Categories

Tag: Health Data

Barbarians at the Gate

By ADRIAN GROPPER, MD

US healthcare is exceptional among rich economies. Exceptional in cost. Exceptional in disparities. Exceptional in the political power hospitals and other incumbents have amassed over decades of runaway healthcare exceptionalism. 

The latest front in healthcare exceptionalism is over who profits from patient records. Parallel articles in the NYTimes and THCB frame the issue as “barbarians at the gate” when the real issue is an obsolete health IT infrastructure and how ill-suited it is for the coming age of BigData and machine learning. Just check out the breathless announcement of “frictionless exchange” by Microsoft, AWS, Google, IBM, Salesforce and Oracle. Facebook already offers frictionless exchange. Frictionless exchange has come to mean that one data broker, like Facebook, adds value by aggregating personal data from many sources and then uses machine learning to find a customer, like Cambridge Analytica, that will use the predictive model to manipulate your behavior. How will the six data brokers in the announcement be different from Facebook?

The NYTimes article and the THCB post imply that we will know the barbarians when we see them and then rush to talk about the solutions. Aside from calls for new laws in Washington (weaken behavioral health privacy protections, preempt state privacy laws, reduce surprise medical bills, allow a national patient ID, treat data brokers as HIPAA covered entities, and maybe more) our leaders have to work with regulations (OCR, information blocking, etc…), standards (FHIR, OAuth, UMA), and best practices (Argonaut, SMART, CARIN Alliance, Patient Privacy Rights, etc…). I’m not going to discuss new laws in this post and will focus on practices under existing law.

Patient-directed access to health data is the future. This was made clear at the recent ONC Interoperability Forum as opened by Don Rucker and closed with a panel about the future. CARIN Alliance and Patient Privacy Rights are working to define patient-directed access in what might or might not be different ways. CARIN and PPR have no obvious differences when it comes to the data models and semantics associated with a patient-directed interface (API). PPR appreciates HL7 and CARIN efforts on the data models and semantics for both clinics and payers.

Continue reading…

Patient Controlled Health Data: Balancing Regulated Protections with Patient Autonomy

By KENNETH D. MANDL, MD, MPH, DAN GOTTLIEB, MPA, and JOSHUA MANDEL, MD

A patient can, under the Health Insurance Portability and Accountability Act (HIPAA), request a copy of her medical records in a “form and format” of her choice “if it is readily producible.” However, patient advocates have long complained about a process which is onerous, inefficient, at times expensive, and almost always on paper. The patient-driven healthcare movement advocates for turnkey electronic provisioning of medical record data to improve care and accelerate cures.

There is recent progress. The 21st Century Cures Act requires that certified health information technology provide access to all data elements of a patient’s record, via published digital connection points, known as application programming interfaces (APIs), that enable healthcare information “to be accessed, exchanged, and used without special effort.”  The Office of the National Coordinator of Health Information Technology (ONC) has proposed a rule that will facilitate a standard way for any patient to connect an app of her choice to her provider’s electronic health record (EHR).  With these easily added or deleted (“substitutable”) apps, she should be able to obtain a copy of her data, share it with health care providers and apps that help her make decisions and navigate her care journeys, or contribute data to research. Because the rule mandates the ”SMART on FHIR” API (an open standard for launching apps now part of the Fast Healthcare Interoperability Resources ANSI Standard), these apps will run anywhere in the health system.

Apple recently advanced an apps-based information economy, by connecting its native “Health app” via SMART on FHIR, to hundreds of health systems, so patients can download copies of their data to their iPhones. The impending rule will no doubt spark the development of a substantial number of additional apps.

Policymakers are grappling with concerns that data crossing the API and leaving a HIPAA covered entity are no longer governed by HIPAA. Instead, consumer apps and the data therein fall under oversight of the Federal Trade Commission (FTC). When a patient obtains her data via an app, she will likely have agreed to the terms and the privacy policy for that app, or at least clicked through an agreement no matter how lengthy or opaque the language.  For commercial apps in particular, these are often poorly protective. As with consumer behavior in the non-healthcare apps and services marketplace, we expect that many patients will broadly share their data with apps, unwittingly giving up control over the uses of those data by third parties.

Continue reading…

Health in 2 Point 00 Episode 92, Takeover Edition | Louise Schaper, HIC 2019 Australia

Today on Health in 2 Point 00, we have another takeover edition! On Episode 92, Jess talks to Louise Schaper, CEO of the Health Informatics Society of Australia (HISA) at HIC 2019. Louise’s key takeaway from the conference is that health tech in Australia is focused on humanity and improving outcomes for all people. Jess also asks Louise about the Australian Digital Health Agency’s MyHealthRecord, an online summary of individuals’ health information. It’s got a great participation rate with 90% of Australians opted in, but it’s not being utilized as much as it could be. Finally, Louise debunks some of the chatter around HealthEngine’s data scandal in which they were caught sharing health data with law firms. The thing is, the press has sold it as if they have full access to your medical data and has sold that, but that’s not the case.

