Offer a doctor a new application or solution and his first question is always, “why do I need this” followed by “does it reduce my workload”. Data-driven solutions often fail to offer significantly satisfying answers to these questions, literally disqualifying themselves before they even step out the starting gate.

If you cannot convince your target sales market that it requires your solution, it’s time to reconsider both your solution and strategy. Many new solutions offering patients ownership of their PHI will fall by the wayside as they fail to correctly address their market and the patient’s actual needs.

What do patients really want?

Ownership of their health data? Really? How many patients fully understand the power and benefits offered by ownership and control of their PHI? It has been my experience that when a lengthy explanation is required to sell something, the sale is a non-starter. Many of the new companies developing solutions for this market assume patients will be beating a path to their door. Why should they? Patients need to be incentivized.

Full disclosure, I am involved in the industry, in conjunction with colleagues seeking to develop a system that will empower patients by ensuring their ownership and control of their PHI. We are however setting about the process a little differently, simply because we don’t believe selling the general public on the importance of their PHI is possible. Not if broadscale adoption is important to the success of a platform.

We believe what patients really want are immediate tangible benefits associated with their healthcare. Cash in their pockets and actual engagement in the processes that determine their care. Let me explain and I will use our business model to outline how we currently perceive the market.

We are developing five separate patient-focused solutions that will eventually underpin a PHI system. Solutions that offer exactly these benefits; paid health surveys, access to paid clinical trials, paid social media sharing tools, the sale of health-related content, and more. All our solutions will be Web 3.0 compliant and built on the blockchain using smart contracts, but again, don’t confuse features with benefits. Features rarely sell something.

Unlike conventional approaches, we aren’t knocking on the patient’s door with a complex data tool that manages their PHI. In our case, the PHI solution will be added, almost as an afterthought, onto a platform enjoyed by thousands of customers already utilizing our “introductory” suite of tools. Trust will already be established with our client base and much of the relevant data required to populate the patient’s PHI will already exist within our eco-system. 

Trust versus benefit

Perhaps the most damaging fallout from the pandemic has been to the public and the healthcare sector relationship. Misinformation and horrendous pandemic mismanagement have cost the relation years of hard-earned trust. Large swathes of the public now view the industry as a whole with a mixture of disdain and distrust. As unpleasant as this may be to accept, it is a fact and the damage will take years to repair.

We cannot however wait years. We MUST return ownership of health data to the patient. Common sense and ever-increasing risks from data theft and the illicit sharing and sale of PHI (another nasty but undeniable fact) demand it. How we set about this process matters and for effective adoption, we have to develop with the patient in mind. 

Their needs, their priorities, and their limited understanding of the power that resides in their data all need to be addressed. Enable and educate. Rather than offering them ownership of an asset, the value of which they don’t fully grasp, I believe we start by allowing patients to share in the profits generated by their data, sharing in the processes that determine their health, and placing them on an equal footing in the patient/provider relationship.

Simple, functional tools are required to achieve this. tools that will lead to the eventual establishment of a leveled playing field, restoring trust and improving communication between the two key elements in healthcare. The providers and their patients.

Blinded by the light

All the above would appear reasonably self-evident. Most patients and many within healthcare would agree with the views I have expressed above and yet we are still forging ahead with project after project that ignores these basic fundamentals, not only where patients are concerned, but also for providers.

Not enough basic research is being performed into the actual need for a solution, in either of the above groups. The best-conceived ideas that fly on paper often crash spectacularly on execution. Understanding, really understanding, the market you are developing for is perhaps the most important part of your business model. Needs drive adoption, practical and simple drive adoption. Innovation is not a need and cannot create one where none are perceived.

Speak to your market, understand your market and engage with it, long before you decide to cure it of ills you perceive from afar. As investors become more circumspect about the “fake it till you make it” mindset that pervades startups, acquiring seed capital will become far more challenging. Doing your homework will pay off in ways you cannot imagine and benefit both you and your target audience, patients and providers alike.

The post What’s in it for me? Encouraging patient ownership of PHI Data appeared first on Medika Life.

Julie had been struggling for months to find a therapist to help her deal with increasing levels of anxiety. Finally, out of frustration and a desperate need for care, she settled on a therapist nearly five hundred miles away. Her sessions with the therapist, rather than being in person, would be virtual.

