THCB

Categories

Tag: Data

Where is there mHealth, really?

4

Health 2.0 aficionados will know that I’ve been railing against the term “mobile health” or “mHealth” for about three years. Health 2.0 is simply the next thing in health technology, and will remain so (whatever that might be). Sure we have a definition, but it’s about what’s happening not how it happens. Calling something mHealth traps it to a device, in particular a cell phone, and ignores the rest of the ecosystem of the technology and culture that the cell phone is but one part of–that’s the concept we call “unplatforms.” mHealth is like talking about cooking in the kitchen and only talking about the fridge. It’s damn important but you need a stove, a sink and more to make it all work.So if you have a mHealth strategy, as Susannah Fox might quote LOLcats, “URDoin it Rong”.

However, the place where it makes sense to talk abut mHealth is where there are only cell phones, and that place is large tranches of the rural developing world. This came up for me twice yesterday. once in a long chat with DataDyne‘s Joel Selanikio who has a really cool product called EpiSurveyor that works not via SMS but via an app on simple phones and enables very cheap and easy data collection. The other was in a high profile announcement by Johnson & Johnson (a major funder of text4baby btw), which via its Babycenter subsidiary is introducing–with USAID, State Department & the mHealth Alliance– $10m program supporting the use of cell phones for maternal health in developing countries.

So for the health worker in the rural Bangladeshi village, lets have an mHealth strategy. For those of us in the developed world, we need an overall strategy to deal with data and applications–whatever devices they are using.

The Identity Theft Smoke Screen

3

By CHRISTOPHER J. ASAKIEWICZ

Personal data privacy once again has taken front stage in Sorrel v. IMS Health, Inc.[1] Vermont passed the Vermont Confidentiality of Prescription Information Law that allows doctors which prescribe drugs to patients, to decide whether pharmacies can sell their prescription drug prescription records.[2] IMS Health as well as other health information companies contested the law, arguing that the law poses a restriction on commercial speech as access to such information helps pharmaceutical companies market their drugs effectively to doctors. The Supreme Court is now tasked with determining the constitutionality of the restriction on access to prescription information with regards to our First Amendment. [3]

However, this post is focused on the secondary effects asserted in amici curiae briefs supporting the petitioners of allowing companies to purchase such information, specifically the concern of data privacy and patient re-identification. [4] Under the Health Information Portability and Accountability Act (HIPAA), personal health information is de-identified by your local pharmacy prior to such information being shared with any third party. By de-identifying the data, your personal data cannot, it is believed, be linked or traced back to you. De-identifying your health information is a way for covered entities to share your information without your consent or authorization and in accordance with the law. The information once shared is completely anonymized. After the transfer to a third party, like IMS Health, your information is solely data of zeros and ones that translate to dates of dispensing and drug names. No longer does your prescription record list your name or month or day of birth. [5]Continue reading…

Rethinking IMS Health v. Sorrell: Privacy as a First Amendment Value

5

By FRANK PASQUALE

Today the Supreme Court will hear oral arguments in IMS Health v. Sorrell. The case pits medical data giant IMS Health (and some other plaintiffs) against the state of Vermont, which restricted the distribution of certain “physician-identified” medical data if the doctors who generated the data failed to affirmatively permit its distribution.* I have contributed to an amicus brief submitted on behalf of the New England Journal of Medicine regarding the case, and I agree with the views expressed by brief co-author David Orentlicher in his excellent article Prescription Data Mining and the Protection of Patients’ Interests. I think he, Sean Flynn, and Kevin Outterson have, in various venues, made a compelling case for Vermont’s restrictions. But I think it is easy to “miss the forest for the trees” in this complex case, and want to make some points below about its stakes.**

Privacy Promotes Freedom of Expression

Privacy has repeatedly been subordinated to other, competing values. Priscilla Regan chronicles how efficiency has trumped privacy in U.S. legislative contexts. In campaign finance and citizen petition cases, democracy has trumped the right of donors and signers to keep their identities secret. Numerous tech law commentators chronicle a tension between privacy and innovation. And now Sorrell is billed as a case pitting privacy against the First Amendment.

There is an old tension between privacy and the First Amendment, best crystallized in Eugene Volokh’s effort to characterize privacy protections as the troubling right to stop others from speaking about you. Neil Richards has dissected the flaws in Volokh’s Lochneresque effort to reduce the complex societal dynamics of fair data practices to Hohfeldian trump cards held by individuals and corporations. Societies reasonably conclude that certain types of data shouldn’t influence certain types of decisions all the time. And courts have acquiesced, allowing much “of the vast universe of speech [to] remain[] untouched (and thus unprotected) by the First Amendment.”Continue reading…

Invalidated Results Watch

By MARYA ZILBERBERG, MD

My friend Ivan Oransky runs a highly successful blog called Retraction Watch; if you have not yet discovered it, you should! In it he and his colleague Adam Marcus document (with shocking regularity) retractions of scientific papers. While most of the studies are from the bench setting, some are in the clinical arena. One of the questions they have raised is what should happen with citations of these retracted studies by other researchers? How do we deal with this proliferation of oftentimes fraudulent and occasionally simply mistaken data?

