THCB

Categories

Tag: Deven McGraw

HardCore Health Podcast| Episode 3, IPOs, Privacy, & more!

On Episode 3 of HardCore Health, Jess & I start off by discussing all of the health tech companies IPOing (Livongo, Phreesia, Health Catalyst) and talk about what that means for the industry as a whole. Zoya Khan discusses the newest series on THCB called, “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?”, which follows & discuss the legislation being passed on data privacy and protection in Congress today. We also have a great interview with Paul Johnson, CEO of Lemonaid Health, an up-and-coming telehealth platform that works as a one-stop-shop for a virtual doctor’s office, a virtual pharmacy, and lab testing for patients accessing their platform. In her WTF Health segment, Jess speaks to Jen Horonjeff, Founder & CEO of Savvy Cooperative, the first patient-owned public benefit co-op that provides an online marketplace for patient insights. And last but not least, Dr. Saurabh Jha directly address AI vendors in health care, stating that their predictive tools are useless and they will not replace doctors just yet- Matthew Holt

Matthew Holt is the founder and publisher of The Health Care Blog and still writes regularly for the site.

Pending Federal Privacy Legislation: A Status Update

Vince Kuraitis
Deven McGraw

By DEVEN McGRAW and VINCE KURAITIS

This post is part of the series “The Health Data Goldilocks Dilemma: Privacy? Sharing? Both?”

In our initial blog post of February 20th, “For Your Radar – Huge Implications for Healthcare in Pending Privacy Legislation,” we broadly discussed six key issues for healthcare stakeholders in the potential federal privacy and data protection legislation. We committed to future posts comparing and contrasting specific legislative proposals.  

What’s happened since then? 

Additional bills have been introduced and hearings have been held in both the House and the Senate.  The Federal Trade Commission (FTC) also hosted two days of hearings on the FTC’s Approach to Consumer Privacy.  

The buzz around federal privacy legislation continues, but as of yet there appear to be no proposals or bills that have emerged as the lead bills. 

In the meantime, the clock is ticking.  As we mentioned in our February 20th post, a significant catalyst for federal privacy legislation is the desire of companies covered by the California Consumer Privacy Act (CCPA) to have that broadly-applicable, stringent state law preempted by a more company-friendly federal law.  The CCPA, which sets stringent consent and other requirements for large companies, or companies collecting or monetizing large amounts of consumer data from California residents, goes into effect January 1, 2020 – less than six months from today.  

Is it possible for a legislative body to move quickly on such a controversial topic?  Again, California’s experience may be instructive. The CCPA was passed into law and signed on June 28, 2018, about a week after it was introduced. Lawmakers were in a rush in order to keep a popular and even stricter consumer privacy ballot initiative from being put before the California voters.  (The sponsors of the ballot initiative agreed to withdraw it if the CCPA were enacted by the June 28th deadline.). 

Tech companies held their noses and supported the legislation because changing legislation is easier than changing a ballot initiative adopted by the voters. However, this strategy is not fool-proof.  Although the CCPA has been successfully modified once to address some company concerns and to clarify confusing language, more recent attempts to amend it have failed (modification bills are still pending).  With the deadline fast approaching, and the prospect for further significant modifications to the CCPA looking less likely, the pressure on Congress is reaching a fever pitch.

Continue reading…

Announcing a New Series: “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?

By ZOYA KHAN

I would like to introduce you to a new ongoing series that THCB will be featuring called “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?”. It is about time we started talking about health data privacy and policy, and we have just the experts on hand to do so: Vince Kuraitis and Deven McGraw.

The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?” series will cover a whole host of topics that discuss, clarify, and challenge the notion of sharing data and if it should be kept private or made public. On the one hand, sharing health information is essential for clinical care, powering medical discovery, and enabling health system transformation. On the other hand, the public is expressing greater concerns over the privacy of personal health data. This ‘Goldilocks Dilemma’ has pushed US policymakers towards two seemingly conflicting goals: 1) broader data interoperability and data sharing, and 2) enhanced data privacy and data protection.

But this issue is even more nuanced and is influenced by many moving parts including: Federal & State privacy legislation, health technology legislation, policy & interoperability rules, data usage from AI & machine learning tools, data from clinical research, ethical concerns, compensating individuals for their data, health data business models, & many more. 

Fear not, Deven & Vince are here to walk readers through this dilemma and will be providing pieces to help explain what is going on. Most of their discussion & pieces will cover 2 specific affected areas: 1) How are policymakers addressing health data privacy risks, and 2) The impact on business models within the Health Data Goldilocks Dilemma.

