Health Information Technology - Bill of Health

Apple’s mHealth Rules Fear to Tread Where Our Privacy Laws Fall Short

August 29, 2014August 29, 2014 Nicolas P. Terry Leave a comment

On September 9 Apple is hosting its ‘Wish We Could Say More’ event. In the interim we will be deluged with usually uninformed speculation about the new iPhone, an iWatch wearable, and who knows what else. What we do know, because Apple announced it back in June, is that iOS 8, Apple’s mobile operating system will include an App called ‘Health’ (backed by a ‘HealthKit’ API) that will aggregate health and fitness data from the iPhone’s own internal sensors, 3rd party wearables, and EMRs.

What has been less than clear is how the privacy of this data is to be protected. There is some low hanging legal fruit. For example, when Apple partners with the Mayo Clinic or EMR manufacturers to make EMR data available from covered entities they are squarely within the HIPAA Privacy and Security Rules triggering the requirements for Business Associate Agreements, etc.

But what of the health data being collected by the Apple health data aggregator or other apps that lies outside of protected HIPAA space? Fitness and health data picked up by apps and stored on the phone or on an app developer’s analytic cloud fails the HIPAA applicability test, yet may be as sensitive as anything stored on a hospital server (as I have argued elsewhere). HIPAA may not apply but this is not a completely unregulated area. The FTC is more aggressively policing the health data space and is paying particular attention to deviance from stated privacy policies by app developers. The FTC also enforces a narrow and oft-forgotten part of HIPAA that applies a breach notification rule to non-covered entity PHR vendors, some of whom no doubt will be selling their wares on the app store. Read More

The $4 billion Medical Data Breach Case That Lost Its Way

July 24, 2014July 24, 2014 Nicolas P. Terry Leave a comment

By Nicolas Terry

Sutter Health v. Superior Court, 2014 WL 3589699 (Cal. App. 2014), is a medical data breach class action case that raises questions beyond the specifics of the Californian Confidentiality of Medical Information Act.

The stakes were high in Sutter — under the California statute medical data breach claims trigger (or should trigger!) nominal damages at $1000 per patient. Here four million records were stolen.

Plaintiffs’ first argued the defendant breached a section prohibiting unconsented-to disclosure. The not unreasonable response from the court was that this provision required an affirmative act of disclosure by the defendant which was not satisfied by a theft.

A second statutory provision argued by the plaintiffs looked like a winner. This section provided, “Every provider of health care … who creates, maintains, preserves, stores, abandons, destroys, or disposes of medical information shall do so in a manner that preserves the confidentiality of the information contained therein.” Read More

Big Data, Predictive Analytics, Health Care, Law, and Ethics

July 9, 2014August 7, 2018 I. Glenn Cohen Leave a comment

Update: The Moore Foundation has generously paid to make my article available as open access on their website here. Today I am speaking at Health Affairs’ “Using Big Data to Transform Health Care” in DC, that will also launch its new issue devoted to the topic. I have a co-authored paper in the volume entitled “The Legal And Ethical Concerns That Arise From Using Complex Predictive Analytics In Health Care” that has just been released. Ironically the article is behind a paywall (while data wants to be free, I guess big data is different!) Here is the abstract.

Predictive analytics, or the use of electronic algorithms to forecast future events in real time, makes it possible to harness the power of big data to improve the health of patients and lower the cost of health care. However, this opportunity raises policy, ethical, and legal challenges. In this article we analyze the major challenges to implementing predictive analytics in health care settings and make broad recommendations for overcoming challenges raised in the four phases of the life cycle of a predictive analytics model: acquiring data to build the model, building and validating it, testing it in real-world settings, and disseminating and using it more broadly. For instance, we recommend that model developers implement governance structures that include patients and other stakeholders starting in the earliest phases of development. In addition, developers should be allowed to use already collected patient data without explicit consent, provided that they comply with federal regulations regarding research on human subjects and the privacy of health information.

I will also have a related paper on mobile health coming out later this summer that I will blog about when it comes out…

Using Big Data To Transform Care: A Briefing on the July 2014 Special Issue of Health Affairs

June 24, 2014June 24, 2014 The Petrie-Flom Center Staff Leave a comment

Register online now!

The application of big data to transform health care delivery, health research, and health policy is underway, and its potential is limitless. The July 2014 issue of Health Affairs, “Using Big Data To Transform Care,” examines this new era for research and patient care from every angle.

You are invited to join Health Affairs Editor-in-Chief Alan Weil on Wednesday, July 9, for an event at the National Press Club, when the issue will be unveiled and authors will present their work. Panels will cover:

Using Big Data At The Point Of Care
Research Issues
The Role Of The Federal Government
Obstacles/Challenges Of Using Big Data

Among the confirmed speakers are: Read More

Journal of Law & Biosciences publishes HLS student work

June 19, 2014June 19, 2014 The Petrie-Flom Center Staff Leave a comment

JLB cover The Journal of Law and the Biosciences, the new open-access journal launched this year by the Petrie-Flom Center and Harvard Law School in partnership with Duke University and Stanford University, has published several articles in recent weeks by Harvard Law School students:

Nicholas Meyers, Cook v. FDA and the importation and release of lethal injection drugs, J Law Biosci first published online May 2, 2014.
Ashish M. Bakshi, Gene patents at the Supreme Court: Association for Molecular Pathology v. Myriad Genetics, J Law Biosci first published online May 2, 2014.
Adriana Lee Benedict, State-level legislation on follow-on biologic substitution, J Law Biosci first published online May 2, 2014.
Komal Karnik, FDA regulation of clinical decision support software, J Law Biosci first published online April 28, 2014.

