CIO.com covered the presentation I gave at Strata Rx on the idea of patient-controlled donation of data for purposes of data analysis. Putting control in the hands of patients avoids some potential HIPAA issues and may make for richer data sets.
Healthcare IT News ran a cover story in its November issue on the use of Open Notes at Beth Israel Deaconess Medical Center. See further discussion of the piece and links to more information on Open Notes at e-patients.net. I was interviewed on the issue of patients' rights to access their own medical records.
Over time, the app maturity model will see apps progress from being recommended on an ad hoc basis by individual physicians, to systematic use in healthcare, and ultimately to an end goal of being a fully integrated component of healthcare management. There are four key steps to move through on this process: recognition by payers and providers of the role that apps can play in healthcare; security and privacy guidelines and assurances being put in place between providers, patients and app developers; systematic curation and evaluation of apps that can provide both physicians and patients with useful summarized content about apps that can aid decision-making regarding their appropriate use; and integration of apps with other aspects of patient care. Underpinning all of this will be the generation of credible evidence of value derived from the use of apps that will demonstrate the nature and magnitude of behavioral changes or improved health outcomes.
We are nowhere near this endpoint -- integration of the use of health apps into health care management -- right now, due to a number of factors.
Health care diagnostic and treatment tools are on a trajectory of development that is making science fiction of five decades ago into fact. Two current examples: The X Prize contest to develop a real “tricorder” – a handheld wireless device that monitors and diagnoses health conditions – comes to us courtesy of Star Trek (the original U.S. television series was set in the 23rd century) and the recently-announced prototype of a miniaturized implantable continuous blood monitor the size of a 1.5 cm length of pencil lead developed by a team at EPFL in Lausanne brings to mind the movie Fantastic Voyage, in which a surgical team in a submarine was miniaturized and injected into a patient’s bloodstream.
I spoke yesterday at the StrataRx conference in Boston, as part of the data liquidity track. This was sort of a blue sky presentation (as you can tell from the first slide); the thought was to explore the notion of building big data analytics on top of a data store populated by health record information obtained as a result of patient requests. Why? Because doing it that way would bring the data out from under HIPAA and HITECH regulations. Patients could contribute as much or as little of the data as they wish, patients could be compensated for their contributions, and other pesky HIPAA restrictions would fall by the wayside. I used one company's newly-announced service as an example, but there are others in this space as well.
I recently caught up with Nate Gross (@ng), co-founder of Doximity (@Doximity), to hear about how the company is building out the social graphs of physicians. Earlier this year, Doximity hit a milestone -- doc #200,000 -- and Nate filled me in on where the company has been, and where it's going.
Nate will be speaking at Connected Insight Summit, the annual conference presented by Activate Networks, taking place October 8-9, 2013, in Cambridge, MA (use discount code: HARLOW50 for 50% off registration).
Have a listen to our entire conversation, and see the transcript below.
Your faithful HealthBlawger will be out and about at a number of conferences and events over the next month or so, mostly in Boston, speaking, moderating and just hanging out ("on air" and in real life).
I hope to see you at one or more of these. See descriptions below for links to registration and in some cases, discount codes.
With H-Hour (the HIPAA Omnibus Rule compliance date) just a week away, the federales have come through, delivering a useful compliance tool with the HIPAA Notice of Privacy Practices requirements -- a set of model forms released during the Consumer Health IT Summit. At first blush, the forms seem extremely user-friendly, and they are certainly briefer, and are written in a tongue that bears a closer resemblance to English, than the NPPs with which most of us have had to labor. Kudos to the agencies for undertaking the effort to draft and field-test these forms.
While the field-testers' favored format, we are told, is the booklet, I much prefer the layered online form. The first page has a high-level summary of the HIPAA privacy and security rules as they pertain to patients, and details are set forth on the pages that follow.
I was disappointed, however, with one of the examples given in the model NPP:
Sponsored by Canon U.S.A., Inc. “Canon’s extensive scanner product
line enables businesses worldwide to capture, store and distribute information.”
The ideas below are my own.
A recent HHS OCR HIPAA settlement
with a New York area health plan seemed to come out of left field: A CBS
news investigative reporting team bought a copier formerly leased by the health
plan and found protected health information (PHI) of about 350,000 individuals on
the copier’s hard drive. This led the health plan to self-disclose to the OIG,
and to agree to a fine north of $1 million and a correction plan.
Clearly, HIPAA and related state privacy rules require that a
health care entity wipe hard drives of all PHI, or destroy them – the rules
require the use of a variety of administrative, technical and physical controls
to keep personal health data private and secure. The health plan in this case
fell down on the job; it hadn’t even included the copier hard drives in its required
self-analysis of risks and vulnerabilities.