We hope you enjoy the series and if you have any pieces to add to it, please email me zoya@thehealthcareblog.com

Zoya Khan is the Editor-in-Chief of THCB & an Associate at SMACK.health

THCB Spotlights|Deven McGraw, CRO of Ciitizen

Deven McGraw is one of America’s best known health privacy lawyers, including a stint at HHS running the Office of Civil Rights. But now she’s a cool startup kid living in Silicon Valley and is the Chief Regulatory Officer at Ciitizen. Ciitizen is focusing on helping people collecting, organizing, and securely sharing their personal health data to improve their care, and was founded by Anil Sethi who previously founded Glimpse and sold it to Apple (where it is now the core of Apple’s Health records product).

For more details, watch Matthew’s interview with Deven below.


For Your Radar — Huge Implications for Healthcare in Pending Privacy Legislation

11
Deven McGraw
Vince Kuraitis

By VINCE KURAITIS and DEVEN McGRAW

Two years ago we wouldn’t have believed it — the U.S. Congress is considering broad privacy and data protection legislation in 2019. There is some bipartisan support and a strong possibility that legislation will be passed. Two recent articles in The Washington Post and AP News will help you get up to speed.

Federal privacy legislation would have a huge impact on all healthcare stakeholders, including patients.  Here’s an overview of the ground we’ll cover in this post:

  • Why Now?
  • Six Key Issues for Healthcare
  • What’s Next?

We are aware of at least 5 proposed Congressional bills and 16 Privacy Frameworks/Principles. These are listed in the Appendix below; please feel free to update these lists in your comments.  In this post we’ll focus on providing background and describing issues. In a future post we will compare and contrast specific legislative proposals.

Continue reading…

Are Patient Privacy Laws Being Abused to Protect Medical Centers?

12

By CHARLES ORNSTEIN

Optimized-Ornstein

This story was co-published with NPR’s “Shots” blog.

In the name of patient privacy, a security guard at a hospital in Springfield, Missouri, threatened a mother with jail for trying to take a photograph of her own son. In the name of patient privacy , a Daytona Beach, Florida, nursing home said it couldn’t cooperate with police investigating allegations of a possible rape against one of its residents.

In the name of patient privacy, the U.S. Department of Veterans Affairs allegedly threatened or retaliated against employees who were trying to blow the whistle on agency wrongdoing.When the federal Health Insurance Portability and Accountability Act passed in 1996, its laudable provisions included preventing patients’ medical information from being shared without their consent and other important privacy assurances.But as the litany of recent examples show, HIPAA, as the law is commonly known, is open to misinterpretation – and sometimes provides cover for health institutions that are protecting their own interests, not patients’.

“Sometimes it’s really hard to tell whether people are just genuinely confused or misinformed, or whether they’re intentionally obfuscating,” said Deven McGraw, partner in the healthcare practice of Manatt, Phelps & Phillips and former director of the Health Privacy Project at the Center for Democracy & Technology.For example, McGraw said, a frequent health privacy complaint to the U.S. Department of Health and Human Services Office of Civil Rights is that health providers have denied patients access to their medical records, citing HIPAA. In fact, this is one of the law’s signature guarantees.”Often they’re told [by hospitals that] HIPAA doesn’t allow you to have your records, when the exact opposite is true,” McGraw said.

I’ve seen firsthand how HIPAA can be incorrectly invoked.

In 2005, when I was a reporter at the Los Angeles Times, I was asked to help cover a train derailment in Glendale, California, by trying to talk to injured patients at local hospitals. Some hospitals refused to help arrange any interviews, citing federal patient privacy laws. Other hospitals were far more accommodating, offering to contact patients and ask if they were willing to talk to a reporter. Some did. It seemed to me that the hospitals that cited HIPAA simply didn’t want to ask patients for permission.

Continue reading…

Give Us Our Damn Lab Results!!

61

By ALICE LEITER & DEVEN McGRAW

Two years ago, the Department of Health and Human Services released proposed regulations that would allow patients to obtain their clinical lab test results directly from the lab, rather than having to wait to receive the results from their health care provider.  CDT and other consumer groups enthusiastically supported this proposed rule at the time of its release.

Yet an Administration largely characterized by increasing patient access to health information seems inexplicably unable to close the deal on this important access initiative.  As a result, patients still must wait for their providers to contact them with test results.

