Categories

Tag: Health Data

The good, the bad, and the hopeful in new interoperability plans from Washington

Claudia Williams, Manifest MedEx, Amazon

By CLAUDIA WILLIAMS

Robust exchange of health information is absolutely critical to improving health care quality and lowering costs. In the last few months, government leaders at the US Department of Health and Human Services (HHS) have advanced ambitious policies to make interoperability a reality. Overall, this is a great thing. However, there are places where DC regulators need help from the frontlines to understand what will really work. 

As California’s largest nonprofit health data network, Manifest MedEx has submitted comments and met with policymakers several times over the last few months to discuss these policies. We’ve weighed in with Administrator Seema Verma and National Coordinator Dr. Don Rucker. We’ve shared the progress and concerns of our network of over 400 California health organizations including hospitals, health plans, nurses, physicians and public health teams. 

With the comment periods now closed, here’s a high-level look at what lies ahead: 

CMS is leading on interoperability (good). Big new proposals from the Centers for Medicare and Medicaid Services (CMS) will set tough parameters for sharing health information. With a good prognosis to roll out in final form around HIMSS 2020, we’re excited to see requirements that health plans give patients access to their claims records via a standard set of APIs, so patients can connect their data to apps of their choosing. In addition, hospitals will be required to send admit, discharge, transfer (ADT) notifications on patients to community providers, a massive move to make transitions from hospital to home safe and seamless for patients across the country. Studies show that readmissions to the hospital are reduced as much as 20% when patients are seen by a doctor within the first week after a hospitalization. Often the blocker is not knowing a patient was discharged. CMS is putting some serious muscle behind getting information moving and is using their leverage as a payer to create new economic reasons to share. We love it.

Continue reading…

The Most Expensive Data in the US & Why we’re NOT Using It | Atul Butte, UC Health

By JESSICA DAMASSA, WTF HEALTH

When you ask the ‘big data guy’ at a massive health system what’s wrong with EMRs, it’s surprising to hear that his problem is NOT with the EMRs themselves but with the fact that health systems are just not using the data they’re collecting in any meaningful way. Atul Butte, Chief Data Scientist for University of California Health System says interoperability is not the big issue! Instead, he says it’s the fact that health systems are not using some of the most expensive data in the country (we are using doctors to data entry it…) to draw big, game-changing conclusions about the way we practice medicine and deliver care. Listen in to find out why Atul thinks that the business incentives are misaligned for a data revolution and what we need to do to help.

Filmed at Health Datapalooza in Washington DC, March 2019.

Jessica DaMassa is the host of the WTF Health show & stars in Health in 2 Point 00 with Matthew Holt.

Get a glimpse of the future of healthcare by meeting the people who are going to change it. Find more WTF Health interviews here or check out www.wtf.health

Why Should Anyone Care About Health Data Interoperability?

By SUSANNAH FOX

This piece is part of the series “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?” which explores whether it’s possible to advance interoperability while maintaining privacy. Check out other pieces in the series here.

A question I hear quite often, sometimes whispered, is: Why should anyone care about health data interoperability? It sounds pretty technical and boring.

If I’m talking with a “civilian” (in my world, someone not obsessed with health care and technology) I point out that interoperable health data can help people care for themselves and their families by streamlining simple things (like tracking medication lists and vaccination records) and more complicated things (like pulling all your records into one place when seeking a second opinion or coordinating care for a chronic condition). Open, interoperable data also helps people make better pocketbook decisions when they can comparison-shop for health plans, care centers, and drugs.

Sometimes business leaders push back on the health data rights movement, asking, sometimes aggressively: Who really wants their data? And what would they do with it if they got it? Nobody they know, including their current customers, is clamoring for interoperable health data.

Continue reading…

Taking on Facebook for Health Data Privacy: Fred Trotter, CareSet Systems

By JESSICA DaMASSA, WTF HEALTH

While patients can often find comfort, compassion, and support in Facebook Groups dedicated to their health conditions, they don’t realize that their identity, location, and email addresses can be found quite easily by other members of their closed group — some of whom may not have well-meaning purposes for that information. Called a Strict Inclusion Closed Group Reverse Lookup (SICGRL) attack, this is a privacy violation of unprecedented magnitude. 

Fred Trotter is one of the leaders of a group of activists co-led by Andrea Downing and David Harlow that is taking on Facebook to correct this health data privacy violation. 

