Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

Healthcare Consent and its Discontents (Part 3 of 3)

Posted on May 18, 2016 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://radar.oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The previous section of this article rated the pros and cons of new approaches to patient consent and control over data. Here we’ll look at emerging risks.

Privacy solidarity

Genetics present new ethical challenges–not just in the opportunity to change genes, but even just when sequencing them. These risks affect not only the individual: other members of her family and ethnic group can face discrimination thanks to genetic weaknesses revealed. Isaac Kohane said that the average person has 40 genetic markers indicating susceptibility to some disease or other. Furthermore, we sometimes disagree on what we consider a diseased condition.

Big data, particularly with genomic input, can lead to group harms, so Brent Mittelstadt called for moving beyond an individual view of privacy. Groups also have privacy needs (a topic I explored back in 1998). It’s not enough for an individual to consider the effect of releasing data on his own future, but on the future of family members, members of his racial group, etc. Similarly, Barbara Evans said we have to move from self-consciousness to social consciousness. But US and European laws consider privacy and data protection only on the basis of the individual.

The re-identification bogey man

A good many references were made at the conference to the increased risk of re-identifying patients from supposedly de-identified data. Headlines are made when some researcher manages to uncover a person who thought himself anonymous (and who database curators thought was anonymous when they released their data sets). In a study conducted by a team that included speaker Catherine M. Hammack, experts admitted that there is eventually a near 100% probability of re-identifying each person’s health data. The culprit in all this is burgeoning set of data collected from people as they purchase items and services, post seemingly benign news about themselves on social media, and otherwise participate in modern life.

I think the casual predictions of the end of anonymity we hear so often are unnecessarily alarmist. The field of anonymity has progressed a great deal since Latanya Sweeney famously re-identified a patient record for Governor William Weld of Massachusetts. Re-identifications carried out since then, by Sweeney and others, have taken advantage of data that was not anonymized (people just released it with an intuitive assumption that they could not be re-identified) or that was improperly anonymized, not using recommended methods.

Unfortunately, the “safe harbor” in HIPAA (designed precisely for medical sites lacking the skills to de-identify data properly) enshrines bad practices. Still, in a HIPAA challenge cited by Ameet Sarpatwari,only two of 15,000 individuals were re-identified. The mosaic effect is still more of a theoretical weakness, not an immediate threat.

I may be biased, because I edited a book on anonymization, but I would offer two challenges to people who cavalierly dismiss anonymization as a useful protection. First, if we threw up our hands and gave up on anonymization, we couldn’t even carry out a census, which is mandated in the U.S. Constitution.

Second, anonymization is comparable to encryption. We all know that computer speeds are increasing, just as are the sophistication of re-identification attacks. The first provides a near-guarantee that, eventually, our current encrypted conversations will be decrypted. The second, similarly, guarantees that anonymized data will eventually be re-identified. But we all still visit encrypted web sites and use encryption for communications. Why can’t we similarly use the best in anonymization?

A new article in the Journal of the American Medical Association exposes a gap between what doctors consider adequate consent and what’s meaningful for patients, blaming “professional indifference” and “organizational inertia” for the problem. In research, the “reasonable-patient standard” is even harder to define and achieve.

Patient consent doesn’t have to go away. But it’s getting harder and harder for patients to anticipate the uses of their data, or even to understand what data is being used to match and measure them. However, precisely because we don’t know how data will be used or how patients can tolerate it, I believe that incremental steps would be most useful in teasing out what will work for future research projects.

Healthcare Consent and its Discontents (Part 2 of 3)

Posted on May 17, 2016 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://radar.oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The previous section of this article laid out what is wrong with informed consent today. We’ll continue now to look at possible remedies.

Could we benefit from more opportunities for consent?

Donna Gitter said that the Common Rule governing research might be updated to cover de-identified data as well as personally identifiable information. The impact of this on research, of course, would be incalculable. But it might lead to more participation in research, because 72% of patients say they would like to be asked for permission before their data is shared even in de-identified form. Many researchers, such as conference speaker Liza Dawson, would rather give researchers the right to share de-identified data without consent, but put protections in place.

To link multiple data sets, according to speaker Barbara Evans, we need an iron-clad method of ensuring that the data for a single individual is accurately linked. This requirement butts up against the American reluctance to assign a single ID to a patient. The reluctance is well-founded, because tracking individuals throughout their lives can lead to all kinds of seamy abuses.

One solution would be to give each individual control over a repository where all of her data would go. That solution implies that the individual would also control each release of the data. A lot of data sets could easily vanish from the world of research, as individuals die and successors lose interest in their data. We must also remember that public health requires the collection of certain types of data even if consent is not given.

Another popular reform envisioned by health care technologists, mentioned by Evans, is a market for health information. This scenario is part of a larger movement known as Vendor Relationship Management, which I covered several years ago. There is no doubt that individuals generate thousands of dollars worth of information, in health care records and elsewhere. Speaker Margaret Foster Riley claimed that the data collected from your loyalty card by the grocer is worth more than the money you spend there.

So researchers could offer incentives to share information instead of informed consent. Individuals would probably hire brokers to check that the requested uses conform to the individuals’ ethics, and that the price offered is fair.

Giving individuals control and haggling over data makes it harder, unfortunately, for researchers to assemble useful databases. First of all, modern statistical techniques (which fish for correlations) need huge data sets. Even more troubling is that partial data sets are likely to be skewed demographically. Perhaps only people who need some extra cash will contribute their data. Or perhaps only highly-educated people. Someone can get left out.

These problems exist even today, because our clinical trials and insurance records are skewed by income, race, age, and gender. Theoretically, it could get even worse if we eliminate the waiver that lets researchers release de-identified data without patient consent. Disparities in data sets and research were heavily covered at the Petrie-Flom conference, as I discuss in a companion article.

Privacy, discrimination, and other legal regimes

Several speakers pointed out that informed consent loses much of its significance when multiple data sets can be combined. The mosaic effect adds another layer of uncertainty about what will happen to data and what people are consenting to when they release it.

