stethoscope on computer keyboard

How Traditional Health Records Bolster Structural Racism

By Adrian Gropper, MD

As the U.S. reckons with centuries of structural racism, an important step toward making health care more equitable will require transferring control of health records to patients and patient groups.

The Black Lives Matter movement calls upon us to review racism in all aspects of social policy, from law enforcement to health. Statistics show that Black Americans are at higher risk of dying from COVID-19. The reasons for these disparities are not entirely clear. Every obstacle to data collection makes it that much harder to find a rational solution, thereby increasing the death toll.

Read More

Cartoon of contact tracing for COVID-19.

Community Organizations Can Reduce the Privacy Impacts of Surveillance During COVID-19

By Adrian Gropper

Until scientists discover a vaccine or treatment for COVID-19, our economy and our privacy will be at the mercy of imperfect technology used to manage the pandemic response.

Contact tracing, symptom capture and immunity assessment are essential tools for pandemic response, which can benefit from appropriate technology. However, the effectiveness of these tools is constrained by the privacy concerns inherent in mass surveillance. Lack of trust diminishes voluntary participation. Coerced surveillance can lead to hiding and to the injection of false information.

But it’s not a zero-sum game. The introduction of local community organizations as trusted intermediaries can improve participation, promote trust, and reduce the privacy impact of health and social surveillance.

Read More

A frustrated woman sits at her desk, staring at her computer. Her head is resting in her hand

Patient-Directed Uses vs. The Platform

By Adrian Gropper, MD

This post originally appeared on The Health Care Blog.

This piece is part of the series “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?” which explores whether it’s possible to advance interoperability while maintaining privacy. Check out other pieces in the series here.

It’s 2023. Alice, a patient at Ascension Seton Medical Center Austin, decides to get a second opinion at Mayo Clinic. She’s heard great things about Mayo’s collaboration with Google that everyone calls “The Platform”. Alice is worried, and hoping Mayo’s version of Dr. Google says something more than Ascension’s version of Dr. Google. Is her Ascension doctor also using The Platform?

Alice makes an appointment in the breast cancer practice using the Mayo patient portal. Mayo asks permission to access her health records. Alice is offered two choices, one uses HIPAA without her consent and the other is under her control. Her choice is: Read More

Close up of a computer screen displaying code

What Google Isn’t Saying About Your Health Records

By Adrian Gropper

Google’s semi-secret deal with Ascension is testing the limits of HIPAA as society grapples with the future impact of machine learning and artificial intelligence.

I. Glenn Cohen points out that HIPAA may not be keeping up with our methods of consent by patients and society on the ways personal data is used. Is prior consent, particularly consent from vulnerable patients seeking care, a good way to regulate secret commercial deals with their caregivers? The answer to a question is strongly influenced by how you ask the questions.

Read More

Diverse crowd of adults on a bus, all using smartphones

ACCESS Act Points the Way to a Post-HIPAA World

By Adrian Gropper

The October 22 announcement starts with: “U.S. Sens. Mark R. Warner (D-VA), Josh Hawley (R-MO) and Richard Blumenthal (D-CT) will introduce the Augmenting Compatibility and Competition by Enabling Service Switching (ACCESS) Act, bipartisan legislation that will encourage market-based competition to dominant social media platforms by requiring the largest companies to make user data portable – and their services interoperable – with other platforms, and to allow users to designate a trusted third-party service to manage their privacy and account settings, if they so choose.”

Although the scope of this bill is limited to the largest of the data brokers (messaging, multimedia sharing, and social networking) that currently mediate between us as individuals, it contains groundbreaking provisions for delegation by users that is a road map to privacy regulations in general for the 21st century.

Read More

Icon of a patient id card

A National Patient Identifier: Should You Care?

The rather esoteric issue of a national patient identifier has come to light as a difference between two major heath care bills making their way through the House and the Senate.

