HIPAA - Bill of Health

Doctor asking patient to fill out survey before medical treatment.

Key Considerations for Patient-Reported Outcome Measures

November 3, 2023November 3, 2023 The Petrie-Flom Center Staff Leave a comment

By Sharona Hoffman

Patient-reported outcome measures (PROMs) are questionnaires that patients fill out on tablets or other computers or devices. They ask patients to check boxes in answer to questions about their symptoms, treatment effects, and ability to function physically, emotionally, and socially. They thus may solicit very sensitive information about matters such as anxiety, depression, and sexual satisfaction. To illustrate, a query might be “in the past month, how often did you have a lot of trouble falling asleep,” and the patient is asked to check “never,” “rarely,” “sometimes,” “often,” or “always.”

PROM responses can be used for purposes of clinical care, research, quality improvement, Food and Drug Administration (FDA) approval of drugs and devices, and even insurance reimbursement. For example, insurers hypothetically could decide to decline coverage of particular treatments based on PROM responses indicating that many patients find them to be unhelpful.

I first became interested in patient-reported outcome measures because of an experience my husband had. Andy has Parkinson’s disease, and one of the neurologists he saw asked him to fill out a long questionnaire on a tablet computer before each appointment. This task was difficult for Andy because he had a hand tremor, and it was stressful because Andy worried that he would not have time to complete the survey before his appointment began. Moreover, Andy’s physician never referred to his responses and appeared never to look at them. Upon investigation, I found little to no analysis of PROMs in the legal literature, so Andy and I recently published a law review article about them.

Operating room Doctor or Surgeon anatomy on Advanced robotic surgery machine.

Protecting Consumer Privacy in DTC Tissue Testing

October 27, 2023October 27, 2023 Adithi Iyer Leave a comment

By Adithi Iyer

In my last piece, I discussed the hypothetical successor of 23andme — a tissue-based direct-to-consumer testing service I’ve called yourtissueandyou — and the promise and perils that it might bring in consumer health information and privacy. Now, as promised, a closer look at the “who” and “how” of protecting the consumer at the heart of direct-to-consumer precision medicine. While several potential consumer interests are at stake with these services, at top of mind is data privacy — especially when the data is medically relevant and incredibly difficult to truly de-anonymize.

As we’ve established, the data collected by a tissue-based service will be vaster and more varied than we’ve seen before, magnifying existing issues with traditional data privacy. Consumer protections for this type of information are, in a word, complicated. A singular “authority” for data privacy does not exist in the United States, instead being spread among individual state data privacy statutes and regulatory backstops (with overlapping sections of some federal statutes in the background). In the context of health, let alone highly sophisticated cell signaling and microenvironment data, the web gets even more tangled.

sample tube in female hands with pipette.

Why We Should Care About the Move from Saliva to Living Cells in Precision Medicine

October 17, 2023October 16, 2023 Adithi Iyer Leave a comment

By Adithi Iyer

The cultural, informational, and medical phenomenon that is 23andMe has placed a spotlight on precision medicine, which seeks to personalize medical care to each patient’s unique makeup. Thus far, advances in direct-to-consumer genetic testing have made saliva-sample sequencing services all the rage in this space, but regenerative medicine, which relies on cells and tissues, rather than saliva, now brings us to a new, increasingly complex inflection point.

While collecting and isolating DNA samples from saliva may offer a wealth of information regarding heredity, disease risk, and other outflows of the “instruction manual” for patients, analyzing cells captures the minutiae of patients that goes “beyond the book” and most closely informs pathology. Disease isn’t always “written in the stars” for patients. Epigenetic changes from environmental exposures, cell-to-cell signaling behaviors, and the mutations present in diseased cells all profoundly inform how cells behave in whether and how they code the instructions that DNA offers. These factors are critical to understanding how disease materializes, progresses, and ultimately responds to treatment. This information is highly personal to each patient, and reflects behavioral factors as well as genetics.

Regenerative medical technologies use cell- and tissue-based methods to recapitulate, bioengineer, and reprogram human tissue, making a whole suite of sci-fi-sounding technologies an ever-closer reality. With cell-based and other regenerative therapies entering the market (making up an entire FDA subgroup), it well worth considering how cell-based medicine can advance the world of personalized consumer testing. In other words, could a corporate, direct-to-consumer cell-based testing service be the next 23andMe? And what would that mean for patients?

AI-generated image of robot doctor with surgical mask on.

Who’s Liable for Bad Medical Advice in the Age of ChatGPT?

June 5, 2023June 5, 2023 Matthew Chun Leave a comment

By Matthew Chun

By now, everyone’s heard of ChatGPT — an artificial intelligence (AI) system by OpenAI that has captivated the world with its ability to process and generate humanlike text in various domains. In the field of medicine, ChatGPT already has been reported to ace the U.S. medical licensing exam, diagnose illnesses, and even outshine human doctors on measures of perceived empathy, raising many questions about how AI will reshape health care as we know it.