Nicolas Terry pointed out that American law tends to address privacy on a sector-by-sector basis, having one law for health records, another for student records, and so forth. He seemed to indicate that the European data protection regime, which is comprehensive, would be more appropriate nowadays where the boundary between health data and other forms of data is getting blurred. Sharona Hoffman said that employers and insurers can judge applicants’ health on the basis of such unexpected data sources as purchases at bicycle stores, voting records (healthy people have more energy to get involved in politics), and credit scores.

Mobile apps notoriously bring new leaks to personal data. Mobile operating systems fastidiously divide up access rights and require apps to request these rights during installation, but most of us just click Accept for everything, including things the apps have no right to need, such as our contacts and calendar. After all, there’s no way to deny an app one specific access right while still installing it.

And lots of these apps abuse their access to data. So we remain in a contradictory situation where certain types of data (such as data entered by doctors into records) are strongly protected, and other types that are at least as sensitive lack minimal protections. Although the app developers are free to collect and sell our information, they often promise to aggregate and de-identify it, putting them at the same level as traditional researchers. But no one requires the app developers to be complete and accurate.

To make employers and insurers pause before seeking out personal information, Hoffman suggested requiring that data brokers, and those who purchase their data, to publish the rules and techniques they employ to make use of the data. She pointed to the precedent of medical tests for employment and insurance coverage, where such disclosure is necessary. But I’m sure this proposal would be fought so heavily, by those who currently carry out their data spelunking under cover of darkness, that we’d never get it into law unless some overwhelming scandal prompted extreme action. Adrian Gropper called for regulations requiring transparency in every use of health data, and for the use of open source algorithms.

Several speakers pointed out that privacy laws, which tend to cover the distribution of data, can be supplemented by laws regarding the use of data, such as anti-discrimination and consumer protection laws. For instance, Hoffman suggested extending the Americans with Disabilities Act to cover people with heightened risk of suffering from a disability in the future. The Genetic Information Nondiscrimination Act (GINA) of 2008 offers a precedent. Universal health insurance coverage won’t solve the problem, Hoffman said, because businesses may still fear the lost work time and need for workplace accommodations that spring from health problems.

Many researchers are not sure whether their use of big data–such as “data exhaust” generated by people in everyday activities–would be permitted under the Common Rule. In a particularly wonky presentation (even for this conference) Laura Odwazny suggested that the Common Rule could permit the use of data exhaust because the risks it presents are no greater than “daily life risks,” which are the keystone for applying the Common Rule.

The final section of this article will look toward emerging risks that we are just beginning to understand.

Healthcare Consent and its Discontents (Part 1 of 3)

Posted on May 16, 2016 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://radar.oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

Not only is informed consent a joke flippantly perpetrated on patients; I expect that it has inspired numerous other institutions to shield themselves from the legal consequences of misbehavior by offering similar click-through “terms of service.” We now have a society where powerful forces can wring from the rest of us the few rights we have with a click. So it’s great to see informed consent reconsidered from the ground up at the annual conference of the Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law School.

Petrie-Flom annual 2016 conference

Petrie-Flom annual 2016 conference

By no means did the speakers and audience at this conference agree on what should be done to fix informed consent (only that it needs fixing). The question of informed consent opens up a rich dialog about the goals of medical research, the relationship between researchers and patients, and what doctors have a right to do. It also raises questions for developers and users of electronic health records, such as:

  • Is it ethical to save all available data on a person?

  • If consent practices get more complex, how are the person’s wishes represented in the record?

  • If preferences for the data released get more complex, can we segment and isolate different types of data?

  • Can we find and notify patients of research results that might affect them, if they choose to be notified?

  • Can we make patient matching and identification more robust?

  • Can we make anonymization more robust?

A few of these topics came up at the conference. The rest of this article summarizes the legal and ethical topics discussed there.

The end of an era: IRBs under attack

The annoying and opaque informed consent forms we all have to sign go back to the 1970s and the creation of Institutional Review Boards (IRBs). Before that lay the wild-west era of patient relationships documented in Rebecca Skloot’s famous Immortal Life of Henrietta Lacks.

IRBs were launched in a very different age, based on assumptions that are already being frayed and will probably no longer hold at all a few years from now:

  • Assumption: Research and treatment are two different activities. Challenge: Now they are being combined in many institutions, and the ideal of a “learning heath system” will make them inextricable.

  • Assumption: Each research project takes place within the walls of a single institution, governed by its IRB. Challenge: Modern research increasingly involves multiple institutions with different governance, as I have reported before.

  • Assumption: A research project is a time-limited activity, lasting generally only about a year. Challenge: Modern research can be longitudinal and combine data sets that go back decades.

  • Assumption: The purpose for which data is collected can be specified by the research project. Challenge: Big data generally runs off of data collected for other purposes, and often has unclear goals.

  • Assumption: Inclusion criteria for each project are narrow. Challenge: Big data ranges over widely different sets of people, often included arbitrarily in data sets.

  • Assumption: Rules are based on phenotypal data: diagnoses, behavior, etc. Challenge: Genetics introduces a whole new set of risks and requirements, including the “right not to know” if testing turns up an individual’s predisposition to disease.

  • Assumption: The risks of research are limited to the individuals who participate. Challenge: As we shall see, big data affects groups as well as individuals.

  • Assumption: Properly de-identified data has an acceptably low risk of being re-identified. Challenge: Privacy researchers are increasingly discovering new risks from combining multiple data sources, a trend called the “mosaic effect.” I will dissect the immediacy of this risk later in the article.

Now that we have a cornucopia of problems, let’s look at possible ways forward.

Chinese menu consent

In the Internet age, many hope, we can provide individuals with a wider range of ethical decisions than the binary, thumbs-up-thumbs-down choice thrust before them by an informed consent form.

What if you could let your specimens or test results be used only for cancer research, or stipulate that they not be used for stem cell research, or even ask for your contributions to be withdrawn from experiments that could lead to discrimination on the basis of race? The appeal of such fine-grained consent springs from our growing realization that (as in the Henrietta Lacks case) our specimens and data may travel far. What if a future government decides to genetically erase certain racial or gender traits? Eugenics is not a theoretical risk; it has been pursued before, and not just by Nazis.

