Categories

Tag: Health Data

Patient-Directed Uses vs. The Platform

By ADRIAN GROPPER, MD

This piece is part of the series “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?” which explores whether it’s possible to advance interoperability while maintaining privacy. Check out other pieces in the series here.

It’s 2023. Alice, a patient at Ascension Seton Medical Center Austin, decides to get a second opinion at Mayo Clinic. She’s heard great things about Mayo’s collaboration with Google that everyone calls “The Platform”. Alice is worried, and hoping Mayo’s version of Dr. Google says something more than Ascension’s version of Dr. Google. Is her Ascension doctor also using The Platform?

Alice makes an appointment in the breast cancer practice using the Mayo patient portal. Mayo asks permission to access her health records. Alice is offered two choices, one uses HIPAA without her consent and the other is under her control. Her choice is:

  • Enter her demographics and insurance info and have The Platform use HIPAA surveillance to gather her records wherever Mayo can find them, or
  • Alice copies her Mayo Clinic ID and enters it into the patient portal of any hospital, lab, or payer to request her records be sent directly to Mayo.

Alice feels vulnerable. What other information will The Platform gather using their HIPAA surveillance power? She recalls a 2020 law that expanded HIPAA to allow access to her behavioral health records at Austin Rehab.

Alice prefers to avoid HIPAA surprises and picks the patient-directed choice. She enters her Mayo Clinic ID into Ascension’s patient portal. Unfortunately, Ascension is using the CARIN Alliance code of conduct and best practices. Ascension tells Alice that they will not honor her request to send records directly to Mayo. Ascension tells Alice that she must use the Apple Health platform or some other intermediary app to get her records if she wants control.  

Continue reading…

The Definition of Health Data has Changed—and HHS is All Over It | Dr. Mona Siddiqui, HHS

By JESSICA DAMASSA, WTF HEALTH

Dr. Mona Siddiqui, Chief Data Officer at the US Department of Health & Human Services (HHS), says the definition of health data has changed. Health data is not just about what kind of data or where it came from, but, now, she says health data is more or less data that is defined by its intent. (Think how social media data is being used in healthcare these days for just a minute here..) Mona led a meeting with over 70 stakeholders across the healthcare industry this summer to talk next steps for this new era of health data: assessing risks and benefits, talking transparency, and looking at issuing recommendations for actions that HHS can be engaged in. What’s next as the industry continues to look to HHS for guidance around data policy? Tune in to find out.

Filmed at the HIMSS Health 2.0 Conference in Santa Clara, CA in September 2019.

Jessica DaMassa is the host of the WTF Health show & stars in Health in 2 Point 00 with Matthew HoltGet a glimpse of the future of healthcare by meeting the people who are going to change it. Find more WTF Health interviews here or check out www.wtf.health.

Concrete Problems: Experts Caution on Construction of Digital Health Superhighway

By MICHAEL MILLENSON

If you’re used to health tech meetings filled with go-go entrepreneurs and the investors who love them, a conference of academic technology experts can be jarring.

Speakers repeatedly pointed to portions of the digital health superhighway that sorely need more concrete – in this case, concrete knowledge. One researcher even used the word “humility.”

The gathering was the annual symposium of the American Medical Informatics Association (AMIA). AMIA’s founders were pioneers. Witness the physician featured in a Wall Street Journal story detailing his use of “advanced machines [in] helping diagnose illness” – way back in 1959.

That history should provide a sobering perspective on the distinction between inevitable and imminent (a difference at least as important to investors as intellectuals), even on hot-button topics such as new data uses involving the electronic health record (EHR). 

I’ve been one of the optimists. Earlier this year, my colleague Adrian Gropper and I wrote about pending federal regulations requiring providers to give patients access to their medical record in a format usable by mobile apps. This, we said, could “decisively disrupt medicine’s clinical and economic power structure.”

Continue reading…

What Google Isn’t Saying About Your Health Records

By ADRIAN GROPPER, MD

Google’s semi-secret deal with Ascension is testing the limits of HIPAA as society grapples with the future impact of machine learning and artificial intelligence.

Glenn Cohen points out that HIPAA may not be keeping up with our methods of consent by patients and society on the ways personal data is used. Is prior consent, particularly consent from vulnerable patients seeking care, a good way to regulate secret commercial deals with their caregivers? The answer to a question is strongly influenced by how you ask the questions.

Here’s a short review of this current and related scandals. It also links to a recent deal between Mayo and Google, also semi-secret. A scholarly investigative journalism report of the Google AI scandal with London NHS Foundation Trust in 2016 might be summarized as: the core issue is not consent; it is a conflict of interest at the very foundation of the information governance process. The foxes are guarding the patient data henhouse. When the secrecy of a deal is broken, a scandal ensues.

