Share PHI for Care and Cure (S2C&C):
Policy Reforms Needed Today
Don E. Detmer, MD, MA
Professor Emeritus and Professor of Medical Education
University of Virginia, Charlottesville, VA
May 2014
Stony Brook, NY
Personal Declared Interests*
University of Virginia
AMIA
American College of Surgeons
CHIME, University College London
NIH Clinical Translational Science Award National
Advisory Group: U Minnesota
Board, Corporation for National Research Initiatives
*Views expressed today are personal.
Federal & State Policy & Regulations
must support efficient, secure sharing of
personal health information (PHI) for
care, quality, safety, & research.
Today, they don’t!
Policy making in democracies involves striking a
balance among competing social goods & other
desires that are in dynamic conflict.
Examples of these forces: Equity, Greed, Health,
Learning, Liberty, Opportunity, Privacy, Security, Trust,
Love, Charity, Duty, Patriotism, Citizenship,
Responsibility
Due to these inherent conflicts, enduring
values in cultures are not to be assumed.*
*Allcott H and Mullainathan S: Behavior & Energy Policy. Science 2010,
327:1204-5.
The Share to Care & Cure (S2C&C)
Initiative seeks
Federal & State Health Policy Reforms
to greatly advance biomedical & health
services research for care & cures.
The views expressed here do not
represent formal positions of the
organizations or institutions of the
Share to Care & Cure (S2C&C)
Work Group membership.
The Share to Care & Cure (S2C&C)
Initiative team* includes:
Health Professional Groups
Academic Researchers
Health & IT Company Representatives
Health Policy Experts
*S2C&C began as an independent group
following the AMIA Health Policy meeting of 2012
HIPAA (Health information Portability and
Accountability Act of 1997)
Part of Administrative Simplification Provisions to protect Personal Health
Information (PHI)
• Pre-internet
• Pre-Big Data and Data Analytics
• Era of Clinical Trials & Informed Consent
Access to unanonymized data for care, quality, and business applications;
Access to PHI for public health
---------
*S2C&C began as an independent group
after the 2012 AMIA Health Policy meeting;
Detmer met with E&C, Ways & Means, Senate HELP Staff in 2013
S2C&C Policy Goals (6)
1 – Allow secure use of complete patient health data for biomedical & health
research w/ citizen opt-out
2 - Enact a unique personal health identifier solely for research use to support
best authentication
3 - Amend HIPAA & subsequent regulations to:
- treat research like quality, care, & business apps
- allow clinicians judgment to share patient’s PHI with family
- allow clergy access to their hospitalized congregants
4 - Rescind select identified FDA policies that raise research costs w/o
demonstrable public benefit
5- Assure Public Transparency on Responsible Research Data Uses & Breaches
6- Rescind state privacy related laws for Federal rules only
(e.g., copy Hawaii) *
* Waldo: see http://radar.oreilly.com/2012/08/hawaii-health-care-law-simplicity.html
Secure Unanonymized Data Access for
Health & Research today should be a
national imperative. Why?
• National Debt & Health Care costs unsustainable.
• Jobs needed; health research creates great jobs.
• Biomedical research costs keep rising, budgets tighten &
good ideas go unexplored.
• Rising research strictures discourage young scholars.
• Baby boomers want & will need cures.
• Mostly, today’s biomedical research works!
Example:
EU recently have enacted policies that
researchers are convinced will limit research
significantly.*
Science 2014
•
It passed despite
the warning.
A people who would govern themselves
must arm themselves with the power
to which knowledge gives.
-
James Madison, 1822
Author of U.S. Constitution
Rep. Fred Upton
Help on the Way!
Energy & Commerce Cures
A path to 21st century cures
Rep. Diana DeGette
Mission
In the 21st century, health care innovation is happening at lightning speed. From the mapping of the human
genome to the rise of personalized medicines that are linked to advances in molecular medicine, we have seen
constant breakthroughs that are changing the face of disease treatment, management, and cures. Health research
is moving quickly, but the federal drug and device approval apparatus is in many ways the relic of another era. We
have dedicated scientists and bold leaders at agencies like the NIH and the FDA, but when our laws don’t keep
pace with innovation, we all lose.
If we want to save more lives and keep this country the leader in medical innovation, we have to make sure
there’s not a major gap between the science of cures and the way we regulate these therapies.
That is why, for the first time ever, we in Congress are going to take a comprehensive look at what steps we can
take to accelerate the pace of cures in America. We are looking at the full arc of this process – from the discovery
of clues in basic science, to streamlining the drug and device development process, to unleashing the power of
digital medicine and social media at the treatment delivery phase.