As Catherine M. Hammack said, we cannot anticipate future uses for medical research–especially in the fast-evolving area of genetics, whose possibilities alternate between exciting and terrifying–so a lot of individuals would like to draw their own lines in the sand.

I don’t personally believe we could implement such personalized ethical statements. It’s a problem of ontology. Someone has to list all the potential restrictions individuals may want to impose–and the list has to be updated globally at all research sites when someone adds a new restriction. Then we need to explain the list and how to use it to patients signing up for research. Researchers must finally be trained in the ontology so they can gauge whether a particular use meets the requirements laid down by the patient, possibly decades earlier. This is not a technological problem and isn’t amenable to a technological solution.

More options for consent and control over data will appear in the next part of this article.

Harvard Law Conference Surveys Troubles With Health Care

Posted on March 30, 2016 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://radar.oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

It is salubrious to stretch oneself and regularly attend a conference in a related field. At the Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics, one can bask in the wisdom of experts who are truly interdisciplinary (as opposed to people like me, who is simply undisciplined). Their Tenth Anniversary Conference drew about 120 participants. The many topics–which included effects of the Supreme Court rulings on the Affordable Care Act and other cases, reasons that accountable care and other efforts haven’t lowered costs, stresses on the pharmaceutical industry, and directions in FDA regulation–contained several insights for health IT professionals.

From my perspective, the center of the conference was the panel titled “Health Innovation Policy and Regulating Novel Technology.” A better title might have been “How to Make Pharma Profitable Again,” because most of the panelists specialized in pharmaceuticals or patents. They spun out long answers to questions about how well patents can protect innovation (recognizing a controversy); the good, the bad, and the ugly of pricing; and how to streamline clinical trials, possibly adding risk. Their pulses really rose when they were asked a question about off-label drug use. But they touched on health IT and suggested many observations that could apply to it as well.

It is well known that drug development and regulatory approval take years–perhaps up to 20 years–and that high-tech companies developing fitness devices or software apps have a radically different product cycle. As one panelist pointed out, it would kill innovation to require renewed regulatory approval for each software upgrade. He suggested that the FDA define different tiers of changes, and that minor ones with little risk of disrupting care be allowed automatically.

I look even farther. It is well known also that disruptive inventions displace established technologies. Just as people with mobile devices get along without desktop computers and even TV sets, medicines have displaced many surgical procedures. Now the medicines themselves (particularly, controversial mental health medicines) can sometimes be replaced by interactive apps and online services. Although rigorous testing is still lacking for most of these alternatives, the biggest barrier to their adoption is lack of reimbursement in our antiquated health payment system.

Instead of trying to individually fix each distortion in payment, value-based care is the reformer’s solution to the field’s inefficient use of treatment options. Value-based care requires more accurate information on quality and effectiveness, as I recently pointed out. And this in turn may lead to the more flexible regulations suggested by the panelist, with a risk that is either unchanged or raised by an amount we can tolerate.

Comparisons between information and other medical materials can be revealing. For instance, as the public found out in the Henrietta Lacks controversy, biospecimens are treated as freely tradable information (so long as the specimen is de-identified) with no patient consent required. It’s assumed that we should treat de-identified patient information the same way, but in fact there’s a crucial difference. No one would expect the average patient to share and copy his own biospecimens, but doing so with information is trivially easy. Therefore, patients should have more of a say about how their information is used, even if biospecimens are owned by the clinician.

Some other insights I picked up from this conference were:

  • Regulations and policies by payers drive research more than we usually think. Companies definitely respond to what payers are interested in, not just to the needs of the patients. One panelist pointed out that the launch of Medicare Part D, covering drugs for the first time, led to big new investments in pharma.

  • Hotels and other service-oriented industries can provide a positive experience efficiently because they tightly control the activities of all the people they employ. Accountable Care Organizations, in contrast, contain loose affiliations and do not force their staff to coordinate care (even though that was the ideal behind their formation), and therefore cannot control costs.

  • Patents, which the pharma companies consider so important to their business model, are not normally available to diagnostic tests. (The attempt by Myriad Genetics to patent the BRACA1 gene in order to maintain a monopoly over testing proves this point: the Supreme Court overturned the patent.) However, as tests get more complex, the FDA has started regulating them. This has the side effect of boosting the value of tests that receive approval, an advantage over competitors.

Thanks to Petrie-Flom for generously letting the public in on events with such heft. Perhaps IT can make its way deeper into next year’s conference.

Randomized Clinical Trial Validates BaseHealth’s Predictive Analytics

Posted on March 11, 2016 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://radar.oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

One of the pressing concerns in health care is the validity of medical and health apps. Because health is a 24-hour-a-day, 365-day-a-year concern, people can theoretically overcome many of their health problems by employing apps that track, measure, report, and encourage them in good behavior. But which ones work? Doctors are understandably reluctant to recommend apps–and insurers to cover them–without validation.

So I’ve been looking at the scattered app developers who have managed to find the time and money for randomized clinical studies. One recent article covered two studies showing the value of a platform that provided the basis for Twine Health. Today I’ll look at BaseHealth, whose service and API I covered last year.

BaseHealth’s risk assessment platform is used by doctors and health coaches to create customized patient health plans. According to CEO Prakash Menon, “Five to seven people out of 1,000, for instance, will develop Type II diabetes each year. Our service allows a provider to focus on those five to seven.” The study that forms the basis for my article describes BaseHealth’s service as “based on an individual’s comprehensive information, including lifestyle, personal information, and family history; genetic information (genotyping or full genome sequencing data), if provided, is included for cumulative assessment.” (p. 1) BaseHealth has trouble integrating EHR data, because transport protocols have been standardized but semantics (what field is used to record each bit of information) have not.

BaseHealth analytics are based on clinical studies whose validity seems secure: they check, for instance, whether the studies are reproducible, whether their sample sizes are adequate, whether the proper statistical techniques were used, etc. To determine each patient’s risk, BaseHealth takes into account factors that the patient can’t control (such as family history) as well as factors that he can. These are all familiar: cholesterol, BMI, smoking, physical activity, etc.

