With help from Arthur Allen (@arthurallen202) and Darius Tahir (@dariustahir)

Editor’s Note: This edition of Morning eHealth is published weekdays at 10 a.m. POLITICO Pro eHealth subscribers hold exclusive early access to the newsletter each morning at 6 a.m. To learn more about POLITICO Pro’s comprehensive policy intelligence coverage, policy tools and services, click here.

On tap this week: HHS and the American Society of Nephrology’s KidneyX Summit kicks off today, and on Tuesday House Democrats get their first chance since 2010 to draw up an HHS spending bill. Here’s what else we’re tracking:

—HHS moves to slash HIPAA fines: A new legal interpretation would lower financial penalties for some HIPAA violations.

—CMS audit turns up even more inappropriate payments: In a letter to Sen. Chuck Grassley, Administrator Seema Verma said the agency doled out more improper meaningful use payments than a watchdog report initially found, but that it was working on recouping them.

—Early lessons on patient-generated health data: A new studyin JAMIA found data security concerns and lack of reimbursement could be stumbling blocks for getting more patient-generated information into the health system.

eHealth Tweet thread of the day: Benedict Evans @benedictevans Perfect eg of trade-offs around privacy, and the fact that the same tool can be perceived very differently depending on the label. ‘Protect your kids’ versus ‘track your ex’ sound different but they’re the same app.Tough to ban one without banning the other. So which is it? 3/3

It’s MONDAY at Morning eHealth. What’s going on this week? News tips go to [email protected]. Reach the rest of the team at @arthurallen202, @dariustahir, @ravindranize, @POLITICOPro and @Morning_eHealth.

HHS’ NEW TAKE ON HIPAA—HHS’s Office for Civil Rights recently published a new legal interpretationthat should reduce some fines for HIPAA violations, which until now have been $1.5 million annually for each category, eHealth’s Arthur Allen reports.

The Office of Civil Rights has historically collected $1.5 million for violations — which could include data breaches or inadequate risk assessments — regardless of their severity. But going forward, OCR Director Roger Severino said, only the violators who demonstrate “willful neglect” will pay the highest fine; lower tier offenders would pay $25,000 max for each illegal category.

... Joy Pritts, who led an HHS privacy office in the Obama administration, warned that this change could hurt consumers. The 2009 HITECH law created new requirements for providers under HIPAA. The language “can be clearly interpreted as providing for a $1.5 million cap on all four tiers,” Pritts said. “OCR interpreted it that way for years and it was a consumer-friendly approach. This administration is choosing not to.”

OCR collected a record $28.6 million in penalties last year, which supplemented its 2018 budget of $39 million. The administration is seeking just $30 million in 2019. Pros can read more from Arthur here.

CMS’ PLANS FOR RECOUPING IMPROPER MEANINGFUL USE PAYMENTS— Verma acknowledged last week in a letter to Senate Finance Chairman Chuck Grassley that an agency audit turned up more improper incentive payments than a watchdog report originally found in 2017. But she said efforts to recoup those and other payments were ongoing, and that the agency has been conducting more audits and or making downward payment adjustments for some providers.

Grassley in February launched an inquiry into improper payments. In her response, Verma noted that CMS had identified an additional $1,961 in overpayments to 14 professionals; a 2017 survey by the inspector general’s office foundthat those 14 had been paid $291,222 for adopting electronic health records systems without meeting federal attestation requirements.

Based on its survey of those professionals, the watchdog estimated that CMS had improperly paid out more than $700 million. Pros can read the rest here.

WHAT DO WE KNOW ABOUT PATIENT GENERATED HEALTH DATA?—A new survey from Julia Adler-Milstein and Paige Nong might temper some enthusiasm for patient generated health data—the information reported or collected by the patient directly, including biometric information or data from a wearable device. In interviews with health leaders, researchers found that patient generated health data programs are generally focused on past health history, answers to questionnaires and biometrics and health activity. And both health systems and patients have raised concerns about the value of that data, researchers found. “Despite a federal policy focus on PGHD, it is not yet being pursued at scale,” authors wrote. "[U]ncertainty around the value of PGHD, from both patients and providers, is a primary inhibitor.”

BIG PICTURE ON DATA PRIVACY—Our POLITICO colleague Nick Vinocur, whose investigation into GDPR’s designated chief enforcer revealed a tendency to cater to Big Tech, did a Reddit AMA last week in which he advised readers to pay more attention to consent forms online. Asked whether “digital privacy” still exists, Nick said he didn’t think so.

“I’d be inclined to answer: no. Digital privacy does not really exist, unless you cut yourself off from the internet and major apps totally,” he writes. “Basically, when we go on the internet we leave a trail of data that is monetized whether we like it or not. The GDPR tries to fix that by forcing the companies to obtain your explicit consent before taking your data. But the hard truth is that’s not applied in that way.”

MICHAEL J. FOX FOUNDATION AND 23ANDME PARTNER ON HEALTH DATA—The Michael J. Fox Foundation for Parkinson’s Research and consumer genetic testing company 23andMe are launching a new data platform that researchers can use to explore de-identified patient data, the two groups will announce today. The Fox Insight Data Exploration Network — or Fox DEN — will combine de-identified genetic data from 23andMe participants who give consent with patient-reported outcomes from a large online Parkinson’s clinical study.

5G TIDBITS—Former Speaker Newt Gingrich met with FCC Chairman Ajit Pai last week to discuss American leadership in 5G, our POLITICO colleague Margaret Harding McGill reports. Gingrich has advocated for a 5G deployment model in which the government shares the Pentagon’s spectrum with wireless operators on a wholesale basis, Margaret writes.
Gingrich said it was a “useful” meeting.

“There’s some very interesting challenges, and as we brainstormed together, I think we maybe made some progress on how to get them done,” Gingrich said. “But it’s very clear that if we can get the Defense Department’s surplus spectrum available, combined with the money they have to invest in rural America, that it’s very likely we can develop pretty rapid momentum.”

FLORIDA’S RENEWED TELEHEALTH PUSH—Florida lawmakers could soon pass a bill that would address thorny issues like reimbursement and licensing for virtual treatment in that state, Christine Sexton reports for the Orlando Sentinel. The Senate is poised to vote on the House’s telehealth bill, which would let out-of-state providers who register with the state of Florida practice there.

ADY BARKAN TO TESTIFY ON ‘MEDICARE FOR ALL’—Health care activist Ady Barkan, who Arthur profiled back in March, is scheduled to testify at a Tuesday hearing called by the House Rules Committee.

Barkan’s addition to the panel ensures that lawmakers will hear from a fierce single-payer advocate, our POLITICO colleague Adam Cancryn reports. “Progressives have a plan to fix the American healthcare system once and for all,” said Barkan, who has ALS and has become a leader in the grassroots fight against the GOP’s Obamacare repeal efforts. “It will take immense effort and teamwork for me to attend this hearing, but that is what is required.”

—Gizmodo’s Adam Clark Estes does a deep diveinto Amazon Alexa’s privacy risks.

—The New York Times’ Christina Caron writes about ads for egg freezing.

Follow us on Twitter


• Mohana Ravindranath @ravindranize
• Darius Tahir @dariustahir

Follow Us