The parts of the Google-Ascension deal that are secret are likely designed to misdirect attention away from the intellectual property value of the business relationship.

Continue reading…

The good, the bad, and the hopeful in new interoperability plans from Washington

Claudia Williams, Manifest MedEx, Amazon

By CLAUDIA WILLIAMS

Robust exchange of health information is absolutely critical to improving health care quality and lowering costs. In the last few months, government leaders at the US Department of Health and Human Services (HHS) have advanced ambitious policies to make interoperability a reality. Overall, this is a great thing. However, there are places where DC regulators need help from the frontlines to understand what will really work. 

As California’s largest nonprofit health data network, Manifest MedEx has submitted comments and met with policymakers several times over the last few months to discuss these policies. We’ve weighed in with Administrator Seema Verma and National Coordinator Dr. Don Rucker. We’ve shared the progress and concerns of our network of over 400 California health organizations including hospitals, health plans, nurses, physicians and public health teams. 

With the comment periods now closed, here’s a high-level look at what lies ahead: 

CMS is leading on interoperability (good). Big new proposals from the Centers for Medicare and Medicaid Services (CMS) will set tough parameters for sharing health information. With a good prognosis to roll out in final form around HIMSS 2020, we’re excited to see requirements that health plans give patients access to their claims records via a standard set of APIs, so patients can connect their data to apps of their choosing. In addition, hospitals will be required to send admit, discharge, transfer (ADT) notifications on patients to community providers, a massive move to make transitions from hospital to home safe and seamless for patients across the country. Studies show that readmissions to the hospital are reduced as much as 20% when patients are seen by a doctor within the first week after a hospitalization. Often the blocker is not knowing a patient was discharged. CMS is putting some serious muscle behind getting information moving and is using their leverage as a payer to create new economic reasons to share. We love it.

Continue reading…

The Most Expensive Data in the US & Why we’re NOT Using It | Atul Butte, UC Health

By JESSICA DAMASSA, WTF HEALTH

When you ask the ‘big data guy’ at a massive health system what’s wrong with EMRs, it’s surprising to hear that his problem is NOT with the EMRs themselves but with the fact that health systems are just not using the data they’re collecting in any meaningful way. Atul Butte, Chief Data Scientist for University of California Health System says interoperability is not the big issue! Instead, he says it’s the fact that health systems are not using some of the most expensive data in the country (we are using doctors to data entry it…) to draw big, game-changing conclusions about the way we practice medicine and deliver care. Listen in to find out why Atul thinks that the business incentives are misaligned for a data revolution and what we need to do to help.

Filmed at Health Datapalooza in Washington DC, March 2019.

Jessica DaMassa is the host of the WTF Health show & stars in Health in 2 Point 00 with Matthew Holt.

Get a glimpse of the future of healthcare by meeting the people who are going to change it. Find more WTF Health interviews here or check out www.wtf.health

Why Should Anyone Care About Health Data Interoperability?

By SUSANNAH FOX

This piece is part of the series “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?” which explores whether it’s possible to advance interoperability while maintaining privacy. Check out other pieces in the series here.

A question I hear quite often, sometimes whispered, is: Why should anyone care about health data interoperability? It sounds pretty technical and boring.

If I’m talking with a “civilian” (in my world, someone not obsessed with health care and technology) I point out that interoperable health data can help people care for themselves and their families by streamlining simple things (like tracking medication lists and vaccination records) and more complicated things (like pulling all your records into one place when seeking a second opinion or coordinating care for a chronic condition). Open, interoperable data also helps people make better pocketbook decisions when they can comparison-shop for health plans, care centers, and drugs.

Sometimes business leaders push back on the health data rights movement, asking, sometimes aggressively: Who really wants their data? And what would they do with it if they got it? Nobody they know, including their current customers, is clamoring for interoperable health data.

Continue reading…

Taking on Facebook for Health Data Privacy: Fred Trotter, CareSet Systems

By JESSICA DaMASSA, WTF HEALTH

While patients can often find comfort, compassion, and support in Facebook Groups dedicated to their health conditions, they don’t realize that their identity, location, and email addresses can be found quite easily by other members of their closed group — some of whom may not have well-meaning purposes for that information. Called a Strict Inclusion Closed Group Reverse Lookup (SICGRL) attack, this is a privacy violation of unprecedented magnitude. 

Fred Trotter is one of the leaders of a group of activists co-led by Andrea Downing and David Harlow that is taking on Facebook to correct this health data privacy violation. 

