Category: Leslie Francis

Privacy and Confidentiality: Bill of Health at Five Years and Beyond

Leslie Francis Leave a comment

In honor of the occasion of the Fifth Anniversary of Bill of Health, this post reflects on the past five years of what’s generally known as “privacy” with respect to health information.  The topic is really a giant topic area, covering a vast array of questions about the security and confidentiality of health information, the collection and use of health information for public health and research, commercialization and monetization of information, whether and why we care about health privacy, and much more.  Interestingly, Bill of Health has no categorizations for core concepts in this area:  privacy, confidentiality, security, health data, HIPAA, health information technology—the closest is a symposium on the re-identification of information, held in 2013.  Yet arguably these issues may have a significant impact on patients’ willingness to access care, risks they may face from data theft or misuse, assessment of the quality of care they receive, and the ability of public health to detect emergencies.

Over the past five years, Bill of Health has kept up a steady stream of commentary on privacy and privacy-related topics.  Here, I note just a few of the highlights (with apologies to those I might have missed—there were a lot!) There have been important symposia:  a 2016 set of critical commentaries on the proposed revisions of the Common Rule governing research ethics and a 2013 symposium on re-identification attacks.  There have been reports on the privacy implications of recent or proposed legislation: the 21st Century Cures Act, the 2015 proposal for a Consumer Privacy Bill of Rights, and the proposed Workplace Wellness Bill’s implications for genetic information privacy.  Many comments have addressed big data in health care and the possible implications for privacy.  Other comments have been highly speculative, such as scoping out the territory of what it might mean for Amazon to get into the health care business. There have also been reports of research about privacy attitudes, such as the survey of participants in instruments for sharing genomic data online.  But there have been major gaps, too, such as a dearth of writing about the potential privacy implications of the precision medicine and million lives initiative and only a couple of short pieces about the problem of data security.

Here are a few quick sketches of the major current themes in health privacy and data use, that I hope writers and readers and researchers and most importantly policy makers will continue to monitor over the next five years (spoiler alert: I plan to keep writing about lots of them, and I hope others will too): Read More

ERISA and Graham-Cassidy: A Disaster in Waiting for Employee Health Benefits and for Dependents under 26 on their Parents’ Plans

Leslie Francis 2 Comments

Graham Cassidy § 105 would repeal the ACA “employer mandate”.  Although its sponsors claim that the bill will give states a great deal of flexibility, it will do nothing to help states ensure that employers provide their employees with decent health insurance; quite the reverse.  It will also give employers the freedom to ignore the popular ACA requirement that allows children up to age 26 to receive coverage through their parent’ plans, at least when their parents get health insurance from their employers.  Here’s why.

The Affordable Care Act (ACA) was designed to foster and build on health insurance plans that employers in the US provide to their employees.  With limited exceptions such as provisions about wellness plans, it left in place the Employee Retirement Income Security Act of 1974 (ERISA), the federal statute that governs benefits that employers offer their employees.  Rather than amending ERISA to place new federal requirements on employer-provided plans, ACA imposed a tax penalty (called a “shared responsibility payment”) on employers (with at least 50 full-time equivalent employees) with employees who receive tax credits for purchasing insurance through the ACA exchanges.  This is the ACA “employer mandate,” aimed to deter employers from dumping their existing health care plans.  It is the ACA provision that supported the mantra: “you’ll get to keep the insurance you have.” This mandate is imposed through a tax and otherwise leaves in place the regulatory vacuum created by ERISA.  Let me explain how.

ERISA, enacted in 1974, is the federal statute that governs employee “welfare” plans: benefits, including health benefits, that employers offer their employees.  Although ERISA imposes quite substantial requirements on pension plans, it imposes only disclosure and fiduciary responsibilities on welfare plans.  Employers must state clearly for their employees what they are given—but may also reserve the right to change plans, as long as they tell their employees that they might do this.  Employers also must manage their plans as a good fiduciary would, but this does not mean that employers must offer minimum benefits to their employees, or indeed any benefits at all. Read More

Is There a Fourth Amendment Expectation of Privacy in Prescription Records? According to the Utah District Court, Maybe Not

Leslie Francis Leave a comment

It might come as a surprise to many in the United States that they may have no Fourth Amendment reasonable expectation of privacy in their physicians’ records when their physicians transfer these records to state agencies under state public health laws. Yet on July 27, the federal district court for the state of Utah said exactly this for records of controlled substance prescriptions—and perhaps for medical records more generally. (United States Department of Justice, Drug Enforcement Administration v. Utah Department of Commerce, 2017 WL 3189868 (D. Utah July 27)). Patients should know that their physicians are required by law to make reports of these prescriptions to state health departments, the court said. Because patients should know about these reports, they have no expectation of privacy in them as far as the Fourth Amendment is concerned.  And, so, warrantless searches by the Drug Enforcement Administration (DEA) are constitutionally permissible at least so far as the district of Utah is concerned.  Physicians are by law required to make many kinds of reports to state agencies: abuse, various infectious diseases, possible instances of bioterrorism, tumors, abortions, birth defects—and, in most states, controlled substance prescriptions.  The Utah court’s reasoning potentially throws into question the extent to which any of these reports may receive Fourth Amendment protection.