Julie is just one of the hundreds of thousands of Americans who have discovered the benefits of telemedicine. The platform of video is perfectly suited to therapy. In fact one could argue that moving forward, mental health will become the natural home of telemedicine.

Patients can describe their full range of symptoms and the visual medium allows the therapist to evaluate their client more clearly. Perhaps more so than in a traditional setting as one-on-one calls are devoid of the distractions real-life settings offer. More importantly, distance no longer limits access to immediate care. Even country borders are no obstacle to the telehealth platform.

Telehealth, Telemedicine, or Virtual Health, take your pick, has been around for well over a decade. It never quite caught on and then, along came a virus. The rest is history. It’s now a catchphrase on the lips of every software developer, medical startup, and healthcare application developer across the globe.

The age of remote medicine has arrived.

But has it, really? Is the current infatuation merely driven by quarantines and the pandemic? When restrictions are lifted and we return to ‘normal’ will people once again prefer the option of ‘up close and personal’. For many aspects of medicine, there is no substitute for in-person consultations.

This is a discussion currently taking place in many medical circles, but one of the sectors that don’t look as though it will fall out of love with Telehealth any time soon is mental health. In fact, there are a growing number of applications hitting the market that target exactly this sector and it’s here that data issues are starting to raise eyebrows.

Commercializing Medicine

Get your consult and get your meds, all on the same platform. Spend a few minutes chatting to a qualified therapist or doctor and we’ll deliver your prescription the same day. It’s the promise of instant gratification and service. Sounds really good, but is it?

What we’re now seeing in the marketplace is concerning. A mostly unregulated prescribing machine to sell psychotropics and other regulated medicines. An automated conveyor belt that’s going to exacerbate America’s drug dependency at a rate hitherto impossible.

Telemedicine is, for many unscrupulous pharmacists, therapists and doctors, a digital pot of gold.

Telemedicine offers another massive windfall to companies that develop platforms. Patient data. This is where the real money lies and this is how the companies set about getting their hands on it.

The companies record your ‘private’ discussion with your doctor or therapist. Simple isn’t it. In fact, it is so simple and so easily done that most platforms openly admit to the practice. Here’s an example of a platform that is guilty of all the indiscretions listed here, Cerebral, a mental health platform to access telehealth. Their company structure is so obscure we were unable to find a contact person to approach for comment.

The next time you engage online with your therapist or doctor, remember you aren’t just speaking to that person, you may be addressing the entire internet. The normally hallowed medical sanctum of a consulting room with two people and an occasional dictaphone doesn’t exist in the digital world. Companies offering Telehealth platforms will tell you they’re recording your conversations in their terms and conditions and some will refer to obscure PHI and HIPAA statements. Some don’t even bother.

Your entire call is recorded and this information is stored for later analysis, either by A.I. which searches for keyphrases, or by human ears. Your deepest, darkest secrets, fears, and other conditions are now a part of the public domain and companies have now learned the value of patience. Responding immediately to farmed data creates a reference point that is fresh in the customer’s mind. Wait two weeks and memory won’t be recalled that easily or the associations made.

Medical data is one of the most sought-after commercial commodities. Think of the potential for monetization from your ‘private session’.

Huts told your therapist you feel like you’re being stalked? Suddenly you’re inundated with offers from security companies offering you home surveillance and more. Feeling a little suicidal? Suddenly your insurance premiums increase, you’re refused cover, and forget getting a bank loan. You may even be approached by organ donor companies.

Sounds far-fetched doesn’t it but you’ve only got to do one search on Google for a toaster and then let me know how many of the subsequent emails, advertisements, and other digital info that cross your path in the next few days refers to toasters or companies that sell microwaves.

Talk to a friend on Facebook about your toaster needs and the same thing happens. You don’t even need to type out the word. Algorithms scan your speech while you’re speaking and only saying the word will be enough to trigger the advertising. There are no ‘how weird is this’ coincidences in the digital world, just effective data harvesting.

Health is different though. Your Private Health Information (PHI) is considered sacred under the law and a lot is done by regulators to ensure it remains private. The reason is simple. Possession of this information by companies and non-medical entities can seriously prejudice you.

