I called for submissions addressing the issue of plenty in health care, since this is the 40th edition, and since 40 is shorthand for plenty or many in several traditions. (Think 40 days or 40 years in any number of Judeo-Christian narratives.)
In addition, while we have seen once again in recent weeks that some in the Tea Party may differ, we have agreed as a society that health care is a social good and we are doing our darnedest to continue to implement the reforms set in motion by Obamacare.
Over time, the app maturity model will see apps progress from being recommended on an ad hoc basis by individual physicians, to systematic use in healthcare, and ultimately to an end goal of being a fully integrated component of healthcare management. There are four key steps to move through on this process: recognition by payers and providers of the role that apps can play in healthcare; security and privacy guidelines and assurances being put in place between providers, patients and app developers; systematic curation and evaluation of apps that can provide both physicians and patients with useful summarized content about apps that can aid decision-making regarding their appropriate use; and integration of apps with other aspects of patient care. Underpinning all of this will be the generation of credible evidence of value derived from the use of apps that will demonstrate the nature and magnitude of behavioral changes or improved health outcomes.
We are nowhere near this endpoint -- integration of the use of health apps into health care management -- right now, due to a number of factors.
Health care diagnostic and treatment tools are on a trajectory of development that is making science fiction of five decades ago into fact. Two current examples: The X Prize contest to develop a real “tricorder” – a handheld wireless device that monitors and diagnoses health conditions – comes to us courtesy of Star Trek (the original U.S. television series was set in the 23rd century) and the recently-announced prototype of a miniaturized implantable continuous blood monitor the size of a 1.5 cm length of pencil lead developed by a team at EPFL in Lausanne brings to mind the movie Fantastic Voyage, in which a surgical team in a submarine was miniaturized and injected into a patient’s bloodstream.
The new darling of the online educational community is Massively Open Online Courses (MOOCs). The example which figures most prominently in the popular imagination is the Khan Academy, though its founder says otherwise, noting that MOOCs are merely online transplantations of traditional courses, while Khan Academy offers something different.
Others would take issue with his conclusion, or characterization. A "connectivist" MOOC is based on four principles:
Aggregation. The whole point of a connectivist MOOC is to provide a starting point for a massive amount of content to be produced in different places online, which is later aggregated as a newsletter or a web page accessible to participants on a regular basis. This is in contrast to traditional courses, where the content is prepared ahead of time.
Remixing, that is, associating materials created within the course with each other and with materials elsewhere.
Re-purposing of aggregated and remixed materials to suit the goals of each participant.
Feeding forward, sharing of re-purposed ideas and content with other participants and the rest of the world.
Sounds great, but is it working? Can it work? A piece in the current issue of The Washington Monthly took a look and concluded:
Given the current 90 percent dropout rate in most MOOCs, an 8-point gap in completion rates between traditional and online courses offered by community colleges, the 6.5 percent graduation rate even at the respected Western Governors University, and the ambiguity of many other higher education reform ideas, there’s good reason to think that an unbound future might not be so great.
The best American innovations in education were the Land-Grant College Act of 1862, which helped create a system of public universities, and the GI Bill of 1944, which ensured that an entire generation had the money to attend college. This widespread access to the college experience enabled people from working-class backgrounds to advance en masse into professional jobs that required reasoning and logic and extensive knowledge of the world. The question is whether or not we will continue this trend or simply give up and say that a few online classes and specialized training are good enough for the majority of Americans.
In other words: Democratization of higher education - good; MOOCs - not so much.
Why is this relevant to you, gentle reader?
The question is whether the promise of MOOCs, or their inability to deliver, will characterize MOOM -- Eric Topol's neologism, "Massively Open Online Medicine," used in his HIMSS 2013 keynote.
In health care, a perfect implementation of big data and data analytics, combined with open access for clinicians and patients, would yield a success in MOOM along the lines of a connectivist MOOC.
We are not there yet, but Topol (who, by the way, has joined me and a growing number of others as a member of The Walking Gallery, dedicated to the very relevant themes of patient empowerment and data liberation ... see his jacket, Bursting from Within and mine, Friendship Pins) continues to call for a move to population health practiced based on individualized information, which would tend to rely on a population of quantified self adherents and e-patients. Unfortunately, at present these are vanguard groups, the minority blazing the way for the majority. There are numerous initiatives afoot seeking to leverage big data, analytics and the health care system to provide population health (a more traditional example: the Accountable Care Organization). Indeed, the future probably holds an even more radical shift away from the health care delivery system as we know it today (Topol spreads the meme of 80% of physicians not being needed in the future) with home-based and wearable sensors replacing much of the current way of practicing diagnostic medicine.
Given the FDA's recent smoke signals about mHealth guidance being issued in the near future, perhaps that future is in fact inching closer, but it seems to me that it will take some time before the democratization of medicine, or health care, or health can truly take hold. The current health care data privacy and security rules -- like so many regulatory constructs -- are designed to fight the last war, not for the current field of maneuver. Technology, delivery systems and rules all need to change before real improvement can bloom. Just as in the case of education there remains a high value in traditional higher education that has not yet been replicated in the MOOCs, MOOM has not yet delivered on its promise.
