Michael S. Winsten
Healthcare Privacy and Big Tech
Some of the businesses are underway, like storing medical records in the cloud for a fee or using patient forms that have been "anonymized" to create new tools. Some products already cater directly to patients, such as wearable medical devices with monitoring capabilities through the internet of things. Lobbying efforts by Silicon Valley "encouraged" the Department of Health and Human Services (HHS) as they defined the rule, known as the Cures Act, improving patient access to all of their electronic health information (EHI) and standardizing their formatting for ease of interoperability. While there is a need to continue the modernization of the health care system, the complexity of the undertaking (legacy computer systems and data), entrenched financial interests, and privacy fears have made a tough go of it.
From a technology perspective, health care and its associated patient records are no different from data mining other personal information in the age of surveillance capitalism. There is money to be made, vast sums of money based on your health records. Why else would these very cash-rich tech companies wade into such a risky field? Estimates are the healthcare industry will reach 11.9 trillion dollars by 2022, and electronic health care records (EHRs) represent a growing sector of the business. The digital side of healthcare continues to expand as new federal regulations mandate hospitals make changes, and because spiraling health care costs make the sector ripe for disruption. Tech expertise in digital data management, storage, and analysis in other markets translates well into solutions for the behemoth that is health care record keeping. The big tech companies that deliver the best solutions will dominate that market and become an even more intractable part of our lives.
Is your privacy protected? The government outlines eight exceptions to the definition of information blocking when it comes to the Cures Act. The final rule allows for eight categories of reasonable and necessary activities. These activities do not constitute information blocking as long as certain conditions are met, referred to as "exceptions."
Google has already garnered bad publicity regarding patient privacy through its subsidiary Google Health in an enterprise-focused known as Project Nightingale. The problems arose when Google got access to some non-anonymized patient data without the patients' knowledge while creating tools that manage and analyze medical records for doctors and hospitals.
Meanwhile, Amazon Web Services (AWS) enjoys a dominant position in the service-based cloud storage of health records, offering downloadable medical information databases for clients. To side-step privacy responsibilities, an AWS spokesperson said the obligation to comply with patient privacy regulations and policy was the responsibility of customers that sell the medical datasets through AWS. More recently, the joint health care venture Haven (Amazon, Berkshire Hathaway, and JPMorgan) seeking to target innovations in primary care, insurance coverage, and prescription drug costs has shuttered its operations after three years into their business partnership. The business sector is so complex that, most recently, entrenched health care companies are beginning to shake off these tech disrupters and are making deals more traditionally. Tech companies are countering with more joint ventures with established health insurers like Cigna and others.
The continuation of personal, wearable medical devices also sparks many privacy concerns. Like the latest Apple Watch, these devices can take ECGs, detect falls, and phone 911, for example, but the data set created, and communication systems for transferring this data make it hard to protect privacy. Yet you may find in the future that your medical doctor prescribes an Apple Watch, and your insurance will pay for it. Azure, Microsoft's cloud division, is in direct competition with Google and AWS in the cloud storage business for medical records but declines comment on how patient data is used in its business plan or how it would protect patient privacy. Finally, Facebook already has a health care tool, Facebook Preventive Health, and if you select opt-in, Facebook will use your basic demographic information and recommend medical tests and treatments. The company says the tool does not use your health information or whether you use the tool in advertising. Have you heard this before?
The old hassle of getting paper medical records to prove you have been vaccinated as a child, transferring documents to a new doctor's office, or even filling out the same medical history information repeatedly may give way to a new set of frustrations. Change is upon US health care and medical record-keeping systems; let's hope the digitization of and ease in accessing health care records comes with modernized privacy laws that prioritize and protect patients. We hope you found this article helpful. If you have questions or would like to discuss a personal legal matter, contact our office at (949) 418.1083.