DOCSLIB.ORG

Rights in Health Data

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Rights in Health Data Rights in Health Data Yochai Benkler, William Fisher, and Kurt Walters January 2021 Version 3.1 Introduction .................................................................................................................................... 3 I. Business Initiatives ..................................................................................................................... 5 “Sloan Kettering’s Cozy Deal with Start-Up Ignites a New Uproar” ................................................ 5 “Hu-manity Wants to Create a Health Data Marketplace with Help from Blockchain” ................ 9 “GlaxoSmithKline strikes $300 million deal with 23andMe for genetics-driven drug research” . 10 “Google’s ‘Project Nightingale’ Gathers Personal Health Data on Millions of Americans” ......... 11 II. Laws ......................................................................................................................................... 14 A. United States ................................................................................................................................. 14 1. General Principles ........................................................................................................................................... 14 Greenberg v. Miami Children’s Hosp. Research Inst., Inc. ........................................................................... 14 Note on Patent Protection for DNA Sequences ............................................................................................. 24 2. The HIPAA Framework ................................................................................................................................. 25 3. State Systems .................................................................................................................................................. 28 New Hampshire ............................................................................................................................................. 28 Colorado ......................................................................................................................................................... 30 Indiana ........................................................................................................................................................... 33 B. European Union ................................................................................................................................ 34 III. Reform Proposals ................................................................................................................... 36 Property, Privacy, and the Pursuit of Interconnected Electronic Medical Records ....................... 36 Much Ado About Data Ownership ...................................................................................................... 41 1 Report to the President—Big Data and Privacy: A Technological Perspective .............................. 45 “President Weighs in on Data from Genes” ....................................................................................... 46 The President Says Patients Should Own Their Genetic Data. He’s Wrong ................................... 47 Oregon Senate Bill 703 .......................................................................................................................... 49 2 Introduction “Health data,” as we will use the term, refers to information about a person’s body relevant to that person’s health. Types include medical records; test results; information concerning medications, treatments, and the results thereof; genetic information; vital statistics; and demographic information.1 In recent years, the potential uses of such data have grown rapidly. Three developments have contributed to this trend. First, the technologies for gathering information of these sorts have improved. For example, genetic testing has become increasingly feasible and affordable, and growing numbers of people (at least in developed countries) now wear devices that monitor their vital signs. Second, the percentage of hospitals and health-care professionals who store information in electronic rather than paper form has increased sharply. In the United States, for example, usage of electronic health records grew from one in ten doctors in 2009 to nine in ten in 2018, spurred by federal incentivizing of the practice.2 Third, software that facilitates “mining” aggregations of that data has become increasingly sophisticated. The net result is that health data are now being harnessed in myriad ways. They include: • Diagnosis. Already algorithms developed using machine learning and large databases of test results have proven to be at least as accurate as trained pathologists in detecting tumors.3 • Treatment. For instance, analysis of data on patients’ responses to drugs are enabling identification of hitherto unknown adverse interactions between drugs, which in turn prompts physicians and pharmacies to avoid prescribing them in combination.4 Another example: several companies are now at work analyzing databases concerning multiple aspects of cancer patients and their treatment histories to create increasingly personalized treatment plans for future patients. 1 Cf. Jorge Contreras, The False Promise of Health Data Ownership, 94 N.Y.U. L. Rev. 624, 626 n.2 (2019) (using the term, “individual health information” in a similar sense). 2 Stanford Med., White Paper: The Future of Electronic Health Records 2 (2018), http://med.stanford.edu/content/ dam/sm/ehr/documents/EHR-White-Paper.pdf. 3 See Yun Liu et al., Detecting Cancer Metastases on Gigapixel Pathology Images, ArXiv (2017), https://arxiv.org/abs/1703.02442. 