Let’s turn to the study that I read for this article. The basic question the study tries to answer is, “How well does BaseHealth predict that a particular patient might develop a particular health condition?” This is not really feasible for a study, however, because the risk factors leading to diabetes or lung cancer can take decades to develop. So instead, the study’s authors took a shortcut: they asked interviewers to take family histories and other data that the authors called “life information” without telling the interviewers what conditions the patients had. Then they ran the BaseHealth analytics and compared results to the patients actual, current conditions based on their medical histories. They examined the success of risk assignment for three conditions: coronary artery disease (CAD), Type 2 diabetes (T2), and hypertension (HTN).

The patients chosen for the study had high degrees of illness: “43% of the patients had an established diagnosis of CAD, 22% with a diagnosis of T2D and 70% with a diagnosis of HTN.” BaseHealth identified even more patients as being at risk: 74.6% for CAD, 66.7% for T2D, and 77% for HTN. It makes sense that the BaseHealth predictions were greater than actual incidence of the diseases, because BaseHealth is warning of potential future disease as well.

BaseHealth assigned each patient to a percentile chance of getting the disease. For instance, some patients were considered 50-75% likely to develop CAD.

The study used 99 patients, 12 of whom had to be dropped from the study. Although a larger sample would be better, results were still impressive.

The study found a “robust correlation” between BaseHealth’s predictions and the patients’ medical histories. The higher the risk, the more BaseHealth was likely to match the actual medical history. Most important, BaseHealth had no false negatives. If it said a patient’s risk of developing a disease was less than 5%, the patient didn’t have the disease. This is important because you don’t want a filter to leave out any at-risk patients.

I have a number of questions about the article: how patients break down by age, race, and other demographics, for instance. There was also an intervention phase in the study: some patients took successful measures to reduce their risk factors. But the relationship of this intervention to BaseHealth, however, was not explored in the study.

Although not as good as a longitudinal study with a large patient base, the BaseHealth study should be useful to doctors and insurers. It shows that clinical research of apps is feasible. Menon says that a second study is underway with a larger group of subjects, looking at risk of stroke, breast cancer, colorectal cancer, and gout, in addition to the three diseases from the first study. A comparison of the two studies will be interesting.

Randomized Controlled Trials and Longitudinal Analysis for Health Apps at Twine Health (Part 2 of 2)

Posted on February 18, 2016 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://radar.oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The previous section of this article described the efforts of Dr. John Moore of Twine Health to rigorously demonstrate the effectiveness of a digital health treatment platform. As Moore puts it, Twine Health sought out two of the most effective treatment programs in the country–both Harvard’s diabetes treatment and MGH’s hypertension treatment are much more effective than the standard care found around the country–and then used their most effective programs for the control group of patients. The control group used face-to-face visits, phone calls, and text messages to keep in touch with their coaches and discuss their care plans.

The CollaboRhythm treatment worked markedly better than these exemplary programs. In the diabetes trial, they achieved a 3.2% reduction in diabetic patients’ A1C levels over three months (the control group achieved 2.0%). In the hypertension trial, 100% of patients reached a controlled blood pressure of less than 140/90 and the average reduction in blood pressure was 26mmHg (the control group had an average 16mmHg reduction and fewer than one-third of the patients went down less than 140/90).

What clinical studies can and cannot ensure

I see a few limitations with these clinical studies:

  • The digital program being tested combines several different intervention, as described before: reminders, messaging, virtual interactions, reports, and so on. Experiments show that all these things work together. But one can’t help wondering: what if you took out some time-consuming interaction? Could the platform be just as successful? But testing all the options would lead to a combinatorial explosion of tests.

    It’s important that interventions by coaches started out daily but decreased over the course of the study as the patient became more familiar and comfortable with the behavior called for in the care plans. The decrease in support required from the human coach suggests that the benefits are sustainable, because the subjects are demonstrating they can do more and more for themselves.

  • Outcomes were measured over short time frames. This is a perennial problem with clinical studies, and was noted as a problem in the papers. The researchers will contact subjects in about a year to see whether the benefits found in the studies were sustained. Even one year, although a good period to watch to see whether people bounce back to old behaviors, isn’t long enough to really tell the course of chronic illness. On the other hand, so many other life events intrude over time that it’s unfair to blame one intervention for what happens after a year.

  • Despite the short time frame for outcomes, the studies took years to set up, complete, and publish. This is another property of research practice that adds to its costs and slows down the dissemination of best practices through the medical field. The time frames involved explain why the researchers’ original Media Lab app was used for studies, even though they are now running a company on a totally different platform built on the same principles.

  • These studies also harbor all the well-known questions of external validity faced by all studies on human subjects. What if the populations at these Boston hospitals are unrepresentative of other areas? What if an element of self-selection skewed the results?

Bonnie Feldman, DDS, MBA, who went from dentistry to Wall Street and then to consulting in digital health, comments, “Creating an evidence base requires a delicate balancing act, as you describe, when technology is changing rapidly. Right now, chronic disease, especially autoimmune disease is affecting more young adults than ever before. These patients are in desperate need of new tools to support their self-care efforts. Twine’s early studies validate these important advances.”

Later research at Twine Health

Dr. Moore and his colleagues took stock of the tech landscape since the development of CollaboRhythm–for instance, the iPhone and its imitators had come out in the meantime–and developed a whole new platform on the principles of CollaboRhythm. Twine Health, of which Moore is co-founder and CEO, offers a platform based on these principles to more than 1,000 patients. The company expects to expand this number ten-fold in 2016. In addition to diabetes and hypertension, Twine Health’s platform is used for a wide range of conditions, such as depression, cholesterol control, fitness, and diet.

With a large cohort of patients to draw on, Twine Health can do more of the “big data” analysis that’s popular in the health care field. They don’t sponsor randomized trials like the two studies cited early, but they can compare patients’ progress to what they were doing before using Twine Health, as well as to patients who don’t use Twine Health. Moore says that results are positive and lasting, and that costs for treatment drop one-half to two-thirds.

Clinical studies bring the best scientific methods we know to validating health care apps. They are being found among a small but growing number of app developers. We still don’t know what the relation will be between randomized trials and the longitudinal analysis currently conducted by Twine Health; both seem of vital importance and they will probably complement each other. This is the path that developers have to take if they are to make a difference in health care.

