Blog from Alaap Shah and Ebunola Aniyikaiye of Epstein Becker Green.

On February 11th, blockchain advocates, digital health enthusiasts, and patients received positive news from the Center for Medicare and Medicaid Services (“CMS”) and the Ofce of the National Coordinator for Health Information Technology (“ONC”) regarding patient data sharing. These rules, taken together, seek to make data more liquid, which can promote patient access, continuity of care, research, collaboration across the industry and several other activities that previously faced challenges within a health care system built on data silos.

Download to read more...

Decision tree from Epstein Becker and Green: Does the California Consumer Privacy Act (CCPA), effective January 1, 2020, apply to my Organization?

August 12, 2019

New York has joined California, Massachusetts, and Colorado in adopting a law that requires businesses that collect private information on residents to implement reasonable cybersecurity safeguards to protect that information. New York’s law mandates the implementation of a data security program, including measures such as risk assessments, workforce training, incident response planning and testing, and secure data destruction protocols. Businesses should immediately begin the process to comply with the law’s requirements effective March 21, 2020. Notably, New York’s law covers all businesses, employers, or individuals, regardless of size or location, who collect private information on New York State residents.

Download to read more...

Presentation from eHI member Alaap B. Shah, Member of the Firm, Epstein Becker Green P.C. at eHI's August 28, 2019 Privacy and Security Task Force Meeting.

Presentation includes:

•HIPAA’s Role in Consumer Direct Health

•FTC’s Role in Consumer Direct Health

•State Law Developments

•ONC Proposed Rules on Interoperability

•Need for Regulatory Harmonization?

Health Information Management: Implications of Artificial Intelligence on Healthcare Data and Information Management

This paper explores the implications of artificial intelligence (AI) on the management of healthcare data and information and how AI technologies will affect the responsibilities and work of health information management (HIM) professionals.

A literature review was conducted of both peer-reviewed literature and published opinions on current and future use of AI technology to collect, store, and use healthcare data. The authors also sought insights from key HIM leaders via semi-structured interviews conducted both on the phone and by email.

The following HIM practices are impacted by AI technologies: 1) Automated medical coding and capturing AI-based information; 2) Healthcare data management and data governance; 3) Patient privacy and confidentiality; and 4) HIM workforce training and education.

HIM professionals must focus on improving the quality of coded data that is being used to develop AI applications. HIM professional’s ability to identify data patterns will be an important skill as automation advances, though additional skills in data analysis tools and techniques are needed. In addition, HIM professionals should consider how current patient privacy practices apply to AI application, development, and use.

AI technology will continue to evolve as will the role of HIM professionals who are in a unique position to take on emerging roles with their depth of knowledge on the sources and origins of healthcare data. The challenge for HIM professionals is to identify leading practices for the management of healthcare data and information in an AI-enabled world.

The full article can be downloaded below.

Hospitals are demanding secure medical devices before they buy

Medical devices such as pacemakers and infusion pumps are increasingly coming under scrutiny for being susceptible to cybersecurity attacks.

But how does a hospital know if it is buying a device at risk of being hacked?

Even if the device is approved by the Food and Drug Administration, it's just about impossible for a hospital to be certain that it is secure, according to Mike Kijewski, CEO of MedCrypt, a company that builds security features into medical devices.

Because of this, more hospitals are demanding that devices include security requirements upfront, he said.

"We really see this becoming part of decision-making criteria," he said. "Sales are being made or lost based on security."

The full Healthcare Finance article can be viewed at this link.  

Patients’ willingness to share digital health and non-health data for research: a cross-sectional study

Patients generate large amounts of digital data through devices, social media applications, and other online activities. Little is known about patients’ perception of the data they generate online and its relatedness to health, their willingness to share data for research, and their preferences regarding data use.

Patients at an academic urban emergency department were asked if they would donate any of 19 different types of data to health researchers and were asked about their views on data types’ health relatedness. Factor analysis was used to identify the structure in patients’ perceptions of willingness to share different digital data, and their health relatedness.

Of 595 patients approached 206 agreed to participate, of whom 104 agreed to share at least one types of digital data immediately, and 78% agreed to donate at least one data type after death. EMR, wearable, and Google search histories (80%) had the highest percentage of reported health relatedness. 72% participants wanted to know the results of any analysis of their shared data, and half wanted their healthcare provider to know.

Patients in this study were willing to share a considerable amount of personal digital data with health researchers. They also recognize that digital data from many sources reveal information about their health. This study opens up a discussion around reconsidering US privacy protections for health information to reflect current opinions and to include their relatedness to health.

The full article can be downloaded below.  

The Evolution of Elderly Telehealth and Health Informatics

Many elderly individuals experience memory loss and often dementia as they age. This causes problems for the elderly due to diminished skills and increase in medical problems and natural decline. The Veterans Health Administration (VHA) introduced a national home telehealth program, Care Coordination/Home Telehealth (CCHT). Its purpose was to coordinate the care of veteran patients with chronic conditions and avoid their unnecessary admission to long-term institutional care. Such programs are cost-effective. Long-term care insurance companies are likely to cover these services. Home care and nursing home corporations are following the VHA’s lead. We have recently witnessed significant advances in technology. Internet and mobile applications have opened a new world, providing information and opportunities for individuals to learn more information about illness and at a much faster rate. Smart home technology has evolved. Elderly patients often encounter difficulties using these technologies. Despite the advances in telehealth and telemedicine and the evolution of the technology, many individuals cannot afford the treatment or the technology. These same individuals and families are part of the digital divide, and they have not embraced the new technology. Federal programs have been developed and implemented to help this portion of the population.

The full chapter can be downloaded below.  

EXPLORING CHALLENGES AND OPPORTUNITIES IN CYBERSECURITY RISK AND THREAT COMMUNICATIONS RELATED TO THE MEDICAL INTERNET OF THINGS (MIOT)

As device interconnectivity and ubiquitous computing continues to proliferate healthcare, the Medical Internet of Things (MIoT), also well known as the, Internet of Medical Things (IoMT) or the Internet of Healthcare Things (IoHT), is certain to play a major role in the health, and well-being of billions of people across the globe. When it comes to issues of cybersecurity risks and threats connected to the IoT in all of its various flavors the emphasis has been on technical challenges and technical solution. However, especially in the area of healthcare, there is another substantial and potentially grave challenge. It is the challenge of thoroughly and accurately communicating the nature and extent of cybersecurity risks and threats to patients who are reliant upon these interconnected healthcare technologies to improve and even preserve their lives. This case study was conducted to assess the scope and depth of cybersecurity risk and threat communications delivered to an extremely vulnerable patient population, semi-structured interviews were held with cardiac medical device specialists across the United States. This research contributes to scientific data in the field of healthcare cybersecurity and assists scholars and practitioners in advancing education and research in the field of MIoT patient communications.

The full article can be downloaded below.  

Drugs And Blockchains

For decades, prescriptions have been written on paper. While this method is certainly easier for doctors, it presents many risks which need to be mitigated. The use of e-prescribing is up 500% in the U.S. since 2015. Though the UK and Europe are lagging in adoption, there is a significant drive to make Electronic Prescribing Systems (EPS) the norm.

International evidence shows that EPS may improve the safety of inpatient medicines management processes, reduce medication errors and, to a lesser extent, reduce adverse drug events. However, unintended consequences, including new errors, may occur. Evidence on the effects of EPS on workflow is limited and in my experience, e-prescribing can add significant time and administrative burden for busy doctors.

The full Forbes article can be viewed at this link.