Health Data Outside HIPAA: The Wild West of Unprotected Personal Data

Deven McGraw
Vince Kuraitis

By VINCE KURAITIS and DEVEN McGRAW

This post is part of the series “The Health Data Goldilocks Dilemma: Privacy? Sharing? Both?”

“…the average patient will, in his or her lifetime, generate about 2,750 times more data related to social and environmental influences than to clinical factors”

McKinsey analysis

The McKinsey “2,750 times” statistic is a pretty good proxy for the amount of your personal health data that is NOT protected by HIPAA and currently is broadly unprotected from sharing and use by third parties.

However, there is bipartisan legislation in front of Congress that offers expanded privacy protection for your personal health data. Senators Klobuchar & Murkowski have introduced the “Protecting Personal Health Data Act” (S.1842). The Act would extend protection to much personal health data that is currently not already protected by HIPAA (the Health Insurance Portability and Accountability Act of 1996). 

In this essay, we will look in the rear-view mirror to see how HIPAA has provided substantial protections for personal clinical data — but with boundaries. We’ll also take a look out the windshield — the Wild West of unprotected health data.

Then in a separate post, we’ll describe and comment on the pending “Protect Personal Health Data Act”.

Continue reading…

Health in 2 Point 00, Episode 90 | One year older…

Today on Health in 2 Point 00, we’re wishing Matthew a happy birthday!

On Episode 90, Jess and I talk about the drama around Amazon PillPack and Surescripts, HelloHeart’s $12 million raise, and Cerner selling its health data. In the end, the data is going to have to flow after this battle between Surescripts and PillPack. For HelloHeart’s blood pressure and cardiovascular health management platform, have they found their niche or is it too little too late with others like Livongo, Omada and Vivify in the space already? Finally, Cerner has put in their earnings call that they’re going to develop a business model around selling their data, sending ePatient Dave on a Tweet storm, but how big of a deal is this really? —Matthew Holt

Announcing a New Series: “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?

By ZOYA KHAN

I would like to introduce you to a new ongoing series that THCB will be featuring called “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?”. It is about time we started talking about health data privacy and policy, and we have just the experts on hand to do so: Vince Kuraitis and Deven McGraw.

The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?” series will cover a whole host of topics that discuss, clarify, and challenge the notion of sharing data and if it should be kept private or made public. On the one hand, sharing health information is essential for clinical care, powering medical discovery, and enabling health system transformation. On the other hand, the public is expressing greater concerns over the privacy of personal health data. This ‘Goldilocks Dilemma’ has pushed US policymakers towards two seemingly conflicting goals: 1) broader data interoperability and data sharing, and 2) enhanced data privacy and data protection.

But this issue is even more nuanced and is influenced by many moving parts including: Federal & State privacy legislation, health technology legislation, policy & interoperability rules, data usage from AI & machine learning tools, data from clinical research, ethical concerns, compensating individuals for their data, health data business models, & many more. 

Fear not, Deven & Vince are here to walk readers through this dilemma and will be providing pieces to help explain what is going on. Most of their discussion & pieces will cover 2 specific affected areas: 1) How are policymakers addressing health data privacy risks, and 2) The impact on business models within the Health Data Goldilocks Dilemma.

We hope you enjoy the series and if you have any pieces to add to it, please email me zoya@thehealthcareblog.com

Zoya Khan is the Editor-in-Chief of THCB & an Associate at SMACK.health

ONC & CMS Proposed Rules – Part 6: Payer Data Requirements

Nikki Kent
Dave Levin

By DAVE LEVIN, MD and NIKKI KENT

The Office of the National Coordinator (ONC) and the Centers for Medicare and Medicaid (CMS) have proposed final rules on interoperability, data blocking, and other activities as part of implementing the 21st Century Cures Act. In this series, we will explore ideas behind the rules, why they are necessary and the expected impact. Given that these are complex and controversial topics are open to interpretation, we invite readers to respond with their own ideas, corrections and opinions.

Interventions to Address Market Failures

Many of the rules proposed by CMS and ONC are evidence-based interventions aimed at critical problems that market forces have failed to address. One example of market failure  is the long-standing inability for health care providers and insurance companies to find a way to exchange patient data. Each has critical data the other needs and would benefit from sharing. And, as CMS noted, health plans are in a “unique position to provide enrollees a complete picture of their clams and encounter data.” Despite that, technical and financial issues, as well as a general air of distrust from decades of haggling over reimbursement, have prevented robust data exchange. Remarkably, this happens in integrated delivery systems which, in theory, provide tight alignment between payers and providers in a unified organization.