Randomized Controlled Trials and Longitudinal Analysis for Health Apps at Twine Health (Part 1 of 2)

Posted on February 17, 2016 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://radar.oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

Walking into a restaurant or a bus is enough to see that any experience delivered through a mobile device is likely to have an enthusiastic uptake. In health care, the challenge is to find experiences that make a positive difference in people’s lives–and proving it.

Of course, science has a time-tested method for demonstrating the truth of a proposition: randomized tests. Reproducibility is a big problem, admittedly, and science has been shaken by the string of errors and outright frauds perpetrated in scientific journals. Still, knowledge advances bit by bit through this process, and the goal of every responsible app developer in the health care space is the blessing offered by a successful test.

Consumer apps versus clinical apps

Most of the 165,000 health apps will probably always be labeled “consumer” apps and be sold without the expense of testing. They occupy the same place in the health care field as the thousands of untested dietary supplements and stem cell injection therapies whose promise is purely anecdotal. Consumer anger over ill-considered claims have led to lawsuits against the Fitbit device manufacturer and Lumosity mental fitness app, leading to questions about the suitability of digital fitness apps for medical care plans.

The impenetrability of consumer apps to objective judgment comes through in a recent study from the Journal of Medical Internet Research (JMIR) that asked mHealth experts to review a number of apps. The authors found very little agreement about what makes a good app, thus suggesting that quality cannot be judged reliably, a theme in another recent article of mine. One might easily anticipate that subjective measures would produce wide variations in judgment. But in fact, many subjective measures produced more agreement (although not really strong agreement) than more “objective” measures such as effectiveness. If I am reading the data right, one of the measures found to be most unreliable was one of the most “objective”: whether an app has been tested for effectiveness.

Designing studies for these apps is an uncertain art. Sometimes a study may show that you don’t know what to measure or aren’t running the study long enough. These possible explanations–gentler than the obvious concern that maybe fitness devices don’t achieve their goals–swirl about the failure of the Scripps “Wired for Health” study.

The Twine Health randomized controlled trials

I won’t talk any more about consumer apps here, though–instead I’ll concentrate on apps meant for serious clinical use. What can randomized testing do for these?

Twine Health and MIT’s Media Lab took the leap into rigorous testing with two leading Boston-area partners in the health care field: a diabetes case study with the Joslin Diabetes Center and a hypertension case study with Massachusetts General Hospital. Both studies compared a digital platform for monitoring and guiding patients with pre-existing tools such as face-to-face visits and email. Both demonstrated better results through the digital platform–but certain built-in limitations of randomized studies leave open questions.

When Dr. John Moore decided to switch fields and concentrate on the user experience, he obtained a PhD at the Media Lab and helped develop an app called CollaboRhythm. He then used it for the two studies described in the papers, while founding and becoming CEO of Twine Health. CollaboRhythm is a pretty comprehensive platform, offering:

  • The ability to store a care plan and make it clear to the user through visualizations.

  • Patient self-tracking to report taking medications and resulting changes in vital signs, such as glycemic levels.

  • Visualizations showing the patient her medication adherence.

  • Reminders when to take medication and do other aspects of treatment, such as checking blood pressure.

  • Inferences about diet and exercise patterns based on reported data, shown to the patient.

  • Support from a human coach through secure text messages and virtual visits using audio, video, and shared screen control.

  • Decision support based on reported vital statistics and behaviors. For instance, when diabetic patients reported following their regimen but their glycemic levels were getting out of control, the app could suggest medication changes to the care team.

The collection of tools is not haphazard, but closely follows the modern model of digital health laid out by the head of Partners Connected Health, Joseph Kvedar, in his book The Internet of Healthy Things (which I reviewed at length). As in Kvedar’s model, the CollaboRhythm interventions rested on convenient digital technologies, put patients’ care into their own hands, and offered positive encouragement backed up by clinical staff.

As an example of the patient empowerment, the app designers deliberately chose not to send the patient an alarm if she forgets her medication. Instead, the patient is expected to learn and adopt responsibility over time by seeing the results of her actions in the visualizations. In exit interviews, some patients expressed appreciation for being asked to take responsibility for their own health.

The papers talk of situated learning, a classic education philosophy that teaches behavior in the context where the person has to practice the behavior, instead of an artificial classroom or lab setting. Technology can bring learning into the home, making it stick.

There is also some complex talk of the relative costs and time commitments between the digital interventions and the traditional ones. One important finding is that app users expressed significantly better feelings about the digital intervention. They became more conscious of their health and appreciated being able to be part of decisions such as changing insulin levels.

So how well does this treatment work? I’ll explore that tomorrow in the next section of this article, along with strengths and weaknesses of the studies.

Streamlining Pharmaceutical and Biomedical Research in Software Agile Fashion

Posted on January 18, 2016 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://radar.oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

Medical research should not be in a crisis. More people than ever before want its products, and have the money to pay for them. More people than ever want to work in the field as well, and they’re uncannily brilliant and creative. It should be a golden era. So the myriad of problems faced by this industry–sources of revenue slipping away from pharma companies, a shift of investment away from cutting-edge biomedical firms, prices of new drugs going through the roof–must lie with the development processes used in the industry.

Like many other industries, biomedicine is contrasted with the highly successful computer industry. Although the financial prospects of this field have sagged recently (with hints of an upcoming dot-com bust similar to the early 2000s), there’s no doubt that computer people have mastered a process for churning out new, appealing products and services. Many observers dismiss the comparison between biomedicine and software, pointing out that the former has to deal much more with the prevalence of regulations, the dominance of old-fashioned institutions, and the critical role of intellectual property (patents).

Still, I find a lot of intriguing parallels between how software is developed and how biomedical research becomes products. Coding up a software idea is so simple now that it’s done by lots of amateurs, and Web services can try out and throw away new features on a daily basis. What’s expensive is getting the software ready for production, a task that requires strict processes designed and carried out by experienced professionals. Similarly, in biology, promising new compounds pop up all the time–the hard part is creating a delivery mechanism that is safe and reliable.

