The Emerging Market in Health Care Innovation
Tilman Ehrbeck, Nicolaus Henke, and Thomas Kibasi
McKinsey Quarterly May 2010
McKinsey conducted research in partnership with the World Economic Forum to study the most promising novel forms of health care delivery and, in particular, to understand how these innovations changed its economics.

The Delineation of Home Healthcare: The Natural Evolution of a Healthy Industry
Wyatt Matas & Associates (investment bankers), April 2010
This whitepaper discusses the opportunity for home healthcare to become the center of chronic care disease management and identifies a particular business model that some more advanced companies are implementing.

EHR Software Market Share Analysis
Chris Thorman
Software Advice; May 14, 2010
A substantive analysis of a tricky market – physician EHRs.

Disease Management: Does it Work?
Jill Bernstein, Deborah Chollet, and G. Gregory Peterson
Mathematica Issue Brief; May 17, 2010
Mathematica revisits a debate that’s raged for over a decade:

  • Not yet consensus that DM works
  • Relatively effective disease management programs have some characteristics in common:
    • They use individualized case management.
    • They contact patients in person, not just by phone.
    • They focus on hospital discharges as key opportunities to improve health outcomes.
    • They encourage patients to use effective treatments by reducing cost-sharing for these treatments.

Privacy Law Showdown? Legal and Policy Analysis.

#2 in a series — Modifications to HIPAA Privacy Laws: Impact on Microsoft HealthVault, Google Health, and other PHRs

by Deven McGraw JD, MPH, Center for Democracy & Technology


There has been considerable discussion lately about whether or not the stimulus legislation (ARRA) extends HIPAA coverage to commercial vendors of personal health records (PHRs) any time they contract with entities already covered by HIPAA like hospitals, health plans or physicians groups.  (For those of you who don’t know, HIPAA is the Health Insurance Portability and Accountability Act of 1996.  The HIPAA privacy and security regulations form our national health privacy and security rules.)

The provision in question (Section 13408) states that “each vendor that contracts with a covered entity to allow that covered entity to offer a personal health record to patients as part of its electronic health record” is required to enter into a business associate agreement with the covered entity.   Under ARRA, business associates must comply with key provisions of the HIPAA privacy and security regulations. 

In this post, I argue that PHR vendors should be covered under HIPAA only under certain circumstances.  PHRs should be governed by a comprehensive framework of privacy and security protections, but HIPAA would provide inadequate privacy protection for people using these tools (at least as the HIPAA rules are currently structured).  As a result, I argue that this provision in ARRA should not be read to require the automatic application of HIPAA to PHR vendors any time they contract with covered entities to offer a PHR.   Instead, I suggest that HIPAA should cover a PHR vendor’s activities when the nature of the relationship between the vendor and the covered entity (hospital, health plan, physician office) primarily concerns the vendor performing a service for the covered entity. 

However, where the contractual relationship is primarily about improving the value of the PHR to the consumer, HIPAA should not apply.  (I know, not an easy line to draw – but I do suggest some factors that should influence the decision.) 

Finally, I urge the prompt adoption of separate, targeted privacy provisions to protect consumers using PHRs so that the choice is not HIPAA or limited protections under other federal laws. 

Why Not HIPAA – Isn’t it Better Than Nothing?

Table of contents for the series--Modifications to HIPAA Privacy Laws: Impact on Microsoft HealthVault, Google Health, and other PHRs

  1. Privacy Law Showdown? Setting the Stage
  2. Privacy Law Showdown? Legal and Policy Analysis.

Leavitt’s Framework Shoehorns the HIPAA Privacy Rule onto Your Personal Health Information


by Vince Kuraitis and David C. Kibbe MD, MBA

Have you ever heard anyone tell a happy story of how easy it is to get a copy of their paper medical records?

Departing Health and Human Services Secretary Mike Leavitt is laying the groundwork for this same story to apply to access to YOUR electronic personal health information.

