Diverse crowd of adults on a bus, all using smartphones

ACCESS Act Points the Way to a Post-HIPAA World

By Adrian Gropper

The October 22 announcement starts with: “U.S. Sens. Mark R. Warner (D-VA), Josh Hawley (R-MO) and Richard Blumenthal (D-CT) will introduce the Augmenting Compatibility and Competition by Enabling Service Switching (ACCESS) Act, bipartisan legislation that will encourage market-based competition to dominant social media platforms by requiring the largest companies to make user data portable – and their services interoperable – with other platforms, and to allow users to designate a trusted third-party service to manage their privacy and account settings, if they so choose.”

Although the scope of this bill is limited to the largest of the data brokers (messaging, multimedia sharing, and social networking) that currently mediate between us as individuals, it contains groundbreaking provisions for delegation by users that is a road map to privacy regulations in general for the 21st century.

Read More

Photograph of a doctor in blue scrubs overlaid with an illustration of a padlock

Nudges or Shoves in the Secondary Use of Health Data: What is the More Desirable Approach? (Part 2)

By Marcelo Corrales Compagnucci, Janos Meszaros & Timo Minssen

This post is the second part in a two-part series about nudge theory, health data, and the U.K.’s National Data Opt-out System. You can read the first part here

Governments are always actively trying to improve their health care systems, and the secondary use of health data is one way of reaching this goal effectively. The secondary use of health data involves the use of health care data collected for a new purpose, such as research and policy planning. This data is usually collected from hospitals and health care systems – large databases containing administrative, medical, health care, and personal data from patients.

Read More

Handcuffs on a pile of pills

Emergency Department Psychiatric Holds: A Form of Medical Incarceration?

Wait times and length of stay in emergency departments are a hot topic and often result in a variety of identifiable harms that include medical error and failures to meet quality care measures. Patients with psychiatric conditions, including suicidal ideations, risk for harm to others, or psychosis, are particularly vulnerable to increased emergency department (ED) lengths of stay. The length of ED holds for psychiatric patients can be three-fold that of similar holds for medical patients. Lack of access to appropriate care, comorbid medical illness, or violent behavior can all contribute to this.

Increased length of stay impacts the efficiency of the ED itself, increasing wait times, utilizing human resources and physical space. It has a more important impact, however, on the patient. Patients may be held in a small room with constant observation for days with little or no access to natural light, bathing facilities or contact with family or friends. They may be dressed in paper gowns, told when to eat, when to sleep and confined to their room for days at a time, emulating the conditions in a maximum security prison. Emergency Departments, through no fault of their own, are becoming holding cells for patients who are both vulnerable and often marginalized.

Read More

Reality star Kim Kardashian at the CFDA Awards at the Brooklyn Museum on June 4, 2018.

Can Kim Kardashian Help Bioethics? Celebrity Data Breaches and Software for Moral Reflection

In 2013, Kim Kardashian entered Cedars-Sinai Medical Center in Los Angeles.

During her hospitalization, unauthorized hospital personnel accessed Kardashian’s medical record more than fourteen times. Secret “leaks” of celebrities’ medical information had, unfortunately, become de rigueur. Similar problems befell Prince, Farah Fawcett, and perhaps most notably, Michael Jackson, whose death stoked a swelling media frenzy around his health. While these breaches may seem minor, patient privacy is ethically important, even for the likes of the Kardashians.

Since 2013, however, a strange thing has happened.

Across hospitals both in the U.S. and beyond, snooping staff now encounter something curious. Through software, staff must now “Break the Glass” (BTG) to access the records of patients that are outside their circle of care, and so physicians unassociated with Kim Kardashian’s care of must BTG to access her files.

As part of the BTG process, users are prompted to provide a reason why they want to access a file. Read More

image of hands texting on a smart phone

Artificial Intelligence for Suicide Prediction

Suicide is a global problem that causes 800,000 deaths per year worldwide. In the United States, suicide rates rose by 25 percent in the past two decades, and suicide now kills 45,000 Americans each year, which is more than auto accidents or homicides.