Generating Ideas: An Ever-Improving Environment

Software development has benefited in the past decade from an incredible degree of evolving support:

  • Programming languages that encapsulate complex processes in concise statements, embody best practices, and facilitate maintenance through modularization and support for testing

  • Easier development environments, especially in the cloud, which offer sophisticated test tools (such as ways to generate “mock” data for testing and rerun tests automatically upon each change to the code), easy deployment, and performance monitoring

  • An endless succession of open source libraries to meet current needs, so that any problem faced by programmers in different settings is solved by the first wave of talented programmers that encounter it

  • Tools for sharing and commenting on code, allowing massively distributed teams to collaborate

Programmers have a big advantage over most fields, in that they are experts in the very skills that produce the tools they use. They have exploited this advantage of the years to make software development cheaper, faster, and more fun. Treated by most of the industry as a treasure of intellectual property, software is actually becoming a commodity.

Good software still takes skill and experience, no doubt about that. Some research has discovered that a top programmer is one hundred times as productive as a mediocre one. And in this way, the programming field also resembles biology. In both cases, it takes a lot of effort and native talent to cross the boundary from amateur to professional–and yet more than enough people have done so to provoke unprecedented innovation. The only thing holding back medical research is lack of funding–and that in turn is linked to costs. If we lowered the costs of drug development and other treatments, we’d free up billions of dollars to employ the thousands of biologists, chemists, and others striving to enter the field.

Furthermore, there are encouraging signs that biologists in research labs and pharma companies are using open source techniques as software programmers do to cut down waste and help each other find solutions faster, as described in another recent article and my series on Sage Bionetworks. If we can expand the range of what companies call “pre-competitive research” and sign up more of the companies to join the commons, innovation in biotech will increase.

On the whole, most programming teams practice agile development, which is creative, circles around a lot, and requires a lot of collaboration. Some forms of development still call for a more bureaucratic process of developing requirements, approving project plans, and so forth–you can’t take an airplane back to the hanger for a software upgrade if a bug causes it to crash into a mountain. And all those processes exist in agile development too, but subject to a more chaotic process. The descriptions I’ve read of drug development hark of similar serendipity and unanticipated twists.

The Chasm Between Innovation and Application

The reason salaries for well-educated software developers are skyrocketing is that going from idea to implementation is an entirely different job from idea generation.

Software that works in a test environment often wilts when exposed to real-life operating conditions. It has to deal with large numbers of requests, with ill-formed or unanticipated requests from legions of new users, with physical and operational interruptions that may result from a network glitch halfway around the world, with malicious banging from attackers, and with cost considerations associated with scaling up.

In recent years, the same developers who created great languages and development tools have put a good deal of ingenuity into tools to solve these problems as well. Foremost, as I mentioned before, are cloud offerings–Infrastructure as a Service or Platform as a Service–that take hardware headaches out of consideration. At the cost of increased complexity, cloud solutions let people experiment more freely.

In addition, a bewildering plethora of tools address every task an operations person must face: creating new instances of programs, scheduling them, apportioning resources among instances, handling failures, monitoring them for uptime and performance, and so on. You can’t count the tools built just to help operations people collect statistics and create visualizations so they can respond quickly to problems.

In medicine, what happens to a promising compound? It suddenly runs into a maze of complicated and costly requirements:

  • It must be tested on people, animals, or (best of all) mock environments to demonstrate safety.

  • Researchers must determine what dose, delivered in what medium, can withstand shipping and storage, get into the patient, and reach its target.

  • Further testing must reassure regulators and the public that the drug does its work safely and effectively, a process that involves enormous documentation.

As when deploying software, developing and testing a treatment involves much more risk and many more people than the original idea took. But software developers are making progress on their deployment problem. Perhaps better tools and more agile practices can cut down the tool taken by the various phases of pharma development. Experiments being run now include:

  • Sharing data about patients more widely (with their consent) and using big data to vastly increase the pool of potential test subjects. This is crucial because a a large number of tests fail for lack of subjects

  • Using big data also to track patients better and more quickly find side effects and other show-stoppers, as well as potential off-label uses.

  • Tapping into patient communities to determine better what products they need, run tests more efficiently, and keep fewer from dropping out.

There’s hope for pharma and biomedicine. The old methods are reaching the limits of their effectiveness, as we demand ever more proof of safety and effectiveness. The medical field can’t replicate what software developers have done for themselves, but it can learn a lot from them nevertheless.

Significant Articles in the Health IT Community in 2015

Posted on December 15, 2015 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://radar.oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

Have you kept current with changes in device connectivity, Meaningful Use, analytics in healthcare, and other health IT topics during 2015? Here are some of the articles I find significant that came out over the past year.

The year kicked off with an ominous poll about Stage 2 Meaningful Use, with implications that came to a head later with the release of Stage 3 requirements. Out of 1800 physicians polled around the beginning of the year, more than half were throwing in the towel–they were not even going to try to qualify for Stage 2 payments. Negotiations over Stage 3 of Meaningful Use were intense and fierce. A January 2015 letter from medical associations to ONC asked for more certainty around testing and certification, and mentioned the need for better data exchange (which the health field likes to call interoperability) in the C-CDA, the most popular document exchange format.

A number of expert panels asked ONC to cut back on some requirements, including public health measures and patient view-download-transmit. One major industry group asked for a delay of Stage 3 till 2019, essentially tolerating a lack of communication among EHRs. The final rules, absurdly described as a simplification, backed down on nothing from patient data access to quality measure reporting. Beth Israel CIO John Halamka–who has shuttled back and forth between his Massachusetts home and Washington, DC to advise ONC on how to achieve health IT reform–took aim at Meaningful Use and several other federal initiatives.

Another harbinger of emerging issues in health IT came in January with a speech about privacy risks in connected devices by the head of the Federal Trade Commission (not an organization we hear from often in the health IT space). The FTC is concerned about the security of recent trends in what industry analysts like to call the Internet of Things, and medical devices rank high in these risks. The speech was a lead-up to a major report issued by the FTC on protecting devices in the Internet of Things. Articles in WIRED and Bloomberg described serious security flaws. In August, John Halamka wrote own warning about medical devices, which have not yet started taking security really seriously. Smart watches are just as vulnerable as other devices.

