Icon of a patient id card

A National Patient Identifier: Should You Care?

The rather esoteric issue of a national patient identifier has come to light as a difference between two major heath care bills making their way through the House and the Senate.

The bills are linked to outrage over surprise medical bills but they have major implications over how the underlying health care costs will be controlled through competitive insurance and regulatory price-setting schemes. This Brookings comment to the Senate HELP Committee bill summarizes some of the issues. Read More

Privacy as a concept: shadowy opaque faces overlaid with 1s and 0s

Remembering the Real Stakeholders: Patient Privacy Rights Comments on the Proposed CMS Regulation Pursuant to the Cures Act

By Adrian Gropper and Deborah C. Peel

Electronic health records (EHRs) are a polarizing issue in health reform. In their current form, they are frustrating to many physicians and have failed to support cost improvements. The current round of federal intervention is proposed rulemaking pursuant to the 21st Century Cures Act calls for penalties for “information blocking” and for technology that physicians and patients could use “without special effort.”

The proposed rules are over one thousand pages of technical jargon that aims to govern how one machine communicates with another when the content of the communication is personal and very valuable information about an individual. Healthcare is a challenging and unique industry when it comes to interoperability. Hospitals spend lavishly on EHRs and pursue information blocking as a means to manipulate the physicians and patients who might otherwise bypass the hospital on the way to health reform. The result is a broken market where physicians and patients directly control trillions of dollars in spending but have virtually zero market power over the technology that hospitals and payers operate as information brokers. Read More

ONC’s Proposed Rule is a Breakthrough in Patient Empowerment

By Adrian Gropper

Imagine solving wicked problems of patient matching, consent, and a patient-centered longitudinal health record while also enabling a world of new healthcare services for patients and physicians to use. The long-awaited Notice of Proposed Rulemaking (NPRM) on information blocking from the Office of the National Coordinator for Health Information Technology (ONC) promises nothing less. 

Having data automatically follow the patient is a laudable goal but difficult for reasons of privacy, security, and institutional workflow. The privacy issues are clear if you use surveillance as the mechanism to follow the patient. Do patients know they’re under surveillance? By whom? Is there one surveillance agency or are there dozens in real-world practice? Can a patient choose who does the surveillance and which health encounters, including behavioral health, social relationships, location, and finance are excluded from the surveillance? Read More

Privacy as a concept: shadowy opaque faces overlaid with 1s and 0s

HIPAA RFI Comments: Patient Privacy Rights

By Adrian Gropper and Deborah C. Peel

Among other rich nations, US healthcare stands out as both exceptionally privatized and exceptionally expensive. And taken overall, we have the worst health outcomes among the Western Democracies.

On one hand, regulators are reluctant to limit private corporate action lest we reduce innovation and patient choice and promote moral hazards. On the other hand, a privatized marketplace for services requires transparency of costs and quality and a minimum of economic externalities that privatize profit and socialize costs.

For over two decades, the HIPAA law and regulations have dominated the way personal health data is used and abused to manipulate physician practice and increase costs. During these decades, digital technology has brought marvels of innovation and competition to markets as diverse as travel and publishing while healthcare technology is burning out physicians and driving patients to bankruptcy.

Read More

neural web and female face

Privacy Regulation in the Age of Machine Learning

By Adrian Gropper

Will the machines use our own personal information against us? The answer depends on privacy regulations that are yet to be written.

I know that the current approach to privacy regulation, be it general as in GDPR or sectoral as in HIPAA, is not readily extensible to a world where the principal value of personal data is machine learning. It’s easier to follow my logic if you agree that technology costs are already low compared to the value of personal data. Buying your own AI is increasingly sensible. Then, who will teach your personal AI in school, at work, in your community? You and your doctor will both have personal AI. What is the role of intellectual property when the cost of personal data dominates the cost of your AI? How do you use your AI to license the use of your personal data by others? Standards will be essential to maximize the market for your personal data, whether it’s sold or donated for the public good. These personal data standards are less-than-welcome in a process dominated by enterprises. Nonetheless, thoughtful privacy regulation designed around machine learning will keep humans responsible for the machines.

Read More

Digital Health @ Harvard Brown Bag Lunch Series: Free Independent Health Records, featuring Adrian Gropper, MD

January 26, 2017 12:00 PM
Berkman Klein Center for Internet and Society
23 Everett St., 2nd floor, Harvard Law School, Cambridge, MA

Register for this event

The Digital Health @ Harvard brown bag lunch series features speakers from Harvard as well as collaborators and colleagues from other institutions who research the intersection between health and digital technology. The series is cosponsored by the Berkman Klein Center for Internet & Society at Harvard University and the Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law School. The goal of the series is to discuss ongoing research in this research area, share new developments, identify opportunities for collaboration, and explore the digital health ecosystem more generally.

These lunches are free and open to the public, but RSVPs are required. RSVP now!

This Month

Dr. Adrian Gropper is working to put patients in charge of their health records, arguably the most valuable and most personal kinds of connected information about a person. They encompass elements of anonymous, pseudonymous, and verified identity and they interact with both regulated institutions and licensed professionals. Gropper’s research centers on self-sovereign technology for management of personal information both in control of the individual and as hosted or curated by others. The HIE of One project is a free software reference implementation and currently the only standards-based patient-centered record. The work implements a self-sovereign UMA Authorization Server and is adding blockchain identity as self-sovereign technology to enable licensed practitioners to authenticate and, for example, write a compliant prescription directly into the patient’s self-sovereign health record. Read More