A more subtle but no less difficult conundrum arises when papers cited are recognized to be of poor quality, yet they are used to develop defense for one’s theses. The latest case in point comes from the paper I discussed at length yesterday, describing the success of the Keystone VAP prevention initiative. And even though I am very critical of the data, I do not mean to single out these particular researchers. In fact, because I am intimately familiar with the literature in this area, I can judge what is being cited. I have seen similar transgressions from other authors, and I am sure that they are ubiquitous. But let me be specific.

In the Methods section on page 306, the investigators lay out the rationale for their approach (bundles) by stating that the “ventilator care bundle has been an effective strategy to reduce VAP…” As supporting evidence they cite references #16-19. Well, it just so happens that these are the references that yours truly had included in her systematic review of the VAP bundle studies, and the conclusions of that review are largely summarized here. I hope that you will forgive me for citing myself again:Continue reading…

The ACO Rules & Privacy

23

By MARGALIT GUR-ARIE

One day before the first of April, HHS published the much anticipated rules defining the creation and operations of Accountable Care Organizations (ACO) spanning 429 pages of business regulation, analysis of various options available, proposed solutions and ways to measure and reward (punish) success (failure) in achieving HHS seemingly incompatible goals of providing better care for less money. I am fairly certain that health policy experts, health care economists and the multitude of industry stakeholders will be dissecting and analyzing the hefty document in great detail in the coming weeks. I started reading the document with an eye towards the ACO implications for HIT, which as expected are many, but something on page 108 made me stop in my tracks. HHS is proposing to share personally identifiable health information (PHI) contained in Medicare claims with ACO providers unless patients “opt-out”.

Beginning on page 108 and through 22 pages of tortured arguments, HHS makes the case for the legality and benefits of providing ACOs with PHI contained in Medicare claims, unless the patient actively withdraws consent for this type of transaction. The argument for the legality of claim data sharing rests on the nebulous HIPAA clause which allows disclosure of PHI for “health care operations” within a web of covered entities and business associates connecting the ACO with Medicare and other providers of health care services for a particular patient. HHS is proposing to make available four types of medical information to participating ACOs:Continue reading…

The Neverending Story

38

By STEVE SANDERS

We’re hearing a lot about the use of electronic medical records (EMR) in medicine. The government is all for it—providing financial incentives for those with EMRs and disincentives for those still relying on paper charts to make their way through the world. Most health professionals, especially new physicians in training, simply can’t imagine a world without an EMR at their fingertips.

The ability to electronically capture discrete bits of data on each patient allows us to categorize, tally, and build unbelievably beautiful charts and graphs.

These systems also uncover deficiencies in patient care; with the push of a button, we know whose blood pressure or blood sugar is out of control, or how many patients weigh too much for their height. Clinicians click-through as many templates as possible in order for the system to capture these professional nuggets of information. Nuggets worth their weight in gold to researchers and pharmaceutical companies, eager to market their next blockbuster drug to physicians whose patients just happen to fit their marketing profile.

The trouble is when you’ve seen one template–built patient medical record, you’ve seen them all. These systems do such a great job of capturing discrete bits of data that patients become just that—only discrete bits of data.The essence of who they are, their story, becomes lost in attempts at efficiency.

What interests me about each patient is their story: what’s happening in their life that brings them stress or joy. Are they wanting medication for their cough, or really just needing assurance they don’t have lung cancer. Each visit brings a new chapter, a peeling of the onion allowing me to see the various layers of their personality over time. This is more important than almost any other discrete piece of data we could fit into a template. It takes time and effort to build an electronic medical record that speaks for the patient; time that is often in short supply for busy clinicians.Continue reading…

Who Owns Patient Data?

11

By DAVID HARLOW

Walgreens is being sued by customers who are not happy that their prescription information – even though it has been de-identified – is being sold by Walgreens to data-mining companies.

The data privacy and security concerns surrounding the transfer of de-identified data are significant.  To “de-identify” what is otherwise protected health information under HIPAA, some outfits will simply strip data of 18 types of identifiers listed in federal regulations.  However, the relevant regulation (45 CFR 164.514(b)(2)(ii)) also provides that this only works if “the covered entity does not have actual knowledge that the information could be used alone or in combination with other information to identify an individual who is a subject of the information.” Thus, the problem with this approach is that, these days, nobody can disclaim knowledge of the fact that information de-identified by removing this cookbook list of 18 identifiers may be re-identified by cross-matching data with other publicly-available data sources. There are a number of reported instances of this sort of thing happening. The bottom line is that our collective technical prowess has outstripped the regulatory safe harbor.