We know we don’t have all the answers. That’s why we’re asking questions first. We are listening. We want to
know how to close the gaps between advances in scientific knowledge about cures and the regulatory policies
created to save more lives.
Over the next serveral months, members will take a comprehensive look at the full arc of this process - from the
discovery to development to delivery - to determine what steps we can take to ensure we are taking full
advantage of the advances this country has made in science and technology and use these resources to keep
America as the innovation capital of the world.
http://energycommerce.house.gov/cures
https://www.youtube.com/watch?v=nv_wyTlfUDo&feature=youtu.be
Chairman Fred Upton’s First
“Cures Roundtable”
US Capitol - May 6 – 3 pm
Tentative line up:
Francis Collins, Director, National Institutes of Health;
Janet Woodcock, Director, Center for Drug Evaluation and Research, FDA;
Jeff Shuren, Director, Center for Device and Radiological Health, FDA;
Michael Milken, Chairman, Milken Institute;
James Woolliscroft, Dean, University of Michigan Medical School;
Joe Gray, Associate Director for Translational Research, Knight Cancer Institute,
Oregon Health and Science University;
Andy von Eschenbach, former Commissioner of FDA and former Director of
the National Cancer Institute;
Peter Huber, Manhattan Institute;
Jonathan Leff, Partner, Deerfield Management;
Allan Coukell or designee, Pew Charitable Trusts
Cures Needed as Never Before
• Half-way technologies waste money.
- Example: Imaging for the sake of imaging (RWJ,
GAO)
• Research finds actual cures.
• Maximum progress requires large datasets.
Translational Bioinformatics :
Recent Lesson:
Major Progress will require
Major Scaling
“People were overly
optimistic”, Suzanne Leal
(Baylor)
“We’re still in the foothills,
really. We need larger sample
sizes,” Mark McCarthy (Oxford)
Science: 23 November 2012, vol.
338 pg. 1016
Compassion & Charity:
Cures due to Evidence-based Research
Far fewer halfway technologies (Lewis Thomas)
Th. Billroth – Gastric resection
for Peptic Ulcer
Barry Marshall – H. pylori
Sharing Personal Data for Quicker Cures through
‘Big Data’ & Translational Bioinformatics
Case Study: Gleevec for Chronic Myelogenous
Leukemia
• Took 20 years to identify specific gene translocation
• Given current technology - Basic scientific discovery
& developing a molecule: 6-12 mos.
Brian Druker, MD, PhD,
Oregon
Sharing Personal Data for Quicker Cures through ‘Big
Data’ & Translational Bioinformatics
Ex. Case Study - Identifying RETSAT as an important
regulator of insulin sensitivity
Lazar – Global 5 year, multi-institutional study
Kohane – weekend data crunching for gene most
commonly dysregulated in diabetics
Mitchell Lazar
Zak Kohane
Privacy Policy & Regulations Today
•
•
Imbalanced & dysfunctional –
• Don’t secure privacy well
• Impedes medical progress
Limits all biomedical & health research
• Quality & Safety in clinical care
• Big Data gains
• Translational Research
• Delivery System Analytics
• Increases social inequity
Learning Healthcare System
Recent Lesson:
“Big Data” Infrastructure essential
Robust Clinical Data Capture:
Data Ecosystem for Safe Quality Care, Payment, &
Professional Credentialing
American College of Surgeons Clinical Data Capture Initiative:
NSQIP Surgical Site Infection Data Standard (National Quality Forum) automated
data capture in collaboration with EPIC & other EHR vendors, Maintenance of
Certification, Data Registries, etc.
•
•
Strategies and Priorities for Information Technology at the Centers for
Medicare & Medicaid Services (NRC 2012) (see nap.edu)
Health IT & Patient Safety: Building Safer Systems for Better Care (IOM
2012) (see nap.edu)
DED Vision: “Nested” EHRs
High Value Clinical Quality/Safety/Payment Electronic Health Records
with automated evolving high fidelity Data Capture of Information
from EHRs
- CPayR (Clinical Payment Record) Payment with fraud & abuse
protections
- CCR
(Clinical Care Record) for Patient & Public Health Care
- Continuity of Care Record as an element
- CCRRs (Clinical Care Research Records) for System Analytics &
Research
- CPerfRs (Clinician Performance Records) for Professional
Education & Accountability
Today, US privacy law, regulatory structure, & federal system behavior
seriously restrict flow of health data needed for a Learning Health Care
System, e.g., continuous data use.*
Multiple studies show all levels of health related quality improvement &
research are significantly limited by current structure & practice, e.g.,
public health, genetics, health services
(Latest example: SSN Death Records (see
http://www.twincities.com/national/ci_21761687/social-security-death-recordlimits-hinder-researchers)
IOM:
Beyond the
HIPAA Privacy
Rule (2009)
http://nap.edu
All at http://nap.edu
Also, PCAST 2010
* Penfield, Anderson, Edmund, Belanger: Toward Health Information Liquidity:
Realization of Better, More Efficient Care From the Free Flow of Health Information
http://www.fah.org/fahCMS/Documents/On%20The%20Record/Research/2009/Booz_Allen_Toward_Hlth_Info_Liquidity.pdf
Chronic Data Use Policy Problems
not getting better elsewhere... *
•Uncertainties & disagreements around construct of ‘personal data’
•Debate about ethical & legal appropriateness of consent to complicated
research and sharing data via research platforms
•Dispute over acceptability of broad consent to unspecified, perhaps
unspecifiable, future research
•Lack of clarity about how to deal with privacy & confidentiality
implications for relatives of people involved in research
•Public & researcher apprehension about legal power of researchers to
resist forcible access to research data by police, courts, etc.