Under the current regulations, known as the Clinical Laboratory Improvement Amendments (CLIA), laboratories are restricted from disclosing test results to patients directly.  Instead, labs can only send the test results to health care providers, people authorized to receive test results under state law or other labs. Only a handful of states permit labs to send patients test results directly, and some of these states require the provider’s permission before patients can have the results.  The HIPAA Privacy Rule reflects this restriction, exempting CLIA-regulated labs (which are the great majority of clinical labs) from patients’ existing right to access their health information.

This existing regime has put patients at risk. A 2009 study published in the Archive of Internal Medicine indicated that providers failed to notify patients (or document notification) of abnormal test results more than 7 percent of the time. The National Coordinator for Health IT recently put the figure at 20 percent.  This failure rate is dangerous, as it could lead to more medical errors and missed opportunities for valuable early treatment.

The 2011 proposed regulations would modify CLIA to permit labs to send results directly to patients, and they would also modify the HIPAA Privacy Rule to give patients the right to access or receive their lab results.  Contrary state laws would be preempted.  Patients would have the ability to request their lab results in a particular form or format, as with their other health information; for example, patients could request a paper copy of their test results, or to have the results sent electronically to the their personal health records

Continue reading…

Paving the Regulatory Road

1

By Deven McGraw

The poor quality and high cost of health care in the U.S. is well documented. The widespread adoption of electronic medical records—for purposes of improving quality and reducing costs—is key to reversing these trends.[1] But federal privacy regulations do not set clear and consistent rules for access to health information to improve health care quality. Consequently, the regulations serve as a disincentive to robust analysis of information in medical records and may interfere with efforts to accelerate quality improvements. This essay further explains this disincentive and suggests a potential regulatory path forward.

The U.S. has dedicated approximately 47 billion dollars to improve individual and population health through the use of electronic medical records by health care providers and patients.www.kff.org/medicaid/upload/7955.pdf." href="http://www.stanfordlawreview.org/online/privacy-paradox/learning-health-care-system#footnote_2">[2] Much of the funding for this initiative, enacted by Congress as part of the Health Information Technology for Economic and Clinical Health Act of 2009, will be used to reimburse physicians and hospitals for the costs of purchasing and implementing electronic medical record systems. The legislation also includes funding to establish infrastructure to enable health care providers to share a patient’s personal health information for treatment and care coordination purposes and for reporting to public health authorities.

Federal policymakers also intend for electronic medical records to be actively used as tools of health system reform. The legislation directs the U.S. Department of Health and Human Services to develop a “nationwide health information technology infrastructure” that improves health care quality, reduces medical errors and disparities, and reduces health care costs from inappropriate or duplicative care.[3]The 2011-2015 Federal Health Information Technology Strategic Plan identifies improving population health, reduction of health care costs, and “achiev[ing] rapid learning” as key goals of federal health information technology initiatives.http://healthit.hhs.gov/portal/server.pt?open=512&objID=1211&parentname=CommunityPage&parentid=2&mode=2.%22 href="http://www.stanfordlawreview.org/online/privacy-paradox/learning-health-care-system#footnote_4">[4]

Continue reading…

Crowdsourcing the Future: Health 2.0 and HIPAA

6

By DEVEN McGRAWPicture 61

The Health 2.0 movement has seen incredible growth recently, with new tools and services continuously being released. Of course, Health 2.0 developers face a number of challenges when it comes to getting providers and patients to adopt new tools, including integrating into a health system that is still mostly paper-based. Another serious obstacle facing developers is how to interpret and, where appropriate, comply with the HIPAA privacy and security regulations.

Questions abound when it comes to Health 2.0 and HIPAA, and it’s vital we get them answered, both for the sake of protecting users’ privacy and to ensure people are able to experience the full benefits of innovative Health 2.0 tools. We can’t afford to see the public’s trust in new health information technology put at risk, nor can we afford to have innovation stifled.

To help solve this problem, the Center for Democracy & Technology (CDT) has launched a crowdsourcing project to determine the most vexing Health 2.0/HIPAA questions.

This is where you come in:

Whether you are a healthcare provider, a Health 2.0 developer or an e-patient, we hope you’ll visit our website to submit your questions on Health 2.0 and HIPAA.

Once CDT has received your questions, we’ll use them to urge the Office of Civil Rights, which enforces HIPAA, to provide clarification. We’ll accept questions until Feb. 11, 2011, so please weigh in soon, and ask others to do the same.

Deven McGraw is Director of the Health Privacy Project at the Center for Democracy & Technology.