Check out these articles, and learn more about the Journal of Law and the Biosciences!

PCAST, Big Data, and Privacy

June 3, 2014June 3, 2014 Leslie Francis Leave a comment

By Leslie Francis

Cross-post from HealthLawProf Blog

The President’s Council of Advisors on Science and Technology (PCAST) has issued a report intended to be a technological complement to the recent White House report on big data. This PCAST report, however, is far more than a technological analysis—although as a description of technological developments it is wonderfully accessible, clear and informative. It also contains policy recommendations of sweeping significance about how technology should be used and developed. PCAST’s recommendations carry the imprimatur of scientific expertise—and lawyers interested in health policy should be alert to the normative approach of PCAST to big data.

Here, in PCAST’s own words, is the basic approach: “In light of the continuing proliferation of ways to collect and use information about people, PCAST recommends that policy focus primarily on whether specific uses of information about people affect privacy adversely. It also recommends that policy focus on outcomes, on the “what” rather than the “how,” to avoid becoming obsolete as technology advances. The policy framework should accelerate the development and commercialization of technologies that can help to contain adverse impacts on privacy, including research into new technological options. By using technology more effectively, the Nation can lead internationally in making the most of big data’s benefits while limiting the concerns it poses for privacy. Finally, PCAST calls for efforts to assure that there is enough talent available with the expertise needed to develop and use big data in a privacy-sensitive way.” In other words: assume the importance of continuing to collect and analyze big data, identify potential harms and fixes on a case-by-case basis possibly after the fact, and enlist the help of the commercial sector to develop profitable privacy technologies. Read More

DUE 6/3: Call for Abstracts: Emerging Issues and New Frontiers for FDA Regulation

May 27, 2014May 27, 2014 The Petrie-Flom Center Staff Leave a comment

The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law School and the Food and Drug Law Institute are pleased to announce an upcoming collaborative academic symposium:

Emerging Issues and New Frontiers for FDA Regulation

Monday, October 20, 2014

Washington, DC

We are currently seeking abstracts for academic presentations/papers on the following topics: Read More

Call for Abstracts: Emerging Issues and New Frontiers for FDA Regulation

May 7, 2014May 7, 2014 The Petrie-Flom Center Staff Leave a comment

Emerging Issues and New Frontiers for FDA Regulation

Monday, October 20, 2014

Washington, DC

We are currently seeking abstracts for academic presentations/papers on the following topics:

Stem cell therapies
Nanotechnologies
Genetic (and biomarker) tests
Gene therapies
Personalized medicine
Comparative efficacy research
Drug resistant pathogens
Globalized markets
Tobacco
GMO
Bioterrorism countermeasures
Mobile health technologies
Health IT
Drug shortages
Other related topics

Abstracts should be no longer than 1 page, and should be emailed to Davina Rosen Marano at dsr@fdli.org by Tuesday, June 3, 2014. Questions should also be directed to Davina Rosen Marano.

We will notify selected participants by the end of June. Selected participants will present at the symposium, and will be expected to submit a completed article by December 15, 2014 (after the event) to be considered for publication in a 2015 issue of FDLI’s Food and Drug Law Journal (FDLJ). Publication decisions will be made based on usual FDLJ standards.

A More Transparent System for Clinical Trials Data in Europe – Mind the Gaps!

May 1, 2014May 1, 2014 Timo Minssen Leave a comment

By Timo Minssen

Following the approval of the European Parliament (EP) earlier last month, the Council of the European Union (the Council) adopted on 14 April 2014 a “Regulation on clinical trials on medicinal products for human use” repealing Directive 2001/20/EC. As described in a press-release, the new law:

“aims to remedy the shortcomings of the existing Clinical Trials Directive by setting up a uniform framework for the authorization of clinical trials by all the member states concerned with a given single assessment outcome. Simplified reporting procedures, and the possibility for the Commission to do checks, are among the law’s key innovations.”

Moreover, and very importantly, the Regulation seeks to improve transparency by requiring pharmaceutical companies and academic researchers to publish the results of all their European clinical trials in a publicly-accessible EU database. In contrast to earlier stipulations which only obliged sponsor to publish the end-results of their clinical trials, the new law requires full clinical study reports to be published after a decision on – or withdrawal of – marketing authorization applications. Sponsors who do not comply with these requirements will face fines.

These groundbreaking changes will enter into force 20 days after publication in the Official Journal of the EU. However, it will first apply six months after a new EU portal for the submission of data on clinical trials and the above mentioned EU database have become fully functional. Since this is expected to take at least two years, the Regulation will apply in 2016 at the earliest (with an opt-out choice available until 2018).

Book Review published on SSRN

February 15, 2014February 15, 2014 Timo Minssen Leave a comment