4 One of the most ambitious of these initiatives is FDA’s Sentinel System. Launched in 2008, it aspires to improve safety monitoring of FDA-approved treatments. Its priorities for the five years from 2019–23 center on “innovations emerging from new data science disciplines, such as natural language processing and machine learning,” and “expand[ing] its access to and use of electronic health records.” U.S. Food & Drug Admin., Sentinel System: Five- Year Strategy A1 (2019), https://www.fda.gov/media/120333/download. In fact, much of what the Sentinel System does is aggregate and analyze patient data: “Within a privacy preserving ‘distributed data system,’ the Sentinel Initiative applies data science to patient data derived from health insurance companies, healthcare systems and academic institutions (with electronic health record systems). Sentinel allows the FDA to better understand post- market safety issues and inform regulatory decisions to improve patient safety.” Murray Aitken et al., IQVIA Inst. for Human Data Sci., Advancing Human Data Science 21 (2019), https://www.iqvia.com/-/media/iqvia/pdfs/institute- reports/advancing-human-data-science.pdf. 3 • Reducing Medical Costs. For example, hospitals assess trends in bed use when considering how to allocate physical space.5 • Curbing Infectious Diseases. Several companies have drawn upon multiple sources of data to predict and thus block the transmission pathways that drive the COVID-19 pandemic.6 • Insurance and Advertising. Companies selling health insurance and medical treatments have an obvious economic interest in data concerning the health of their potential customers. Such companies typically disavow using data for these purposes, but some consumers and public-interest organizations are skeptical.7 The profits or savings associated with these various uses have given rise to a growing global market for health data. Estimates of the size of that market vary, but it surely now exceeds $20 billion per year.8 As these uses of health data have multiplied, controversies concerning who should have what rights to control or profit from them have become more common. This module considers how the law has resolved such controversies and how it could do so better. Part I describes four recent business initiatives that implicate in different ways these issues. Part II summarizes the legal rules that currently govern uses of health data in the United States and the European Union. Part III contains some proposals for reforming those rules. As you read these materials, try to answer the following questions: 1) In what ways can we expect that health data will be used in the future? 2) Which of the existing or potential uses of health data are socially beneficial? 3) To what extent should a person be entitled to prevent uses of data derived from his, her, or their body? 4) To what extent should a person be entitled to share in the revenue generated by uses of data derived from his, her, or their body? 5) To what extent should health-care providers be entitled to control or profit from uses of the information generated through the services they provide? 6) What does or should “privacy” entail in this new environment? 5 See Shaun A. Langley et al., A Methodology for ProJecting Hospital Bed Need: A Michigan Case Study, 5 Source Code for Biology & Med., no. 4, 2010, at 1, 1, https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2861647/. 6 See, for example, Jessica Kent, Machine Learning Tools Predict Impact of Quarantine on COVID-19, HealthITAnalytics (Apr. 22, 2020), https://healthitanalytics.com/news/machine-learning-tools-predict-impact-of- quarantine-on-covid-19; Christine Wei-Li Lee, UCLA Machine Learning Model is Helping CDC Predict Spread of COVID-19, UCLA Newsroom (May 18, 2020), https://newsroom.ucla.edu/releases/machine-learning-model-cdc- covid19;
Load more

Recommended publications
  • July 23, 2020 the Honorable William P. Barr Attorney General United
    July 23, 2020 The Honorable William P. Barr Attorney General United States Department of Justice 950 Pennsylvania Avenue, NW Washington, DC 20530 Dear Attorney General Barr: We write to raise serious concerns regarding Google LLC’s (Google) proposed acquisition of Fitbit, Inc. (Fitbit).1 We are aware that the Antitrust Division of the Department of Justice is investigating this transaction and has issued a Second Request to gather additional information about the acquisition’s potential effects on competition.2 Amid reports that Google is offering modest, short-term concessions to overseas enforcers to avoid a full-scale investigation of the transaction in Europe,3 we write to urge the Division to continue with its efforts to conduct a thorough and comprehensive review of this proposed merger and to take any and all enforcement action warranted by the law and the evidence. It is no exaggeration to say that Google is under intense antitrust scrutiny across the globe. As you know, the company has been under investigation for potential anticompetitive conduct across a number of product markets by the Department and numerous state attorneys general, as well as by a number of foreign competition enforcers, some of which are also reviewing the proposed Fitbit acquisition. Competition concerns about Google are widespread and bipartisan. Against this backdrop, in November 2019, Google announced its proposed acquisition of Fitbit for $2.1 billion, a staggering 71 percent premium over Fitbit’s pre-announcement stock price.4 Fitbit—which makes wearable technology devices, such as smartwatches and fitness trackers— has more than 28 million active users submitting sensitive location and health data to the company.