Because so much medical innovation is happening in fast-moving software, and low-budget developers are hankering for quick and cheap ways to release their applications, in February, the FDA started to chip away at its bureaucratic gamut by releasing guidelines releasing developers from FDA regulation medical apps without impacts on treatment and apps used just to transfer data or do similarly non-transformative operations. They also released a rule for unique IDs on medical devices, a long-overdue measure that helps hospitals and researchers integrate devices into monitoring systems. Without clear and unambiguous IDs, one cannot trace which safety problems are associated with which devices. Other forms of automation may also now become possible. In September, the FDA announced a public advisory committee on devices.

Another FDA decision with a potential long-range impact was allowing 23andMe to market its genetic testing to consumers.

The Department of Health and Human Services has taken on exceedingly ambitious goals during 2015. In addition to the daunting Stage 3 of Meaningful Use, they announced a substantial increase in the use of fee-for-value, although they would still leave half of providers on the old system of doling out individual payments for individual procedures. In December, National Coordinator Karen DeSalvo announced that Health Information Exchanges (which limit themselves only to a small geographic area, or sometimes one state) would be able to exchange data throughout the country within one year. Observers immediately pointed out that the state of interoperability is not ready for this transition (and they could well have added the need for better analytics as well). HHS’s five-year plan includes the use of patient-generated and non-clinical data.

The poor state of interoperability was highlighted in an article about fees charged by EHR vendors just for setting up a connection and for each data transfer.

In the perennial search for why doctors are not exchanging patient information, attention has turned to rumors of deliberate information blocking. It’s a difficult accusation to pin down. Is information blocked by health care providers or by vendors? Does charging a fee, refusing to support a particular form of information exchange, or using a unique data format constitute information blocking? On the positive side, unnecessary imaging procedures can be reduced through information exchange.

Accountable Care Organizations are also having trouble, both because they are information-poor and because the CMS version of fee-for-value is too timid, along with other financial blows and perhaps an inability to retain patients. An August article analyzed the positives and negatives in a CMS announcement. On a large scale, fee-for-value may work. But a key component of improvement in chronic conditions is behavioral health which EHRs are also unsuited for.

Pricing and consumer choice have become a major battleground in the current health insurance business. The steep rise in health insurance deductibles and copays has been justified (somewhat retroactively) by claiming that patients should have more responsibility to control health care costs. But the reality of health care shopping points in the other direction. A report card on state price transparency laws found the situation “bleak.” Another article shows that efforts to list prices are hampered by interoperability and other problems. One personal account of a billing disaster shows the state of price transparency today, and may be dangerous to read because it could trigger traumatic memories of your own interactions with health providers and insurers. Narrow and confusing insurance networks as well as fragmented delivery of services hamper doctor shopping. You may go to a doctor who your insurance plan assures you is in their network, only to be charged outrageous out-of-network costs. Tools are often out of date overly simplistic.

In regard to the quality ratings that are supposed to allow intelligent choices to patients, A study found that four hospital rating sites have very different ratings for the same hospitals. The criteria used to rate them is inconsistent. Quality measures provided by government databases are marred by incorrect data. The American Medical Association, always disturbed by public ratings of doctors for obvious reasons, recently complained of incorrect numbers from the Centers for Medicare & Medicaid Services. In July, the ProPublica site offered a search service called the Surgeon Scorecard. One article summarized the many positive and negative reactions. The New England Journal of Medicine has called ratings of surgeons unreliable.

2015 was the year of the intensely watched Department of Defense upgrade to its health care system. One long article offered an in-depth examination of DoD options and their implications for the evolution of health care. Another article promoted the advantages of open-source VistA, an argument that was not persuasive enough for the DoD. Still, openness was one of the criteria sought by the DoD.

The remote delivery of information, monitoring, and treatment (which goes by the quaint term “telemedicine”) has been the subject of much discussion. Those concerned with this development can follow the links in a summary article to see the various positions of major industry players. One advocate of patient empowerment interviewed doctors to find that, contrary to common fears, they can offer email access to patients without becoming overwhelmed. In fact, they think it leads to better outcomes. (However, it still isn’t reimbursed.)

Laws permitting reimbursement for telemedicine continued to spread among the states. But a major battle shaped up around a ruling in Texas that doctors have a pre-existing face-to-face meeting with any patient whom they want to treat remotely. The spread of telemedicine depends also on reform of state licensing laws to permit practices across state lines.

Much wailing and tears welled up over the required transition from ICD-9 to ICD-10. The AMA, with some good arguments, suggested just waiting for ICD-11. But the transition cost much less than anticipated, making ICD-10 much less of a hot button, although it may be harmful to diagnosis.

Formal studies of EHR strengths and weaknesses are rare, so I’ll mention this survey finding that EHRs aid with public health but are ungainly for the sophisticated uses required for long-term, accountable patient care. Meanwhile, half of hospitals surveyed are unhappy with their EHRs’ usability and functionality and doctors are increasingly frustrated with EHRs. Nurses complained about technologies’s time demands and the eternal lack of interoperability. A HIMSS survey turned up somewhat more postive feelings.

EHRs are also expensive enough to hurt hospital balance sheets and force them to forgo other important expenditures.

Electronic health records also took a hit from ONC’s Sentinel Events program. To err, it seems, is not only human but now computer-aided. A Sentinel Event Alert indicated that more errors in health IT products should be reported, claiming that many go unreported because patient harm was avoided. The FDA started checking self-reported problems on PatientsLikeMe for adverse drug events.

The ONC reported gains in patient ability to view, download, and transmit their health information online, but found patient portals still limited. Although one article praised patient portals by Epic, Allscripts, and NextGen, an overview of studies found that patient portals are disappointing, partly because elderly patients have trouble with them. A literature review highlighted where patient portals fall short. In contrast, giving patients full access to doctors’ notes increases compliance and reduces errors. HHS’s Office of Civil Rights released rules underlining patients’ rights to access their data.

While we’re wallowing in downers, review a study questioning the value of patient-centered medical homes.