The bills are linked to outrage over surprise medical bills but they have major implications over how the underlying health care costs will be controlled through competitive insurance and regulatory price-setting schemes. This Brookings comment to the Senate HELP Committee bill summarizes some of the issues. Read More

Privacy as a concept: shadowy opaque faces overlaid with 1s and 0s

Remembering the Real Stakeholders: Patient Privacy Rights Comments on the Proposed CMS Regulation Pursuant to the Cures Act

By Adrian Gropper and Deborah C. Peel

Electronic health records (EHRs) are a polarizing issue in health reform. In their current form, they are frustrating to many physicians and have failed to support cost improvements. The current round of federal intervention is proposed rulemaking pursuant to the 21st Century Cures Act calls for penalties for “information blocking” and for technology that physicians and patients could use “without special effort.”

The proposed rules are over one thousand pages of technical jargon that aims to govern how one machine communicates with another when the content of the communication is personal and very valuable information about an individual. Healthcare is a challenging and unique industry when it comes to interoperability. Hospitals spend lavishly on EHRs and pursue information blocking as a means to manipulate the physicians and patients who might otherwise bypass the hospital on the way to health reform. The result is a broken market where physicians and patients directly control trillions of dollars in spending but have virtually zero market power over the technology that hospitals and payers operate as information brokers. Read More

ONC’s Proposed Rule is a Breakthrough in Patient Empowerment

By Adrian Gropper

Imagine solving wicked problems of patient matching, consent, and a patient-centered longitudinal health record while also enabling a world of new healthcare services for patients and physicians to use. The long-awaited Notice of Proposed Rulemaking (NPRM) on information blocking from the Office of the National Coordinator for Health Information Technology (ONC) promises nothing less. 

Having data automatically follow the patient is a laudable goal but difficult for reasons of privacy, security, and institutional workflow. The privacy issues are clear if you use surveillance as the mechanism to follow the patient. Do patients know they’re under surveillance? By whom? Is there one surveillance agency or are there dozens in real-world practice? Can a patient choose who does the surveillance and which health encounters, including behavioral health, social relationships, location, and finance are excluded from the surveillance? Read More

Privacy as a concept: shadowy opaque faces overlaid with 1s and 0s

HIPAA RFI Comments: Patient Privacy Rights

By Adrian Gropper and Deborah C. Peel

Among other rich nations, US healthcare stands out as both exceptionally privatized and exceptionally expensive. And taken overall, we have the worst health outcomes among the Western Democracies.

On one hand, regulators are reluctant to limit private corporate action lest we reduce innovation and patient choice and promote moral hazards. On the other hand, a privatized marketplace for services requires transparency of costs and quality and a minimum of economic externalities that privatize profit and socialize costs.

For over two decades, the HIPAA law and regulations have dominated the way personal health data is used and abused to manipulate physician practice and increase costs. During these decades, digital technology has brought marvels of innovation and competition to markets as diverse as travel and publishing while healthcare technology is burning out physicians and driving patients to bankruptcy.

Read More

neural web and female face

Privacy Regulation in the Age of Machine Learning

By Adrian Gropper

Will the machines use our own personal information against us? The answer depends on privacy regulations that are yet to be written.

I know that the current approach to privacy regulation, be it general as in GDPR or sectoral as in HIPAA, is not readily extensible to a world where the principal value of personal data is machine learning. It’s easier to follow my logic if you agree that technology costs are already low compared to the value of personal data. Buying your own AI is increasingly sensible. Then, who will teach your personal AI in school, at work, in your community? You and your doctor will both have personal AI. What is the role of intellectual property when the cost of personal data dominates the cost of your AI? How do you use your AI to license the use of your personal data by others? Standards will be essential to maximize the market for your personal data, whether it’s sold or donated for the public good. These personal data standards are less-than-welcome in a process dominated by enterprises. Nonetheless, thoughtful privacy regulation designed around machine learning will keep humans responsible for the machines.

Read More