social credit scoring system.
- The suggestion that we already have very useful UPIs in the form of email address and mobile phone numbers that could have been adopted in the marketplace, but are not, for what I euphemistically called “strategic interests”.
- The promise of SSI as better and more privacy preserving UPIs that might still be ignored by the same strategic interests.
- The observation that a consent-based health information exchange does not need either patient matching or UPIs.
By ADRIAN GROPPER, MD
US healthcare is exceptional among rich economies. Exceptional in cost. Exceptional in disparities. Exceptional in the political power hospitals and other incumbents have amassed over decades of runaway healthcare exceptionalism.
The latest front in healthcare exceptionalism is over who profits from patient records. Parallel articles in the NYTimes and THCB frame the issue as “barbarians at the gate” when the real issue is an obsolete health IT infrastructure and how ill-suited it is for the coming age of BigData and machine learning. Just check out the breathless announcement of “frictionless exchange” by Microsoft, AWS, Google, IBM, Salesforce and Oracle. Facebook already offers frictionless exchange. Frictionless exchange has come to mean that one data broker, like Facebook, adds value by aggregating personal data from many sources and then uses machine learning to find a customer, like Cambridge Analytica, that will use the predictive model to manipulate your behavior. How will the six data brokers in the announcement be different from Facebook?
The NYTimes article and the THCB post imply that we will know the barbarians when we see them and then rush to talk about the solutions. Aside from calls for new laws in Washington (weaken behavioral health privacy protections, preempt state privacy laws, reduce surprise medical bills, allow a national patient ID, treat data brokers as HIPAA covered entities, and maybe more) our leaders have to work with regulations (OCR, information blocking, etc…), standards (FHIR, OAuth, UMA), and best practices (Argonaut, SMART, CARIN Alliance, Patient Privacy Rights, etc…). I’m not going to discuss new laws in this post and will focus on practices under existing law.
Patient-directed access to health data is the future. This was made clear at the recent ONC Interoperability Forum as opened by Don Rucker and closed with a panel about the future. CARIN Alliance and Patient Privacy Rights are working to define patient-directed access in what might or might not be different ways. CARIN and PPR have no obvious differences when it comes to the data models and semantics associated with a patient-directed interface (API). PPR appreciates HL7 and CARIN efforts on the data models and semantics for both clinics and payers.