Traditional methods of predicting suicide, such as questionnaires administered by doctors, are notoriously inaccurate. Hoping to save lives by predicting suicide more accurately, hospitals, governments, and internet companies are developing artificial intelligence (AI) based prediction tools. This essay analyzes the risks these systems pose to safety, privacy, and autonomy, which have been under-explored.

Two parallel tracks of AI-based suicide prediction have emerged.

The first, which I call “medical suicide prediction,” uses AI to analyze patient records. Medical suicide prediction is not yet widely used, aside from one program at the Department of Veterans Affairs (VA). Because medical suicide prediction occurs within the healthcare context, it is subject to federal laws, such as HIPAA, which protects the privacy and security of patient information, and the Federal Common Rule, which protects human research subjects.

My focus here is on the second track of AI-based suicide prediction, which I call “social suicide prediction.” Though essentially unregulated, social suicide prediction uses behavioral data mined from consumers’ digital interactions. The companies involved, which include large internet platforms such as Facebook and Twitter, are not generally subject to HIPAA’s privacy regulations, principles of medical ethics, or rules governing research on human subjects.

Read More

DNA Donors Must Demand Stronger Privacy Protection

By Mason Marks and Tiffany Li

An earlier version of this article was published in STAT.

The National Institutes of Health wants your DNA, and the DNA of one million other Americans, for an ambitious project called All of Us. Its goal — to “uncover paths toward delivering precision medicine” — is a good one. But until it can safeguard participants’ sensitive genetic information, you should decline the invitation to join unless you fully understand and accept the risks.

DNA databases like All of Us could provide valuable medical breakthroughs such as identifying new disease risk factors and potential drug targets. But these benefits could come with a high price: increased risk to individuals’ genetic data privacy, something that current U.S. laws do not adequately protect. Read More

Another Blow to Tort Reform in Florida: Statute Allowing Defendants in Medical Malpractice Suits to Hold Ex Parte Interviews with the Aggrieved Patient’s Care Providers Declared Unconstitutional

By Alex Stein

STEIN on Medical Malpractice has recently published a survey of noteworthy court decisions in the field for 2017. This survey includes an important decision, Weaver v. Myers, 229 So.3d 1118 (Fla. 2017), that voided Florida statute allowing defendants in medical malpractice suits to hold ex parte interviews with the aggrieved patient’s care providers.

The case at bar involved a medical malpractice suit filed in connection with the patient’s allegedly wrongful death. The defendants attempted to take advantage of Florida’s pre-suit discovery statute, Fla. Stat. Ann. §§ 766.106, 766.1065. This statute authorized defense attorneys to hold secret ex parte interviews with all doctors and organizations that have ever provided treatment to the deceased patient.

The Florida Supreme Court decided that this statute violates the broad constitutional right to privacy under Fla. Const. art. 1, § 23. The Court reasoned that “The ex parte secret interview provisions of sections 766.106 and 766.1065 fail to protect Florida citizens from even accidental disclosures of confidential medical information that falls outside the scope of the claim because there would be no one present on the claimant’s behalf to ensure that the potential defendant, his insurers, his attorneys, or his experts do not ask for disclosure of information from a former treating health care provider that is totally irrelevant to the claim.” The Court also clarified that “the right to privacy in the Florida Constitution attaches during the life of a citizen and is not retroactively destroyed by death. Here, the constitutional protection operates in the specific context of shielding irrelevant, protected medical history and other private information from the medical malpractice litigation process. Furthermore, in the wrongful death context, standing in the position of the decedent, the administrator of the decedent’s estate has standing to assert the decedent’s privacy rights. Finally, the Legislature unconstitutionally conditioned a plaintiff’s right of access to courts for redress of injuries caused by medical malpractice, whether in the wrongful death or personal injury context, on the claimant’s waiver of the constitutional right to privacy.”

