Panel: Cloud’s role in healthcare still up in the air

As hospitals and healthcare facilities continue to adopt electronic tools to store and share patient data, some are turning to cloud-based tools to meet their needs. What that means for privacy and protection still is up for debate, as evidenced in the tone of a discussion panel at last week’s Health Privacy Summit in Washington, D.C.

“When data is managed or stored in-house [by a provider], there’s a very clear responsibility of one company” to protect that data, Adrian Gropper, chief technology officer for Patient Privacy Rights, the non-porofit organization that hoted the event, said. “The cloud blurs that distinction–sometimes intentionally.”

Why privacy should be among the first considerations of a health care app developer

Given all the complexities app developers need to worry about already–user experience, piquing doctors’ and patients’ interest, performance, accommodation of multiple devices–do they have time to worry about patient privacy too? The Health Privacy Summit on June 5 and 6 in Washington, DC explained why they should–in fact, that a respect for privacy may do more to promote an app than any other feature.

The headlines over the past week should be enough to persuade you that you don’t want to be seen as one of the creeps. It’s takes more time and digging around, though, to learn what patients really want and how to write an app that fulfills their expectations.

Certainly, Fair Information Practices and proper security are a place to start, and below I’ll list a few things developers need to keep in mind. But overriding all these technical details are questions of business model. Can you make money without treating patients as so many assets to sell?

What Do Patients Really Think?

Health reform activists and privacy mavens have been at loggerheads for years. Those touting health reform complain that an oversensitivity to privacy risks would hold back progress in treatments. Running in parallel but in the opposite direction, the privacy side argues that current policies are endangering patients and that the current rush to electronic records and health information exchange can make things worse.

It’s time to get past these arguments and find a common ground on which to institute policies that benefit patients. Luckily, the moment is here where we can do so. The common concern these two camps have for giving patients power and control can drive technological and policy solutions.

Deborah Peel, a psychiatrist who founded Patient Privacy Rights, has been excoriated by data use advocates for ill-considered claims and statements in the past. But her engagement with technology experts has grown over the years, and given the appointment of a Chief Technology Officer, Adrian Gropper, who is a leading blogger on this site, PPR is making real contributions to the discussion of appropriate technologies.

PPR has also held three Health Privacy Summits in Washington, DC, at the Georgetown Law Center, just a few blocks from the Capitol building. Although Congressional aides haven’t found their way to these conferences as we hoped (I am on the conference’s planning committee), they do draw a wide range of state and federal administrators along with technologists, lawyers, academics, patient advocates, and health care industry analysts. The most recent summit, held on June 5 and 6, found some ways to move forward on the data sharing vs. privacy stand-off in such areas as patient repositories, consent, anonymization, and data segmentation. It also highlighted how difficult these tasks are.

Georgetown Law Hosts Health Privacy Summit

In 2007, an American woman who had once participated in a study sponsored by the National Institutes of Health stumbled upon her name, address, birth date, medical procedures and diagnosis stored on a German Internet site for video game enthusiasts.

“I expected complete privacy,” said the patient, who told her story via live video feed during a two-day Health Privacy Summit at Georgetown Law on June 5 and 6, co-hosted by the Law Center’s O’Neill Institute for National and Global Health Law and the Patient Privacy Rights coalition. “I expected the same kind of privacy that we all expect [when] we see our physicians and medical providers.”

Ways to put the patient first when collecting health data

The timing was superb for last week’s Health Privacy Summit, held on June 5 and 6 in Washington, DC. First, it immediately followed the 2000-strong Health Data Forum (Health Datapalooza), where concern for patients rights came up repeatedly. Secondly, scandals about US government spying were breaking out and providing a good backdrop for talking about protection our most sensitive personal information–our health data.

The health privacy summit, now in its third year, provides a crucial spotlight on the worries patients and their doctors have about their data. Did you know that two out of three doctors (and probably more–this statistic cites just the ones who admit to it on a survey) have left data out of a patient’s record upon the patient’s request? I have found that the summit reveals the most sophisticated and realistic assessment of data protection in health care available, which is why I look forward to it each year. (I’m also on the planning committee for the summit.) For instance, it took a harder look than most observers at how health care would be affected by patient access to data, and the practice of sharing selected subsets of data, called segmentation.

