78 comments

[ 5.2 ms ] story [ 151 ms ] thread
Hi all—this is Paul, I'm a co-founder at PatientBank. We gather medical records online. Feel free to send any questions, comments, or feedback my way. My co-founders and I will be around ready to answer!
How do you handle authentication and authorization? Suppose I have a nefarious enemy who attempts to use your service to obtain my medical records so he can poison me or embarrass me or something. How does he fail?
We make it really easy to request medical records, but we also verify requesters' identity before allowing them to view medical records we collect. We actually use an awesome YC company called BlockScore to handle a lot of that (https://blockscore.com/)!
In addition to identity verification, there are two more things we do to protect the privacy of our patients!

1) If the electronic signature on a given request doesn't match the name of the patient, we make sure that the patients are who they say they are before moving on with gathering the medical records.

2) If one tries to sign up on behalf of another patient, we require a Power of Attorney (POA) document!

Hope this answers your question!

1) What are you using to create the signature? How can you guarantee that the attacker can't create the matching signature?

2) How do you know they're trying to do that if they don't tell you? Your scenario looks like a regular situation, not an attack..

I love how y'all seem to be using lots of other YC companies to get the job done. Seems like a great service you provide!
Absolutely! YC has been a huge help. Thanks for the feedback!
I wasn't really able to get the details on that page, but it seems like they do verification by checking personal information like name, birthday and address against a database and ask a few multiple choice questions related to them. How is that not easy to circumvent if the attacker has that set of information? (can probably be obtained by a social attack on the victims bank)

I'm assuming there's something I missed there.

I don't think there is. Knowledge-based authentication is extremely vulnerable to identity theft.
"BlockScore complies with the US-EU Safe Harbor Framework and US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland"

This Safe Harbor Framework?: https://techcrunch.com/2015/10/06/europes-top-court-strikes-...

How does this integrate with popular EHRs? Most support this type of record sharing between each other and ways to share those records with the patient themselves.
We certainly plan to integrate more directly with EMRs in the future, but at the moment we just go through hospitals' medical records departments. We have 5-6 different ways hospitals can respond to our requests.

What we've optimized for is simplicity—while our process for getting medical records from hospital A may var from our process with hospital B, we abstract all of that away and make the ordering process the same for all U.S. hospitals.

That is a massive undertaking...good luck.
Thanks mbesto - we appreciate your support :)
What's your business model? I think this should be clear from the start.
Good question! We charge a flat fee for each medical record we gather. So whoever is requesting the record pays for it.

We can certainly work on making that clearer up front though—thanks for the feedback!

It appears that PatientBank acts as a decentralized medical records/Release of Information office that may communicate with a number of physicians and hospitals. I'm curious though, how are you collecting the medical records? Are these interfaced directly from EHRs, or some other method? Do you handle releasing to 3rd parties (legal, etc); the article seems to hint that it's directly to patients and immediate family. Lastly, when a patient has shared their records with a new physician via PatientBank, is there any functionality for exporting these records into the physician's organization's EHR? Or will relevant data need to be manually copied into the new chart?
Great questions! So while the way a user orders medical records on PatientBank is the same across all U.S. hospitals, we have 5-6 different ways hospitals can fulfill those orders. These vary from fax or even snail mail to integrations. We actually opened up a lot of our performance data from hospitals here, if you're interested: https://www.patientbank.us/stats/about!
About exporting the data we gather to a new PHR and integrating the new information to patient's existing chart:

There seems to be a couple options!

1) Once we gather your records, we will work on creating a shareable summary of your health history. In that case, the physician can look at that summary via our web portal.

2) In many cases, most EHRs support the upload of PDFs. So, the documents you share can be "integrated" to hospital's EHR. This already happens in large hospital networks when hospitals gather medical records on behalf of patients before their appointments! When hospitals receive the records via fax or mail, they scan the pages to the EHR. Obviously, in the future, easier ways to export data (via EHR integrations) could be extremely valuable to patients and physicians!

In general most providers are never going to read through a bunch of scanned pages exported from another provider's chart. They just don't have enough time.
I love this idea. I have been kicking it around myself. Glad to see caliber of team and execution on it. How much of a schlep is this currently? How automated is the product? Are you cold calling medical offices behind the scenes to collect on behalf of your users?
Awesome—excited to hear it! We have 5-6 different ways hospitals can respond to PatientBank orders for medical records right now. These range from fax or even snail mail to automated integrations—we do whatever it takes to help the hospitals comply. For the first few orders, some hospitals are slow to respond or skeptical, but we start seeing a significant behavior shift after 10-20 orders. You can check out hospitals' performance stats here: https://www.patientbank.us/stats/about.
Are you worried about the consolidation going on among hospitals i.e the fact that it seems like hospitals are becoming part of a group and thus end up having unified medical record systems?

For example, Palo Alto Medical Foundation has hospitals spread across the Bay Area. Some of the hospitals don't offer all the services but if you walk into a new branch for a specialized treatment, your new doctor will simply look up your old record or order it internally if they are not yet on the network.

