- Tim Jost, Subsidies and the Survival of the ACA — Divided Decisions on Premium Tax Credits, N Engl J Med
- Andrea M. Sisko et al, National Health Expenditure Projections, 2013–23: Faster Growth Expected With Expanded Coverage And Improving Economy, Health Affairs,
- Craig B. Garner, Medicare: The Perpetual Balance between Performance and Preservation, SSRN/J Contemp L&Pol
- Larry Levitt, A To-Do List for the New CEO of the Federal Health Insurance Marketplace, JAMA
In a post last week I compared Apple’s new mHealth App store rules with our classic regulatory models. I noted that the ‘Health’ data aggregation app and other apps using the ‘HealthKit’ API that collected, stored or processed health data would seldom be subject to the HIPAA Privacy and Security rules. There will be exceptions, for example, apps linked to EMR data held by covered entities. Equally, the FTC will patrol the space looking for violations of privacy policies and most EMR and PHR apps will be subject to federal notification of breach regulations.
Apple has now publicly released its app store review guidelines for HealthKit and they make for an interesting read. First, it is disappointing that Apple has taken its cue from our dysfunctional health privacy laws and concentrated its regulation on data use, rather than collection. A prohibition on collecting user data other than for the primary purpose of the app would have been welcome. Second, apps using the framework cannot store user data in iCloud (which does not offer a BAA), begging the question where it will be acceptable for such data to be stored. Amazon Web Services? Third, while last week’s leaks are confirmed and there is a strong prohibition on using HealthKit data for advertising or other data-mining purposes, the official text has a squirrelly coda; “other than improving health, medical, and fitness management, or for the purpose of medical research.” This needs to be clarified, as does the choice architecture. Continue reading
- Julie Donohue, The Impact and Evolution of Medicare Part D, N Engl J Med
- Lois Shepherd, The End of End-of-Life Law, SSRN/North Carolina L.Rev.
- Frank Pasquale, Private Certifiers and Deputies in American Health Care, SSRN/NC L. Rev.
- Peter J. Neumann et al, Updating Cost-Effectiveness — The Curious Resilience of the $50,000-per-QALY Threshold, N Engl J Med
On September 9 Apple is hosting its ‘Wish We Could Say More’ event. In the interim we will be deluged with usually uninformed speculation about the new iPhone, an iWatch wearable, and who knows what else. What we do know, because Apple announced it back in June, is that iOS 8, Apple’s mobile operating system will include an App called ‘Health’ (backed by a ‘HealthKit’ API) that will aggregate health and fitness data from the iPhone’s own internal sensors, 3rd party wearables, and EMRs.
What has been less than clear is how the privacy of this data is to be protected. There is some low hanging legal fruit. For example, when Apple partners with the Mayo Clinic or EMR manufacturers to make EMR data available from covered entities they are squarely within the HIPAA Privacy and Security Rules triggering the requirements for Business Associate Agreements, etc.
But what of the health data being collected by the Apple health data aggregator or other apps that lies outside of protected HIPAA space? Fitness and health data picked up by apps and stored on the phone or on an app developer’s analytic cloud fails the HIPAA applicability test, yet may be as sensitive as anything stored on a hospital server (as I have argued elsewhere). HIPAA may not apply but this is not a completely unregulated area. The FTC is more aggressively policing the health data space and is paying particular attention to deviance from stated privacy policies by app developers. The FTC also enforces a narrow and oft-forgotten part of HIPAA that applies a breach notification rule to non-covered entity PHR vendors, some of whom no doubt will be selling their wares on the app store. Continue reading
- Søren Rud Kristensen et al, Long-Term Effect of Hospital Pay for Performance on Mortality in England, N Engl J Med
- David Hyman & Charles Silver, Double, Double Toil and Trouble: Justice-Talk and the Future of Medical Malpractice Litigation, SSRN/DePaul L.Rev.
- George Annas, Medical Marijuana, Physicians, and State Law, N Engl J Med
- Erik Wallace et al, Hospital Relationships With Direct-to-Consumer Screening Companies, JAMA
- Marc Ginsberg, Informed Consent and the Differential Diagnosis: How the Law Overestimates Patient Autonomy and Compromises Health Care, SSRN
- Lawrence Gostin & Aliza Glasner, Cigarettes, Vaping, and Youth, JAMA
- Erin Fuse Brown, Fair Hospital Prices are Not Charity: Decoupling Hospital Pricing and Collection Rules from Tax Status, SSRN
- Wendy Parmet, Beyond Paternalism: Rethinking the Limits of Public Health Law, SSRN/Conn. L.Rev.