Park: Better Patient Engagement Will Boost Overall Health System

During an address at the Health Privacy Summit in Washington, D.C., last week, U.S. Chief Technology Officer Todd Park emphasized the importance of patients’ engagement in their own health care, FierceHealthIT reports.

Details of Park’s Comments

Park said, “Patient engagement — to quote Leonard Kish — might be the blockbuster drug of the 21st century,” adding, “This will vastly improve our health care system.”

He said, “From the very top of government, we’re incredibly serious about making sure patients can get a copy of their own records.”

Park noted that more than 88 million Americans to date have used the online Blue Button tool, which allows patients to download their own health records. That number is expected to reach 115 million by the end of the year, he said.

The importance of health IT adoption–from a parent’s perspective

Patient access and engagement have been on my brain of late. Sure, that has a lot to do with the fact I attended both Health Datapalooza and the Health Privacy Summit last week in Washington, D.C.–but it’s also due to a recent personal experience.

It took place a few weeks ago when I brought my child into the pediatrician for an on-again, off-again rash. After conversing with the doctor about the best plan of attack, I was told to take pictures the next time the rash appeared, to better help with diagnosis.

When I asked if the office had any sort of HIPAA compliant tools that would allow me to send such pictures electronically to the practice without having to set up another appointment, I was told it did not. When I asked about a patient portal for viewing records, the answer was the same.

I was disappointed, to say the least.

Health leaders: Increase data use to improve patient care

Day 2 of the 2013 Health Privacy Summit Thursday felt timely as news broke of the National Security Administration using a program called PRISM to extract user data from major tech companies like Google and Facebook. Healthcare technology has its own extensive security problems while the industry starts to understand the value of big data, and an expert panel offered their views at Georgetown Law Center in Washington, D.C.

In the day’s first panel discussion, “The Value of Health Data Inside Healthcare,” David Chao, Chief Technology Officer at the Washington, D.C.-based Advisory Board, said that the status quo in healthcare delivery today is not acceptable.”It’s obvious to everyone,” Chao said. “We need to improve outcomes.”

Anil Jain, Chief Medical Information Officer of Explorys, a secure software platform that allows healthcare systems to aggregate and manage big data, called the “transformation gap” in healthcare real. Data, Jain said, happens to be the way doctors and CIOs get transparency on what’s really happening.

Todd Park: Patient engagement will ‘vastly’ improve healthcare

Addressing a packed room at the Health Privacy Summit in Washington, D.C., this week, U.S. Chief Technology Officer Todd Park emphasized the importance of federal efforts to engage patients in their own healthcare.

“We’re in the middle of a huge cultural shift to get patients access to their records,” Park said. “Patient engagement–to quote Leonard Kish–may be the blockbuster drug of the 21st Century. This will vastly improve our healthcare system.”

Park, who previously served as CTO for the U.S. Department of Health & Human Services, spoke at length about the evolution of the Blue Button, which gives patients easy access to their medical records. He said that more than 88 million Americans now have access to their data via Blue Button, a number that is expected to grow to 115 million by the end of the year. More than one million people, to date have downloaded their data via Blue Button, he said.

Privacy experts: Health data security efforts too reactive

Privacy experts spoke about their data breach experiences Thursday at the Healthcare Privacy Summit in Washington, D.C., agreeing that what they’ve experienced likely is just the beginning for what’s possible in security fissures at healthcare organizations.

Omar Khawaja, a global project manager for Verizon, noted that 61 percent of breaches his group finds are for payment card information, and pointed out that the reactive system presently in place for combating such breaches is problematic.

“What does 911 look like in cyberspace? Who do you call when you have a breach?” Khawaja asked. “It takes months just to contain the breach.”

Bill Turner, Chief Privacy and Security Officer of Brookfield, Wis.-based Allium Healthcare, a technology consulting and staffing firm, said that most of the privacy errors he sees stem from human error. Turner recalled a story about a hospital having in its records that he had passed away, when it was really a man listed above him in the hospital’s logs.