We know we mentioned Valentine’s Day last week, but we couldn’t resist revisiting the topic to share some #healthpolicyvalentines. Those participating in the annual hashtag campaign tweeted tongue and cheek, pun-filled “love notes” this week about some of the nation’s top issues. That includes drug pricing, insurance coverage and surprise hospital bills. Even the heads of the FDA and CMS took part along with reporters and healthcare wonks.
@Health_Affairs: I think I love you, but we need to generate some real world evidence before issuing any further decisions.
@ScottGottlieb: Some pills are red, some pills are blue, All are safe and effective, If they undergo FDA review.
@SteveJoffee: Roses are red, right to try is in full force, best route to treatment? Expanded Access, of course.
@sportmanMPH: If your love was a drug, it wouldn’t be generic. @US_FDA would have no division for love so chimeric.
@shefalil: Our love is like health care: **Nobody** knew it could be so complicated.
Now, on to the news… and what you need to know right now about data privacy.
The biggest health IT shindig of the year, the Health Information Management Systems Society (HIMSS) annual meeting, occurred this week. In our ongoing series on health IT, we’re talking data security.
Millions of health records are breached every year. In fact, one of the biggest breaches in 2018, a hack of billing vendor AccuDoc Solutions, exposed the health information of 2.65 million patients. It’s a major issue in healthcare and pretty scary from a business and patient perspective.
Among those looking to purchase patient data are pharma companies. In fact, they are buying data from payers, tech companies, patient groups and DNA companies, such as 23andMe, to gather real world evidence and support drug development. While it’s incredibly useful and leads to more informed decision-making, they’re opening themselves up to significant risk. Pharma companies are growing their IT and digital departments to try to prevent disaster and maintain trust, but communicators and the C-suite must also prepare for what happens if a breach does occur. That may include, under law, alerting patients, government authorities and the media. It’s also important to stay on top of state disclosure requirements as a lot of the action is happening at that level…as well as global implications with GDPR.
Providers sharing data with each other, and with patients, sounds great in theory, but it also presents significant risk. And that risk could be growing. The Administrator of CMS, Seema Verma, announced an initiative this week to increase patient access to their health data and facilitate better information exchange among providers. The Interoperability and Patient Access Proposed Rule outlines opportunities to “make patient data more useful and transferable through open, secure, standardized, and machine-readable formats while reducing restrictive burdens on healthcare providers.” For patients, the proposal requires third party applications and developers to provide the access to data, creating a vulnerability.
Patients may not realize that they can be complicit in putting their own security at risk. More than 26MM people have taken an at-home ancestry test. Though, some of these tech companies, like 23andMe and GedMatch, provide their data to pharma companies and even law enforcement. As Antonio Regalado puts it in MIT Tech Review, “Our DNA, just like our posts on social media or our location data, is at the mercy of user agreements [that] none of us have any control over or even bother to read."
So What Now?
Beyond putting rigorous data protection processes in place and frequent security testing, it is important that life sciences professionals at all levels are aware of privacy protections and policies.
Our advice: Prepare for the worst and hope it doesn’t happen. But, if it does – you’ll be ready. We help life sciences companies create response protocols, scenario plans and crisis simulations. Put us on speed dial!
For patients, read the fine print! Most doctors’ offices require you to sign a privacy notice. And, apps and at-home DNA kit makers provide information about their privacy protections when you sign up. Don’t just scroll to the bottom and pay attention for those notices about changes in policies.
Who wrote this? The managing editors of TWTW are Randi Kahn, who has plans to see over 20 concerts in 2019 and Dana Davis, who made her flight out of town by the skin of her teeth.
Did someone forward this to you? You’re so lucky! Sign up to receive TWTW every week.
Feeling nostalgic? We get it. Check out old TWTW issues here.