Health Data Outside HIPAA: Simply Extending HIPAA Would Be a #FAIL

goldilocks + porridgeSome have called on policymakers to extend HIPAA to cover mHealth apps and other online platforms.

In the latest post in our series — “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?” — Deven McGraw and I argue that extending HIPAA is not a viable solution.

In summary:

  • HIPAA’s rules were not designed to address privacy risks introduced by widespread personal information collection and use in the modern digital ecosystem.
  • HIPAA’s rules were designed to support information flows within the health care system and allow for broad uses and disclosures of data by both covered entities and business associates without the need to obtain patient consent.
  • HIPAA is “leaky” — it expressly allows covered entities and business associates to share data outside of HIPAA, including selling de-identified data, without patient consent.
  • HIPAA’s rules protect data and also protect incumbents’ interests in controlling health data.
  • Ultimately Congressional action is needed to establish meaningful privacy protections for personal data.

Read the full article in The Health Care Blog.

fyi, here’s a listing of all the posts in the Health Data Goldilocks series to-date. Some great articles here from guest-author industry luminaries:

 

Protecting Health Data Outside of HIPAA: Will the Protecting Personal Health Data Act Tame the Wild West ?

by Deven McGraw and Vince Kuraitis

goldilocks + porridgeIn the previous post of our series we described the “Wild West of Unprotected Health Data.”

Will the cavalry arrive to protect the vast quantities of your personal health data that are broadly unprotected from sharing and use by third parties?

Congress is seriously considering bipartisan legislation — the “Protecting Personal Health Data Act” — to better protect the privacy of consumers’ personal data.  Read the full post on The Health Care Blog.

 

Health Data Outside HIPAA: The Wild West of Unprotected Personal Data

goldilocks + porridge“…the average patient will, in his or her lifetime, generate about 2,750 times more data related to social and environmental influences than to clinical factors”
McKinsey analysis

The McKinsey “2,750 times” statistic is a pretty good proxy for the amount of your personal health data that is NOT protected by HIPAA and currently is broadly unprotected from sharing and use by third parties.

Read the rest of our article on The Health Care Blog. It’s part of the series “The Health Data Goldilocks Dilemma: Privacy? Sharing? Both?”.

 

Pending Federal Privacy Legislation: A Status Update

By DEVEN McGRAW and VINCE KURAITISgoldilocks + porridge

This post is part of the series “The Health Data Goldilocks Dilemma: Privacy? Sharing? Both?”

Read the full post on The Health Care Blog.

A few excerpts:

The buzz around federal privacy legislation continues, but as of yet there appear to be no proposals or bills that have emerged as the lead bills. 

Despite the perceived lack of movement of current bills, the ticking clock on the California Consumer Privacy Act (CCPA) suggests this issue is quite live in Congress, albeit less visible to most of us.

How will healthcare be impacted? In reviewing all of the privacy and data protection legislation that has been proposed to date, the privacy bills differ significantly in their approaches. In the coming weeks we’ll provide separate blog posts discussing some of the most relevant aspects of pending comprehensive Congressional bills:

  • What types of entities are covered
  • What information is covered
  • What rights are granted to consumers
  • What are the obligations of entities covered by the law
  • What are the penalties for failure to comply

New Series on THCB — The Health Data Goldilocks Dilemma: Privacy? Sharing? Both?

goldilocks + porridge

Once upon a time, there lived a little girl whose name was Goldilocks. She was a wise girl who was aware that there was great value in health data. One day she decided to go for a walk in the forest of the U.S. healthcare system.

Goldilocks learned that there are risks of TOO LITTLE health data being shared:

  • That she and her care providers would not have the best information for clinical decision making
  • That clinical researchers would be stifled from conducting groundbreaking analyses and studies
  • That next generation technologies, which rely on vast quantities of data (e.g., AI and machine learning) could be suffocated
  • That the promises of personalized medicine would be repressed

She also learned that there are risks of TOO MUCH health data being shared:

  • That her privacy and personal safety could be violated
  • That trust in care providers and the healthcare system would be eroded
  • That the value created by health care data would be captured by third parties, e.g., large technology companies

The Goldilocks Dilemma has U.S. policymakers driving toward two seemingly conflicting goals:

  1. Broader data interoperability and data sharing, and
  2. Enhanced data privacy and data protection.

On The Health Care Blog, my colleague Deven McGraw and I are hosting a new ongoing series to explore the Health Data Goldilocks Dilemma.

 

thcb

On the Roadmap Page to the series you’ll find:

The Health Data Goldilocks Dilemma has many tentacles: Federal/State privacy legislation; health IT tech, policy & interoperability; data for AI & machine learning; data for clinical research; ethical issues; compensating individuals for their data; health data business models & many others.

We’d love to see contributions from guest authors. Please consider commenting and sharing your thoughts.

