saúde 2.0
TRANSCRIPT
Robert L. CoffieldFlaherty, Sensabaugh & Bonasso, PLLC
Gerald “Jud” E. DeLossMinneapolis, Minnesota
PHRs, Health 2.0 and the Impact of Social Media on Health CareAmerican Health Lawyers Association
Annual Meeting – July 1, 2009
PHR Defined
“A tool for collecting, tracking and sharing important,
up-to-date information about an individual’s health or
the health of someone in their care”
American Health Information Management
Association ("AHIMA") and American Medical
Informatics Association ("AMIA")
HITECH Definition
“An electronic record of PHR identifiable health
information . . . on an individual that can be drawn
from multiple sources and that is managed, shared,
and controlled by or primarily for the individual”
PHR 1.0
“First generation” PHRs
Stand-alone PHRs
Require patients to gather and enter their own information
Tethered PHRs
Provided by a health plan, provider, or employer sponsor who
populates the PHR with information
PHR 2.0
Not merely a data collection application
Platform for the electronic aggregation and storage
of health information
Foundation for various applications
Personal Health Information Networks – part of
NHIN
Impact of PHRs
Comprehensive shift in the way health information is used, maintained, and stored Impact on means and methods for patients, health care providers
and payers to maintain, use, control, and disclose health information
The current, decentralized system of records maintained by multiple providers and entities at multiple locations
Transformed into a centralized record maintenance system that may rely on personal health information networks ("PHINs"), where the PHR serves as the central repository
Data Ownership
Who owns health information?
The physician?
The plan/insurer?
The patient?
Under traditional theory, providers own the medical
records they maintain, subject to the patient’s rights
of access in the information contained in the record
Data Ownership
Physicians and other healthcare providers
Maintain ownership of health information results in a greater
likelihood of maintaining a relationship with the patient
Patient who desires to change providers faces difficult task in
locating all sources of the health information and requesting that
it be transferred to a new provider
Rehash in the form of health intake questionnaires, health and
physical history examinations, and tests which may not have
been adequately communicated
Data Ownership
Plan ownership
Underwriting and utilization review activities
Whether coverage may be extended or whether a pre-
existing condition is present
Aggregate the data in records or de-identify the
information to be used, disclosed, sold, or manipulated
for a variety of medical and economical reasons
Data Ownership
The PHR Vendor Patient privacy advocates have expressed concern over what use
PHR vendors will put to the health information
An individual executes an authorization then the vendor may use or disclose the health information in any manner it wishes, since HIPAA would no longer apply
New HITECH Act provisions (discussed below) will place limits on these uses but some PHR vendors have taken an initial position that HITECH will not apply because an authorization, among other things, wll relieve them of compliance
Patient Ownership
Patient ownership
Results in framework where medical, expense, well-being, and
utilization are aligned within one party
Patient has an incentive to keep costs to a minimum by avoiding
multiple or repetitive procedures
Patient has an incentive to or at least the means to monitor their
health or well-being by becoming actively involved in the process
Patients have an incentive minimize the unauthorized disclosure
or use of their health information
Discrimination
Under HIPAA, a group health plan is prohibited from disclosing protected health information to a plan sponsor (typically an employer) for other than plan administration functions
In addition, the plan sponsor must certify that it will not use or disclose the protected health information for employment-related actions
Health plans, including group health plans offering PHRs to their enrollees Must ensure that the PHR is either not accessible by the group plan
Any health information contained within the PHR which is accessible by the group plan is not shared with the plan sponsor for other than administration functions
Discrimination
In addition to HIPAA, employers – and possibly
insurers -- must consider the implications
Americans with Disabilities Act (“ADA”)
Family and Medical Leave Act (“FMLA”)
Similar State laws
HITECH Act
Under the HITECH Act, a “personal health record” means
“An electronic record of PHR identifiable health information . . . on an individual that can be drawn from multiple sources and that is managed, shared, and controlled by or primarily for the individual.”
“PHR identifiable health information” is broadly defined as individually identifiable health information, relying on the HIPAA definition and “includes, with respect to an individual, information . . . that is provided by or on behalf of the individual” and “that identifies the individual or with respect to which there is a reasonable basis to believe that the information can be used to identify the individual.”
HITECH Act
Breach Notification Requirements The HITECH Act imposes breach notification requirements on PHR vendors and
entities that offer products and services through, or that access information from, a PHR
Requires each vendor of PHRs, and each designated PHR entity, following the discovery of a breach of security involving unsecured PHR identifiable health information that is in a PHR maintained or offered by such vendor, to provide notice to the Federal Trade Commission (“FTC”) and to any United States citizen or resident whose unsecured health information is acquired by an unauthorized person as a result of the breach
Third party service provider that provides services to a vendor of PHRs or a designated PHR entity in connection with offering or maintaining PHRs (or related products or services) and that “accesses, maintains, retains, modifies, records, stores, destroys, or otherwise holds, uses, or discloses unsecured PHR identifiable health information must notify the PHR vendor (or the designated PHR entity) of a breach of such information, which notice shall include identification of each affected individual
HITECH Act
The HITECH Act generally requires that breach notices be sent without unreasonable delay and in no case later than 60 calendar days after discovery
Notices to affected individuals generally must be sent by first class mail or may be sent by electronic mail if the individual has expressed a preference for it or, in an urgent situation, by telephone
Further, if 10 or more individuals require notification for which there is insufficient or out-of-date contact information, then the notifying entity is required to place a conspicuous posting on its website homepage or place a notice in major print or broadcast media, including major media in geographic areas where the individuals affected by the breach likely reside
If the breach involves more than 500 residents of a state (or jurisdiction), a PHR vendor or designated PHR entity also must provide notice to prominent media outlets serving the area
A PHR vendor or designated PHR entity must notify the FTC immediately if the breach involves more than 500 individuals. The FTC must notify HHS of such breaches
Violations of the notification requirements related to PHR identifiable health information will be treated as unfair and deceptive acts or practices under the Federal Trade Commission Act
WHAT IS SOCIAL
MEDIA?