But what happens when AI gets things wrong? What are the risks of using generative AI systems like ChatGPT in medical practice, and who is ultimately held responsible for patient harm? This blog post will examine the liability risks for health care providers and AI providers alike as ChatGPT and similar AI models increasingly are used for medical applications.

File folders containing medical records.

How Dobbs Threatens Health Privacy

January 10, 2023January 9, 2023 Nicolas P. Terry Leave a comment

By Wendy A. Bach and Nicolas Terry

Post-Dobbs, the fear is visceral. What was once personal, private, and one hoped, protected within the presumptively confidential space of the doctor-patient relationship, feels exposed. In response to all this fear, the Internet exploded – delete your period tracker; use encrypted apps; don’t take a pregnancy test. The Biden administration too, chimed in, just days after the Supreme Court’s decision, issuing guidance seeking to reassure both doctors and patients that the federal Health Privacy Rule (HIPAA) was robust and that reproductive health information would remain private. Given the history of women being prosecuted for their reproductive choices and the enormous holes in HIPAA that have long allowed prosecutors to rely on healthcare information as the basis for criminal charges, these assurances rang hollow (as detailed at length in our forthcoming article, HIPAA v. Dobbs). From a health care policy perspective, what is different now is not what might happen. All of this has been happening for decades. The only difference today is the sheer number of people affected and paying attention.

Vintage history book and magnifying glass on wooden background.

The New Search for Reproductive Justice in Old Laws

October 26, 2022October 25, 2022 Katie Gu Leave a comment

By Katie Gu

In the post-Dobbs fight to safeguard reproductive healthcare, a new spotlight has been placed on two existing federal laws: the Health Insurance Portability and Accountability Act (HIPAA) and the Emergency Medical Treatment and Active Labor Act (EMTALA).

Guidance documents issued over the summer by federal agencies emphasize how these laws can be used to protect reproductive health privacy and access.

hands hold phone with app heart and activity on screen over table in office

Perspectives on Data Privacy for Direct-to-Consumer Health Apps

August 18, 2021August 18, 2021 Sara Gerke Leave a comment

By Sara Gerke and Chloe Reichel

Direct-to-consumer (DTC) health apps, such as apps that manage our diet, fitness, and sleep, are becoming ubiquitous in our digital world.

These apps provide a window into some of the key issues in the world of digital health — including data privacy, data access, data ownership, bias, and the regulation of health technology.

To better understand these issues, and ways forward, we contacted key stakeholders representing a range of perspectives in the field of digital health for their brief answers to five questions about DTC health apps.

New Rule Puts Medical Data in Patients’ Hands

July 12, 2021July 9, 2021 The Petrie-Flom Center Staff Leave a comment

By Jayson Marwaha and Tiffany Tuedor

On April 5, 2021, a quiet, but potentially transformative shift regarding patient access to data occurred.

Health systems are now required to provide patients with timely access to their own medical records, upon request. (Shockingly, this hasn’t been a requirement in the past.)

Illustration of multicolored profiles. An overlay of strings of ones and zeroes is visible

We Need to Do More with Hospitals’ Data, But There Are Better Ways

July 7, 2021July 6, 2021 wepstein Leave a comment

By Wendy Netter Epstein and Charlotte Tschider

This May, Google announced a new partnership with national hospital chain HCA Healthcare to consolidate HCA’s digital health data from electronic medical records and medical devices and store it in Google Cloud.

This move is the just the latest of a growing trend — in the first half of this year alone, there have been at least 38 partnerships announced between providers and big tech. Health systems are hoping to leverage the know-how of tech titans to unlock the potential of their treasure troves of data.

Health systems have faltered in achieving this on their own, facing, on the one hand, technical and practical challenges, and, on the other, political and ethical concerns.

Illustration of a man and a woman standing in front of a DNA helix

A Proposal for Localized Review to Safeguard Genetic Database Privacy

June 25, 2021June 25, 2021 Robert Field Leave a comment

By Robert I. Field, Anthony W. Orlando, and Arnold J. Rosoff

Large genetic databases pose well-known privacy risks. Unauthorized disclosure of an individual’s data can lead to discrimination, public embarrassment, and unwanted revelation of family secrets. Data leaks are of increasing concern as technology for reidentifying anonymous genomes continues to advance.

Yet, with the exception of California and Virginia, state legislative attempts to protect data privacy, most recently in Florida, Oklahoma, and Wisconsin, have failed to garner widespread support. Political resistance is particularly stiff with respect to a private right of action. Therefore, we propose a federal regulatory approach, which we describe below.

Tag: HIPAA