    [Show full text]
  • 4. Google Health a Number of Companies Offer to Store Personal
    4. Google Health A number of companies offer to store personal health records on the Web. Companies in this business hope to capitalize on the huge market of interested consumers seeking online health information and controlled health spending. The newest entry is Google Health with its technical know-how, deep pockets, and familiarity to consumers. A trial of Google's program with Cleveland Clinic patients was quickly oversubscribed, quelling fears that patients would worry about the security of their records. Google Health users will create their own electronic medical record online, with the capability to enter and manage health information and access it online from anywhere. This portable medical record will be accessible regardless of doctor, moves, insurance changes, etc. The record can be set to send reminders to refill prescriptions and schedule return medical visits. Permission from the patient is required to access the patient's record; however, there are important exceptions noted in the Google Health Terms of Service and Sharing Authorization to which users must agree when they sign on for the service. Google Health is free to users. Experts have long touted electronic medical records as a way to overcome the lack of coordination among health care providers. In addition, electronic records provide patients and providers with search capability linking information in the patient's records with information about health care alternatives, thereby giving patients more control over their health care choices. Access is available to patients, and to providers with patient consent. Google Health allows the patient to determine what information is shared with medical providers and pharmacies.
    [Show full text]
  • Testimony of Marc Donner, Director of Engineering, Google Health
    Testimony of Marc Donner, Director of Engineering, Google Health National Committee on Vital and Health Statistics Executive Subcommittee on Privacy, Confidentiality & Security Hearing on Personal Health Records May 20, 2009 Good afternoon and thank you for the opportunity to testify before the subcommittee on the important issue of Personal Health Records (PHRs). My name is Marc Donner and I am the Engineering Director for Google Health™. I have over thirty years of experience in engineering of hardware, software, and complex systems, and I hold a Ph.D. in Computer Science from Carnegie-Mellon University. My role on the Google Health team is to supervise the infrastructure and product design of Google Health. The focus of my attention is on ensuring our ability to scale, receive standards-compliant data from as many sources as possible, protect the integrity and privacy of PHR information, and increase the usefulness of Google Health data for our users. In my testimony today, I would like to focus on three main points: First, I'd like to discuss PHRs and their role in the healthcare industry. Second, I'll describe Google's health-related initiatives including Google Health, our own PHR product. Finally, I will make a handful of policy recommendations based on the experience that Google™ has had to date with health information technology generally and PHRs specifically. PHRs and how they fit into the bigger picture Google Health launched its PHR in the spring of 2008. In 2006, it was estimated that were roughly 200 PHRs. 1 In the past three years, many more products have emerged, along with Google’s offering.
    [Show full text]
  • Google's 'Project Nightingale' Gathers Personal Health Data
    Google's 'Project Nightingale' Gathers Personal Health Data on Millions of Americans; Search giant is amassing health records from Ascension facilities in 21 states; patients not yet informed Copeland, Rob . Wall Street Journal (Online) ; New York, N.Y. [New York, N.Y]11 Nov 2019. ProQuest document link FULL TEXT Google is engaged with one of the U.S.'s largest health-care systems on a project to collect and crunch the detailed personal-health information of millions of people across 21 states. The initiative, code-named "Project Nightingale," appears to be the biggest effort yet by a Silicon Valley giant to gain a toehold in the health-care industry through the handling of patients' medical data. Amazon.com Inc., Apple Inc. and Microsoft Corp. are also aggressively pushing into health care, though they haven't yet struck deals of this scope. Share Your Thoughts Do you trust Google with your personal health data? Why or why not? Join the conversation below. Google began Project Nightingale in secret last year with St. Louis-based Ascension, a Catholic chain of 2,600 hospitals, doctors' offices and other facilities, with the data sharing accelerating since summer, according to internal documents. The data involved in the initiative encompasses lab results, doctor diagnoses and hospitalization records, among other categories, and amounts to a complete health history, including patient names and dates of birth. Neither patients nor doctors have been notified. At least 150 Google employees already have access to much of the data on tens of millions of patients, according to a person familiar with the matter and the documents.
