Is it possible to advance interoperability while protecting privacy? This series explores the tensions and possible resolutions in achieving these goals.
“We need a new generation of laws to govern a new generation of tech.”–Brad Smith, President and Chief Legal Officer, Microsoft
Welcome to the Roadmap page of THCB’s newest series: The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?
On this page you’ll find:
- The Scope of the Series
The Scope of the Series
Once upon a time, there lived a little girl whose name was Goldilocks. She was a wise girl who was aware that there was great value in health data. One day she decided to go for a walk in the forest of the U.S. healthcare system.
Goldilocks learned that there are risks of TOO LITTLE health data being shared:
- That she and her care providers would not have the best information for clinical decision making
- That clinical researchers would be stifled from conducting groundbreaking analyses and studies
- That next generation technologies, which rely on vast quantities of data (e.g., AI and machine learning) could be suffocated
- That the promises of personalized medicine would be repressed
She also learned that there are risks of TOO MUCH health data being shared:
- That her privacy and personal safety could be violated
- That trust in care providers and the healthcare system would be eroded
- That the value created by health care data would be captured by third parties, e.g., large technology companies
How did we get to this Goldilocks Dilemma — where there are risks of TOO LITTLE or TOO MUCH health data being shared? Federal health policy has been geared toward advancing two seemingly conflicting goals:
- Broader data interoperability and data sharing, and
- Enhanced data privacy and data protection.
On the one hand, public policy has been striving to advance widespread data interoperability and data sharing. More than two decades of Federal legislation have contributed: HIPAA, the HITECH Act, the 21st Century Cures Act.
Health IT interoperability and data sharing are widely viewed as having many benefits: improving care quality and care coordination, lowering costs, liberating data to turbocharge AI and machine learning, clinical research, and personalized medicine.
On the other hand, the public has become increasingly concerned that tech companies and governments have increasingly broad access to all types of personal data. Think — Cambridge Analytica, Russian election interference, Facebook scandals, “techlash” against Silicon Valley giants, European GDPR and U.S. state privacy legislation. Most recently, the U.S. Congress has been considering sweeping legislation to revamp privacy and data protection laws.
Is it possible to advance data sharing and interoperability while protecting privacy? This series explores the tensions and possible resolutions in resolving the Goldilocks Dilemma.
A list of Posts Published and Pending
- For Your Radar — Huge Implications for Healthcare in Pending Privacy Legislation; By Vince Kuraitis and Deven McGraw, February 19, 2019
- Announcing a New Series; By Zoya Khan, July 22, 2019
- Pending Federal Privacy Legislation: A Status Update; By Deven McGraw and Vince Kuraitis, July 23, 2019
- Health Data Outside HIPAA: The Wild West of Unprotected Personal Data; By Vince Kuraitis and Deven McGraw, August 12, 2019
- Health Data Outside HIPAA: Will the Protecting Personal Health Data Act Tame the Wild West?; By Deven McGraw and Vince Kuraitis, August 19, 2019
- Pending Federal Privacy Legislation: What Types of Entities are Covered — Coming Soon
- Pending Federal Privacy Legislation: What Information is Covered — Coming Soon
- Pending Federal Privacy Legislation: What Rights are Granted to Consumers — Coming Soon
- Pending Federal Privacy Legislation: What Are the Obligations of Entities Covered by the Law – Coming Soon
- Pending Federal Privacy Legislation: What are the Penalties for Failure to Comply — Coming Soon
An Invitation to Guest Authors
We invite guest authors to submit posts. We encourage a broad range of points-of-view relating to policy, technology, clinical care, law, business models & strategy, or other areas of interest to THCB readers.
If you would like to contribute a piece to the series, please email it to email@example.com
Possible topics for future posts:
- How could federal legislation address clinical researchers’ needs for patient data?
- How is Europe’s GDPR legislation affecting healthcare?
- Resolving potential tension between privacy legislation (limiting data sharing) vs. ONC/CMS NPRM etc. (encouraging data sharing)
- Patient perspectives on privacy: privacy maximizers vs. privacy optimizers
- How should federal legislation address the challenges of next-generation technologies?
- States vs Feds: Why is federal preemption such a big issue?
- Ethical issues relating to privacy legislation/data protection
- New business models enabled by privacy/data protection legislation
Brief Bios of the Series Hosts – Vince Kuraitis and Deven McGraw
Vince Kuraitis, JD/MBA (@VinceKuraitis) is an independent healthcare strategy consultant with over 30 years’ experience across 150+ healthcare organizations. He blogs at e-CareManagement.com. A more extensive bio is available here.
Deven McGraw , JD, MPH, LLM (@healthprivacy) is the Chief Regulatory Officer at Ciitizen (and former official at OCR and ONC). She blogs at Medium medium.com/@ciitizen. A more extensive bio is available here.
An Updated List of Congressional Privacy Legislation
The tables below list COMPREHENSIVE and FOCUSED privacy/data protection legislation currently in front of Congress. We’ll keep these tables updated as new bills are introduced. You can access and download the tables here.
The National Conference of State Legislatures also tracks state legislation relating to consumer data privacy.