search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
TEN TRANSFORMATIVE TRENDS 2020


Interoperability Rules, Pandemic Return Spotlight to Data Privacy


Should health information be an inherently protected class of data, rather than only when held by certain entities?


By David Raths T


aken together, the ONC Cures Act and the CMS Interoperabil- ity and Patient Access Final Rule


were generally applauded for boosting patient access to their clinical data, but they also re-ignited a debate about data privacy and appropriate usage, as some advocates felt the HIPAA framework requires amending to protect privacy as patients and clinicians embrace new data-driven tools to manage their health and deliver care.


Then the COVID-19 pandemic hit,


and it raised the data privacy debate to a whole new level. The emergency


terms of express consent for purposes like that in the public sphere,” Bari notes.


In a recent essay on the Electronic Lisa Bari


powers granted to public health agen- cies, combined with the power of smart- phone technology, could allow tracking of individuals in ways never seen before in the United States.


Lisa Bari, an independent healthcare IT policy consultant who previously served as the health IT and interoper- ability lead at the CMS Innovation Cen- ter, says there is a natural inclination during an emergency to want to share as much data as possible. She notes that the Health & Human Services Offi ce for Civil Rights (OCR) has been putting out guidance on regulations it will not be enforcing during the emergency period, including which platforms can be used for telehealth. But the idea of using phone location data in new ways or requiring COVID-status apps on smart- phones does raise civil liberties issues. “Using location data goes well beyond what we have allowed previously in


Frontier Foundation website, Adam Schwartz and Matthew Guariglia argue that there is a hazard that any data sur- veillance infrastructure built to contain COVID-19 could long outlive the crisis it was intended to address. “The gov- ernment and its corporate cooperators must roll back any invasive programs created in the name of public health after the crisis has been contained,” they write, adding that “any govern- ment use of ‘big data’ to track virus spread must be clearly and quickly explained to the public. This includes publication of detailed information about the information being gathered, the retention period for the information, the tools used to process that informa- tion, the ways these tools guide public health decisions, and whether these tools have had any positive or negative outcomes.” In a Q&A with Healthcare Innovation’s Rajiv Leventhal, the Mayo Clinic’s John Halamka, M.D., stressed that the key to success would be to make contact trac- ing using smartphones voluntary and anonymous. He says this presents a fascinating informatics challenge: pro- tecting privacy while at the same time having people share geo-location for the purposes of understanding contact tracking.


Expanding on HIPAA In December 2019 Bari co-authored a paper in Health Affairs that suggested several changes to health data privacy laws. One was to defi ne individually identifi able health information as an inherently protected class of data, rather than a class that is protected only when created or held by certain entities. “If my patient data is held by a covered entity under HIPAA, it is protected while inside the digital walls of that organization, but as soon as I use my right of access, which has been further strengthened by the ONC and CMS rules, and take my data via stan- dardized API to a third-party app that I


10 hcinnovationgroup.com | MAY/JUNE 2020 TEN


TRANSFORMATIVE TRENDS


2020


use on my phone, the data is no longer protected under HIPAA,” Bari explains. “The data is the same. It is still indi- vidually identifi able health information, which is very personal and private. I want to be able to use it, but I want it to be protected. And I don’t want apps to advertise or sell the data in a way that I am not in agreement with. Just because the data has moved to a new location doesn’t mean it changes. The data


“We do need some guiding legislation. We need some- thing new that is not HIPAA but that is informed by our decades of experience with HIPAA.”


-- Steven Lane, M.D.


itself should be inherently protected, not just based on its location. That is important.”


Bari also suggests codifying the per- mitted uses of such individually identifi able health information, absent explicit, ongoing, and granular patient consent. The fact that patients may not understand the ramifi cations of what they are consenting to is problematic. “That is a huge deal in every consumer- facing application,” she says. “We have the classic problem of terms of service that nobody reads and everyone agrees to. It is incredibly important with health information. Specifi cally, we want to make it clear that apps or third parties or other non-covered entities have to apply a fi duciary principle that they can’t


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32