Here's hoping we don't have to wait as long as the time between the land grant college act and the GI Bill.
Given the plethora of holidays with themes of light that fall around this time of year -- Diwali, Eid al-Adha, Christmas, Kwanzaa and Hanukkah (well, some of them are on different calendars, so they sometimes fall around this time of year), this edition of the Review will attempt to incorporate the theme of lights into the roundup.
(I had occasion to celebrate Hanukkah at the Massachusetts State House -- the photo to the left shows the Senate President, Chabad rabbi, Speaker of the House and Governor Patrick on a scissors lift, lighting the giant menorah.)
Patient communities on twitter are the subject of a series of posts on the Symplur blog, including this one on network centrality analysis, focusing on Kelly Young (aka @rawarrior) and other key nodes (or points of light) in the RA network.
Thanks to Dan Dunlop for highlighting "The Germinator" -- a homegrown, soon-to-be-viral video focusing on hospital acquired conditions (HACs) coming to you from Crouse Hospital in Syracuse, NY.
With any luck, this meta-blog-carnival link will not create an irreparable tear in the fabric of the universe: Hold onto your hats while I commend to your attention the Festival of Lights edition of the Health Wonk Review recently hosted by Hank Stern at InsureBlog.
A jumble of greetings to everyone, some late and some early: Shubh Deepavali, Eid Mubarak, Merry Christmas, Habari Gani, Hanukkah Sameach, and a Happy New Year. Here's to balance, and to a step back from burning the candle at both ends.
HealthCare SocialMedia Review has information about the next edition’s host and instructions on how to submit your posts for review in future editions.
The latest news story to examine the issue of patient access to implantable cardiac defibrillator data (a variation on the theme of “gimme my damn data”) is an in-depth, Page One Wall Street Journal story featuring Society for Participatory Medicine members Amanda Hubbard and Hugo Campos. They have garnered attention in the past – one example is another piece on Hugo on the NPR Shots blog about six months back. The question posed by these individuals is simple — May I have access to the data collected and/or generated by the medical device implanted in my body? — but the responses to the question have been anything but. It is important to note that not every patient in Amanda’s or Hugo’s shoes would want the data in as detailed a format as they are seeking to obtain, and we should not impose the values of a data-hungry Quantified Self devotee on every similarly-situated patient. Different strokes for different folks.
The point is that if a patient wants access to this data he or she should be able to get it. What can a patient do with this data? For one thing: correlate activities with effects (one example given by Hugo is his correlation of having a drink of scotch with the onset of an arrhythmia — correlated through manual recordkeeping — which led him to give up scotch) and thereby have the ability to manage one’s condition more proactively.
Data from implantable medical devices is not covered by HIPAA until it is sent to the patient’s physician (on a periodic basis and usually in edited form — other data is typically retained by the device manufacturer) and entered into the patient’s medical record. It is, rather, governed by FDA rules, and the recent attention to this issue has prompted an FDA spokesperson to say that it would review a plan to give data directly to patients, but that data should be directed to physicians who can interpret it for patients. This is where the action will be in the future: the FDA could develop a framework to allow sharing of this data directly with patients. (The data is collected wirelessly in patients’ homes from the implantable devices.)
Not surprisingly, earlier this year, a Medtronic exec referred to the data in question here as “the currency of the future.” There is clearly a market for the secondary use of patient data — on a de-identified, or anonymized basis — for a variety of purposes, and this is the “big data” we are all hearing about so much lately. (The HIPAA enforcers at HHS recently released guidance on the de-identification of patient data for secondary use — i.e., use for research purposes.) There is value to be extracted from big data, and the question is: Who owns the value? Who owns the data? Suffering as I do from the professional disability of being a lawyer, I am reminded of Moore v. Regents of the University of California, the 1990 California Supreme Court case that found that Mr. Moore, a cancer patient who sought to share in the profits for the commercial cell line developed from cancer cells in a tumor removed from his body, had no property rights in his discarded body parts. Moore could perhaps be read to support the device manufacturers’ perspective that there is no value in the data coming from the implantable device until it is processed by the manufacturer.
Another perspective would be that each patient has a property right in the data generated by his or her body or implants. There have been a couple of discussions on e-patients.net and elsewhere about the notion of a “green button” or a “rainbow button” that would serve as a mechanism for patients to decide how to share their own data (in those cases, the discussion was focused on EHR data, but the principles ought to be the same here). If I want to share my EHR or device data with all, so that it may be aggregated with other patient data and used in research and the development of evidence-based medicine protocols, then I should be able to do so. If I want to donate that data gratis, or if I want to see a small license payment collected by an intermediary (a la the Copyright Clearance Center), if I want to permit it to be used with full identifiers, or as a de-identified record, I should be able to do that.
The quest of patients with implanted devices to gain rights to data should not have to be so quixotic. The information in question is subject to a different regulatory scheme than EHR data, but that is an accident of history, technology and politics. There is no fundamental distinction between a series of MRI images, or a blood test result, and a set of data downloaded from an implantable medical device.