Reuters published a warning about employee wellness programs, which are nowhere near as fair or accurate as they claim to be. They are turning into just another expression of unequal power between employer and employee, with tendencies to punish sick people.

An interesting article questioned the industry narrative about the medical device tax in the Affordable Care Act, saying that the industry is expanding robustly in the face of the tax. However, this tax is still a hot political issue.

Does anyone remember that Republican congressmen published an alternative health care reform plan to replace the ACA? An analysis finds both good and bad points in its approach to mandates, malpractice, and insurance coverage.

Early reports on use of Apple’s open ResearchKit suggested problems with selection bias and diversity.

An in-depth look at the use of devices to enhance mental activity examined where they might be useful or harmful.

A major genetic data mining effort by pharma companies and Britain’s National Health Service was announced. The FDA announced a site called precisionFDA for sharing resources related to genetic testing. A recent site invites people to upload health and fitness data to support research.

As data becomes more liquid and is collected by more entities, patient privacy suffers. An analysis of web sites turned up shocking practices in , even at supposedly reputable sites like WebMD. Lax security in health care networks was addressed in a Forbes article.

Of minor interest to health IT workers, but eagerly awaited by doctors, was Congress’s “doc fix” to Medicare’s sustainable growth rate formula. The bill did contain additional clauses that were called significant by a number of observers, including former National Coordinator Farzad Mostashari no less, for opening up new initiatives in interoperability, telehealth, patient monitoring, and especially fee-for-value.

Connected health took a step forward when CMS issued reimbursement guidelines for patient monitoring in the community.

A wonky but important dispute concerned whether self-insured employers should be required to report public health measures, because public health by definition needs to draw information from as wide a population as possible.

Data breaches always make lurid news, sometimes under surprising circumstances, and not always caused by health care providers. The 2015 security news was dominated by a massive breach at the Anthem health insurer.

Along with great fanfare in Scientific American for “precision medicine,” another Scientific American article covered its privacy risks.

A blog posting promoted early and intensive interactions with end users during app design.

A study found that HIT implementations hamper clinicians, but could not identify the reasons.

Natural language processing was praised for its potential for simplifying data entry, and to discover useful side effects and treatment issues.

CVS’s refusal to stock tobacco products was called “a major sea-change for public health” and part of a general trend of pharmacies toward whole care of the patient.

A long interview with FHIR leader Grahame Grieve described the progress of the project, and its the need for clinicians to take data exchange seriously. A quiet milestone was reached in October with a a production version from Cerner.

Given the frequent invocation of Uber (even more than the Cheesecake Factory) as a model for health IT innovation, it’s worth seeing the reasons that model is inapplicable.

A number of hot new sensors and devices were announced, including a tiny sensor from Intel, a device from Google to measure blood sugar and another for multiple vital signs, enhancements to Microsoft products, a temperature monitor for babies, a headset for detecting epilepsy, cheap cameras from New Zealand and MIT for doing retinal scans, a smart phone app for recognizing respiratory illnesses, a smart-phone connected device for detecting brain injuries and one for detecting cancer, a sleep-tracking ring, bed sensors, ultrasound-guided needle placement, a device for detecting pneumonia, and a pill that can track heartbeats.

The medical field isn’t making extensive use yet of data collection and analysis–or uses analytics for financial gain rather than patient care–the potential is demonstrated by many isolated success stories, including one from Johns Hopkins study using 25 patient measures to study sepsis and another from an Ontario hospital. In an intriguing peek at our possible future, IBM Watson has started to integrate patient data with its base of clinical research studies.

Frustrated enough with 2015? To end on an upbeat note, envision a future made bright by predictive analytics.

How Much Patient Data Do We Truly Need?

Posted on November 23, 2015 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

As the demands placed on healthcare data increase, the drive to manage it effectively has of course grown as well. This has led to the collection of mammoth quantities of data — one trade group estimates that U.S. hospitals will manage 665 terabytes of data during 2015 alone — but not necessarily better information.

The assumption that we need to capture most, if not all, of a patient’s care history digitally is clearly driving this data accumulation process. As care moves into the digital realm, the volume of data generated by the healthcare industry is climbing 48% percent per year, according to one estimate. I can only assume that the rate of increase will grow as providers incorporate data feeds from mHealth apps, remote monitoring devices and wearables, the integration of which is not far in the future.

The thing is, most of the healthcare big data discussions I’ve followed assume that providers must manage, winnow and leverage all of this data. Few, if any, influencers seem to be considering the possibility that we need to set limits on what we manage, much less developing criteria for screening out needless data points.

As we all know, all data is not made equal.  One conversation I had with a physician in the back in the early 1990s makes the point perfectly. At the time, I asked him whether he felt it would be helpful to put a patient’s entire medical history online someday, a distant but still imaginable possibility at the time. “I don’t know what we should keep,” he said. “But I know I don’t need to know what a patient’s temperature was 20 years ago.”

On the other hand, providers may not have access to all of the data they need either. According to research by EMC, while healthcare organizations typically import 3 years of legacy data into a new EMR, many other pertinent records are not available. Given the persistence of paper, poor integration of clinical systems and other challenges, only 25% of relevant data may be readily available, the vendor reports.

Because this problem (arguably) gets too little attention, providers grappling with it are being forced to to set their own standards. Should hospitals and clinics expand that three years of legacy data integration to five years? 10 years? The patient’s entire lifetime? And how should institutions make such a decision? To my knowledge, there’s still no clear-cut way to make such decisions.

But developing best practices for data integration is critical. Given the costs of managing needless patient data — which may include sub-optimal outcomes due to data fog — it’s critical to develop some guidelines for setting limits on clinical data accumulation. While failing to collect relevant patient data has consequences, turning big data into astronomically big data does as well.

By all means, let’s keep our eye on how to leverage new patient-centric data sources like wearable health  trackers. It seems clear that such data has a role in stepping up patient care, at least once we understand what part of it is wheat and which part chaff.

That being said, continuing to amass data at exponential rates is unsustainable and ultimately, harmful. Sometimes, setting limits is the only way that you can be sure that what remains is valuable.