With help from Darius Tahir (@dariustahir) and Tim Starks (@timstarks)

Editor’s Note: Morning eHealth is a free version of POLITICO Pro eHealth’s morning newsletter, which is delivered to our subscribers each morning at 6 a.m. The POLITICO Pro platform combines the news you need with tools you can use to take action on the day’s biggest stories.Act on the news with POLITICO Pro.

Quick Fix

— Public health relies on faxes, paper records as states reopen: The nation’s public health system, from the CDC to local agencies, is using outdated technology to gauge the virus’ spread and coordinate resources.

— Amazon, Salesforce get coronavirus tracing data contracts: California and New York City are partnering with cloud computing leaders on contact tracing.

— Privacy roundup: Amazon faces extra scrutiny in Europe, and high-profile coronavirus cases raise questions about HIPAA.

eHealth tweet of the day: Lisa Suennen @VentureValkyrie “I know my family loves me because they gave me ice cream and bourbon for #MothersDay. Breakfast, lunch and dinner of champions!”

It’s MONDAY at Morning eHealth. Tell us what you’re tracking at [email protected]. Tweet the team at @dariustahir, @ravindranize, @POLITICOPro and @Morning_eHealth.

Given the unprecedented public health challenge confronting regulatory affairs teams, the AgencyIQ leadership team has decided to pull research and analysis content concerning the virus and its regulatory implications in front of the paywall. It is available here: https://agencyiq.com/covid-19-resource-center/

Driving the Day

PANDEMIC TECH HIGHLIGHTS MISSED OPPORTUNITIES — The coronavirus crisis requires a cutting-edge, data-driven national health response as states begin to open up, but public health officials are still using paper records and fax machines to share data, Darius reports. The outdated technology is the result of years of missed opportunities, and modernization efforts that largely excluded public health agencies.

... Congress approved more than $500 million for health data in last month’s relief package, but disease trackers say they’re using paper reports and outdated spreadsheets for contact tracing and determining how many people were potentially exposed to the virus.

“Our ability to do the detection work we need to do is hampered,” said Raquel Bono, the coordinator of Washington state’s coronavirus response. “We don’t have a single data repository for tracing per se,” she said, adding that record-keeping and reporting is “primarily manual.”

... Those issues are playing out nationwide. Even when officials can access crucial data like cell phone tracking, they can’t connect the dots in real time, Darius writes. Instead they’re looking at unconnected and incomplete information, such as providers’ reports or lab test results.

Public health technology was in crisis even before the pandemic, but the novel coronavirus has significantly elevated concern. More than 100 Republicans and Democrats from both houses in Congress have pushed CDC for its plans for the $500 million data fund.

“Public health departments are unable to share data on cases, persons under investigation, laboratory tests and person-to-person transmission with the CDC seamlessly — instead they are forced to rely on a combination of methods: antiquated pen and paper, faxes, excel spreadsheets, phone calls, and manual entry,” a group of nine senators led by Richard Blumenthal (D-Conn.) wrote to Senate leaders.

CDC says it will detail spending plans in coming weeks, and will soon announce a first wave of grants for local health agencies. “Virtually every health department’s affected by this, in some fashion,” said Chesley Richards, the agency’s deputy director for public health science and surveillance.

SEEKING UPGRADES FOR STATE AND LOCAL IT — Four lawmakers are organizing a campaign for the next coronavirus relief package to include funding for state and local governments to modernize their technology. Reps. Jim Langevin (D-R.I.) and Mike McCaul (R-Texas), the leaders of the Congressional Cybersecurity Caucus, along with House Homeland Security cybersecurity subcommittee Chairman Cedric Richmond (D-La.) and Cyberspace Solarium Commission Co-Chairman Mike Gallagher (R-Wis.), asked lawmakers to join them on a letter to House leadership seeking the funding.

“Outdated digital infrastructure means that services don’t scale, so rapid relief is unavailable to large numbers in times of crisis,” the quartet wrote in a “dear colleague” message seen by our colleagues at Morning Cyber. “It means that government employees are unable to work remotely, putting them and their communities at risk. And it means that these systems are under increasing threat from malicious cyber actors looking to take advantage of the crisis.”

They recommend the bill should: maximize flexibility for systems that can receive funding; require states to submit modernization plans based on risk assessments that ensure access for local governments; and focus on long-term projects with some funds for immediate equipment and license needs.

