Tag: Vince Kuraitis

Health Data Outside HIPAA: Simply Extending HIPAA Would Be a #FAIL

Jan 20, 2020• 2

By DEVEN McGRAW and VINCE KURAITIS

This piece is part of the series “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?” which explores whether it’s possible to advance interoperability while maintaining privacy. Check out other pieces in the series here.

Early in 2019 the Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare and Medicaid Services (CMS) proposed rules intended to achieve “interoperability” of health information.

Among other things, these proposed rules would put more data in the hands of patients – in most cases, acting through apps or other online platforms or services the patients hire to collect and manage data on their behalf. Apps engaged by patients are not likely covered by federal privacy and security protections under the Health Insurance Portability and Accountability Act (HIPAA) — consequently, some have called on policymakers to extend HIPAA to cover these apps, a step that would require action from Congress.

In this post we point out why extending HIPAA is not a viable solution and would potentially undermine the purpose of enhancing patients’ ability to access their data more seamlessly: to give them agency over health information, thereby empowering them to use it and share it to meet their needs.

The Health Data Goldilocks Dilemma | Vince Kuraitis & Deven McGraw

Nov 4, 2019

By JESSICA DaMASSA, WTF HEALTH

Which is better: sharing access to all health data across platforms so that interoperability is achieved, or protecting some data for the sake of privacy? Health data privacy experts Vince Kuraitis, founder of Better Health Technologies, and Deven McGraw, Chief Regulatory Officer at Ciitzen, are crowdsourcing opinions and insights on what they are calling The Health Data Goldilocks Dilemma. How much data protection is ‘juuuust right’? What should be regulated? And, by whom? The duo talks through their views on the data protection conversation and urge others to join in the conversation via their blog series called, “The Health Data Goldilocks Dilemma,” on The Health Care Blog.

Filmed at the HIMSS Health 2.0 Conference in Santa Clara, CA in September 2019.

Protecting Health Data Outside of HIPAA: Will the Protecting Personal Health Data Act Tame the Wild West ?

Aug 19, 2019• 2

By DEVEN McGRAW and VINCE KURAITIS

This post is part of the series “The Health Data Goldilocks Dilemma: Privacy? Sharing? Both?”

Introduction

In our previous post, we described the “Wild West of Unprotected Health Data.” Will the cavalry arrive to protect the vast quantities of your personal health data that are broadly unprotected from sharing and use by third parties?

Congress is seriously considering legislation to better protect the privacy of consumers’ personal data, given the patchwork of existing privacy protections. For the most part, the bills, while they may cover some health data, are not focused just on health data – with one exception: the “Protecting Personal Health Data Act” (S.1842), introduced by Senators Klobuchar and Murkowski.

In this series, we committed to looking across all of the various privacy bills pending in Congress and identifying trends, commonalities, and differences in their approaches. But we think this bill, because of its exclusive health focus, deserves its own post. Concerns about health privacy outside of HIPAA are receiving increased attention in light of the push for interoperability, which makes this bill both timely and potentially worth of your attention.

HHS and ONC recently issued a Notice of Proposed Rulemaking (NPRM) to Improve the Interoperability of Health Information. This proposed rule has received over 2,000 comments, many of which raised significant issues about how the rule potentially conflicts with patient and provider needs for data privacy and security.

For example, greater interoperability with patients means that even more medical and claims data will flow outside of HIPAA to the “Wild West.” The American Medical Association noted:

“If patients access their health data—some of which could contain family history and could be sensitive—through a smartphone, they must have a clear understanding of the potential uses of that data by app developers. Most patients will not be aware of who has access to their medical information, how and why they received it, and how it is being used (for example, an app may collect or use information for its own purposes, such as an insurer using health information to limit/exclude coverage for certain services, or may sell information to clients such as to an employer or a landlord). The downstream consequences of data being used in this way may ultimately erode a patient’s privacy and willingness to disclose information to his or her physician.”

Health Data Outside HIPAA: The Wild West of Unprotected Personal Data

Aug 12, 2019• 2

By VINCE KURAITIS and DEVEN McGRAW

This post is part of the series “The Health Data Goldilocks Dilemma: Privacy? Sharing? Both?”