HIPAA was created exactly for this reason and I’ve written before on this topic. You can read more about this here. The problems HIPAA now faces are those highlighted in the linked article. No one could foresee the speed of development and deployment of digital technology. We’re playing catchup and some sectors haven’t even realized a game has been called.

As such, current patient privacy legislation looks more like Swiss cheese than a solid firewall to protect your privacy and data. Add to this the complication of non-medical companies now embedding themselves in the healthcare industry and you’re left with huge data privacy issues.

There is no clear solution to this issue for either the patient or the provider unless you’re able to bypass Telehealth platforms and communicate directly with your therapist or doctor via a platform like Skype or Xoom. Direct one on one communication that bypasses the data leeches.

It obviously isn’t a sustainable solution for the long term but does overcome privacy concerns and will offer both the patient and the therapist the benefit of privacy for their doctor-patient interaction.

Why is this happening

The short answer is that healthcare is ripe for exploitation by corporate and commercial ventures. There are vast sums of money to be made out of health, but simply providing a platform isn’t, on its own, lucrative enough to warrant the investments these companies require. The most effective means of monetization lies in harvesting data and onselling or using the data to generate internal sales.

Another ploy is to incorporate various services under a single umbrella, hence the association between telehealth and pharmacies. From a commercial standpoint, it’s a match made in heaven, and most pharmacies are only too eager to join in. Legislation and regulation don’t really exist yet to control these new entrants to the health sector and while the suns out, everyone is making hay.

Currently, the digital health sector is a wild west wonderland where fortunes can be made overnight and most of these are made at the patients’ expense.

What can therapists and doctors do?

As a responsible practitioner, you will know just how important PHI is. You’ll also know that the sanctity of the relationship you enjoy with a patient or client is integral to the practice of ethical medicine.

Not all Telehealth platforms are guilty of the practices described above and you can, with care and due diligence, identify ones that pose the least risk to both you and your patient. Platforms that don’t record conversations usually state this clearly and have very visible PHI and HIPAA statements on their websites. These are generally more trustworthy, but you still need to dig into the terms and conditions.

A mixture of services, particularly those seeking to simplify the prescribing of medicines, is a clear warning that commercial interests are at play.

What can patients do?

There really isn’t anywhere for you as a patient to go with this. Most platforms will ensure that they bury a clause in their terms and conditions that implies you’re fine with them recording your calls and that you agree to their subsequent use of your data for any reason they see fit,

No one ever reads these documents and you’re often not shown them. Simply downloading an app or opening a browser can also constitute your agreement to the terms of the platform. You’ve just given the company carte blanche to do whatever they like with your most personal and intimate data.

I mentioned earlier that healthcare data is sought after and nowhere is this more true than on the dark web. For this reason, many of the companies that record your calls are targeted by hackers.

Most data breaches are covered up and never disclosed. The smaller and more obscure companies with all their eggs in the app basket you’re using are particularly guilty of covering up data breaches. Their portfolios are not diverse enough to absorb the fall-off in customer confidence in their product and therefore disclosure is avoided.

The simplest thing to do is to follow the advice given above for now and try and engage directly on a person-to-person Skype or Xoom call. Companies will over time develop solutions to properly secure patient data, Medika itself is exploring a solution, but until these products become commonplace or enforced in the marketplace, can you afford to risk your identity and privacy.

The post What You Say on TeleHealth Doesn’t Stay on Telehealth. How Patient Data is Under Threat appeared first on Medika Life.

For anyone in the health sector who doesn’t recognize this as a serious issue, ask yourself the following question. Do you realize that by collecting and disseminating your patient’s information, for the purposes of providing care and treatment, you may in fact be risking your patient’s potential future access to care and services? This current status quo, completely counterintuitive to the pursuit of good medicine, is, I assume, not what you signed up for.

If you arent American, don’t worry, this article affects you just as much, as the forces at play in healthcare in America pervade the industry globally. Your patient data is now freely available to commercial companies that have no business holding or dealing with medical records. This information or data is now used commercially to enable advertising and revenue streams, for selling you products and services or selectively punishing you with the refusal of services or increased premiums, all based on your medical profile, and increasingly, you covid vaccination status.