Great point. We are seeing ongoing consolidation among hospitals and large physician groups. However, patients still deserve to have easy access to their own data. This is largely handled with patient portals that give patients access to some of your data. PatientBank gives you full control of your complete record, including information not necessarily located in your patient portals and information located in separate systems that do not communicate.
Hi Paul. I'd love to see your service take off. I've spent a few years in healthcare IT and think that the world would be a better place if you succeed.

With that said, there are a number of startups that have struggled with similar ideas. How are you different from, say, PicnicHealth?

Thanks for the kind words, tkiley! There are a number of great products out there to help people manage their medical data. But that's a big problem to tackle, and we're focused on one small piece of it—requesting medical records. In fact, our market often differs from folks who use a personal health record. Many of our users have been asked by their doctor, their insurance company, or a lawyer to gather and share their medical records and they just want help with that process.
Can you tell us some about the technology you're using? I'm curious if a newfangled immutable database like datomic would be a good fit for medical recods. Also, do you do any schema'ing besides what's provided by your database (JSON Schema/XML Schema/etc)?
Our data is primarily stored in postgres. We've looked into using Mongo to store FHIR-compliant documents, which is the newest standard (and best standard, IMO) proposed by HL7.

Haven't looked at that many immutable databases, but they seem interesting. Most of the time medical data does not require many writes (rarely are two doctors editing your record simultaneously), but the audit trail that datomic provides could be very useful as a built-in feature.

I actually think that medical records are basically public. It's only a matter of time before the various doctors offices or government agencies or private companies that hold these records are hacked and the records released on the Internet.

That said, I would definitely trust a private entity with specialized knowledge over the government or individual doctors offices, so I wish you the best of luck.

For example, I just had my medical records sent from an old doctor's office, and the only thing they required was a fax with my signature on it and an address to send the records to. Could have been sent by anybody to anywhere, and there were no checks whatsoever.

The difference is that the old manual system is not so prone to mass data breaches.

My employer used a service called NoMoreClipBoard. They enrolled everyone enrolled in a health plan, not just those who requested it.

When the inevitable data breach happened, everyone was affected not just those who had specifically enrolled for this service.

I don't ever want my medical records in any internet-facing system. I realize that's a fantasy but I'd never voluntarily help make that happen.

FTA: We use another YC company called Aptible. They’re experts in securing protected health information, and we follow best practices to make sure our servers are safe.

It's not just the security of the servers. Many data breaches are the result of careless handling of data (USB flash drives, laptops, email attachments) and social engineering attacks.

Hi ams6110 - we also use Aptible! It is definitely true that the old, fax-based system is not so prone to mass data breaches. That is one of the reasons why hospitals still use fax to transfer medical information.

But, at PatientBank, security and privacy of our patients are our top priorities. So, we go above and beyond what HIPAA recommends in terms of security best practices. You can read more about that here: https://www.patientbank.us/legal/hipaa

The concern, I think, is that all the leaf nodes outside of your direct control also need to be secure. All the nurses, doctors, and other caregivers with access to the system need to be prevented from exposing that data. Is it possible for that data to end up on USB drive? A laptop? Sent in plaintext anywhere? etc.

The protection needs to be automatic. Training people is a "good intentions" solution, and will always result in failures. It should be mechanically impossible for the data to escape in a way you do not approve of.

This data is worth too much to be fully secure ever imho.

And it's not like it expires. You can change your credit card number, you can change all your leaked passwords, but you can't change your past. Once it's breached it's out there until the end of tech.

> I don't ever want my medical records in any internet-facing system. I realize that's a fantasy but I'd never voluntarily help make that happen.

This! I would pay even a premium for non-digitalization.

(comment deleted)
What legal protections are you offering to ensure my patient data is not monetized down the road, directly or in aggregate? How would you protect patient data in the event you sell or go under?
Great question! In the case that something happens to PatientBank or we go under, we guarantee that we'll continue to host users' medical data. It's also worth noting that we already make it really easy to export your medical records from PatientBank.
You dodged the bulk of my question around privacy, data ownership, etc. Is it safe then to assume your business plan is to be cavalier with this data against my authorization and monetize it in a non anonymous fashion?
Hi shostack, I am so sorry part of your question was unanswered.

As I wrote in a couple other questions, patients' privacy and their data security are our top priority at PatientBank. What that means is, in any product or business decision, patient satisfaction, happiness and their trust in our service are top things we consider.

So, we would not share patient data with any third party without patients' explicit consent!

Hope this clarifies things!

> patients' privacy and their data security are our top priority at PatientBank

Is it really your top priority? Things like that always sound so disingenuous to me. Surely your top priority is building a profitable business, no? Otherwise there would be no data to even worry about.

When the response to the yes/no question of "Are you going to sell my data?" is "Your privacy is our top priority" instead of "No", run far far away.

Question for any MDs on here: How often are old medical records helpful and studied? Every time I go to a new doctor the first thing is a medical history interview. They are rarely interested in records from any other provider, in fact I've never been asked to help facilitate that. But I'm not sure how typical my experience is.
Not an MD, but an EMS provider. I know that delivering patients to a hospital often results in the nurse or provider taking a history, even when the patient has been seen (recently) in the ED.