With so much attention focused on requirements for health IT companies like EHR vendors and providers, it is easy to miss the huge impact that the new rules is likely to have for payers. But make no mistake, if implemented as proposed, these rules will have a profound impact on the patient’s ability to gather and direct the use of their personal health information (PHI). They will also lead to reduced fragmentation and more complete data sets for payers and providers alike.

Overview of Proposed CMS Rules on Information Sharing and Interoperability

The proposed CMS rules affect payers, providers, and patients stating that they:

  • Require payers to make patient health information available electronically through a standardized, open application programming interface (API)
  • Promote data exchange between payers and participation in health information exchange networks
  • Require payers to provide additional resources on EHR, privacy, and security
  • Require providers to comply with new electronic notification requirements
  • Require states to better coordinate care for Medicare-Medicaid dually eligible beneficiaries by submitting buy-in data to CMS daily
  • Publicly disclose when providers inappropriately restrict the flow of information to other health care providers and payers

Continue reading…

THCB Spotlights | Lygeia Ricciardi, CTO of Carium Health

Today, THCB is spotlighting Lygeia Ricciardi. As the former Director of Consumer e-Health at the ONC, Lygeia tells us about patient access to health data and the ONC and CMS’s new rules on interoperability. But now, she’s the CTO of Carium Health, going from a “consumer activist consultant-type” to actually working with a startup. Carium provides a platform for consumer empowerment and engagement, helping to guide individuals through their health care and wellness journeys.

We Are Not A Dashboard: Contesting The Tyranny Of Metrics, Measurement, And Managerialism

By DAVID SHAYWITZ

The dashboard is the potent symbol of our age. It offers the elegant visualization of data, and is intended to capture and represent the performance of a system, revealing at a glance current status, and pointing out potential emerging concerns. Dashboards are a prominent feature of most every “big data” project I can think of, offered by every vendor, and constructed to provide a powerful sense of control to the viewer. It seemed fitting that Novartis CEO Dr. Vas Narasimhan, a former McKinsey consultant, would build (then tweet enthusiastically about) “our new ‘control tower’” – essentially a multi-screen super dashboard – “to track, analyse and predict the status of all our clinical studies. 500+ active trials, 70+ countries, 80 000+ patients – transformative for how we develop medicines.” Dashboards are the physical manifestation of the ideology of big data, the idea that if you can measure it you can manage it.

I am increasingly concerned, however, that the ideology of big data has taken on a life of it’s own, assuming a sense of both inevitability and self-justification. From measurement in service of people, we increasingly seem to be measuring in service of data, setting up systems and organizations where constant measurement often appears to be an end in itself.

My worries, it turns out, are hardly original. I’ve been delighted to discover over the past year what feels like an underground movement of dissidents who question the direction we seem to be heading, and who’ve thoughtfully discussed many of the issues that I stumbled upon. (Special hat-tip to “The Accad & Koka Report” podcast, an independent and original voice in the healthcare podcast universe, for introducing me to several of these thinkers, including Jerry Muller and Gary Klein.)

Continue reading…

Patient-Directed Access for Competition to Bend the Cost Curve

By ADRIAN GROPPER, MD

Many of you have received the email: Microsoft HealthVault is shutting down. By some accounts, Microsoft has spent over $1 Billion on a valiant attempt to create a patient-centered health information system. They were not greedy. They adopted standards that I worked on for about a decade. They generously funded non-profit Patient Privacy Rights to create an innovative privacy policy in a green field situation. They invited trusted patient surrogates like the American Heart Association to participate in the launch. They stuck with it for almost a dozen years. They failed. The broken market and promise of HITECH is to blame and now a new administration has the opportunity and the tools to avoid the rent-seekers’ trap.

The 2016 21st Century CURES Act is the law. It is built around two phrases: “information blocking” and “without special effort” that give the administration tremendous power to regulate anti-competitive behavior in the health information sector. The resulting draft regulation, February’s Notice of Proposed Rulemaking (NPRM) is a breakthrough attempt to bend the healthcare cost curve through patient empowerment and competition. It could be the last best chance to avoid a $6 Trillion, 20% of GDP future without introducing strict price controls.

This post highlights patient-directed access as the essential pro-competition aspect of the NPRM which allows the patient’s data to follow the patient to any service, any physician, any caregiver, anywhere in the country or in the world.

Continue reading…

Registration

Forgotten Password?