- Louise Trubek et al, Transformations in Health Law Practice: The Intersections of Changes in Healthcare and Legal Workplaces, SSRN/Ind. HLRev
- Kevin Outterson, Clinical Trial Transparency — Antidote to Weaker Off-Label-Promotion Rules, N Engl J Med
- Jonathan Adler, The Conflict of Visions in NFIB v. Sebelius, SSRN/Drake LRev
- Lindsay Wiley, Sugary Drinks, Happy Meals, Social Norms, and the Law: The Normative Impact of Product Configuration Bans, SSRN/Conn LRev
Sutter Health v. Superior Court, 2014 WL 3589699 (Cal. App. 2014), is a medical data breach class action case that raises questions beyond the specifics of the Californian Confidentiality of Medical Information Act.
The stakes were high in Sutter — under the California statute medical data breach claims trigger (or should trigger!) nominal damages at $1000 per patient. Here four million records were stolen.
Plaintiffs’ first argued the defendant breached a section prohibiting unconsented-to disclosure. The not unreasonable response from the court was that this provision required an affirmative act of disclosure by the defendant which was not satisfied by a theft.
A second statutory provision argued by the plaintiffs looked like a winner. This section provided, “Every provider of health care … who creates, maintains, preserves, stores, abandons, destroys, or disposes of medical information shall do so in a manner that preserves the confidentiality of the information contained therein.” Continue reading
- Kevin Schulman et al, Shifting toward Defined Contributions — Predicting the Effects, N Engl J Med
- Richard Bonnie, The Impending Collision Between First Amendment Protection for Commercial Speech and the Public Health: The Case of Tobacco Control, SSRN
- Ann Marie Marciarille, The Medicaid Gamble, SSRN/J Health Care L & Pol
- Erika G. Martin et al, Liberating Data to Transform Health Care New York’s Open Data Experience, JAMA
- Melissa M Goldstein & Daniel Bowers, The Patient as Consumer: Empowerment or Commodification? SSRN/JLME
- Carrie H. Colla et al, First National Survey Of ACOs Finds That Physicians Are Playing Strong Leadership And Ownership Roles, Health Affairs
- Young MJ, Scheinberg E, Bursztajn H. Direct-to-Patient Laboratory Test Reporting: Balancing Access With Effective Clinical Communication, JAMA
- Amitabh Chandra et al, The Economics of Graduate Medical Education, N Engl J Med
- Ashish M. Bakshi, Gene patents at the Supreme Court: Association for Molecular Pathology v. Myriad Genetics, J. L. & Biosci
- Lindsay F. Wiley, The U.S. Department of Agriculture as a Public Health Agency? A ‘Health in All Policies’ Case Study, SSRN/J Food L and Pol
- David Orentlicher, Thad Pope & Ben Rich, The Changing Legal Climate for Physician Aid in Dying, SSRN/JAMA
- Kristin Madison, Building a Better Laboratory: The Federal Role in Promoting Health System Experimentation, SSRN/Pepperdine L.Rev.
Privacy is never easy to think about. This week it became harder. Two pieces framed my week. First, Eben Moglen’s essay in The Guardian (based on his Columbia talks from late last year) took my breath away; glorious writing and stunning breadth combined to deliver a desperately sad (but not entirely hopeless) message about government and corporate overreaching in data collection and processing.
A wry speech posted by software developer Maciej Ceglowski also helped frame my thoughts. He wrote, “The Internet somehow contrives to remember too much and too little at the same time, and it maps poorly on our concepts of how memory should work.” There’s the problem in a nut. Ceglowski alludes to the divide between how human (offline) memory operates (it’s “fuzzy” and “memories tend to fade with time, and we remember only the more salient events”) and the online default of remembering everything. Government and Google and, for that matter, Big Data Brokers tell us that online rules now apply across the board and ‘that’s just peachy’ because we’ll have better national security, better searches, or more relevant advertising. But, that’s backwards. Continue reading
- George P. Smith II, Re-Negotiating a Theory of Social Contract for Universal Health Care in America or, Securing the Regulatory State? SSRN/Cath U. L. Rev.