While this interview was filmed at Health Datapalooza in the Spring of this year, Fred has just published an update that details how Facebook continues to ignore the issue and remains unwilling to collaborate on a solution. 

Catch up on the background behind this data privacy issue — currently, one of the most important opportunities we as healthcare innovators have to learn about what NOT to do when it comes to user privacy and sensitive data. 

Barbarians at the Gate

By ADRIAN GROPPER, MD

US healthcare is exceptional among rich economies. Exceptional in cost. Exceptional in disparities. Exceptional in the political power hospitals and other incumbents have amassed over decades of runaway healthcare exceptionalism. 

The latest front in healthcare exceptionalism is over who profits from patient records. Parallel articles in the NYTimes and THCB frame the issue as “barbarians at the gate” when the real issue is an obsolete health IT infrastructure and how ill-suited it is for the coming age of BigData and machine learning. Just check out the breathless announcement of “frictionless exchange” by Microsoft, AWS, Google, IBM, Salesforce and Oracle. Facebook already offers frictionless exchange. Frictionless exchange has come to mean that one data broker, like Facebook, adds value by aggregating personal data from many sources and then uses machine learning to find a customer, like Cambridge Analytica, that will use the predictive model to manipulate your behavior. How will the six data brokers in the announcement be different from Facebook?

The NYTimes article and the THCB post imply that we will know the barbarians when we see them and then rush to talk about the solutions. Aside from calls for new laws in Washington (weaken behavioral health privacy protections, preempt state privacy laws, reduce surprise medical bills, allow a national patient ID, treat data brokers as HIPAA covered entities, and maybe more) our leaders have to work with regulations (OCR, information blocking, etc…), standards (FHIR, OAuth, UMA), and best practices (Argonaut, SMART, CARIN Alliance, Patient Privacy Rights, etc…). I’m not going to discuss new laws in this post and will focus on practices under existing law.

Patient-directed access to health data is the future. This was made clear at the recent ONC Interoperability Forum as opened by Don Rucker and closed with a panel about the future. CARIN Alliance and Patient Privacy Rights are working to define patient-directed access in what might or might not be different ways. CARIN and PPR have no obvious differences when it comes to the data models and semantics associated with a patient-directed interface (API). PPR appreciates HL7 and CARIN efforts on the data models and semantics for both clinics and payers.

Continue reading…

Patient Controlled Health Data: Balancing Regulated Protections with Patient Autonomy

By KENNETH D. MANDL, MD, MPH, DAN GOTTLIEB, MPA, and JOSHUA MANDEL, MD

This piece is part of the series “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?” which explores whether it’s possible to advance interoperability while maintaining privacy. Check out other pieces in the series here.

A patient can, under the Health Insurance Portability and Accountability Act (HIPAA), request a copy of her medical records in a “form and format” of her choice “if it is readily producible.” However, patient advocates have long complained about a process which is onerous, inefficient, at times expensive, and almost always on paper. The patient-driven healthcare movement advocates for turnkey electronic provisioning of medical record data to improve care and accelerate cures.

There is recent progress. The 21st Century Cures Act requires that certified health information technology provide access to all data elements of a patient’s record, via published digital connection points, known as application programming interfaces (APIs), that enable healthcare information “to be accessed, exchanged, and used without special effort.”  The Office of the National Coordinator of Health Information Technology (ONC) has proposed a rule that will facilitate a standard way for any patient to connect an app of her choice to her provider’s electronic health record (EHR).  With these easily added or deleted (“substitutable”) apps, she should be able to obtain a copy of her data, share it with health care providers and apps that help her make decisions and navigate her care journeys, or contribute data to research. Because the rule mandates the ”SMART on FHIR” API (an open standard for launching apps now part of the Fast Healthcare Interoperability Resources ANSI Standard), these apps will run anywhere in the health system.

Apple recently advanced an apps-based information economy, by connecting its native “Health app” via SMART on FHIR, to hundreds of health systems, so patients can download copies of their data to their iPhones. The impending rule will no doubt spark the development of a substantial number of additional apps.

Policymakers are grappling with concerns that data crossing the API and leaving a HIPAA covered entity are no longer governed by HIPAA. Instead, consumer apps and the data therein fall under oversight of the Federal Trade Commission (FTC). When a patient obtains her data via an app, she will likely have agreed to the terms and the privacy policy for that app, or at least clicked through an agreement no matter how lengthy or opaque the language.  For commercial apps in particular, these are often poorly protective. As with consumer behavior in the non-healthcare apps and services marketplace, we expect that many patients will broadly share their data with apps, unwittingly giving up control over the uses of those data by third parties.

Continue reading…