Imagine solving wicked problems of patient matching, consent, and a patient-centered longitudinal health record while also enabling a world of new healthcare services for patients and physicians to use. The long-awaited Notice of Proposed Rulemaking (NPRM) on information blocking from the Office of the National Coordinator for Health Information Technology (ONC) promises nothing less.
Having data automatically follow the patient is a laudable goal but difficult for reasons of privacy, security, and institutional workflow. The privacy issues are clear if you use surveillance as the mechanism to follow the patient. Do patients know they’re under surveillance? By whom? Is there one surveillance agency or are there dozens in real-world practice? Can a patient choose who does the surveillance and which health encounters, including behavioral health, social relationships, location, and finance are excluded from the surveillance?
The security issues are pretty obvious if one uses the National Institutes of Standards and Technology (NIST) definition of security versus privacy: Security breaches, as opposed to privacy breaches, are unintentional — typically the result of hacks or bugs in the system. Institutional workflow issues also pose a major difficulty due to the risk of taking responsibility for information coming into a practice from uncontrolled sources. Whose job is it to validate incoming information and potentially alter the workflow? Can this step be automated with acceptable risk?
It’s not hard to see how surveillance as the basis for health information sharing would be contentious and risk the trust that’s fundamental to both individual and public health. Nowhere is this more apparent than in the various legislative efforts currently underway to expand HIPAA to include behavioral health and social determinants of health, preempt state privacy laws, grant data brokers HIPAA Covered Entity status, and limit transparency of how personal data is privately used for “predictive analytics”, machine learning, and artificial intelligence.
“When doctors today say patients should stay off the Internet, I know they’re wrong.” — ePatient Dave de Bronkart
Dave de Bronkart (aka ePatient Dave) credits online communities of other patients – and access to clinical research he found on his stage 4 cancer diagnosis – to saving his life more than a decade ago. Fast forward, and this patient advocate has taken his mantra, “Let Patients Help,” to the TedTalk stage and beyond.
As health care continues to shift its focus from ‘patients’ to ‘consumers,’ how can we all be better, more empowered participants in this system that, despite its best efforts, remains closed, difficult to understand, and challenging to navigate?
I caught up with Dave to talk about his definition of what it means to be a ‘consumerist patient advocate’ and get his suggestions for how we can all better partner with our doctors and nurses when it comes to improving our health. The magic ingredient is data – namely, access to it in a frictionless and open way – so that we can be fully involved in learning about our health and able to set priorities when it comes to preserving it.
How did access to health data prevent serious health consequences in Dave’s life? He’s got more than one story to prove this point – oh, and a great little rap (yes, that kind of rap) at the end.
Get a glimpse of the future of healthcare by meeting the people who are going to change it. Find more WTF Health interviews here or check out www.wtf.health.
WTF Health – ‘What’s the Future’ Health? is a new interview series about the future of the health industry and how we love to hate WTF is wrong with it right now. Can’t get enough? Check out more interviews at www.wtf.health.
How can patients help usher in a better future for healthcare? Start speaking up. LOUDLY.
In this WTF Health interview, meet one of health’s most outspoken patient advocates, Twitter voices (@mightycasey) and podcasters, Casey Quinlan of Mighty Casey Media, who talks about her patient journey as a cancer survivor — and why the awful experience led her to tattoo a QR code linking to her electronic medical record to her chest.
Casey’s ‘physical political protest’ is tied to her passionate views about the lack of data liquidity in healthcare and how patients suffer as a result. She’s launching a new “If-You’re-Selling-My-Health-Data-Cut-Me-In” Movement and weighs in on why more patients aren’t clamoring after their health data to push real change in the healthcare system.
Filmed at Health Datapalooza in Washington DC, April 2018.
Physicians have always been in the information business. We have kept records of patient data regarding the vital signs, allergies, illnesses, injuries, medications, and treatments for the patients we serve. We seek knowledge from other physicians, whether that knowledge comes from the conclusions of experts from research published in a medical journal or the specialist down the hall. However, a physician will always benefit from additional good information such as the analysis of pooled data from our peers treating similar patients or from the patients themselves.
Over the next few years, vast new pools of data regarding the physiologic status, behaviors, environment, and genomes of patients will create amazing new possibilities for both patients and care providers. Data will change our understanding of health and disease and provide a rich new resource to improve clinical care and maximize patient health and well-being.
Patient Data Used by the Patient
Instead of a periodic handful of test results and a smattering of annual measurements in a paper chart, healthdata will increasingly be something that is generated passively, day by day, as a byproduct of living our lives and providing care. Much of the data will be generated, shared, and used outside of the health system. It will belong to patients who will use it to manage their lives and help them select physicians and other healthcare professionals to guide them in their quest for a long and healthy life.
Based on a patient’s preferences and needs, the data will flow to those who can best assist them in maintaining their health. It will reveal important and illuminating patterns that were not previously apparent, and with the right system in place, it will trigger awareness and alerts for patients and other providers that will guide behaviors and decisions.
Long time (well very long time) readers of THCB will remember my extreme frustration with Patients Privacy Rights founder Deborah Peel who as far as I can tell spent the entire 2000s opposing electronic health data in general and commercial EMR vendors in particular. I even wrote a very critical piece about her and the people from the World Privacy Forum who I felt were fellow travelers back in 2008. And perhaps nothing annoyed me more than her consistently claiming that data exchange was illegal and that vendors were selling personally identified health data for marketing and related purposes to non-covered entities (which is illegal under HIPAA).