Sharing Data for 21st Century Cures – Two Steps Forward…

By Mary A. Majumder, Christi J. Guerrini, Juli M. Bollinger, Robert Cook-Deegan, and Amy L. McGuire

The 21st Century Cures Act was passed with support from both sides of the aisle (imagine that!) and signed into law by then-President Obama late last year. This ambitious legislation drives action in areas as diverse as drug and device regulation and response to the opioid epidemic. It also tackles the issue of how to make data more broadly available for research use and clinical purposes. In our recently published GIM article, “Sharing data under the 21st Century Cures Act,” we examine the Act’s potential to facilitate data-sharing, in line with a recent position statement of the American College of Medical Genetics and Genomics. We highlight a number of provisions of the Act that either explicitly advance data-sharing or promote policy developments that have the potential to advance it. For example, Section 2014 of the Act authorizes the Director of National Institutes of Health to require award recipients to share data, and Section 4006 requires the Secretary of Health and Human Services to promote policies ensuring that patients have access to their electronic health information and are supported in sharing this information with others.

Just as relevant, the Act takes steps to reduce some major barriers to data sharing. An important feature of the Act, which has not been extensively publicized, is its incorporation of provisions from legislation originally proposed by Senators Elizabeth Warren and Mike Enzi to protect the identifiable, sensitive information of research subjects. Senator Warren, in particular, has been a vocal advocate of data sharing. Arguably, one of the biggest barriers to sharing is public concern about privacy. The relevant provisions address this concern chiefly via Certificates of Confidentiality. Among other things, the Act makes issuance of Certificates automatic for federally-funded research in which identifiable, sensitive information is collected and prohibits disclosure of identifiable, sensitive information by covered researchers, with only a few exceptions such as disclosure for purposes of other research. These protections became effective June 11, 2017. While NIH has signaled its awareness of the Act, it has not yet updated its Certificates of Confidentiality webpage. Read More

Hormonal Treatment to Trans Children – But what if?

A few weeks ago I ran across this BuzzFeed post, telling the story of Corey Mason, a 14 year old male to female Trans teenager who was filmed getting her first pack of estrogen hormones. Her mom Erica, who uploaded the video to Facebook and YouTube, spurred a social-media discussion on the topic of hormonal treatment for Trans children and youth.

Erica said the vast majority of reactions were very supportive. On the other hand, different views and opinions were put on the table as well, even from people who ally completely with Trans identity politics.  One of them, a Trans woman, said she fears from rushing (perhaps gay) teenagers into irreversible treatments, as most Trans kids “GROW OUT OF IT”. Aoife commentThis position was also taken by Alice Dreger, a Bioethicist and a historian writing on Intersex issues, in describing the uneasy choice between the two models available at the moment: On the one hand you have the ‘therapeutic model’ offering mental health support to the Trans person and/or family, to help ease up the tensions caused by gender identity dysphoria (GID). This model aims to relax the dysphoria and so avoids any medical irreversible interventions. On the other hand, you have the ‘accommodation model’ asserting there’s nothing wrong with the trans person and/or his/her family, and so offers medical interventions to accommodate it.[1]

Read More

Ebola and Privacy

By Michele Goodwin

As the nation braces for possibly more Ebola cases, civil liberties should be considered, including patient privacy.  As news media feature headline-grabbing stories about quarantines,  let’s think about the laws governing privacy in healthcare. Despite federal laws enacted to protect patient privacy, the Ebola scare brings the vulnerability of individuals and the regulations intended to help them into sharp relief.

In 1996, Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) to protect patient privacy.  Specifically, HIPAA’s Privacy Rule requires that healthcare providers and their business associates restrict access to patients’ health care information.  For many years, the law has been regarded as the strongest federal statement regarding patient privacy. But it may be tested in the wake of the Ebola scare with patients’ names, photographs, and even family information entering the public sphere.

Ebola hysteria raises questions not only about how to contain the disease, but also to what extent Americans value their healthcare privacy.  What liberties are Americans willing to sacrifice to calm their fears?  How to balance the concern for public welfare with legal and ethical privacy principles?  For example, will Americans tolerate profiling travelers based on their race or national origin as precautionary measures?  What type of reporting norms should govern Ebola cases?  Should reporting the existence of an Ebola case also include disclosing the name of the patient?  I don’t think so, but the jury appears out for many.