It is possible that we have turned a corner on this issue. It is far from resolved, but the FDA is addressing it — or at least acknowledging it — publicly.
How close are we to resolving this issue? What obstacles do you see ahead? What other sorts of data have remained inaccessible to patients? Where is the next battlefield?
Table 1. Principles used by experts in the determination of the identifiability of health information.
Prioritize health information features into levels of risk according to the chance it will consistently occur in relation to the individual.
Low: Results of a patient’s blood glucose level test will vary
High: Demographics of a patient (e.g., birth date) are relatively stable
Data source Availability
Determine which external data sources contain the patients’ identifiers and the replicable features in the health information, as well as who is permitted access to the data source.
Low: The results of laboratory reports are not often disclosed with identity beyond healthcare environments.
High: Patient name and demographics are often in public data sources, such as vital records -- birth, death, and marriage registries.
Determine the extent to which the subject’s data can be distinguished in the health information.
Low: It has been estimated that the combination of Year of Birth,Gender,and 3-Digit ZIP Code is unique for approximately 0.04% of residents in the United States. This means that very few residents could be identified through this combination of data alone.
High: It has been estimated that the combination of a patient’s Date of Birth, Gender, and 5-Digit ZIP Code is unique for over 50% of residents in the United States. This means that over half of U.S. residents could be uniquely described just with these three data elements.
The greater the replicability, availability, and distinguishability of the health information, the greater the risk for identification.
Low: Laboratory values may be very distinguishing, but they are rarely independently replicable and are rarely disclosed in multiple data sources to which many people have access.
High: Demographics are highly distinguishing, highly replicable, and are available in public data sources.
One element of the expert determination worth noting is the notion that a determination should perhaps be time-limited. Since that which is de-identified today may not be de-identified tomorrow (thanks in part to the rapid growth in the volume of data that is made available to the public on the internet). Here is the relevant FAQ:
How long is an expert determination valid for a given data set?
The Privacy Rule does not explicitly require that an expiration date be attached to the determination that a data set, or the method that generated such a data set, is de-identified information. However, experts have recognized that technology, social conditions, and the availability of information changes over time. Consequently, certain de-identification practitioners use the approach of time-limited certifications. In this sense, the expert will assess the expected change of computational capability, as well as access to various data sources, and then determine an appropriate timeframe within which the health information will be considered reasonably protected from identification of an individual.
Information that had previously been de-identified may still be adequately de-identified when the certification limit has been reached. When the certification timeframe reaches its conclusion, it does not imply that the data which has already been disseminated is no longer sufficiently protected in accordance with the de-identification standard. Covered entities will need to have an expert examine whether future releases of the data to the same recipient (e.g., monthly reporting) should be subject to additional or different de-identification processes consistent with current conditions to reach the very low risk requirement.
It is also worth noting that the guidelines suggest that a data use agreement is not required to be put in place in connection with the sharing of data de-identified in accordance with an expert determination. However, use of such agreements is common, whether or not data has been de-identified, and may contain other provisions of value to the parties.
(I was also tickled to learn the identity of the seventeen ZIP code tabulation areas -- identified by the first three digits of their ZIP codes-- that include fewer than 20,000 residents each per the 2000 Census, and therefore must be listed as 000 in order for a record containing one of them to be condidered de-identified.)
When it comes to HIPAA compliance, these guidelines provide a greater measure of certainty regarding the privacy rule for folks in the secondary use of health data market. It remains to be seen whether the market has anticipated the content of these guidelines or whether there will be an uptick in the secondary use market, and further growth of "big data" in health care and/or an increase in the proliferation of health management tools (including mHealth apps using this population health data), as a result of the guidelines' release.
While the HealthBlawger is generally loath to republish press releases, the source for the presser reproduced below is, well, the HealthBlawger himself. With such impeccable provenance, we need make no further apologies ....
HealthCare SocialMedia Review - A New Blog Carnival - To Launch In April
David Harlow (aka HealthBlawg), health care lawyer, HWC advisory panel member and the other co-founder of HCSMR, continued:
The #hcsm tweetchat moderated by Dana Lewis and the community built by Lee Aase through the Mayo Clinic Center for Social Media are two examples of the many ways in which those of us who are involved in health care social media are able to interact, share best practices and new developments, and learn from each other. By adding a blog carnival to the mix, we hope to increase the sharing of long-form thoughts on the opportunities and challenges associated with health care social media.
Justice noted, “All are welcome to submit blog posts for consideration to each edition’s host. HCSM will be posted every other week -- alternating weeks with Health Wonk Review. And for the uninitiated: a blog carnival is an anthology, an on-line journal club for bloggers, hosted by a different blogger each time.”
Details on hosting, submission guidelines, Justice and Harlow bios and more are available on the HCSMR home page.
Health care social media is of consequence in its own right, but also as a tool to implement or leverage other initiatives, across the spectrum of health care innovation today, including participatory medicine, accountable care organizations, mHealth and others. We look forward to your participation in the HealthCare SocialMedia Review blog carnival as contributors, hosts and engaged readers/commenters. See you April 4, at the inaugural edition, on HealthWorks Collective.