In this article, I will examine and provide evidence of how private American health care data is being exploited and commercialized, how companies like StarNetworkHealth and Vacmobile are placing your personal health information at risk. I will show you how HIPAA has not kept track of the flood of digital technology swamping healthcare and why it is in desperate need of modernization and strict regulation.

Our world in 1996 (HIPAA’s Birth Date) was a far cry from the one we now find ourselves in. Cellphones were heavy enough to inflict serious bodily harm and green screens still occupied office space. In much the same way social media requires a whole new raft of legislation designed specifically to regulate it, digital health requires its own set of regulatory guidelines, particularly with regard to protecting patients and their data.

To understand how the system currently functions and why this is happening we need to first examine the regulatory arm, ostensibly under the control of Health and Human Services (HHS). If this isn’t your cup of tea, you can skip over this section, but it is key to understanding the problem.

What is HIPAA?

In 1996 the importance of the security and privacy of patient data in the U.S. was recognized with the creation of a federal law. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. 

The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule. I

It’s important to understand exactly how this privacy rule functions, as it has an inbuilt flaw relating to the commercial use of your data by companies associated with healthcare, who don’t necessarily have anything to do with your health.

The HIPAA Privacy Rule

The Privacy Rule standards address the use and disclosure of individuals’ health information (known as “protected health information”) by entities subject to the Privacy Rule. These individuals and organizations are called “covered entities.” The Privacy Rule also contains standards for individuals’ rights to understand and control how their health information is used. 

A major goal of the Privacy Rule is to ensure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high-quality health care and to protect the public’s health and well-being. The Privacy Rule strikes a balance that permits important uses of information while protecting the privacy of people who seek care and healing.

All sounds really good and the principles that drive HIPAA are great, in theory, but there’s a rub, as I will show you, and it has to do with the part of the statement above I’ve highlighted in bold. Let’s look at two groups within that “covered entities” category.

• Healthcare clearinghouses: Entities that process nonstandard information they receive from another entity into a standard (i.e., standard format or data content), or vice versa. In most instances, healthcare clearinghouses will receive individually identifiable health information only when they are providing these processing services to a health plan or healthcare provider as a business associate.
• Business associates: A person or organization (other than a member of a covered entity’s workforce) using or disclosing individually identifiable health information to perform or provide functions, activities, or services for a covered entity. These functions, activities, or services include claims processing, data analysis, utilization review, and billing.

There a massive amount of scope within this definition. What exactly are the permitted uses for your health data currently under the HIPAA Privacy Rule? A covered entity is permitted, but not required, to use and disclose protected health information (PHI), without an individual’s authorization, for the following purposes or situation. Note, I’ve omitted the medically related conditions below, refer to the HPAA link above for a full list.

• Public interest and benefit activities — The Privacy Rule permits use and disclosure of protected health information, without an individual’s authorization or permission, for 12 national priority purposes

1. When required by law
2. Public health activities
3. Victims of abuse or neglect or domestic violence
4. Health oversight activities
5. Judicial and administrative proceedings
6. Law enforcement
7. Functions (such as identification) concerning deceased persons
8. Cadaveric organ, eye, or tissue donation
9. Research, under certain conditions
10. To prevent or lessen a serious threat to health or safety
11. Essential government functions
12. Workers compensation

• Limited dataset for research, public health, or healthcare operations

What Restrictions Regulate a “Covered Entity”?

To comply with the HIPAA Security Rule, all covered entities must do the following:

• Ensure the confidentiality, integrity, and availability of all electronic protected health information
• Detect and safeguard against anticipated threats to the security of the information
• Protect against anticipated impermissible uses or disclosures
• Certify compliance by their workforce

Covered entities should rely on professional ethics and best judgment when considering requests for these permissive uses and disclosures. The HHS Office for Civil Rights enforces HIPAA rules, and all complaints should be reported to that office. HIPAA violations may result in civil monetary or criminal penalties.

There’s the rub, right there in that last paragraph. It is naive and ridiculous to expect commercial enterprises that are driven by profit to exhibit the professional ethics required of the health industry. They care about their bottom line and will sell your personal medical data down the commercial river at their first opportunity unless of course, they’ve inadvertently shared it already with the dark web.