“…the average patient will, in his or her lifetime, generate about 2,750 times more data related to social and environmental influences than to clinical factors”
–McKinsey analysis

The McKinsey “2,750 times” statistic is a pretty good proxy for the amount of your personal health data that is NOT protected by HIPAA and currently is broadly unprotected from sharing and use by third parties.

However, there is bipartisan legislation in front of Congress that offers expanded privacy protection for your personal health data. Senators Klobuchar & Murkowski have introduced the “Protecting Personal Health Data Act” (S.1842). The Act would extend protection to much personal health data that is currently not already protected by HIPAA (the Health Insurance Portability and Accountability Act of 1996).

In this essay, we will look in the rear-view mirror to see how HIPAA has provided substantial protections for personal clinical data — but with boundaries. We’ll also take a look out the windshield — the Wild West of unprotected health data.

Then in a separate post, we’ll describe and comment on the pending “Protect Personal Health Data Act”.

HardCore Health Podcast| Episode 3, IPOs, Privacy, & more!

Aug 9, 2019

On Episode 3 of HardCore Health, Jess & I start off by discussing all of the health tech companies IPOing (Livongo, Phreesia, Health Catalyst) and talk about what that means for the industry as a whole. Zoya Khan discusses the newest series on THCB called, “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?”, which follows & discuss the legislation being passed on data privacy and protection in Congress today. We also have a great interview with Paul Johnson, CEO of Lemonaid Health, an up-and-coming telehealth platform that works as a one-stop-shop for a virtual doctor’s office, a virtual pharmacy, and lab testing for patients accessing their platform. In her WTF Health segment, Jess speaks to Jen Horonjeff, Founder & CEO of Savvy Cooperative, the first patient-owned public benefit co-op that provides an online marketplace for patient insights. And last but not least, Dr. Saurabh Jha directly address AI vendors in health care, stating that their predictive tools are useless and they will not replace doctors just yet- Matthew Holt

Matthew Holt is the founder and publisher of The Health Care Blog and still writes regularly for the site.

Pending Federal Privacy Legislation: A Status Update

Jul 23, 2019

By DEVEN McGRAW and VINCE KURAITIS

This post is part of the series “The Health Data Goldilocks Dilemma: Privacy? Sharing? Both?”

In our initial blog post of February 20^th, “For Your Radar – Huge Implications for Healthcare in Pending Privacy Legislation,” we broadly discussed six key issues for healthcare stakeholders in the potential federal privacy and data protection legislation. We committed to future posts comparing and contrasting specific legislative proposals.

What’s happened since then?

Additional bills have been introduced and hearings have been held in both the House and the Senate. The Federal Trade Commission (FTC) also hosted two days of hearings on the FTC’s Approach to Consumer Privacy.

The buzz around federal privacy legislation continues, but as of yet there appear to be no proposals or bills that have emerged as the lead bills.

In the meantime, the clock is ticking. As we mentioned in our February 20^th post, a significant catalyst for federal privacy legislation is the desire of companies covered by the California Consumer Privacy Act (CCPA) to have that broadly-applicable, stringent state law preempted by a more company-friendly federal law. The CCPA, which sets stringent consent and other requirements for large companies, or companies collecting or monetizing large amounts of consumer data from California residents, goes into effect January 1, 2020 – less than six months from today.

Is it possible for a legislative body to move quickly on such a controversial topic? Again, California’s experience may be instructive. The CCPA was passed into law and signed on June 28, 2018, about a week after it was introduced. Lawmakers were in a rush in order to keep a popular and even stricter consumer privacy ballot initiative from being put before the California voters. (The sponsors of the ballot initiative agreed to withdraw it if the CCPA were enacted by the June 28^th deadline.).

Tech companies held their noses and supported the legislation because changing legislation is easier than changing a ballot initiative adopted by the voters. However, this strategy is not fool-proof. Although the CCPA has been successfully modified once to address some company concerns and to clarify confusing language, more recent attempts to amend it have failed (modification bills are still pending). With the deadline fast approaching, and the prospect for further significant modifications to the CCPA looking less likely, the pressure on Congress is reaching a fever pitch.