    [Show full text]
  • Future of Patient Data Patient of Future Insights from Discussions Multiple Around the Expert World
    Future of Patient Data Insights from Multiple Expert Discussions Around the World World Expert the Around Multiple Discussions from Insights FUTURE OF PATIENT DATA Insights from Multiple Expert Discussions Around the World 1 Future of Patient Data Insights from Multiple Expert Discussions Around the World World Expert the Around Multiple Discussions from Insights 2 Future of Patient Data Insights from Multiple Expert Discussions Around the World World Expert the Around Multiple Discussions from Insights FUTURE OF PATIENT DATA Insights from Multiple Expert Discussions Around the World 3 Contents Foreword 6 Acknowledgements 7 Introduction 8 Future of Patient Data Context 16 Shared Challenges 26 Integration 28 Ownership vs. Access 38 Trust 45 Insights from Multiple Expert Discussions Around the World World Expert the Around Multiple Discussions from Insights Security and Privacy 52 Future Opportunities 58 Personalisation 60 Data Marketplaces 68 The Impact of AI 73 New Models 86 Emerging Issues 96 Data Sovereignty 98 Digital Inequality 102 Privatisation of Health Information 111 The Value of Health Data 115 Conclusions 120 Questions 122 Appendix 124 4 Charts Project Summary 10 Healthcare Spend vs Life Expectancy 12 Growth In Healthcare Data 17 Doctors with EHR and Multifunctional Health IT Capacity 30 Consumers Willing To Share Health Data 46 Future of Patient Data Data Breach Cost Per Capita 53 Number of Personalised Medicines (US - 2008 to 2016) 63 Genetic Disorders with Diagnostic Tests Available 65 Number of Artifical-Intelligence Companies
    [Show full text]
  • Google's 'Project Nightingale' Gathers Personal Health Data on Millions Of
    11/14/2019 Google’s ‘Project Nightingale’ Gathers Personal Health Data on Millions of Americans - WSJ MEMBER MESSAGE How would you ix college admissions? We want your suggestions on making the process more transparent and less stressful. Share Your Story This copy is for your personal, non-commercial use only. To order presentation-ready copies for distribution to your colleagues, clients or customers visit https://www.djreprints.com. https://www.wsj.com/articles/google-s-secret-project-nightingale-gathers-personal-health-data-on-millions-of-americans-11573496790 ◆ WSJ NEWS EXCLUSIVE | TECH Google’s ‘Project Nightingale’ Gathers Personal Health Data on Millions of Americans Search giant is amassing health records from Ascension facilities in 21 states; patients not yet informed Google launched the eort last year with Ascension, the country’s second-largest health system. PHOTO: DAVID PAUL MORRISBLOOMBERG NEWS By Rob Copeland Updated Nov. 11, 2019 427 pm ET Google is engaged with one of the U.S.’s largest health-care systems on a project to collect and crunch the detailed personal-health information of millions of people across 21 states. The initiative, code-named “Project Nightingale,” appears to be the biggest effort yet by a Silicon Valley giant to gain a toehold in the health-care industry through the handling of patients’ medical data. Amazon.com Inc., AMZN 0.08% ▲ Apple Inc. AAPL -0.69% ▲ and Microsoft https://www.wsj.com/articles/google-s-secret-project-nightingale-gathers-personal-health-data-on-millions-of-americans-11573496790 1/5 11/14/2019 Google’s ‘Project Nightingale’ Gathers Personal Health Data on Millions of Americans - WSJ Corp.
