Tag: HIPAA

Apple watch and fit bit.

Beyond HIPAA: A Proposed Self-Policing Framework for Digital Health Products

Vrushab Gowda Leave a comment

By Vrushab Gowda

As digital health products proliferate, app developers, hardware manufacturers, and other entities that fall outside Health Insurance Portability and Accountability Act (HIPAA) regulation are collecting vast amounts of biometric information. This burgeoning market has spurred patient privacy and data stewardship concerns.

To this end, two policy nonprofits – the Center for Democracy and Technology (CDT) and the eHealth Initiative (eHI) – earlier this month jointly published a document detailing self-regulatory guidelines for industry. The following piece traces the development of the “Proposed Consumer Privacy Framework for Health Data,” provides an overview of its provisions, and offers critical analysis.

Read More

Person typing on computer.

Lessons Learned from Deep Phenotyping Patients with Rare Psychiatric Disorders

The Petrie-Flom Center Staff Leave a comment

By Catherine A Brownstein and Joseph Gonzalez-Heydrich

Given the potential sensitivities associated with describing (i.e., phenotyping) patients with potentially stigmatizing psychiatric diagnoses, it is important to acknowledge and respect the wishes of the various parties involved.

The phenotypic description and depiction of a patient in the literature, although deidentified, may still be of great impact to a family.

By way of example, a novel genetic variant was identified as a likely explanation for the clinical presentation of a patient in a large cohort of individuals with neurodevelopmental and/or psychiatric phenotypes, a finding of great medical interest. The research team elected to further study this candidate and collected samples for functional evaluation of the gene variant and preparation of a case report.

Because the patient had a complicated phenotype, several physicians from various specialties were involved in the patient’s care. The paper draft was circulated amongst the collaborating clinicians and researchers and ultimately shared with the patient’s family by one of their involved caregivers. This is typically not a requirement of such studies, as the informed consent process includes the subjects’ understanding and consent for dissemination of deidentified results in the scientific literature. But as a general practice, families are informed about manuscripts in process, and in this case the family had requested to be kept abreast of ongoing developments.

Read More

Medicine doctor and stethoscope in hand touching icon medical network connection with modern virtual screen interface, medical technology network concept

Data Talking to Machines: The Intersection of Deep Phenotyping and Artificial Intelligence

Carmel Shachar Leave a comment

By Carmel Shachar

As digital phenotyping technology is developed and deployed, clinical teams will need to carefully consider when it is appropriate to leverage artificial intelligence or machine learning, versus when a more human touch is needed.

Digital phenotyping seeks to utilize the rivers of data we generate to better diagnose and treat medical conditions, especially mental health ones, such as bipolar disorder and schizophrenia. The amount of data potentially available, however, is at once both digital phenotyping’s greatest strength and a significant challenge.

For example, the average smartphone user spends 2.25 hours a day using the 60-90 apps that he or she has installed on their phone. Setting aside all other data streams, such as medical scans, how should clinicians sort through the data generated by smartphone use to arrive at something meaningful? When dealing with this quantity of data generated by each patient or research subject, how does the care team ensure that they do not miss important predictors of health?

Read More

USB drive

The False Dilemmas of the Fifth Circuit’s HIPAA Ruling

Leslie Francis Leave a comment

By Leslie Francis

In a caustic opinion issued on January 14, the Fifth Circuit vacated penalties assessed by the U.S. Department of Health and Human Services (HHS) against the University of Texas M.D. Anderson Cancer Center for HIPAA security breaches.

As has happened to many other health care entities, M.D. Anderson had employees who were not careful with their laptops and thumb drives (and the data therein). A laptop with the unencrypted protected health care information of nearly 30,000 patients was stolen. Unencrypted thumb drives with information on another almost 6,000 patients were lost. M.D. Anderson disclosed the security breaches to HHS, which assessed civil monetary penalties for violation of HIPAA’s encryption and disclosure rules. M.D. Anderson then filed a petition for review, which resulted in the Fifth Circuit holding that the agency action was arbitrary and capricious for failure to consider an important aspect of the problem.

Commentators have already pointed out that this decision will reverberate throughout the HIPAA enforcement world. As it does, I hope it is met with scorn, for it trades on the informal logical fallacy of the false dilemma in two noteworthy ways.

Read More

Person typing on computer.

Telehealth Policy Brought to the Fore in the COVID-19 Pandemic

Vrushab Gowda Leave a comment

By Vrushab Gowda

The COVID-19 pandemic has highlighted the value of telehealth as both a tool of necessity (e.g., minimizing infection risk, conserving thinly stretched healthcare resources, reducing cost) as well as of innovation.

Telehealth services have surged in recent months; in April alone, they constituted over 40 percent of primary care visits nationwide and over 73 percent of those in Boston. “Increasing Access to Care: Telehealth during COVID-19,” a recent publication in the Journal of Law and the Biosciences, dissects the issues that have accompanied the growth of telehealth and identifies further areas of potential reform.