Read More

The Precision Medicine Initiative and Access

Leslie Francis Leave a comment

By Leslie Francis

Persistent differences in participation in clinical trials by race and ethnicity are well known; for example, the 2015 Report of the Working Group on Precision Medicine (PMI) relies on statistics that only 5% of clinical trial participants are African-American and only 1% are Hispanic. A recently-launched website of the FDA, “Drug Trials Snapshots,” confirms this dismal picture.

Designed to “make demographic data more available and transparent,” and to “highlight whether there were any differences in the benefits and side effects among sex, race and age groups,” the website reveals instead an impressive lack of information. Reported on the website are 70 new drug approvals for 78 different indications. These data report only evidence about differences by the census categories for race (White, Black or African-American, Asian, American Indian or Alaska Native, Native Hawaiian or Other Pacific Islander, and Unknown). In nine of the reported trials data were considered sufficient to report detected differences in efficacy or side-effects in all racial categories, in two data were considered sufficient to report these differences for African-Americans and Asians, in seven data were considered sufficient to report these differences for Asians, and in two data were considered sufficient to report these differences only for African-Americans. No data are reported about ethnicity, socioeconomic status, disability, or other categories that might be important to the PMI and the benefits data about the planned cohort might bring. Read More

Surrogacy Contracts Directly Enforcible in Pennsylvania

jrobertson 1 Comment

By John A. Robertson

Surrogacy is legal in many states.  Some, like California, directly enforce gestational carrier contracts.  Others, like Texas, Illinois, and Virginia, enforce only those contracts that are entered into by a married couple who need a surrogate for medical reasons which a judge approves before embryo transfer occurs.  A Pennsylvania court has now shown why gestational surrogacy contract should be directly enforced in the absence of legislation.  Its well-reasoned opinion suggests that more states may be open to this approach to surrogacy.

The Pennsylvania case, In re Baby S., arose out of a gestational surrogacy agreement involving embryos created with donor eggs and husband sperm. The written agreement was indisputably clear that that the intended parents would be the legal rearing parents, their names would appear on the birth certificate, and the carrier would have no rearing rights or duties.  Unlike previous cases questioning the validity of a surrogacy contract, the challenge here came not from the carrier who now wished to assert rearing rights (see In re Baby M and Calvert v. Johnson) but from the wife (the intended rearing mother).  She had praised the carrier’s willingness to help her have a child, which she repeated both at the embryo transfer and at a 20 week ultrasound at 20 weeks of pregnancy, which both intended parents attended.  A month later she informed the parties that “irreconcilable marital difficulties” would make it difficult for her to co-parent the child with the intended father.  She also refused to complete the paperwork for her name to appear on the birth certificate as the mother.

Read More

The US 2020 HIV/AIDS Strategy and the Limits of ACA

Leslie Francis Leave a comment

By Leslie Francis

On July 30, the White House announced the updated 2020 HIV/AIDS strategy. The admirable vision of the strategy is that “The United States will become a place where new HIV infections are rare, and when they do occur, every person, regardless of age, gender, race/ethnicity, sexual orientation, gender identity, or socio-economic circumstance, will have unfettered access to high quality, life-extending care, free from stigma and discrimination.”

This said, the strategy reflects continuing concerns about the numbers of people who do not know their HIV status, who do not have access to effective treatment, and who do not take advantage of preventive strategies. Demographic groups especially at risk include men having sex with men, African American men and women, Latino men and women, people who inject drugs, youth age 13-24, people in the Southern United States, and transgender women. The strategy emphasizes care coordination, coordination between health care and other social services such as housing, treatment as prevention, and pre-exposure prophylaxis. Notable initiatives since the 2010 HIV/AIDS strategy include interagency efforts to address the intersection of HIV and violence against women, a DOJ and CDC collaboration to publish a comprehensive examination and best practices guide on the intersection between HIV and criminal laws, and demonstration projects funded through the HHS Minority AIDS Initiative Fund. Read More

HHS Issues Guidance on Same Sex Spouses and HIPAA

Leslie Francis Leave a comment

By Leslie Francis

[Cross-posted at HealthLawProfs blog.]