technology + mobile tools + information + community +
user-generated content + collaboration + social interaction
Do YOU use social media and networks? Are you LinkedIn?
Do you Facebook?
Do you Tweet?
Do you have a blog? Do you read/comment on blogs?
Do you use RSS?
Do you regularly look at your online reputation via Google.
Are you lifestreaming via Posterous?
Do you know what Google Wave is?
11% of American adults use a service like Facebook/Twitter to share updates about themselves or to see the update of others. Pew Internet & American Life Project, Dec. 2008
Where are YOU?
Where Is EVERYONE?
210 Years of Information. Thomas Baekdal
http://www.baekdal.com
A Glimpse Into the State of Social Media
200M active users; 100M log on every day; 30M mobile users
If country 5th largest behind China, India, US & Indonesia
Average user has 120 friends
Fastest growing demographic – over 35
850M photos uploaded each month
1B pieces of content shared each week
A Glimpse Into the State of Social Media
Amazing growth! Unique monthly visitors:
Jan. 2008: 500,000
Dec. 2008: 4.43 M
March 2009: 8 M
Largest user demographic: 35-49
Users more mobile less tethered by technology
Twitter replacing RSS and Google search – “real time” results
WEB 2.0
THEN
Author-Generated
Controlled message
Read
Static Web
Software Release
Desktop Computing
Central data
World Wide Web
NOW
Dynamic and User-Generated
Mental chatter & wisdom of crowd
Read, write and collaborate
Participatory Web
Software as Service
Cloud Computing
Decentralized data
World Live Web
social media = 297 hospitals + youtube + facebook + twitter + blogs
social media = doctor + disruptor + technology + e-visits + health stream
hairball + health data + technology + consumer rights + viral campaign = e-social media health movement
The WORLD has changed . . .
. . . and so has the HIT landscape.
Without CHANGE . . .
Is it a time for HEALTH CONSUMERISM? Demographics → “Pig In Python” (79M Baby Boomers)
Rise in chronic illness and complexity of treatment
Rising cost of health care and cost shift (employer → you and me)
Governments’ inability to afford uninsured/universal coverage
Personalized medicine and genomics
The role of PHRs and HEALTH 2.0: Shift to consumer-centric (PHR) model of health data
Health consumer is at the center of integrated medical info network
New technology tools to treat and reduce/manage chronic condition
Mobile health to monitor/feed health data (the desktop to the pocket)
Cost transparency/reform to the current reimbursement model
Consumerism drives the need to get information and exercise control over yours/my health and care decisions
WHAT IS
HEALTH 2.0?
Health 2.0 by Scott Shreeve MD. Creative Commons Attribution, Non-Commercial, Share Alike 2.5 License.Updated on 5/30/07.
Health 2.0 = social software + web/cloud based + light
weight tools + consumer/provider collaboration
HOW IS HEALTH 2.0 IMPACTING
CONSUMER DRIVEN CARE
Health 1.0
Opaque System
Passive Patient
Physician Authority
Insurance Adversary
System Generated
Health Care
Health 2.0
Transparency
Engaged Consumer
Physician Advisor
Health Plan Advocate
User Generated
Health and Wellness
Personal Health Records
Personal Health Records
PHR and Health Platform
Personalized Health Search
Personalized Physician Search
Collaborative Medical
Information Wikis
Physician Social Community
Web Based
Practice Management
Virtual Concierge
e-Health Practice
Practice Management Tools
Health Support Community
Disease Communities Capturing
& Sharing Outcome Data
Consumer Facing Health Tools
Consumer Facing Health Tools
Personal Health Tools
Health Consumer Tools
Reinvented Health Care
Marketplace
Consumer Health Financial
Tools
Health Financial Tools
Insurance Coverage/Discovery
Blogging/Med Mal/Privacy
Medical Identity Theft/Privacy
Negative Review/Libel
Contract Law/Libel/Litigation
EHRs/PHRs/HIEs/Malpractice
User Agreement/Contract Law
Health Data Ownership
Privacy/Regulatory
Patient Rights/Privacy
Discovery/Employment
Employment
(from 30 ways to lose your job on Twitter)
Legal Ethics
ONE SLIDE PROJECT: Engage With Grace Project
Questions
Robert L. CoffieldFlaherty, Sensabaugh & Bonasso, PLLC
Health Care Law Blog
Twitter: @bobcoffield
Gerald “Jud” E. DeLossMinneapolis, Minnesota
Minnesota Health IT Blog
Twitter: @gdeloss
Slides Available via SlideShare