•Inconsistencies & redundancies in laws & regs, often out of step w/ times
•Onerous, inefficient, & costly procedural requirements for complying with
all the regulatory structure
*William Lowrance: Privacy, Confidentiality, and Health Research, 2012,
Cambridge University Press, Cambridge.
Data Access for Information-based Research:
Current Requirements, Barriers, & Privacy Vulnerabilities
Type of
Health Data
Fully
Identifiable
Personal
Current HIPAA
Requirements
Individual
consent
OR
Health
Information
Institutional
Review Board
(PHI)
waiver
Barriers to
Research/Access
•Costly,
burdensome, often
impossible for
large data sets
• Requiring
consent may
create selection
bias
• IRB waiver
possible but
inconsistent
Adapted from Douglas Peddicord (2012)
Privacy
Vulnerability
 Consent does
not mean
protections are
adequate
• Use of fully
identified PHI
means any breach
creates exposure
Data Access for Information-based Research:
Current Requirements, Barriers, & Privacy Vulnerabilities
Type of
Health Data
Limited Data Set
Current HIPAA
Requirements
Barriers to
Research
• Remove 16 direct • IRBs often
identifiers
restrict use
AND
• Data Use
Agreement, with
prohibition of reidentification or
contact of
individuals
• Ban on sale of
PHI creates
uncertainty
• State-based
consent
requirements may
pose major
obstacles
Adapted from Douglas Peddicord (2012)
Privacy
Vulnerability
• Risk of
inadequate data
security & breach
• Residual risk of
re-identification
remains despite
Data Use
Agreement
prohibition
Data Access for Information-based Research:
Current Requirements, Barriers, & Privacy Vulnerabilities
Type of
Health Data
De-identified
Data
Current HIPAA
Requirements
 Safe Harbor
Method removes 18
direct identifiers &
associated data
OR
• Statistician
Method certifies
“low risk”
Barriers to
Research
• Removal of
identifiers & data
elements,
especially all
dates, limits data
utility
Adapted from Douglas Peddicord (2012)
Privacy
Vulnerability
• None proven, but
there is a
perception that
increased
computing power
has rendered
genuine deidentification
nearly impossible
(esp. with
genomic data)
Just how much privacy regulation
can the nation justifiably afford in terms of :
…people otherwise living longer, healthier lives.
…less healthcare & greater inequities for the poor
…lost savings resulting from much more effective, less
costly health care.
…lost benefits of high income research jobs.
…loss of international competitiveness.
…the reality that the entire world depends heavily on
US research for its cures as well.
Blind Drive for Greater Privacy overrides
Compassion, Equity, & Healthcare for Least Fortunate
• mHealth - Text messaging for appointment reminders & motivating behavior
change is increasingly well-studied & evidence-based. Texting helps smoking
cessation in UK (Lancet 2011)
But, in Dr. Houston’s clinical system, policy doesn’t allow texting, as it is not
secure. Thus, even if patients ask for and even consent to texts as reminders for
visits or tailored messages for information, security officers override use
regardless of how much it enhances quality.
Over 85% of adults have access to a text-enabled phone, including the lowest
income patients, including Homeless Veterans in the VA. Smart Phones are more
secure & increasing in use but most poorer adults don’t have this technology
today, e.g., the homeless patients or other highly vulnerable populations.
Source: Tom Houston, MD MPH (AMIA Clinical Symposium, 2012)
Professor and Chief, Division of Health Informatics and Implementation Science
UMass Medical School and Director, VA eHealth Quality Enhancement Research
Initiative
Conclusion: Current Federal & State
Health Data Structure is harmful to your
health & the health of future generations
• Neither protects personal data well nor offers cost-effective access
to data for research. Ex. No unique personal health identifier for
privacy or research to support authentication
• Preferentially favors Minimum Data Sets which limits value
•Incentivizes Data Collection Centers to limit access to data in order to
reduce legal exposure to fines if misuse were to occur
•Confusing, changing admixture of state & federal mandates
•Under HIPAA, individuals prohibited from consenting to future,
unspecified uses of data.