While this interview was filmed at Health Datapalooza in the Spring of this year, Fred has just published an update that details how Facebook continues to ignore the issue and remains unwilling to collaborate on a solution. 

Catch up on the background behind this data privacy issue — currently, one of the most important opportunities we as healthcare innovators have to learn about what NOT to do when it comes to user privacy and sensitive data. 

Barbarians at the Gate

By ADRIAN GROPPER, MD

US healthcare is exceptional among rich economies. Exceptional in cost. Exceptional in disparities. Exceptional in the political power hospitals and other incumbents have amassed over decades of runaway healthcare exceptionalism. 

The latest front in healthcare exceptionalism is over who profits from patient records. Parallel articles in the NYTimes and THCB frame the issue as “barbarians at the gate” when the real issue is an obsolete health IT infrastructure and how ill-suited it is for the coming age of BigData and machine learning. Just check out the breathless announcement of “frictionless exchange” by Microsoft, AWS, Google, IBM, Salesforce and Oracle. Facebook already offers frictionless exchange. Frictionless exchange has come to mean that one data broker, like Facebook, adds value by aggregating personal data from many sources and then uses machine learning to find a customer, like Cambridge Analytica, that will use the predictive model to manipulate your behavior. How will the six data brokers in the announcement be different from Facebook?

The NYTimes article and the THCB post imply that we will know the barbarians when we see them and then rush to talk about the solutions. Aside from calls for new laws in Washington (weaken behavioral health privacy protections, preempt state privacy laws, reduce surprise medical bills, allow a national patient ID, treat data brokers as HIPAA covered entities, and maybe more) our leaders have to work with regulations (OCR, information blocking, etc…), standards (FHIR, OAuth, UMA), and best practices (Argonaut, SMART, CARIN Alliance, Patient Privacy Rights, etc…). I’m not going to discuss new laws in this post and will focus on practices under existing law.

Patient-directed access to health data is the future. This was made clear at the recent ONC Interoperability Forum as opened by Don Rucker and closed with a panel about the future. CARIN Alliance and Patient Privacy Rights are working to define patient-directed access in what might or might not be different ways. CARIN and PPR have no obvious differences when it comes to the data models and semantics associated with a patient-directed interface (API). PPR appreciates HL7 and CARIN efforts on the data models and semantics for both clinics and payers.

Continue reading…

Patient Controlled Health Data: Balancing Regulated Protections with Patient Autonomy

By KENNETH D. MANDL, MD, MPH, DAN GOTTLIEB, MPA, and JOSHUA MANDEL, MD

This piece is part of the series “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?” which explores whether it’s possible to advance interoperability while maintaining privacy. Check out other pieces in the series here.

A patient can, under the Health Insurance Portability and Accountability Act (HIPAA), request a copy of her medical records in a “form and format” of her choice “if it is readily producible.” However, patient advocates have long complained about a process which is onerous, inefficient, at times expensive, and almost always on paper. The patient-driven healthcare movement advocates for turnkey electronic provisioning of medical record data to improve care and accelerate cures.

There is recent progress. The 21st Century Cures Act requires that certified health information technology provide access to all data elements of a patient’s record, via published digital connection points, known as application programming interfaces (APIs), that enable healthcare information “to be accessed, exchanged, and used without special effort.”  The Office of the National Coordinator of Health Information Technology (ONC) has proposed a rule that will facilitate a standard way for any patient to connect an app of her choice to her provider’s electronic health record (EHR).  With these easily added or deleted (“substitutable”) apps, she should be able to obtain a copy of her data, share it with health care providers and apps that help her make decisions and navigate her care journeys, or contribute data to research. Because the rule mandates the ”SMART on FHIR” API (an open standard for launching apps now part of the Fast Healthcare Interoperability Resources ANSI Standard), these apps will run anywhere in the health system.

Apple recently advanced an apps-based information economy, by connecting its native “Health app” via SMART on FHIR, to hundreds of health systems, so patients can download copies of their data to their iPhones. The impending rule will no doubt spark the development of a substantial number of additional apps.

Policymakers are grappling with concerns that data crossing the API and leaving a HIPAA covered entity are no longer governed by HIPAA. Instead, consumer apps and the data therein fall under oversight of the Federal Trade Commission (FTC). When a patient obtains her data via an app, she will likely have agreed to the terms and the privacy policy for that app, or at least clicked through an agreement no matter how lengthy or opaque the language.  For commercial apps in particular, these are often poorly protective. As with consumer behavior in the non-healthcare apps and services marketplace, we expect that many patients will broadly share their data with apps, unwittingly giving up control over the uses of those data by third parties.

