July 31, 2020

Maverick Health Policy Update

Only What Matters on Health Information Policy

Whenever you’re trying to predict the future -- say, what the health care system is going to look like post-pandemic -- it is always a good idea to follow the money. Apparently, we are going to be living in an all-digital, all telehealth, and age-in-place remote monitoring-enabled world. What we need is a television series so we can all see our future on the screen and start to believe -- like Star Trek did for cell phones. As Trekkies know, Captain Kirk first used his “communicator” to call for help for an injured Spock -- more proof that everything is about health care. While we wait for our Digital Health Star Trek series, this is what we found interesting this week:

1. Three federal agencies (HHS, VA and Energy) announced the “COVID-19 Insights Partnership” which will share health data, research, and expertise to combat the virus. The health agencies are interested in using the Department of Energy’s computing power and Artificial Intelligence resources to focus on vaccine and therapeutic development and outcomes, virology, and other scientific topics to understand COVID-19 better.

2. In a blog post published on July 28, the Office of the National Coordinator for Health IT touted its newish informational resource that makes recommendations for HL7 FHIR-supported pediatric technology products. Mostly, it outlines information technology certification criteria that is consistent with the American Academy of Pediatrics’ clinical priorities.

3. In a publication dated July 28, ASPE offers a snapshot of telehealth utilization in Medicare with data reflecting visits up to early June in 2020.

One Thoughtful Paragraph

It is difficult to find something that is going right in health care right now, but maybe it is how we are handling data breaches. A recent decision by a federal district court basically declared a “no harm no foul” rule for ransomware attacks, saying that the provider took appropriate preventative steps on the front end and acted quickly and thoroughly when a data security incident happened -- so that no misuse of data occurred, and any alleged harm was “pure applesauce.” [Nod to Bass Berry & Sims for bringing this to our attention.] So if the data privacy golden rule is “behave properly and you have nothing to worry about,” this bodes well for the voluntary codes of conduct and consumer health data privacy frameworks that are being created and polished by health data-focused organizations like eHI / Center for Democracy and Technology, the Robert Wood Johnson Foundation and Manatt Health, Health Innovation Alliance, and the CARIN Alliance. But Dr. Don Rucker, head of HHS ONC, recently warned that many health data privacy issues have yet to be addressed. Indeed -- which is why an antitrust hearing over the market power of Facebook, Amazon, Apple and Google often sank into a finger-wagging “protect privacy better” demand by Members of Congress. And therein lies the worry -- a big federal data privacy law, like Europe’s GDPR, may protect health data so much that the flow of information to providers and patients will stop or slow or not go where it is supposed to go out of fear of violating a new privacy law. And the pandemic has not helped the scare factor of cybersecurity threats. So now is a good time to double-down on health data protection efforts.