May 21, 2020
Maverick’s Update
Only What Matters on Health Information Policy
Anyone for bingo? Maverick Health Policy doesn’t know anyone who is bored during this work-extra-from-home holiday we are on, but you can play a solid game of bingo during ONC’s all-day Patient Matching webinar on June 1st. How to play: grab a blank bingo card and fill in these terms: National Patient Identifier, duplicate(s), algorithm, name, address, date of birth, interoperability, data standard, data cleansing, patient safety (patient harm counts), biometrics, risk, medical errors, and blockchain. For all the open spaces on your card, write in “lack of consensus” or “consequences.” If you win, please turn in your bingo card to Maverick Health Policy to receive your “I’m the Real John Smith” button. (That's not actually going to happen, #COVID19humor).
There is nothing like a pandemic to bring on the “we can do it all” technical platforms: Microsoft Cloud for Healthcare can help keep track of a patient’s every interaction with a health care system; Medecision’s Aerial platform integrates COVID-19 assessments, care management programs, and mobile personal health care records; GE Healthcare, Google Cloud Healthcare API, UPMC + Abridge, and so, so, many others. Not convinced? Read Financial Times article Big Tech Searches For A Way Back Into Healthcare.
Wharton’s online business journal published a nice piece about how the pandemic is also spurring the federal government to make “meaningful advances” in modernization, including a list of eight federal agencies that are addressing COVID-19 problems with innovative technology-based solutions.
Never mind that experts believe that increasing the use and exchange of data (incentivized by the ONC and CMS interoperability rules) could support a better national response to the pandemic. Whenever you mix big tech with national government, people who were forced to read Orwell’s 1984 in high school start having Big Brother issues... like the ACLU, Democrats and Republicans, and in an interesting twist, the AMA is suddenly pro-lawyer, at least when it comes to privacy harms. Not to worry, the HHS Office of Civil Rights (the agency that enforces HIPAA) is staffing up. Read more on the health data privacy debate here.
One Thoughtful Paragraph
Cybersecurity isn’t just on the worry list of tech geeks or the FBI these days. An interesting piece in Healthcare IT News got us thinking about how health systems that slack on cybersecurity protections can cause real patient harm. And then we saw new guidance from a public-private health-focused cybersecurity task force that describes best practices for information sharing, COVID-19 telehealth services, and medical device security. The Congressional Cybersecurity Caucus is ramping up their influence, according to a Politico report -- lawmakers are asking for $400 million in annual state grants to mitigate cybersecurity risks in the next stimulus bill. The federal government could use a little cybersecurity mitigation too -- though it is not clear exactly what the problem is from this cryptic notice posted by the HHS OIG. There is little doubt that the pandemic has unleashed a dangerous set of cybercriminals. Our Department of Homeland Security and United Kingdom’s cybersecurity teams issued an alert about how to protect health information systems from malicious cyber actors, and then the FBI warned COVID-19 researchers to be on the lookout for public health data theft. But there are particular cybersecurity concerns related to how we re-open our economy, when our get-back-to-normal plans rely on a greater exchange of public health data. And, so far, this isn’t a great story elsewhere. The UK’s National Health Service contact tracing app is taking hits from cybersecurity experts, people in India are angry that their contact tracing app is mandatory -- and that app recently had a security lapse, and the World Health Organization is the target of a dramatic increase in cyberattacks. We are in a debate about whether Americans should have a choice about their public health data being tracked (even though we know that a low uptake rate is useless), but the exposure of health data to cybercriminals may be too great a risk.