Continue reading…

Health in 2 Point 00 Episode 92, Takeover Edition | Louise Schaper, HIC 2019 Australia

Today on Health in 2 Point 00, we have another takeover edition! On Episode 92, Jess talks to Louise Schaper, CEO of the Health Informatics Society of Australia (HISA) at HIC 2019. Louise’s key takeaway from the conference is that health tech in Australia is focused on humanity and improving outcomes for all people. Jess also asks Louise about the Australian Digital Health Agency’s MyHealthRecord, an online summary of individuals’ health information. It’s got a great participation rate with 90% of Australians opted in, but it’s not being utilized as much as it could be. Finally, Louise debunks some of the chatter around HealthEngine’s data scandal in which they were caught sharing health data with law firms. The thing is, the press has sold it as if they have full access to your medical data and has sold that, but that’s not the case.

Health Data Outside HIPAA: The Wild West of Unprotected Personal Data

Deven McGraw
Vince Kuraitis

By VINCE KURAITIS and DEVEN McGRAW

This post is part of the series “The Health Data Goldilocks Dilemma: Privacy? Sharing? Both?”

“…the average patient will, in his or her lifetime, generate about 2,750 times more data related to social and environmental influences than to clinical factors”

McKinsey analysis

The McKinsey “2,750 times” statistic is a pretty good proxy for the amount of your personal health data that is NOT protected by HIPAA and currently is broadly unprotected from sharing and use by third parties.

However, there is bipartisan legislation in front of Congress that offers expanded privacy protection for your personal health data. Senators Klobuchar & Murkowski have introduced the “Protecting Personal Health Data Act” (S.1842). The Act would extend protection to much personal health data that is currently not already protected by HIPAA (the Health Insurance Portability and Accountability Act of 1996). 

In this essay, we will look in the rear-view mirror to see how HIPAA has provided substantial protections for personal clinical data — but with boundaries. We’ll also take a look out the windshield — the Wild West of unprotected health data.

Then in a separate post, we’ll describe and comment on the pending “Protect Personal Health Data Act”.

Continue reading…

Health in 2 Point 00, Episode 90 | One year older…

Today on Health in 2 Point 00, we’re wishing Matthew a happy birthday!

On Episode 90, Jess and I talk about the drama around Amazon PillPack and Surescripts, HelloHeart’s $12 million raise, and Cerner selling its health data. In the end, the data is going to have to flow after this battle between Surescripts and PillPack. For HelloHeart’s blood pressure and cardiovascular health management platform, have they found their niche or is it too little too late with others like Livongo, Omada and Vivify in the space already? Finally, Cerner has put in their earnings call that they’re going to develop a business model around selling their data, sending ePatient Dave on a Tweet storm, but how big of a deal is this really? —Matthew Holt

Announcing a New Series: “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?

By ZOYA KHAN

I would like to introduce you to a new ongoing series that THCB will be featuring called “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?”. It is about time we started talking about health data privacy and policy, and we have just the experts on hand to do so: Vince Kuraitis and Deven McGraw.

The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?” series will cover a whole host of topics that discuss, clarify, and challenge the notion of sharing data and if it should be kept private or made public. On the one hand, sharing health information is essential for clinical care, powering medical discovery, and enabling health system transformation. On the other hand, the public is expressing greater concerns over the privacy of personal health data. This ‘Goldilocks Dilemma’ has pushed US policymakers towards two seemingly conflicting goals: 1) broader data interoperability and data sharing, and 2) enhanced data privacy and data protection.

But this issue is even more nuanced and is influenced by many moving parts including: Federal & State privacy legislation, health technology legislation, policy & interoperability rules, data usage from AI & machine learning tools, data from clinical research, ethical concerns, compensating individuals for their data, health data business models, & many more. 

Fear not, Deven & Vince are here to walk readers through this dilemma and will be providing pieces to help explain what is going on. Most of their discussion & pieces will cover 2 specific affected areas: 1) How are policymakers addressing health data privacy risks, and 2) The impact on business models within the Health Data Goldilocks Dilemma.

We hope you enjoy the series and if you have any pieces to add to it, please email me zoya@thehealthcareblog.com

Zoya Khan is the Editor-in-Chief of THCB & an Associate at SMACK.health

Registration

Forgotten Password?