Apple watch and fit bit.

Beyond HIPAA: A Proposed Self-Policing Framework for Digital Health Products

By Vrushab Gowda

As digital health products proliferate, app developers, hardware manufacturers, and other entities that fall outside Health Insurance Portability and Accountability Act (HIPAA) regulation are collecting vast amounts of biometric information. This burgeoning market has spurred patient privacy and data stewardship concerns.

To this end, two policy nonprofits – the Center for Democracy and Technology (CDT) and the eHealth Initiative (eHI) – earlier this month jointly published a document detailing self-regulatory guidelines for industry. The following piece traces the development of the “Proposed Consumer Privacy Framework for Health Data,” provides an overview of its provisions, and offers critical analysis.

Read More

Code on computer.

How to Secure Our Digital Health Infrastructure Against Cyber Attacks

By Vrushab Gowda

Our health information infrastructure is highly susceptible to cyber attacks. At the time of writing, the Department of Health and Human Services (HHS) is actively investigating over 700 major breaches over the past 24 months alone.

It is incumbent upon our institutions to proactively guard against these threats, with our federal government leading the charge.

Read More

Person typing on computer.

Online Terms of Use for Genealogy Websites – What’s in the Fine Print?

By Jorge L. Contreras

Since genealogy websites first went online, researchers have been using the data that they contain in large-scale epidemiological and population health studies. In many cases, data is collected using automated tools and analyzed using sophisticated algorithms.

These techniques have supported a growing number of discoveries and scientific papers. For example, researchers have used this data to identify genetic markers for Alzheimer’s Disease, to trace an inherited cancer syndrome back to a single German couple born in the 1700s, and to gain a better understanding of longevity and family dispersion.  In the last of these studies, researchers analyzed family trees from 86 million individual genealogy website profiles.

Despite the scientific value of publicly-available genealogy website information, and its free accessibility via the Internet, it is not always the case that this data can be used for research without the permission of the site operator or the individual data subjects.

In fact, the online terms of use (TOU) for genealogy websites may restrict or prohibit the types of uses for data found on those sites.

Read More

Code on computer.

Rise in Hospital Ransomware Attacks Requires Government Intervention

By Jenna Becker

Last week, widespread ransomware attacks against hospital systems forced several hospitals to go offline. 

Despite the growing risk of cyberattacks against hospitals, the health care industry has been left to address this issue on their own. Ransomware attacks, named for the fee that these malicious viruses attempt to extract, can be very challenging to address, involving complex cybersecurity protocols.

Unfortunately, many hospitals lack the resources and the time required to prevent this malware from spreading. The government has provided minimal resources to hospital systems looking to enhance their cybersecurity. Resource-strapped hospitals require significant government support to address the growing threat of ransomware.

Read More

computer and stethoscope

How Telehealth Could Improve — or Worsen — Racial Disparities

By Craig Konnoth, JD, M.Phil., Wendy Netter Epstein, JD, and Max Helveston, JD

Despite upping the stakes of America’s partisan divide, the pandemic has prompted bipartisan support for at least one cause — the rapid rollout of telehealth, which allows people to see their doctors by videoconference or telephone.

In last week’s executive order, the Trump Administration reaffirmed its commitment to the use of telehealth. While telehealth may be, in many ways, a panacea for access to healthcare, particularly in COVID times, we should be concerned that patients of color may be left behind.

Read More

Medicine doctor and stethoscope in hand touching icon medical network connection with modern virtual screen interface, medical technology network concept

Insufficient Protections for Health Data Privacy: Lessons from Dinerstein v. Google

By Jenna Becker

A data privacy lawsuit against the University of Chicago Medical Center and Google was recently dismissed, demonstrating the difficulty of pursuing claims against hospitals that share patient data with tech companies.

Patient data sharing between health systems and large software companies is becoming increasingly common as these organizations chase the potential of artificial intelligence and machine learning in healthcare. However, many tech firms also own troves of consumer data, and these companies may be able to match up “de-identified” patient records with a patient’s identity.

Scholars, privacy advocates, and lawmakers have argued that HIPAA is inadequate in the current landscape. Dinerstein v. Google is a clear reminder that both HIPAA and contract law are insufficient for handling these types of privacy violations. Patients are left seemingly defenseless against their most personal information being shared without their meaningful consent.

Read More

stethoscope on computer keyboard

How Traditional Health Records Bolster Structural Racism

By Adrian Gropper, MD

As the U.S. reckons with centuries of structural racism, an important step toward making health care more equitable will require transferring control of health records to patients and patient groups.

The Black Lives Matter movement calls upon us to review racism in all aspects of social policy, from law enforcement to health. Statistics show that Black Americans are at higher risk of dying from COVID-19. The reasons for these disparities are not entirely clear. Every obstacle to data collection makes it that much harder to find a rational solution, thereby increasing the death toll.

Read More

A frustrated woman sits at her desk, staring at her computer. Her head is resting in her hand

Patient-Directed Uses vs. The Platform

By Adrian Gropper, MD

This post originally appeared on The Health Care Blog.