- Mark Rothstein, The Latest Challenge to Health Privacy: Health Care Consolidation, SSRN/Hastings Center Bioethics Forum
- Nathan Cortez, Regulating Disruptive Innovation, SSRN/Berkeley Tech L J
- Rob Cunningham, The Payment Reform Paradox, Health Affairs
A resident of Spain allegedly owed back taxes triggering attachment proceedings. The local newspaper published the details of an upcoming auction of his property in early 1998. At some point the issue was settled. However, the matter was not forgotten—the newspaper was online and a Google search of the gentleman’s name returned this history. He complained to the Spanish data protection agency (AEPD) that he had a right to have older, irrelevant information erased and that Google should remove the links. The AEPD agreed and Google sued for relief. The Spanish High Court referred the interpretation of the Data Directive (95/46) to the European Court of Justice in 2010 and in 2013 the Advocate-General issued an advisory opinion supportive of Google’s position. Somewhat surprisingly the European Court of Justice has now taken the opposite view (Case C‑131/12, Google Spain SL v. AEPD, May 13, 2014). Continue reading
- Allison Hoffman, Health Care Spending and Financial Security after the Affordable Care Act, SSRN/NC L.Rev.
- Diane E. Meier, ‘I Don’t Want Jenny To Think I’m Abandoning Her’: Views On Overtreatment, Health Affairs.
- Abbe Gluck, Federalism from Federal Statutes: Health Reform, Medicaid, and the Old-Fashioned Federalists’ Gamble, Abbe Gluck, SERN/Fordham L.Rev.
- Joseph Antos, Health Care Reform after the ACA, N Engl J M.
- Michael A. Carrier, Payment after Actavis, SSRN/ Iowa L. Rev.
- Mark Rothstein, Autonomy and Paternalism in Health Policy, SSRN/JLME
- Christopher Robertson, The Presumption Against Expensive Health Care Consumption, SSRN/Tulsa L.Rev.
- John A. Robertson, Egg freezing and egg banking: empowerment and alienation in assisted reproduction, J Law Biosci
Bloomberg Visual Data has published an incredibly effective visual exploration of US mortality data, here.
- Diana Winters, Intractable Delay and the Need to Amend the Petition Provisions of the FDCA, SSRN/Ind L.J.
- Xiaoyan Huang and Meredith Rosenthal, Transforming Specialty Practice — The Patient-Centered Medical Neighborhood, N Engl J Med
- Ameet Sarpatwari, Jerry Avorn, and Aaron S. Kesselheim, Using a Drug-Safety Tool to Prevent Competition, N Engl J Med
- Adam Candeub, Digital Medicine, the FDA, and the First Amendment, SSRN/Ga. L.Rev.
- Nicholas Bagley, The Legality of Delaying Key Elements of the ACA, N Engl J Med
- Timothy Jost and Simon Lazarus, Obama’s ACA Delays — Breaking the Law or Making It Work?, N Engl J Med
- Michael Frakes, The Surprising Relevance of Medical Malpractice Law, SSRN/Chicago L. Rev.
- Sallie Sanford, Emergency Response: A Systemic Approach to Diaper Rash, Chest Pain and Medicaid in the ED, SSRN/Ky L.J.
- Aaron Kesselheim & Michelle M. Mello, Prospects for Regulation of Off-Label Drug Promotion in an Era of Expanding Commercial Speech Protection, SSRN/N.Ca. L.Rev.
Last week the President celebrated the enrollment of 7.1 million Americans in health insurance with the words “The debate over repealing this law is over… The Affordable Care Act is here to stay,” here. Indeed, as the number of insured under the Act has grown, Medicaid has gained another 3 million enrollees, here, and other ACA provisions have kicked in so the conventional wisdom has emerged that while a political turn in favor of Republicans would lead to some important “tweaks,” the so-called “popular parts” such as guaranteed issue would survive. This world view seemed confirmed when Senators Burr, Coburn and Hatch introduced the first true Republican alternative to the ACA, here. Tim Jost commended that effort for going beyond the rhetoric of repeal noting, here, “Republicans seem to be coming to terms with the fact that the ACA has permanently changed the health policy landscape.” However, House Budget Committee Chairman Paul Ryan seems to be having none of this suggesting, here, that total reform remains the objective and that “We can have in this country universal access to affordable health insurance for everybody, including people with preexisting conditions without a costly government takeover of one-sixth of our economy.” It’s going to be a long election season.