It can be quite a reality check for digital health entrepreneurs visiting Ann Waldo at her boutique law firm in Washington, D.C.. When she asks them where they stand on the great divide between HIPAA and non HIPAA, and she gets a deer-in-the-headlights look, she knows they have a lot of work to do.
Navigating the regulatory landscape for digital health entrepreneurs was the heart of a Health Datapalooza panel discussion this week between two digital health companies — Anand Iyer, chief strategy officer at WellDoc and Eddie Martucci, CEO of Akili Labs — as well as Waldo and Bakul Patel, FDA Associate Center Director for Digital Health.
But Waldo’s perspective on the complexities of negotiating the regulatory thicket of HIPAA and state laws and the problems that can cause is worth highlighting here.
The scope of HIPAA is historic, not intuitive and she cautioned entrepreneurs to avoid guessing if they were covered. If they fall outside of HIPAA requirements, they still have to be aware of other regulations.
Consumer-facing entities operating online, selling to consumers, even if they are outside of HIPAA, need to be aware that their entire consumer experience is subject to legal scrutiny, state and federal, not just their consent forms and terms and conditions. The Federal Trade Commission will look at everything, she noted.
She pointed out that although state laws governing medical privacy have made sense for state providers, the rise of national digital health providers makes it tough for these companies to adhere to both national and state regulations.
A Deep-dive Into Specialty Pharma
A specialty drug is a class of prescription medications used to treat complex, chronic or rare medical conditions. Although this classification was originally intended to define the treatment of rare, also termed “orphan” diseases, affecting fewer than 200,000 people in the US, more recently, specialty drugs have emerged as the cornerstone of treatment for chronic and complex diseases such as cancer, autoimmune conditions, diabetes, hepatitis C, and HIV/AIDS.
“We literally have thousands of state medical privacy laws. They are not well understood. If you try to research them you will fill up a bookcase,” she said. “The dirty little secret is that few people understand these laws and few people comply with them.”
She noted that these state laws may govern sensitive conditions such as mental health, HIV, substance abuse and genetic information. But they often have conflicting information about teen and adolescent health. For example, in some states, it is mandatory for the doctor to inform the parent(s) of an adolescent if they have a certain condition. In other states, it is illegal to do that.
“I personally have come to the strong opinion that it is time to pre-empt the hundreds, nay verily thousands of state medical privacy laws that are different from HIPAA. They cost so much money. I just billed a client a fortune to research four state laws. It is just a painful, stupid situation that puts a hidden tax on healthcare. There are definitely ways we could pre-empt these medical privacy laws that would make it better for innovation and better for patients and better for providers.”
Waldo added that the lack of awareness by physicians that they have to share patients health information with them is another source of frustration.
She quoted a law review article on this point: “HIPAA’s murky standards and tremendous potential for monetary and reputational penalties has taught the medical community at large to resist and even fear sharing PHI.”
Waldo noted that the impact has meant that providers resist sharing personal health information with patients, or charge the maximum amount for obtaining these records, or refuse to email them to patients even when patients say they are OK with the data not being secure in that format. She pointed out that it’s easier for people to get info on tests done to their pets or cars from veterinarians and mechanics than getting a copy of their medical records and they don’t need to pay for that data.
“I think it’s time to get rid of fees for at least the first copy of one’s [medical] records. I can’t imagine anything else that we pay for, that we get services far less important than medical care where we can’t find out what we are paying for without some kind of fee…We really need to get to a point where we don’t charge people a fee at all to find out what happened to them with their own body.”
Photo: Ann Cutting, Getty Images