Of course, if you inadvertently sign away your rights, then you’re completely at the mercy of these companies. Expecting private patients to understand and monitor their own data is an impossibility and the responsibility for the ethical management of patient data has to rest with the industry.

Covid Vaccines and Commercialization

To examine how your data is at risk I am going to use two companies, whose details were inadvertently provided to us by a PR firm, RLM Public Relations, via an unsolicited press release we most certainly aren’t going to promote. 

The companies in question are Vacmobile and VIP Star NETWORK. The former provides a mobile app for vaccination records and history and the latter uses vaccination data and related services to enable the movie industry and related companies to function in a vaccinated environment.

They are connected, feeding data to each other, and the first indicator of a warning flag was the following text contained in the marketing firm’s email.

Vacmobile Health Passes, which track COVID-19 test results and vaccinations, will allow individuals and organizations to safely resume face-to-face interactions. Vaccination records are required by law for school and college enrollment, some employment, international travel and other use cases.

The statement is a typical marketing one, stating one fact and then another. The two unrelated facts allow you to form an association. It’s a childish and overworked ploy and I despise its use in a healthcare setting. We see it used over and over by quacks and compnies creating false associations and fear to sell their versions of health.

Medika has made no secret of our views on vaccine-based passports. They are fundamentally flawed, open to data abuse, and discriminatory by their very nature. They also reduce the patient’s freedom of choice when it comes to getting vaccinated. We are not anti-vaccine at all, however, the covid vaccines can’t under any medical applied definition be classified as ‘tested’ vaccines that comply with normal industry standards.

These are Emergency Use Authorization (EUA) vaccines only, in many ways still experimental, and they are completing their last phase of testing in a live environment. If the vaccines fulfilled the FDA’s criteria for registration they would have received full authorization. This fact cannot be argued and to do so is disingenuous and misleading. We are in a jam with Covid and we’ve bent the rules to try and save lives. 

So let’s get back to our two companies and see how these companies, designed specifically to commercialize your PHI, are intending to and currently use your data. How are they regulated, what safety protocols have they engaged to protect your data, and will they use your personal information for purposes other than their stated objectives? Keep in mind there are hundreds of these companies entering the market now, each looking to exploit a different angle built around your data.

VIP Star NETWORK

Johonniuss Chemweno is the CEO of StarNetwork LLC and although we tried to locate information on him, aside from links to Inverse Medical Inc, which he owns and a consultancy called COREGENE ADVISORS, LLC, not much is publicly available on Mr. Chemweno or his organization. We, therefore, turned our attentions to Stars services and data practices

Their Customer facing Vaccine Platform redirects you to a WordPress login page, hardly cutting edge data security. WordPress is one of the most commonly exploited platforms and if your comfortable hosting your PHI on their servers, go right ahead, just count us out. Here are a few extracts from their HIPAA statement.

VIP StarNetwork, LLC cannot, however, guarantee that any such person or entity to which VIP StarNetwork, LLC discloses your PHI or other information will not re-disclose it in ways that you or we did not intend or permit.

You also agree that VIP StarNetwork, LLC can disclose your PHI to:

• Third parties assisting VIP StarNetwork, LLC with any of the uses described above;
• A third party as part of a potential merger, sale, or acquisition of VIP StarNetwork, LLC
• Our business partners who assist us by performing core services (such as hosting, billing, fulfillment, or data storage and security) related to the operation or provision of our services, even when VIP StarNetwork, LLC is no longer working on behalf of Your Healthcare Providers;
• Organizations that collect, aggregate, and organize your information so they can make it more easily accessible to your providers.

In other words, StarNetwork LLC is free to share your sensitive data with any person they choose and we can ensure you, they will profit from it.

How many companies are you actually engaging with when you deal with VIP Star Network? We found a few, aside from Mr. Chemweno’s associated businesses. These include https://gettested.me/ registered to LabLynx, VIP’s provider portal redirects to Kareo and according to the email we received Vacmobile is connected to their services. Their Covid laboratory of choice is SouthWest Labs. Their Telehealth platform is supported by Kareo. 