    [Show full text]
  • THE DIGITAL HEALTH DEBATE Ci C
    THE DIGITAL i C C NOV 2015 HEALTH DEBATE i A REPORT ON HOW DOCTORS ENGAGE WITH DIGITAL TECHNOLOGY IN THE WORKPLACE THE DIGITAL HEALTH DEBATE 2015 | ©CELLO HEALTH INSIGHT FOREWORD i C C i PAUL MANNU Master Practitioner, Behavioural Insights pmannu@cellohealth.com Advances in digital technology have The research explores doctors’ perceptions Online interviews with become ubiquitous within healthcare, of how smart technology such as apps bringing about breakthroughs in diagnosis, and wearables can be used by patients to new treatment options and at the same better manage their health. time heralding the expansion of companies usually associated with technology into the The appendix section also includes our market place. findings on doctors’ preferences when 1,040 participating in research via a mobile app. certified doctors Enter Google Health, Apple Health, and Microsoft HealthVault. These major players Throughout this report, consideration has are accompanied by IBM with ‘Watson’, been given as to what the survey findings a new cognitive system that processes mean for pharmaceutical marketing information more like a human than a strategies. If you would like to know computer. IBM claim Watson will be able more about the specific relevance of this to ‘see’ medical images once its advanced research to marketing, sales and business image analytics and cognitive capabilities intelligence please get in touch. are merged with a newly acquired medical imaging management platform. For more information about the full extent of the survey research, please do not 8 The potential for these new and symbiotic hesitate to contact us. Markets relationships is vast and doctors are at the heart of it.
    [Show full text]
  • Accessible Telehealth - Leveraging Consumer-Level Technologies and Social Networking Functionalities for Senior Care
    Accessible Telehealth - Leveraging Consumer-level Technologies and Social Networking Functionalities for Senior Care Jaspaljeet Singh Dhillon and Burkhard C. Wunsche¨ and Christof Lutteroth Department of Computer Science, University of Auckland, New Zealand jran055@aucklanduni.ac.nz, burkhard@cs.auckland.ac.nz, lutteroth@cs.auckland.ac.nz Abstract— The increasing cost of healthcare represents a our framework for a novel telehealth system and Section V serious challenge to most developed countries. Telehealth has and VI explain its design and implementation, respectively. been widely promoted as a technology to make healthcare more We evaluate our prototype in Section VII and conclude the effective and affordable. However, current telehealth systems suffer from vendor lock-in and high cost, and are designed paper in Section VIII with a summary of our contributions for managing chronic diseases, rather than preventing them. and future work. In this paper we evaluate technologies for supporting senior health consumers. Based on this we propose a framework for a II. CONSUMER-LEVEL HEALTH INFORMATICS novel telehealth system overcoming many of the shortcomings APPLICATIONS of existing technologies. The new system is web-based, has a Facebook-like plug-in architecture for adding new health The most common consumer-level health informatics ap- applications, and incorporates social networking functionalities. plications are telehealth systems, health record management We discuss the challenges in implementing the system, and systems, health information websites, and exergames. summarize a user study evaluating the system. Our results Telehealth systems consist of vital signs measurement de- demonstrate that health consumers have a positive view of this vices and a patient station, which allows interaction between new telehealth technology, and that it can positively change the attitude of users towards their health.
    [Show full text]
  • Is Your Company Googling It's Security and Privacy Away? Raj
    Is Your Company Googling It’s Security and Privacy Away? Raj Goel investigates. It’s no secret that Google retains search data and metadata regarding searches—in fact, they’re quite open about it. What’s unsure though is the long-term threat to information security and privacy. Most consumers regard privacy as a basic right. They do not expect their private transactional details—whether it’s what they purchased or complained about, or how they paid for the purchase—to be part of the public record. As long as companies have retained consumer data, there have been privacy breaches. Stone tablets, paper ledgers, data warehouses—it doesn’t matter how you store it, eventually, some of it will leak out. Here are some examples of the ways that data has been leaked: • Criminal acts: theft of data; insiders selling data • Carelessness: putting unshredded paper records in the trash bin; shipping unencrypted backup tapes • Lack of privacy awareness: prior to legislation such as the Healthcare Insurance Portability and Accountability Act, it was legally acceptable to place records in the trash; using personally identifiable numbers such as Social Security numbers as primary keys even though the various amendments to the Social Security Act reserved the use of SSNs to the US Treasury • Going out of business: once a company ceases operations, all privacy policies are null and void. What’s Google Role? So far, Google hasn’t lost information, other institutions have. However, Google plays an ever-increasing role in our consumer and business lives. It has built a substantial business and reputation, which could pose a serious threat to consumer privacy worldwide.