Here’s an overview to what evolved into a long posting:

  1. Analysis: The Leavitt Framework Uses the HIPAA Privacy Rule as a Baseline for Electronic Access to Personal Health Information
  2. Implication: Extending the HIPAA Privacy Rule Could Restrict Your Electronic Access to Your Personal Health Information
    • A.The HIPAA Privacy Rule Should Not Be the Baseline for Governing Access to Your Personal Health Information
    • B. Examples: Extending the HIPAA Privacy Rule Creates Barriers and Confusion
  3. Implication: Extending the HIPAA Privacy Rule Protects Incumbents at the Expense of Innovators Like Microsoft and Google
  4. Conclusion: The Leavitt Framework Creates Bad Public Policy

The Yabuts of Sharing Data Between Google Health and HealthVault

Yabut1 “What’s a yabut?” you ask.

Yabut is a term coined by my esteemed colleague, the late Paul Fetrow.  It stands for “Yeah….but….”

Yabuts are the gotchas, the fine print, the details that affect the terms of any agreement.  For example, the telecom companies will tell you its easy to switch carriers now that we have number portability.  Yeah…but it will cost you $175 for an early termination fee.

Yesterday’s post ended with the optimistic observation that Google Health and Microsoft HealthVault have agreed in principle that the platforms will be open and interoperable. (Presumably) you’ll be able to either 1) move all your data from Google Health to HealthVault, or vice versa, and 2) be able to transfer data across networks, e.g., your doctor has signed up with HealthVault and the lab belongs to Google Health, but because the platforms are open and interoperable data will pass across the network and your doctor will get lab results seamlessly.

Again, the analogy here is the telephone network — where you know that you can pick up the phone and call anyone in the world, regardless of the technical networks required to pass your voice.

What are some of the yabuts to Google Health and Microsoft HealthVault exchanging data? In this case yabuts refers to customer lock-in tactics and switching costs that might be imposed.

Untangling the Electronic Health Data Exchange

by David C. Kibbe MD, MBA

The purpose of this post is to help a non-technical audience untangle some of the confusion regarding health data exchange standards, and particularly come to a better understanding of the similarities and  differences between the Continuity of Care Record (CCR) standard and the CDA Continuity of Care Document (CCD). But what I’m most interested in is getting beyond the technical, political, or economic positions and interests of the proponents of any particular standard to arrive at some principles that demonstrate in plain language what we are trying to achieve by using such standards in the first place.

Frankly, I don’t give a hoot about what standardized XML format for capturing clinical data and information about a person becomes the norm in the health care industry over the next several years. I do care that the decision is made by the people, institutions, and companies who use the standards, and not made by a quasi-governmental panel or a group of “industry experts” whose economic or political interests are served by the outcome, and dominated by a particular standards development organization with whom they are very cozy. 

In other words, I do want free and open market forces to be able to operate freely and openly as health information exchange evolves, in part because I believe market forces will work in the direction of continuously improving health IT, whereas in my experience top-down efforts are often protective of established interests and discouraging to innovation.

Herein lies the problem, in my opinion, with the standards adoption process that the Office of the National Coordinator of HIT (ONC) and HITSP have overseen during the past four years.

Cerner Disses Google Health. Surprised?

Vince Kuraitis and David C. Kibbe, MD, MBA

We’re not.

From the Kansas City Business Journal :

Google Inc. has approached Cerner Corp. about a partnership, but Cerner officials don’t sound eager to entangle themselves with the Web-search Goliath.

That’s because the proposed partnership relates to Google Health, the personal health record site launched earlier in May in beta form.

The overture hasn’t led to substantive talks, Cerner President Trace Devanny said, because Cerner doesn’t see much value in Google Health or HealthVault, a similar site that Microsoft Corp. launched in October.

Cerner CEO Neal Patterson referred to the sites during a May 23 shareholders meeting as "electronic shoeboxes," requiring consumers to do much of the data importing and updating.

Why is Cerner dissing Google? Let’s take a look at Cerner’s current business model:

Feds Call on Google and Microsoft to Breathe Life into the NHIN

Vince Kuraitis and David C. Kibbe, MD MBA

Who is the federal  government calling on to breathe life into the Nationwide Health Information Network (NHIN)? Google and Microsoft.