Read More

A frustrated woman sits at her desk, staring at her computer. Her head is resting in her hand

Patient-Directed Uses vs. The Platform

Adrian Gropper Leave a comment

By Adrian Gropper, MD

This post originally appeared on The Health Care Blog.

This piece is part of the series “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?” which explores whether it’s possible to advance interoperability while maintaining privacy. Check out other pieces in the series here.

It’s 2023. Alice, a patient at Ascension Seton Medical Center Austin, decides to get a second opinion at Mayo Clinic. She’s heard great things about Mayo’s collaboration with Google that everyone calls “The Platform”. Alice is worried, and hoping Mayo’s version of Dr. Google says something more than Ascension’s version of Dr. Google. Is her Ascension doctor also using The Platform?

Alice makes an appointment in the breast cancer practice using the Mayo patient portal. Mayo asks permission to access her health records. Alice is offered two choices, one uses HIPAA without her consent and the other is under her control. Her choice is: Read More

Doctor types on a laptop

A Delicate Balance: Proposed Regulations May Upset the Tension between Accessibility and Privacy of Health Information

Oliver Kim Leave a comment

This piece was part of a symposium featuring commentary from participants in the Center for Health Policy and Law’s annual conference, Promises and Perils of Emerging Health Innovations, held on April 11-12, 2019 at Northeastern University School of Law. The symposium was originally posted through the Northeastern University Law Review Online Forum.

Promises and Perils of Emerging Health Innovations Blog Symposium

We are pleased to present this symposium featuring commentary from participants in the Center for Health Policy and Law’s annual conference, Promises and Perils of Emerging Health Innovations, held on April 11-12, 2019 at Northeastern University School of Law. Throughout the two-day conference, speakers and attendees discussed how innovations, including artificial intelligence, robotics, mobile technology, gene therapies, pharmaceuticals, big data analytics, tele- and virtual health care delivery, and new models of delivery, such as accountable care organizations (ACOs), retail clinics, and medical-legal partnerships (MLPs), have entered and changed the healthcare market. More dramatic innovations and market disruptions are likely in the years to come. These new technologies and market disruptions offer immense promise to advance health care quality and efficiency, and improve provider and patient engagement. Success will depend, however, on careful consideration of potential perils and well-planned interventions to ensure new methods ultimately further, rather than diminish, the health of patients, especially those who are the most vulnerable.

In his piece for the Promises and Perils of Emerging Health Innovations blog symposium, Oliver Kim emphasizes the important role trust plays in the provider-patient relationship. Kim unpacks the challenges that come with the introduction and incorporation of new health technology, and further cautions against the potential for erosion of trust when introducing third-parties into the relationship.

A Delicate Balance: Proposed Regulations May Upset the Tension between Accessibility and Privacy of Health Information

Read More

Photograph from above of a health care provider taking a patient's blood pressure.

Diving Deeper into Amazon Alexa’s HIPAA Compliance

Adriana Krasniansky 1 Comment

By Adriana Krasniansky

Earlier this year, consumer technology company Amazon made waves in health care when it announced that its Alexa Skills Kit, a suite of tools for building voice programs, would be HIPAA compliant. Using the Alexa Skills Kit, companies could build voice experiences for Amazon Echo devices that communicate personal health information with patients. 

Amazon initially limited access to its HIPAA-updated voice platform to six health care companies, ranging from pharmacy benefit managers (PBMs) to hospitals. However, Amazon plans to expand access and has identified health care as a top focus area. Given Thursday’s announcement of new Alexa-enabled wearables (earbuds, glasses, a biometric ring)—likely indicators of upcoming personal health applications—let’s dive deeper into Alexa’s HIPAA compliance and its implications for the health care industry.
Read More

Image of a young woman sitting in her bedroom in workout clothes checking a smart watch health app

Do You Know the Terms and Conditions of Your Health Apps? HIPAA, Privacy and the Growth of Digital Health

Mark Dennis Robinson Leave a comment

As more health care is being provided virtually through apps and web-based services, there is a need to take a closer look at whether users are fully aware of what they are consenting to, as it relates to their health information.

There needs to be a re-evaluation of how health apps obtain consent. At the same time, digital health offers an important opportunity to embolden privacy practices in digital platforms. We ought to use this important opportunity. Read More

DNA Donors Must Demand Stronger Privacy Protection

Mason Marks Leave a comment

By Mason Marks and Tiffany Li

An earlier version of this article was published in STAT.

The National Institutes of Health wants your DNA, and the DNA of one million other Americans, for an ambitious project called All of Us. Its goal — to “uncover paths toward delivering precision medicine” — is a good one. But until it can safeguard participants’ sensitive genetic information, you should decline the invitation to join unless you fully understand and accept the risks.

DNA databases like All of Us could provide valuable medical breakthroughs such as identifying new disease risk factors and potential drug targets. But these benefits could come with a high price: increased risk to individuals’ genetic data privacy, something that current U.S. laws do not adequately protect. Read More