For Your Radar — Huge Implications for Healthcare in Pending Privacy Legislation

Feb 20, 2019• 11

By VINCE KURAITIS and DEVEN McGRAW

Two years ago we wouldn’t have believed it — the U.S. Congress is considering broad privacy and data protection legislation in 2019. There is some bipartisan support and a strong possibility that legislation will be passed. Two recent articles in The Washington Post and AP News will help you get up to speed.

Federal privacy legislation would have a huge impact on all healthcare stakeholders, including patients. Here’s an overview of the ground we’ll cover in this post:

Why Now?
Six Key Issues for Healthcare
What’s Next?

We are aware of at least 5 proposed Congressional bills and 16 Privacy Frameworks/Principles. These are listed in the Appendix below; please feel free to update these lists in your comments. In this post we’ll focus on providing background and describing issues. In a future post we will compare and contrast specific legislative proposals.

ACOs Are Doomed / No They’re Not

Nov 4, 2014• 38

By THCBist

A number of pundits are citing the systemic failure of ACOs, after additional Pioneer ACOs announced withdrawal from the program – Where do you weigh in on the prognosis for Medicare and Commercial ACOs over the next several years?”

Peter R. Kongstvedt

Whoever thought that by themselves, ACOs would successfully address the problem(s) of [cost] [access] [care coordination] [outcomes] [scurvy] [Sonny Crockett’s mullet in Miami Vice Season 4]? The entire history of managed health care is a long parade of innovations that were going to be “the answer” to at least the first four choices above (Vitamin C can cure #5 but sadly there is no cure for #6). Highly praised by pundits who jump in front of the parade and declare themselves to be leaders, each ends up having a place, but only a place, in addressing our problematic health system.

The reasons that each new innovative “fix” end up helping a little but not occupying the center vary, but the one thing they all have in common is that the new thing must still compete with the old thing, and the old thing is there because we want it there, or at least some of us do. The old thing in the case of ACOs is the existing payment system in Medicare and by extension, our healthcare system overall because for all the organizational requirements, ACOs are a payment methodology.

The Power of Small

Aug 29, 2014• 10

By David C. Kibbe, MD & Vince Kuraitis

Everywhere we turn these days it seems “Big Data” is being touted as a solution for physicians and physician groups who want to participate in Accountable Care Organizations, (ACOs) and/or accountable care-like contracts with payers.

We disagree, and think the accumulated experience about what works and what doesn’t work for care management suggests that a “Small Data” approach might be good enough for many medical groups, while being more immediately implementable and a lot less costly. We’re not convinced, in other words, that the problem for ACOs is a scarcity of data or second rate analytics. Rather, the problem is that we are not taking advantage of, and using more intelligently, the data and analytics already in place, or nearly in place.

For those of you who are interested in the concept of Big Data, Steve Lohr recently wrote a good overview in his column in the New York Times, in which he said:

“Big Data is a shorthand label that typically means applying the tools of artificial intelligence, like machine learning, to vast new troves of data beyond that captured in standard databases. The new data sources include Web-browsing data trails, social network communications, sensor data and surveillance data.”

Applied to health care and ACOs, the proponents of Big Data suggest that some version of IBM’s now-famous Watson, teamed up with arrays of sensors and a very large clinical data repository containing virtually every known fact about all of the patients seen by the medical group, is a needed investment. Of course, many of these data are not currently available in structured, that is computable, format. So one of the costly requirements that Big Data may impose on us results from the need to convert large amounts of unstructured or poorly structured data to structured data. But when that is accomplished, so advocates tell us, Big Data is not only good for quality care, but is “absolutely essential” for attaining the cost efficiency needed by doctors and nurses to have a positive and money-making experience with accountable care shared-savings, gain-share, or risk contracts.

A Duty to Share Patient Information

May 8, 2013• 4

By Vince Kuraitis and Leslie Kelly Hall

The sharing of patient information in the US is out of whack — we lean far too much toward hoarding information vs. sharing it. While care providers have an explicit duty to protect patient confidentiality and privacy, two things are missing:

the explicit recognition of a corollary duty to share patient information with other providers when doing so is the patient’s interests, and
a recognition that there is potential tension between the duty to protect patient confidentiality/privacy and the duty to share — with minimal guidance on how to resolve the tension.

In this essay we’ll discuss:

1. A recent recognition in the UK

2. The need for an explicit duty to share patient information in the US