    [Show full text]
  • Changing the Game: Tech Briefs August 2007
    the way we see it Changing The Game: Monthly Technology Briefs January 2009 Google Health: A Business Technology & Web 2.0 Use Case Read the Capgemini Chief Technology Officers’ Blog at www.capgemini.com/ctoblog Google Health: A Business Technology & Web 2.0 Use Case The UK government got the wrong type of headlines for its attempt to provide shared access to health records across hospitals, doctors, and other health professionals when its NHS Connecting for Health program ran into difficulties. At the same time, Google was successfully delivering an almost identical program called Google Health in North America. The difference was that the techniques used by the UK NHS (National Health Service) program were based on conventional database driven management. It attempted to build a huge master database that would combine all the necessary data and was then surrounded by various user applications. The questions of scale and governance were only outweighed by those of security and authorization. Google Health takes an entirely different approach and is a good example of a Business Technology (BT) solution that is built using Web based technology. The solution is also powered by the Cloud as an ‘Invisible infostructure’. Web Services are deployed to provide ‘Interactions rather than Transactions’. Users have a high degree of freedom in how they choose to personalize their use of the health records: the ‘You Experience’. This combination, with many other sources of information, is a prime example of how to ‘thrive on data’. The whole system is built upon a ‘Standards based’ approach and allows the invocation of flexible ‘Process on the Fly’ between participants that can connect to existing IT applications when necessary.
    [Show full text]
  • Using Google to Search for Articles in the Health Sciences
    Using Google to search for articles in the Health Sciences You may have had a professor who said, “Don’t use Google to do your research.” Or you may have heard, “Only use the library databases.” Well, I’m going to let you in on a little secret. Google can actually be a great tool for searching for articles in the Health Sciences. Google is a very powerful search engine, and you can use it to find lots of good material. The problem is it’s a double edged sword. Along with the good stuff, you can also get a lot of junk in the form of bogus websites, advertisements, mindless blogs, and so on. So this tutorial is designed to show you a few tips on how to use Google to find credible sources of information. First, if you’re looking for peer-reviewed articles, I’d recommend switching from Google to Google Scholar. If you’re not familiar with it, Google Scholar is a module of Google that searches the scholarly literature and locates articles, theses, books, abstracts, court opinions, and patents, thus eliminating the junk you’d get searching in regular Google. To get to Google Scholar, simply enter the url scholar.google.com. You’ll see the landing page is similar to regular Google, but the results will be different. Let’s try the search high blood pressure diet exercise vitamin c. There is a date filter on the left side of the results page. Sometimes you are asked to only use articles from the last 5 years, or some similar date restriction.
    [Show full text]
  • April 5, 2012 Isabelle Falque-Pierrotin Presidente CNIL 8, Rue
    April 5, 2012 Isabelle Falque-Pierrotin Presidente CNIL 8, rue Vivienne 75002 Paris, FR Re: Google Dear Madame la Presidente, Thank you for your letter and questionnaire of March 16, 2012, responding to our letter to you of February 28, 2012. We are happy to provide the additional information you request. Your questionnaire is wide ranging, covering a number of technical and legal areas in detail. Only some of the 69 questions you ask relate to our new Privacy Policy changes specifically, with many of the questions exploring broader privacy matters. While we are committed to providing the CNIL and all European data protection authorities with answers to the questions asked, we will, as agreed with your staff, need slightly longer than the time you have suggested to respond. As an interim step, we attach our responses to questions 1 to 24. The rest will follow as soon as complete. In addition to our written responses, Google would, as noted in our letter of February 28, 2012, also welcome the chance to meet with the CNIL to explain and discuss Google’s approach to providing information to users. This is an important issue for us. We have taken a great deal of time and care in designing our approach. In our very first letter to the CNIL on this topic, we emphasised that while we did not feel able to pause the implementation of our Privacy Policy, we would welcome the opportunity to discuss how and where Google provides information to our users. We have reached out many times to the CNIL asking for a meeting to discuss this, and we make that offer again now.
    [Show full text]