Google’s partnership alarms patients, privacy advocates, HHS

With help from Arthur Allen (@arthurallen202) and Mohana Ravindranath (@ravindranize)

Editor’s Note: This edition of Morning eHealth is published Mondays, Wednesdays and Fridays at 10 a.m. POLITICO Pro eHealth subscribers hold exclusive early access to the newsletter each morning at 6 a.m. Learn more about POLITICO Pro’s comprehensive policy intelligence coverage, policy tools and services at politicopro.com.

Quick Fix

— Google partnership raises hullabaloo: The Google-Ascension partnership — which reportedly features company coders sifting through millions of patients’ data in the name of better, more predictive tech — might be legal, and it definitely has people angry. What does that mean?

— Colorado opens up new front in PDMP privacy fight: We’ve got a second state making Fourth Amendment claims to resist the federal government from going through prescription drug data with a subpoena.

— Research data policies bloom: And we’ve got some new policies and proposals on how to do research in a more connected age.

And more. But first … the jump.

eHealth tweet of the day: Niall Brennan @N_Brennan “[Google/Ascension partnership] is a giant nothingburger. Oooooh Google has your data! Organizations have been sharing and exchanging this type of info for years within the boundaries of HIPAA. Anything to the contrary is just clickbait.”

WEDNESDAY: It’s starting to get cold — at least where your correspondent’s huddling in. Any winter fun we’re looking forward to? Share winter activities by email at [email protected]. Discuss hot chocolate and the like socially at @arthurallen202, @dariustahir, @ravindranize, @POLITICOPro and @Morning_eHealth.

Driving the Day

GOOGLE PARTNERSHIP RAISES ALARMS — Google’s partnership with Ascension has made patients and privacy advocates uncomfortable — and triggered an investigation by HHS’ Office for Civil Rights, according to a report by The Wall Street Journal. But the deal may be perfectly legal, experts tell us. Under HIPAA, health systems can hand over data to contractors who help them fulfill internal operations; sometimes those groups can use deidentified datasets for their own purposes, Ciitizen’s Deven McGraw, formerly of OCR, told POLITICO.

It might not be illegal, but that doesn’t mean it’s not creepy, and until privacy protections shift to align with patients’ expectations for what can be done with their data, patients need to be educated on where the gaps are, said Megan Doerr, principal scientist at Sage Bionetworks.

It’s in companies’ best interest to talk about such partnerships, McGraw said. Google and Ascension published a blog post and press release on the partnership only after The Wall Street Journal’s report revealing the project Monday. “People don’t like to be surprised about what happens with their health data and it’s unfortunate,” McGraw said. “They’ve missed an opportunity to build trust.”

COLORADO OPENS UP NEW FRONT IN PDMP PRIVACY — A second state is testing the extent of Fourth Amendment protections on prescription drug data in the wake of a landmark Supreme Court case.
The test was revealed as part of a DEA lawsuit attempting to force Colorado to comply with a pair of administrative subpoenas seeking prescription drug monitoring program data relevant to an investigation into some allegedly suspicious dispensing patterns. Colorado, the federal government claims, is trying to redact personally identifiable information out of Fourth Amendment concerns. (The federal government says there are legal protections against unwarranted disclosure.)

This is the second time in recent months that a state has attempted to resist federal government subpoenas. In October, New Hampshire and the ACLU raised similar Fourth Amendment concerns before the U.S. appeals court in Boston, as we’ve previously noted.

Civil libertarians are hoping to capitalize on a landmark Supreme Court case, Carpenter vs. United States, which placed guardrails on the government’s use of administrative subpoenas for some data contained in third-party databases.

If courts gradually force law enforcement to seek search warrants before investigating PDMP data, it would have a big effect on the number of queries of these databases: In some states, law enforcement has made thousands of queries annually; in other states, a mere handful.

— Florida AG gets access to PDMP data: A Sunshine State judge has granted the Florida attorney general, Ashley Moody, access to the state’s prescription drug monitoring program data as part of a lawsuit against opioid manufacturers and pharmacies, our Florida colleague Alexandra Glorioso reports.

Veterans

“PULSE CHECK": DAVID SHULKIN ON LEADING THE VA — The former VA secretary joined POLITICO’s Arthur Allen to discuss his 14-month tenure overseeing the agency under President Donald Trump and concerns about the agency’s future.

— Big concern: Implementing the MISSION Act. Shulkin warned that technical elements inside the sweeping legislation, which governs how veterans seek care in the private sector, could have some “unintended consequences.” The new access standards, he said, “may end up hurting the future of the VA and leading towards, ultimately, privatization.”

— The VA’s multibillion-dollar shift to Cerner also presents threats. “This is the biggest electronic health record implementation in the country, in a very complex environment,” Shulkin warned.

— He also defended Trump, despite the headaches caused by his Mar-a-Lago pals. “I’m not sure that [Trump] had a great understanding of all of these people that were working on separate agendas,” said Shulkin, who was fired in March 2018 and is the author of a new book on his VA tenure.

Listen to the episode.

