After setting the stage for new interoperability rules, Lucia Savage is now beginning to see the fruits of her work. Savage, who served as chief privacy officer for the Office of the National Coordinator for Health IT, joined digital health startup Omada Health shortly before the passage of the 21st Century Cures Act.
Savage will speak at the virtual Health Datapalooza 2021 conference, from Feb. 16 to 18. In an interview with MedCity News, she shared how she built the foundation for current interoperability rules, and how digital health companies should navigate them.
With the Rise of AI, What IP Disputes in Healthcare Are Likely to Emerge?
Munck Wilson Mandala Partner Greg Howison shared his perspective on some of the legal ramifications around AI, IP, connected devices and the data they generate, in response to emailed questions.
When she joined the ONC, most hospitals had purchased electronic health record systems, but faced a new problem: Despite having large caches of clinical data, “it was just kind of stuck in these data lakes with each EHR vendor.”
“We very purposefully wanted to see how muscular we could make this right to get a copy of your own data as a way of putting a crack in the data lake,” she said in a Zoom interview. “Now that I am in a digital health company myself, I am very excited about the opportunity of seeing the work that I helped put in motion to actually manifest.”
For example, before, if startups wanted to connect with an EHR vendor, they had to pay exorbitant licensing fees. Now, EHR vendors are limited in what they can charge, and when individual patients ask for their own data, they must be able to access it for free.
The new rules should also make it much easier for chronic care management companies, like Omada, to interface with health systems.
A Personalized Approach to Medication Nonadherence
At the Abarca Forward conference earlier this year, George Van Antwerp, managing director at Deloitte, discussed how social determinants of health and a personalized member experience can improve medication adherence and health outcomes.
Omada has been working with Intermountain Healthcare to share outcomes data for patients that participate in its digital diabetes prevention program. With regulations now requiring companies to meet a common API standard, it should become faster and less costly to share health information between providers.
“Imagine if your outlets in your house were unique to you, and the way they were producing electricity at the power station had to be specially engineered just for you. That would be horrible,” Savage said. “Everyone can just put in a socket and connect to a line and the system works. That’s the goal here.”
Savage is also watching the rollout of new information blocking rules, which further strengthen patients’ rights to request their health data and share it with whoever they want. But it’s not always easy for consumers to suss out companies’ privacy practices, and whether they are subject to HIPAA.
“On the one hand, we have this really important policy that is supposed to make your life as a patient, if you want to take up your right, as easy as possible and as cheap as possible. On other hand, we had Cambridge Analytica three years ago, and a much more high-profile understanding by consumers in general that data collection can be creepy,” she said. “The best way to solve that tension would be some sort of nationwide minimum consumer privacy law that raises the consumer bar outside of HIPAA closer to where HIPAA already is. But I also know that in this Congress, there are many other important things to get done first.”
Since Omada is offered as a service covered by health plans, it’s subject to HIPAA rules, the same as any healthcare provider. From the beginning, the idea has been to provide a clinical service that would be covered.
“We didn’t want to be a company that was a free app monetizing the data — that’s not who we are,” she said.
For digital health startups that either started as a consumer-facing platform, and have since started selling to health plans — or manage two separate platforms — that can get more complex.
“The data rules for surveying health plans are different than the data rules for being a consumer, so you have to be very careful about your data architecture,” Savage said.
For new companies looking to navigate regulatory hurdles, Savage recommended surveying which regulations they’ll be beholden to as they start building a project — whether that be the Federal Trade Commission, the Food and Drug Administration, or HIPAA. She also recommended bringing in lawyers, security consultants and advisors who understand the space, and will help bring an idea to life in a way that still protects consumers.
“An idea doesn’t have to be brought to life by monetizing the data,” she said.
Photo credit: JamesBrey, Getty Images