Those funds should be on top of legislation like H.R. 5823, which would authorize $400 million in annual state grants to mitigate cybersecurity risks, the lawmakers said. “However, without separate, significant investments in IT modernization, it is very unlikely that states will be able to fully capitalize on these additional resources because their systems will be too old to defend,” they said in their planned letter to House leaders.

HHS IG DID SOMETHING BUT WON’T SAY WHAT — The Health and Human Services inspector general on Friday announced a report titled “HHS Operating Division Needs to Improve Security Controls to More Effectively Prevent Cyberattacks.” But in an unusual move, it added: “Due to the current public health emergency and increased cyber-activity, we are only posting the title of our cybersecurity audits.”

And yet, just last month the IG released results of an Ernst & Young audit that found significant shortcomings in HHS’ information security. The department in March suffered an unspecified cyber incident, and officials told CNN last month that HHS has seen a surge in daily attacks since the pandemic, with Russia and China the main suspects.

WARNING: WARNING — The FBI and DHS are preparing to accuse Chinese hackers of seeking “valuable intellectual property and public health data through illicit means related to vaccines, treatments and testing,” The New York Times reported on Sunday. The warning should come out in the next few days, The Times said. Although DHS would not comment to our colleagues at Morning Cyber on Sunday, the Times report mirrors some public remarks last month from John Demers, the head of DOJ’s National Security Division, that his department was particularly worried about Chinese hackers targeting U.S. labs and hospitals to steal coronavirus-related research.

BIG TECH SHOWS UP FOR CONTACT TRACING BUSINESS — California is hiring Amazon, Accenture and Salesforce to build the state’s data management system for contact tracing, POLITICO’s Kevin Yamamura reports. Public health officials say contact tracing is a key part of reopening states.

... But interest from big tech companies has drawn concern about data privacy and what those companies can do with the data they store on residents.

California’s Department of Finance informed the legislature last week that it plans to spend $18.7 million on contracts with the three companies: Salesforce is responsible for the platform, Amazon will operate a contact tracing call center, and Accenture will work on both efforts. A memo obtained by POLITICO says Massachusetts has used the same system and that the state will provide services to local public health departments for free.

Gov. Gavin Newsom has faced questions about how well the state is protecting residents’ data. State Sen. Hannah-Beth Jackson (D-Santa Barbara) argued for greater public oversight and transparency about data collection; she also raised questions about Apple and Google, which later this month plan to release an API for Bluetooth-based coronavirus exposure notifications.

Newsom did not disclose the tech firm deals last week but tried to assure residents that the state is protecting data, Kevin writes. “I want folks to know, particularly our immigrant communities, that we protect your data,” he said at his daily press conference. “This is not Big Brother. We do not share this data.”

… Salesforce has also scored a contract with New York City, CNBC reports. The cloud computing and customer relationship management company plans to build out a call center and a case tracking system to track potential cases, mayor Bill DeBlasio said last week.

TRICARE TO FOLLOW MEDICARE’S LEAD ON AUDIO-ONLY? — An interim final rule from the Assistant Secretary of Defense for Health Affairs set to publish this week would make an exception to a ban on telephone-based audio-only telehealth consultations and to eliminate co-pays and cost-sharing for the technology, among other steps.

Data Privacy

COMING UP THIS WEEK — Manatt Health partners Robert Belfort and Alexander Dworkowitz host a webinar Tuesday on coronavirus and privacy.

In privacy chatter: President Donald Trump’s disclosure that Vice President Mike Pence’s aide Katie Miller had tested positive for coronavirus raised questions on Twitter about any potential HIPAA violations, especially since he’s her employer. (HIPAA experts, Morning eHealth wants to hear your thoughts.)

What We're Reading

—Foley & Lardner’s Kyle Faget ran down the evolving telehealth landscape in a podcast last week.

—Lisa Bari and Ben Moscovitch point out in The Hill that the ONC and CMS interoperability rules are still on track and could support pandemic response. (By the way, comments on ONC’s draft federal IT strategic plan are now public.)

—The Houston Chronicle’s Gwendolyn Wu writes about med and health tech startups finding more demand during the pandemic.

Follow us on Twitter


• Mohana Ravindranath @ravindranize
• Darius Tahir @dariustahir

Follow Us