However, in recent years Deborah has teamed up with Adrian Gropper, whom I respect and seemed to change her tune from “all electronic data violates privacy and is therefore bad”, to “we can do health data in a way that safeguards privacy but achieves the efficiencies of care improvement via electronic data exchange”. But she never really came clean on all those claims about vendors selling personally identified health data, and in a semi-related thread on THCB last week, it all came back. Including some outrageous statements on the extent of, value of, and implications of selling personally identified health data. So I’ve decided to move all the relevant comments to this blog post and let the disagreement continue.
What started the conversation was a throwaway paragraph at the end of a comment I left in which I basically told Adrian to rewrite what he was saying in such a way that normal people could understand it. Here’s my last paragraph
As it is, this is not a helpful open letter, and it makes a bunch of aggressive claims against mostly teeny vendors who have historically been on the patients’ side in terms of accessing data. So Adrian, Deborah & PPR need to do a lot better. Or else they risk being excluded back to the fringes like they were in the days when Deborah & her allies at the World Privacy Forum were making ridiculous statements about the concept of data exchange.
Join me in attacking an endemic problem in health care today by Hacking HIPAA. I am crowdfunding the development of a new legal form to be used on and after September 23, 2013 to allow patients to opt-in to easier health care communications – a Common Notice of Privacy Practices that is patient-focused. (Text me, please! Email me, please! etc.)
Depending on how much support this project garners, we can attack some related problems as well. Contributions at any level are welcome; contributions at the levels designated on the Hacking HIPAA Medstartr page get you a seat at the virtual table, voicing your concerns that need to be met in the CNPP and in follow-on projects.
I’m working on this project with two leading health care open source software developers, Ian Eslick and Fred Trotter. Check out Fred’s video intro to the project on the Medstartr page – you can find Ian and Fred online via the links on the project page, too.
Here’s an excerpt from the crowdfunding project page:
Right now we have the worst of all worlds with regards to patient privacy in healthcare. Patients are frequently subject to sub-standard security and privacy practices AND healthcare innovators are unable to deliver solutions that would be useful to patients because their technical approaches are uncomfortably novel for health care bureaucrats. Patients end up getting poor security and no innovation, the worst of all options. This problem is going to get worse before it gets better, since the new Omnibus HIPAA Rule will make cloud hosting of health care projects untenable very soon.
You probably saw some of the headlines last week where Box announced that is supporting HIPAA and HITECH compliance, signing Business Associate Agreements, (BAAs) and integrating with several platform app partners such as Doximity, drchrono, TigerText, and Medigram to help seed its new healthcare ecosystem. I also announced that I was formally advising Box on their healthcare strategy.
I was drawn to Box because of all the lessons I learned at Google building a consumer-directed, personal health record (PHR), Google Health. Google Health allowed you to securely store, organize and share all of your medical records online and control where your data went and how it was managed. It was unlike the other PHRs in the industry that were tethered to the provider or payor or part of an Electronic Health Record (EHR) system.
Sound good? Well, it was in theory. The big issue with Google Health was aggregating your data from the disparate sources that stored data on you. We had to create a ton of point-to-point integrations with large health insurance companies, academic medical centers, hospitals, medical practices and retail pharmacy chains. All of these providers and payors were covered entities in the world of HIPAA and were required to verify a patient’s identity before releasing any data to them electronically. It was a very bumpy user experience for even the most super-charged, IT savvy consumer.
It’s called Blue Button+ and it works by giving physicians and patients the power to drive change.
The US deficit is driven primarily by healthcare pricing and unwarranted care. Social Security and Medicare cuts contemplated by the Obama administration will hurt the most vulnerable while doing little to address the fundamental issue of excessive institutional pricing and utilization leverage. Bending the cost curve requires both changing physicians incentives and providing them with the tools. This post is about technology that can actually bend the cost curve by letting the doctor refer, and the patient seek care, anywhere.
The bedrock of institutional pricing leverage is institutional control of information technology. Our lack of price and quality transparency and the frustrating lack of interoperability are not an accident. They are the carefully engineered result of a bargain between the highly consolidated electronic health records (EHR) industry and their powerful institutional customers that control regional pricing. Pricing leverage comes from vendor and institutional lock-in. Region by region, decades of institutional consolidation, tax-advantaged, employer-paid insurance and political sophistication have made the costliest providers the most powerful.
The EHR vendor lock-in business model is under attack by frustrated physicians and patients and the reality that health care cost and quality are more opaque than ever. Doug Fridsma of ONC politely talks of the need to move from vertical integration of health care services to horizontal integration where patients can choose with their feet. Farzad Mostashari calls for moral behavior and price transparency. The Society for Participatory Medicine says “Gimme My DAM Data” and Patient Privacy Rights asks HHS to allow physicians to prescribe health IT without interference from the institution or the vendor.
The vendors’ response is a charm offensive called CommonWell Health Alliance with a pastel .org website. The website is presumably the official source of information about CommonWell and it lays out the members’ strategy to preserve the vendor lock-in business model for a few $Billion more. Ok, maybe more than a few.
The core of the CommonWell strategy is to avoid giving patients their data in a timely and convenient way.