We assume the Access Health app is also a product of VIP. The following is taken from their site and doesn’t exactly foster confidence.

From what we can see, StarNetwork LLC engages services from various providers and white labels these under their own branding. When you deal with them or provide them your data, it isn’t simply their flawed HIPAA statement you’re dealing with, your data is being shared to a network of at least fifty more companies, half of which, at a minimum, have zero interest in your health and exist purely as commercial ventures. They are “Covered Entities” and they are turning a handsome profit from your information.

Vacmobile

Not in the same category as StarNetwork LLC, this startup is clearly looking to make inroads in the fields of data management for patients, particularly with regard to vaccination records, hence the name, and they may yet live to regret their association with Star.

Again, Covid vaccine passports are one of our least favorite applications and we feel these companies simply provide enabling tools for division and the enforcement of discriminatory practices against patients who choose not to be vaccinated or are unable to get vaccinated. Irrespective of their motivation, this is the end result of the tools they are building and this is neither healthy nor suited for society or healthcare.

But we aren’t here to discuss ethics, we’re here to look at your data’s safety and how it is used by this company. What steps have they taken to ensure your information is safe? Clearly, the first problem is their association with Star and while we understand the basis of the concept of Vacmobile is to address all vaccinations, they don’t distinguish between Covid and MMR. There is a world of difference, and they may well come to rue their desire to jump on the Covid passport bandwagon.

Their founder has roots in marketing rather than medicine. Jennifer Sparks, according to her profile, served as Director of Marketing for a Georgia-based healthcare IT company, Clearwave Corporation. In that capacity, she oversaw marketing, communications, and branding across all platforms including earned, paid, and social media, and aided in positioning the firm for a major infusion of growth equity capital.

Trust may be more easily accorded to Vacmobile. They list their staff and although social media accounts aren’t linked, it’s early days for the company. We love the concept of simplifying vaccine history, particularly for children, and would have supported the company wholeheartedly had they not made a foray into the dark world of the coronavirus.

They do not clearly list their data practices, disclose if their business has been audited for data security, or list the APIs they engage to communicate data between themselves and their customers, a common point of exploitation in the health networks. There is no HIPAA statement, privacy policy, or terms of use visible on the site. Based on this and the above-mentioned association, we would suggest this company poses a qualified risk to your data.

What can you as a patient do to protect yourself?

Very little is the honest answer. Most people are not in a position to knowledgeably question compliance statements and long-winded customer agreements, requesting you to sign your life away. License agreements like those encountered with Apple, Google, Microsoft, and Samsung have numbed us to the lengthy, long-winded fine print we now encounter everywhere. No one reads these T&C’s and we simply assume it will all be alright in the end.

This particular abuse of these documents to obfuscate health data farming is particularly unpleasant and the consumer doesn’t stand a chance of protecting themselves. This is why the healthcare industry should and must step up. That list of “Covered Entities” needs to be specified and clearly described. 

Practices that are deemed unethical need to be highlighted and heavy financial penalties must be exacted from businesses found to be in contravention. ALL Software applications and products need to be submitted for approval, ensuring that embedded A.I. isn’t quietly siphoning off commercially viable snippets of information. 

Audits must be performed and certification awarded to enable providers and patients to make safe decisions when selecting platforms for care. Again, these are industry-specific hurdles and the patient cannot affect this process. 

Patients can however make their opinions felt and heard. If it doesn’t look trustworthy, it probably isn’t. Steer clear and learn to ask questions. If you have the time, read the fine print. It‘s important. It is, at the end of the day, about your health. Remember businesses and application websites should provide public-facing copies of their data management policies and how they act to ensure your right to privacy.

Transparency is an indicator of a company that has your best interests at heart and their open policies tend to be patient-focused. This principle applies to both providers and patients alike who are seeking to expand their digital health footprint.

Digital Health is the brave new frontier of healthcare. It holds huge promise for improving the lives of patients and their access to care. It is critical that the industry ensures the adoption of this new flood of technology is correctly managed and a large part of this process relates to the ethical and responsible management of patient data.

The post Dear Patient. Your Healthcare Data is No Longer Safe. Sincerely, HIPAA appeared first on Medika Life.