This piece is part of the series “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?” which explores whether it’s possible to advance interoperability while maintaining privacy. Check out other pieces in the series here.

It’s 2023. Alice, a patient at Ascension Seton Medical Center Austin, decides to get a second opinion at Mayo Clinic. She’s heard great things about Mayo’s collaboration with Google that everyone calls “The Platform”. Alice is worried, and hoping Mayo’s version of Dr. Google says something more than Ascension’s version of Dr. Google. Is her Ascension doctor also using The Platform?

Alice makes an appointment in the breast cancer practice using the Mayo patient portal. Mayo asks permission to access her health records. Alice is offered two choices, one uses HIPAA without her consent and the other is under her control. Her choice is: Read More

DNA sequence

How the Internet and The Mapping of the Human Genome Disrupted the Teaching of Health Law: Does The 21st Century Really Change Everything?

This piece was part of a symposium featuring commentary from participants in the Center for Health Policy and Law’s annual conference, Promises and Perils of Emerging Health Innovations, held on April 11-12, 2019 at Northeastern University School of Law. The symposium was originally posted through the Northeastern University Law Review Online Forum.

Promises and Perils of Emerging Health Innovations Blog Symposium

We are pleased to present this symposium featuring commentary from participants in the Center for Health Policy and Law’s annual conference, Promises and Perils of Emerging Health Innovations, held on April 11-12, 2019 at Northeastern University School of Law. As a note, additional detailed analyses of issues discussed during the conference will be published in the forthcoming issue of the Northeastern University Law Review.

Throughout the two-day conference, speakers and attendees discussed how innovations, including artificial intelligence, robotics, mobile technology, gene therapies, pharmaceuticals, big data analytics, tele- and virtual health care delivery, and new models of delivery, such as accountable care organizations (ACOs), retail clinics, and medical-legal partnerships (MLPs), have entered and changed the healthcare market. More dramatic innovations and market disruptions are likely in the years to come. These new technologies and market disruptions offer immense promise to advance health care quality and efficiency, as well as improve provider and patient engagement. Success will depend, however, on careful consideration of potential perils and well-planned interventions to ensure new methods ultimately further, rather than diminish, the health of patients, especially those who are the most vulnerable.

In her post for the Promises and Perils of Emerging Health Innovations blog symposium, Jennifer S. Bard addresses many of the negative impacts of new health technologies, particularly as they apply to patient privacy. Bard points to special concerns in how we use health information related to DNA, mental health, and chronic illness. Throughout her piece, Bard also highlights the fact that law has not caught up to changes in technology and privacy issues, which causes more concern about how society and the healthcare system use these innovations.

How the Internet and The Mapping of the Human Genome Disrupted the Teaching of Health Law: Does The 21st Century Really Change Everything?

By Jennifer S. Bard

Read More

Illustration of a person running away carrying "stolen" 1's and 0's

Measuring Health Privacy – Part II

This piece was part of a symposium featuring commentary from participants in the Center for Health Policy and Law’s annual conference, Promises and Perils of Emerging Health Innovations, held on April 11-12, 2019 at Northeastern University School of Law. The symposium was originally posted through the Northeastern University Law Review Online Forum.

Promises and Perils of Emerging Health Innovations Blog Symposium

We are pleased to present this symposium featuring commentary from participants in the Center for Health Policy and Law’s annual conference, Promises and Perils of Emerging Health Innovations, held on April 11-12, 2019 at Northeastern University School of Law. As a note, additional detailed analyses of issues discussed during the conference will be published in the 2021 Winter Issue of the Northeastern University Law Review.

Throughout the two-day conference, speakers and attendees discussed how innovations, including artificial intelligence, robotics, mobile technology, gene therapies, pharmaceuticals, big data analytics, tele- and virtual health care delivery, and new models of delivery, such as accountable care organizations (ACOs), retail clinics, and medical-legal partnerships (MLPs), have entered and changed the healthcare market. More dramatic innovations and market disruptions are likely in the years to come. These new technologies and market disruptions offer immense promise to advance health care quality and efficiency, as well as improve provider and patient engagement. Success will depend, however, on careful consideration of potential perils and well-planned interventions to ensure new methods ultimately further, rather than diminish, the health of patients, especially those who are the most vulnerable.

In this two-part post for the Promises and Perils of Emerging Health Innovations blog symposium Ignacio Cofone engages in a discussion centered on the importance of addressing patients’ concerns when introducing new health technologies. While privacy risks may not always be avoided altogether, Cofone posits that privacy risks (and their potential costs) should be weighed against any and all health benefits innovative technology and treatments may have. To do so, Cofone introduces the concept of using health economics and a Quality-Adjusted Life Year (QALY) framework as a way to evaluate the weight and significance of the costs and benefits related to health technologies that may raise patient privacy concerns.

Measuring Health Privacy – Part II

By Ignacio N. Cofone

Read More