In our first article of this series describing the Personal Health Information Network (PHIN), we noted early entrants as Google Health, Microsoft HealthVault, and Dossia.  We also noted that the network could grow rapidly, and that others would want to join or link to the PHIN.

With Uncle Sam announcing plans to link to the PHIN, even we are surprised at the speed at which developments are occurring.

Government Executive reports:

The federal office in charge of creating a national network of electronic health records plans to integrate the system with the health care databases that Google and Microsoft launched last year, on which individuals can store their health records, a top official with the Health and Human Services Department said….

(The HHS official) provided few details on how the office would incorporate personal health records….

Federal interfaces to the health network will be through an entity called NHIN Connect.

Here’s a simplified diagram of our current understanding of how NHIN Connect will link to the Personal Health Information Network (click on the diagram for a larger version):


Birth Announcement: the Personal Health Information Network (PHIN)

Vince Kuraitis and David C. Kibbe, MD MBA 

The Internet and digital technologies have transformed many aspects of our lives over the past twenty years.  We can get cash at ATMs all over the world; we can book our own airline reservations; we can shop and get best prices over the Internet.

Why hasn’t this happened in health care?  Something is missing.

Recently, major global information and communication companies have announced their intention to bring their technologies and business models to health care.  While the creation of Google Health (GH), Microsoft HealthVault (HV), and Dossia (sponsors include Intel, Wal-Mart, AT&T) are important news items by themselves, what’s more important is what they represent collectively — a new Personal Health Information Network (PHIN). The PHIN and applications developed around the PHIN will fill in many missing pieces and bring health care into the Information Age.

For example, suppose you just found out you have high blood pressure – that’s not uncommon.  Suppose you could easily submit information about your condition using the Google Health platform to receive a service that does the following:

  • informs you whether there are clues in your medical history that point to a cause for your high blood pressure
  • explains why being overweight can be a contributing factor
  • tells you in easy-to understand language what the top number and the bottom number mean (“140 over 90”)
  • explains which laboratory tests are necessary
  • alerts you to the possibility that one of your prescription or over the counter  drugs could be making your high blood pressure worse
  • advises you about the usefulness of using non-drug approaches to treatment
  • tells you which treatment drugs have the greatest efficacy and safety for your specific circumstances
  • tells you if any of those generics high blood pressure drugs are available at Walgreens for $4 a month
  • offers to provide you a map with several Walgreens stores in your city that carry those $4 a month medications

…and many more possibilities we have not yet begun to imagine!

This essay:

  • Is the first in a series of articles we’ll be writing to describe the PHIN and why it’s important — expect about a dozen follow-up posts.
  • Is an overview of the basic idea — think executive summary or long abstract
  • Introduces some new concepts, which we’ll try to simplify and define.  We understand that some of this is not easy reading. ….so we suggest you refill your cup of coffee and settle in.

A First Comparison of Google Health and MS HealthVault

While details are thin, here’s a first pass at comparing and contrasting Google Health (GH) and Microsoft HealthVault (HV).  Overall, there are many common features, some differences, and many common challenges between these two platforms. 

A High Level Comparison

Google Health and Microsoft HealthVault Personal Health Information (PHI) Platforms

There’s still not much information available about the specifics of GH, although they did release sketchy information on the Official Google Blog.  I’ll comment on a few of the particulars.

Microsoft’s HealthVault: User Manual = C-, Strategy to Create a New Ecosystem = A

Would you like to have the experience of being parachuted into a deep forest with no map of where you are or clues about how to get out?  If so, I suggest that you go directly to Microsoft’s new PHR at and just TRY to figure out where you are or where you’re headed.

Initial confusion put aside, I think HealthVault is strategically brilliant.  While I’d give Microsoft a C- for explaining HealthVault (HV), I’ll give them an A for laying the strategy and foundation for what can become an extremely powerful platform for the appropriate, free flow of interoperable and transportable personal health information (I’ve chosen my words carefully here).

Here are four initial impressions about HealthVault — please comment as I’m still trying to figure out myself exactly what HV is and isn’t.