Research Corner

RESEARCH DATA POLICIES BLOOM — Some updates from researchers trying to figure out this new world of available data:

— New ethics recs on mobile device-enabled research: A group of NIH-funded researchers on Tuesday released ethics and best practice guidelines for states, federal agencies, consumer tech companies and app developers conducting or overseeing unregulated health research using mobile devices. Their purpose was to narrow the gap separating stringent Common Rule requirements that govern federally funded research from the growing number of studies being conducted by everyone from Google Health to tiny rare-disease patient groups.

“Most developers don’t set out to be unethical,” said John Wilbanks of Sage Bionetworks, a lead investigator on the study that led to the recommendations. “But they are moving fast.’’

Wilbanks noted that Google and Apple have powerful roles because of their popular research software platforms, which could set a template for research that respects privacy and security needs. Apple requires a consent form and an investigational review board for research using its ResearchKit; Google has not yet done the same with its ResearchStack for Android phones, Wilbanks said.

The researchers, at a briefing in Washington, said their recommendations might also guide the ethical use of EHR data that CMS and ONC interoperability rules will soon free from HIPAA-protected spaces. “We’re going to see more massively integrated datasets that include not only mobile health from Fitbit, but also direct-to-consumer genetics and EHR data, integrated into a single app,” said Doerr, Sage’s chief scientist. “As researchers we have to make it clear to consumers that we don’t know how secure this data is,” added Michelle McGowan of Cincinnati Children’s Hospital.

Mobile-conducted research can provide intensely detailed, invaluable health information, but it can facilitate poor studies as well, Wilbanks said. “Think about the effect of one retracted paper on autism,” he said, referring to the discredited 1998 Lancet article linking autism to the MMR vaccine. “We’re scaling that out, removing peer review and third-party ethical review … it’s pretty easy to see a path for grifters to exploit this, or for people who are hopeful despite the evidence. We need to regulate towards giving the hopeful people context, and giving the grifters some pause.”

— New data to debut on HCCI next fall: The Health Care Cost Institute is set to add claims data from millions of patients as of next fall, the organization announced Tuesday. The data comes from Blue Health Intelligence and helps make up a shortfall from the exit of UnitedHealthcare.

— AMIA blasts NIH data strategy: The American Medical Informatics Association isn’t pleased with the NIH draft data-sharing policy published last week. The agency would require researchers to submit a data management and sharing plan, but AMIA’s Doug Fridsma says the requirements are too skimpy.

“Rather than limit data sharing plans to two pages or a ‘just-in-time’ review that happens after funding decisions are made, the NIH must take a science-based approach to data sharing and take a position of leadership to maximize the value of data,” Fridsma said, adding that, as written, the policy was a “check-the-box requirement.”

OIRA MEETINGS ON TAP FOR BIG INTEROP RULES — OMB’s Office of Information and Regulatory Affairs today kicks off a series of three meetings regarding a pair of big interoperability rules.

OIRA, which reviews government regulations before they’re officially promulgated, will meet with Aledade and Sirona Strategies this afternoon regarding CMS’s half of the interoperability rule. Aledade’s Farzad Mostashari tells us that they’ll be advocating for the admit, discharge, and transfer requirement to remain in the final rule.

Up next, OIRA has two meetings scheduled on ONC’s rule, which defines what is and isn’t information blocking, and makes open APIs a requirement. The first, on Nov. 21, is on behalf of Epic Systems. While the Verona, Wisc. EHR giant is supportive of the overall rule’s goals, “We are meeting with OIRA because there are concerns health systems and EHR developers have with the proposed rule,” a company spokesperson told us.

The second, on behalf of (deep breath in) CHIME, AMIA, the AMA, the AHA, FAH, AHIMA, MGMA, and Premier (exhales),will be on Dec. 2. CHIME’s Mari Savickis declined comment on the subject of the meeting, though those groups petitioned HHS to reopen the rulemaking process on this regulation in a September Health Information Technology Advisory Committee meeting.

PLANNED PARENTHOOD’S ABORTION CARE FINDER — The reproductive health nonprofit has a new tool mapping the nearest Planned Parenthood and detailing legal requirements by state, including mandatory waiting periods, consent laws, parental notification and gestational limits. It’s the latest of the nonprofit’s efforts to reach potential patients via technology as lawmakers and the Trump administration move to restrict access to abortion services, according to Alexis McGill Johnson, Planned Parenthood’s acting president and CEO. The group already has a telehealth app.

What We're Reading

FDA still allowing secret reports on medical device adverse events, the Minnesota Star-Tribune reports.

Health Affairs bloggers call for a Health Information Agency.

HIStalk interviews new athenahealth CEO Bob Segert.

Follow us on Twitter

Mohana Ravindranath @ravindranize
Darius Tahir @dariustahir

Google’s partnership alarms patients, privacy advocates, HHS

Quick Fix

Driving the Day

Veterans

Research Corner

What We're Reading

Follow us on Twitter

Follow Us

Friday, 7/10/20

Wednesday, 7/8/20

Wednesday, 7/1/20

Monday, 6/29/20

Friday, 6/26/20

Judge Cannon indefinitely postpones Trump’s classified docs trial

Unexpected warning signs for Trump in busy Indiana primary

Stormy spoke. Trump fumed. Jurors were captivated — but also cringed.

Being Held in Contempt Might Not Be Trump’s Biggest Problem

Kristi Noem snaps at Fox Business host over dog questions: ‘This interview is ridiculous’