Nothing is so contagious as opinion,
especially on questions which, being
susceptible of very different glosses, beget
in the mind a distrust of itself.
James Madison
Letter to Dr. Rush, March 7, 1790
Privacy Vulnerability of Health Data in the Genomic Era
None proven, but there is a perception that increased
computing power will render genuine de-identification nearly
impossible (esp. with genomic data)
True, or False?
Health Policy should be transparent, honest to the facts, & help instill
trust through integrity. If in the genomic era, privacy of personal
health data is genuinely at great risk due to progress in medical
research, the health research community must square with the public
& make the case that research is still in the public interest despite
this vulnerability, or it will face even greater loss of public support.
Thank you for your attention.
detmer@virginia.edu
What can health professionals do?
1. Advocate for Cure & Care objectives
2. Build on Presidential aspirations with a clear
vision & Federal strategy
• Executive Branch
• Legislative Branch (support E&C ‘Cures’ initiative)
• All relevant influential players
3. Craft state strategy, e.g., “Copy Hawaii’s 5 0”
4. Develop opinion pieces & a public campaign
President Obama on
2nd Term Top Priorities & Regulatory Reform
Priorities: “…taxes, health care, education, energy policy &
immigration. …health care reform”
Regulatory Reform “…executive action to weed out
regulations that aren't contributing to the health & public
safety of our people. And we've made a commitment to
look back & see if there are regulations out there that
aren't working, then let's get rid of them & see if we can
clear out some of the underbrush on that. Again, that's
something that should be non-ideological.
- Des Moines Register Interview – October 2012
REPORT TO THE PRESIDENT
Transformation and Opportunity: The Future of the
U.S. Research Enterprise
NOVEMBER 2012
Executive Office of the President President’s Council of
Advisors on Science and Technology
Action #2.1. The Federal Government should identify and
achieve regulatory policy reforms, particularly relating to
the regulatory burdens on research universities.
Patient Advocacy Groups, AAAS, Researchers, AMIA &
Others should advocate for Federal Policy Reform
Proposed Campaign Slogan:
Hope & Life come from Medical
Research: Share Your Health Data,
Not Your Privacy Fears
We need a federal action to assure cures!
See Detmer DE: Activating a Full Architectural Model: Improving Health
through robust Population Health Records. JAMIA 2010: 17:367-369.
Most Critical Issues to US Population
regarding personal health data sharing*
Arthur Levin
Director, Center for Medical Consumers, NYC
1) Totally transparent program management, e.g., all
processes available on Website including those relating
to opting out
2) Published Audits of Researchers who access data
3) Published Audits of any wrongful disclosures
4) Focus groups used prior to going live
*Levin estimates few opt-outs if supported by public
education, patient advocacy groups & health professions
“You cannot put an idea into someone’s head.
Media’s job is to touch what is already there.”
- Tony Schwartz
PR Example 1 :
Data Sharing for Biomedical Research:
Which will be the American Spirit for 2014-2020?
Privacy ?
or
Cures ?
PR Ex.2
“Hummmm. Facebook just hit 1+ billion. Meanwhile,
the government won’t let me get complete health data
to cure sick children. Why must even one more die
unnecessarily?”
Patriotism: The Big Data Message
• Cures can occur & the national health budget can be
impacted by reducing ‘halfway technologies’ .
• Cures will come sooner if more personal health data
is securely but easily accessible to researchers
• Today, progress in health research is tied directly to
sharing large sets of personal health data, e.g.,
cleaner, authenticated data
• Compassion necessitates greater secure access to
personal health data.
S2C&C Policy Goals (6)
1 – Allow secure use of complete patient health data for biomedical & health
research w/ citizen opt-out
2 - Enact a unique personal health identifier solely for research use to support
best authentication
3 - Amend HIPAA & subsequent regulations to:
- treat research like quality, care, & business apps
- allow clinicians judgment to share patient’s PHI with family
- allow clergy access to their hospitalized congregants
4 - Rescind select identified FDA policies that raise research costs w/o
demonstrable public benefit
5- Assure Public Transparency on Responsible Research Data Uses & Breaches
6- Rescind state privacy related laws for Federal rules only
(e.g., copy Hawaii) *
* Waldo: see http://radar.oreilly.com/2012/08/hawaii-health-care-law-simplicity.html