Is this the basis of the lawsuit brought against Walgreens?  An objection to trafficking in health information that should remain private?  No.  The plaintiff group of customers is suing to share in the profits realized by Walgreens from trading in the de-identified data.Continue reading…

Freeing the Data

3

By JOHN HALAMKA, MD

I’m keynoting this year’s Intersystems Global Conference on the topic of “Freeing the Data” from the transactional systems we use today such as Enterprise Resource Planning (ERP), Customer Relationship Management (CRM),  Electronic Health Records (EHR), etc.  As I’ve prepared my speech,  I’ve given a lot of thought to the evolving data needs we have in our enterprises.

In healthcare and in many other industries, it’s increasingly common for users to ask IT for tools and resources to look beyond the data we enter during the course of our daily work.   For one patient, I know the diagnosis, but what treatments were given to the last 1000 similar patients.  I know the sales today, but how do they vary over the week, the month, and the year?   Can I predict future resource needs before they happen?

In the past, such analysis typically relied on structured data, exported from transactional systems into data marts using Extract/Transform/Load (ETL) utilities, followed by analysis with Online Analytical Processing (OLAP) or Business Intelligence (BI) tools.

In a world filled with highly scalable web search engines,  increasingly capable natural language processing technologies, and practical examples of artificial intelligence/pattern recognition (think of IBM’s Jeopardy-savvy Watson as a sophisticated data mining tool), there are novel approaches to freeing the data that go beyond a single database with pre-defined hypercube rollups.   Here are my top 10 trends to watch as we increasingly free data from transactional systems.Continue reading…

Data Mining Case Reaches the Supreme Court

7

By GLENN LAFFEL, MD, PhD Glenn Laffel

Twenty years ago, IMS Health got the idea to purchase prescription records from pharmacies, license physician information from the AMA’s Physician Masterfile, and link the two databases so as to create something new and different: prescriber-level data (PLD).

It was a brilliant idea. Almost immediately, pharmaceutical and device companies, government analysts and public health officials began lining up to buy raw PLD and/or the reports that IMS created from it.

And with good reason. By applying statistical tools to analyze PLD (a technique known in the vernacular as “Data Mining”) IMS and the purchasers of its data could obtain fresh insight into many topics of interest. These include prescribing pattern variations across regions, where and when influenza outbreaks occur, how physicians respond to these outbreaks and hundreds of others. Drug makers found PLD information to be particularly helpful. With it, they could refine marketing pitches and improve sales force efficiency, among other things.

Since those early days, the scope of the data compiled by IMS and other PLD providers has expanded to a point where it is truly breathtaking. The AMA Masterfile includes current and historical data on 880,000 physicians. IMS and similar companies collect information on more than 70% of all prescriptions filled in the US. SDI Health, another PLD provider, has billing information from 100% of inpatient and outpatient activity at 500 hospitals dating back to 2002. Their databases are large enough to detect national trends and withstand the most exquisite stratification analyses. Furthermore, PLD providers have perfected ways to exclude information from their databases that could be used to identify patients, so the data comply with HIPAA and other privacy-protecting laws.

Continue reading…

Cyber Insurance

2

By MICHAEL OVERLY, ESQPicture 30

Insurance exists to cover a wide range of potential business risks. Cyber insurance is worth considering as companies increase their presence, business practices and data storage online. In fact, Cyber insurance is not just for companies conducting transactions online (e.g., online retailers).

It is valuable to any company who has critical systems or sensitive data, which is almost every business. While it is possible to have insurance that covers damage to your servers and other computer equipment, it is almost certain the insurance only covers the physical damage to the hardware, itself, and not the valuable data housed within. In fact, insurance policies regularly state that the policy is limited to the replacement costs of the hardware and not the data.  This means that in the event a hacker gains access to your systems and disrupts operations, standard insurance coverage will probably offer little or no protection unless hardware is actually damaged.

The costs associated with restoring lost or damaged data, sending breach notifications to consumers, and other potential liability under each state’s breach notification statues can be astronomical. Cyber insurance can help cover some of the costs of a data breach, including the expense of sending notification to affected individuals, public relations, fines, penalties, responding to regulators and any subsequent litigation by affected individuals. The potential for attacks and breaches is growing exponentially as more and more businesses move operations to the cloud. Moreover, attacks do not necessarily derive from an outsider. Data breaches have resulted from careless, frustrated and vengeful employees who often attempt to profit from someone else’s information. Depending on the policy, Cyber insurance can offer protection from hackers, viruses, data breaches, denial of service attacks, and copyright, trademark, and website content infringement.

Continue reading…