For Your Radar — Huge Implications for Healthcare in Pending Privacy Legislation

Rubio-Bill

by Vince Kuraitis and Deven McGraw

Two years ago we wouldn’t have believed it — the U.S. Congress is considering broad privacy and data protection legislation in 2019. There is some bipartisan support and a strong possibility that legislation will be passed. Two recent articles in The Washington Post and AP News will help you get up to speed.

Federal privacy legislation would have a huge impact on all healthcare stakeholders, including patients.  Here’s an overview of the ground we’ll cover in this post:

  • Why Now?
  • Six Key Issues for Healthcare
  • What’s Next?

Read the rest of our article on The Health Care Blog.

 

 

WSJ Article on MD Referrals & Leakage: Beware of Premature Conclusions

15472823 - doctor talking to her male senior patient at office

The Wall Street Journal (WSJ) recently published an article entitled The Hidden System That Explains How Your Doctor Makes Referrals. The article discusses aspects of how physician referrals are made and how hospital systems are concerned about potential “leakage” of referrals to competitors.

After reading the article, I suspect many readers would walk away with the impression that hospital systems strong-arm employed physicians into making referral decisions that are against patients’ interests.

My beef with the article is that it guides readers toward premature conclusions. In doing so the authors make implicit assumptions, oversimplify complex issues, and miss opportunities to provide relevant context.

Here are 5 issues that are addressed in the article. I’ve posed these issues as questions and will address how the WSJ article might lead readers toward premature conclusions for each.

1) Are physicians critical of referral pressures from hospital systems?

2) Is price the most important consideration in a referral decision?

3) Do hospital systems have valid clinical interests in being involved with physician referrals?

4) Do hospital systems have valid economic interests in being involved with physician referrals?

5) If there weren’t pressures from hospital systems, would physicians make referrals based on patients’ best interests?

Let’s take these one at a time.

Data from Connected Medical Devices: 5 Benefits

Why Healthcare Needs the Internet of Things

Guest Post by Abbas Dhilawala, Chief Technology Officer, Galen Data abbas

The IoT consists of smart objects or devices with cloud connectivity capabilities — devices that can perform a function, collect data and transmit that data to a network where it can be used by humans to accomplish a goal. IoT devices are appearing everywhere in society, from the industrial supply chain to automated cars, but one of the most important applications for the IoT is in the healthcare space.

Health care providers may be skeptical about embracing this technological revolution in health care, but the truth is that connected devices and the IoT can bring significant benefits to the healthcare industry if implemented effectively. To illustrate that point, here are five reasons why healthcare needs the Internet of Things.

Hoarding Patient Data is a Lousy Business Strategy: 7 Reasons Why

In the video below, Dr. Harlan Krumholz of Yale University School of Medicine capsulizes the rationale of hoarding as business strategy:

We encourage you to take a minute to listen to Dr. Krumholz, but if you’re in a hurry we’ve abstracted the most relevant portions of his comments:

“The leader of a very major healthcare system said this to me confidentially on the phone… ‘why would we want to make it easy for people to get their health data…we want to keep the patients with us so why wouldn’t we want to make it just a little more difficult for them to leave.’ …I couldn’t believe it a physician health care provider professional explaining to me the philosophy of that health system.”

Ethical and clinical considerations aside, my colleague Leslie Kelly Hall and I offer 7 reasons why this is a lousy business strategy:

  1. Data Hoarding Doesn’t Work — It Doesn’t Lock-In Patients or Build Affinity
  2. Convenience is King in Patient Selection of Providers
  3. Loyalty is Declining, Shopping is Increasing
  4. Providers Have a Decreasingly Small “Share” of Patient Data
  5. Providers Don’t Want to Become a Lightning Rod in the “Techlash” Backlash
  6. Hoarding Works Against Public Policy and the Law
  7. Providers, Don’t Fly Blind with Value-Based Care

Read the full article at The Health Care Blog.

The Biggest Trend You’ve Probably Never Heard Of: A Status Report on 138 Healthcare ICOs

The Health Care Blog

You’ve probably heard of Bitcoin, but we doubt you’ve heard of Dentacoin, MedTokens, or Curecoin.

These are healthcare specific cryptocurrencies born from Initial Coin Offerings or ICOs.

Over on The Health Care Blog, my colleague Robert Miller and I have written an article analyzing financial returns of 138 healthcare ICOs.

The results are enlightening, but disappointing. Here are a few headlines:

  • 122 healthcare ICOs are not exchange-listed
  • 16 healthcare ICOs are listed on one or more exchanges
  • Of these 16, 5 show a positive financial return since the date of their listing
  • 2 show a positive return for CY 2018 to-date

The full article contains background on ICOs, a description of our methodology and findings, and a discussion of implications.