Under HIPAA, patients’ spouses and other family members have certain rights to access health information. In an important guidance document in the wake of United States v. Windsor, the Office for Civil Rights (OCR) at HHS has clarified that “spouse” under HIPAA refers to legally married same-sex spouses, even if the individual is receiving services in a jurisdiction not recognizing same-sex marriage.  Read More

The Problematic Jurisprudence of Halbig v. Burwell

Leslie Francis Leave a comment

By Leslie Francis

Like the recent Supreme Court decision in Hobby Lobby, the D.C. Circuit’s ruling earlier this week in Halbig v. Burwell is being hailed by conservatives and bemoaned by liberals as a death knell for Obamacare.  Unlike the decision in Hobby Lobby, however the D.C. Circuit’s ruling is not the end of the matter, and many liberals are finding hope in the ruling of the 4th Circuit the same day, the probability of an en banc hearing in the D.C. Circuit, and the ultimate possibility of a favorable Supreme Court decision.  In an earlier post in HealthLawProf, I decided to take seriously the possibility of damage control from a limited reading of Hobby Lobby.  It is pretty much universally agreed—and I believe correctly—that it is not possible to do similar damage control by giving a limited reading to Halbig v. Burwell.  If the ruling stands, that tax subsidies are not available to people purchasing coverage through the exchanges in the states that are letting the federal government do the work, many important other provisions of the ACA will be untenable, including the penalties for large employers not offering insurance whose employees receive subsidies and likely the individual mandate itself.  But I think it is possible to undermine Halbig in a way not generally recognized by the liberal critics who argue (correctly) that the statutory provision at issue is ambiguous:  argue that the jurisprudence of the majority opinion in Halbig is internally inconsistent.  Here’s how. Read More

PCAST, Big Data, and Privacy

Leslie Francis Leave a comment

By Leslie Francis

Cross-post from HealthLawProf Blog

The President’s Council of Advisors on Science and Technology (PCAST) has issued a report intended to be a technological complement to the recent White House report on big data. This PCAST report, however, is far more than a technological analysis—although as a description of technological developments it is wonderfully accessible, clear and informative.  It also contains policy recommendations of sweeping significance about how technology should be used and developed.  PCAST’s recommendations carry the imprimatur of scientific expertise—and lawyers interested in health policy should be alert to the normative approach of PCAST to big data.

Here, in PCAST’s own words, is the basic approach: “In light of the continuing proliferation of ways to collect and use information about people, PCAST recommends that policy focus primarily on whether specific uses of information about people affect privacy adversely. It also recommends that policy focus on outcomes, on the “what” rather than the “how,” to avoid becoming obsolete as technology advances. The policy framework should accelerate the development and commercialization of technologies that can help to contain adverse impacts on privacy, including research into new technological options. By using technology more effectively, the Nation can lead internationally in making the most of big data’s benefits while limiting the concerns it poses for privacy. Finally, PCAST calls for efforts to assure that there is enough talent available with the expertise needed to develop and use big data in a privacy-sensitive way.”  In other words:  assume the importance of continuing to collect and analyze big data, identify potential harms and fixes on a case-by-case basis possibly after the fact, and enlist the help of the commercial sector to develop profitable privacy technologies.  Read More

Conflicts of Interest and the FDA’s Determinations of Food Safety

Leslie Francis Leave a comment

By Leslie Francis

At last year’s Petrie-Flom conference on the FDA in the 21st Century, I had an experience that I’ve never really had before in my academic career.  I gave a paper (co-authored, actually) that was met with genuine ire.  The paper dealt with labeling GMO foods.  Several in the audience—including friends—heard me as going over to the dark side of anti-science, irrational skepticism, and downright immoral ignorance of important nutritional and commercial advantages.  I wasn’t buying into such bad science, however.  The written paper (concededly it’s always possible that a lengthy legal argument doesn’t come across in a nuanced way in a short presentation) argued three points:  (1) the FDA has not acted to the full extent of its statutory labeling authority; (2) the present processes for granting market clearance for particular GMO products is highly deferential to industry submissions with respect to safety (the safety of a particular GMO product is a different question from the general question of GMO safety—the FDA’s own example is the unknown allergenic effects of adding peanut genes to other agricultural products); and (3) in a context in which scrutiny of safety is so industry-dependent, there is a case to be made for labeling so that consumers can make their own choices.

In a nutshell, the current FDA process for allowing a particular GMO product to be marketed is a variant of the process for allowing marketing of additives Generally Recognized as Safe (GRAS).  Under the GRAS process, anyone can petition for a determination that an additive is GRAS; industry can also make its own GRAS determinations.  The procedure for clearing GMO foods is a consultative process that is also voluntary and entirely reliant on information from industry.  Unlike the GRAS process, however, it does not even require publication of the information relied on for consultations.

In an article published this week in JAMA Internal Medicine, Neitner et al. demonstrate the extent to which GRAS determinations are riddled with conflicts of interest.  The authors conclude, “The lack of independent review in GRAS determinations raises concerns about the integrity of the process and whether it ensures the safety of the food supply, particularly in instances where the manufacturer does not notify the FDA of the determination. The FDA should address these concerns.”  Given the parallels between the GRAS process and the process applied to GMO foods, one might hypothesize that conflicts of interest are similarly present in the latter.  The FDA should address these concerns, too.  This is not anti-science; it is respect for good science.

[Leslie Francis]