House's rule number one, patients can't be trusted. You wouldn't believe how often patients give the hospital contradictory information to what they gave me, and on the most "innocuous things", past medical history, allergies, and so forth.

So it can be as simple as 'trust but verify', or 'clean slate'.

It can be hard for patients manage all their health information. That is the problem we are trying to solve! Obviously, this starts with patients having more control over their data. Imagine the next patient you transport pulling up their PatientBank account and it has an up to date medication list, allergies and PMH. Instead of relying on memory they have all their information in one place - when they need it.
Hi there - this is Kevin Grassi, MD with the PB team. You are absolutely correct that many primary care doctors rely on the patient to provide a medical history and rarely need the specific information located in the medical record. However, if you have complex medical issues, your primary care doctor may want to see specific data - especially lab or imaging reports.

Many specialist doctors need to see previous medical records before evaluating and treating the patient. This is especially true in oncology. We work with the Smilow Cancer Hospital, part of the Yale-New Haven Hospital, to help ensure that all oncology patients present for their first visit with a complete medical record.

One final note that is my assessment of how physicians operate in the current system - doctors are accustom to working with incomplete information. PatientBank is striving to make previous medical information more accessible to your next doctor. My hope here is that increased access to information will cause doctors to pay more attention to your data and lead to better care.

Thanks for your question! I hope this clarifies things.

Actually, this brings up a good question. Why not build a system where a patient can keep their record with them and only share as necessary. I'm thinking along the lines of a password manager.

This also removes the need for a giant centralized database which would be a nice ripe target.

Because then the patient can alter those records or see data the shouldn't (doctor writes a note about patients hypochondria).

Junkies can go from doctor to doctor getting the same script and then deleting the record.

<insert handwaving here>

I was thinking more along the lines of a credstick or leveraging blockchain like tech where a prescription would be signed. So data is still held local in some sort of secure enclave but something that requires both a doctor and patient to sign...

Somewhere else in the thread someone mentioned about what happens when there is a network of hospitals speaking to each other. Some places in New York would call it a regional health information organization (RHIO).

If all your providers are in that RHIO, there will most likely be a central hub/repo where everyone posts their information to. There are a few localized initiatives in specific states, and there are larger statewide programs that try to consolidate all your records.

After all of that, some state funded RHIO's will get incentives for working with specific partners and even the Social Security Administration (SSA), which brings up a whole lot of headaches and having to meet their standards while at the same time meet all your local partners' standards as well.

Because the government has a high interest in ultimately getting everyone on one network they actual spend a lot of time and effort to try and better these connections and improve data transfer. One of those is this Blue Button initiative [1]. They even have multiple github repos [2] so you can see the underling logic of what a patient model comprises of. What they use is per the HL7 spec that was established in 2011/2013. (Every vendor references the same PDF spec. but there is still a lot of ambiguity in it. Essentially it is really hard to apply all the conditional logic of a clinical document into an XSD.) The funny thing is that with a stamped-and-sealed specification that people still fight over on calls, the HL7 organization are now pushing over to FHIR [3], a JSON based clinical item model. That will be interesting.

To answer your question/concern, there are definitely initiatives to try and make this better, but it will take time to get legacy systems up-to-speed and to meet new standards that are stagnated. You can reference my previous comment with my concerns about that [4].

Lastly, if anyone is new to the EMR/HIE/Medical field, Motorcycle Guy [5] will be your best friend.

[1] https://www.healthit.gov/patients-families/blue-button/about.... [2] https://github.com/blue-button [3] https://www.hl7.org/fhir/ [4] https://news.ycombinator.com/item?id=12264411 [5] http://motorcycleguy.blogspot.com/

Medical histories are useful when thinking about diagnosis and management. The problem is that they're rarely accessible in a concise or summarized format. Medical systems produce huge amounts of paperwork, even a simple day trip to an A+E department will produce about 30 sheets of paper, and there's no automated way to extract the pertinent information from that. Its much easier to just ask the patient about important things in their medical history, and if any of the previous diagnoses are particularly significant you can delve into the previous records.
This is a great point. As a MD I don't think the process of asking a patient his/her past medical history will every go away. It clarifies how the patient thinks about their medical problems and develops a good rapport.

But as you allude to, having a summary of pertinent medical information, compiled from patient records located in various hospitals, would be enormously valuable for a doctor seeing a new patient. For example, your emergency room doctor having a one page summary of your medical information to be reviewed quickly in an emergency.

Critically important in some circumstances. I spent 3 hours yesterday obtaining conclusive evidence that a patient had a specific type of valve replacement surgery, because their treatment (years after the surgery for a totally unrelated issue) depended on this and various providers had documented conflicting data previously.

It turned my 15 hour workday into an 18 hour workday, but I could not have slept without knowing the answer to this question because of the degree of impact it had on this patient.

Yes exactly. Like the answer to pretty much every question about data, a treatment, a test, etc - the answer is, "Well, it depends on the problem".
Their records won't be unified in any meaningful sense since when a provider generates new records for a particular patient those won't automatically be pushed to PatientBank. I think in the long run this problem will be more effectively solved by providers exchanging data with each other using IHE integration profiles. It's great to give patient's easier access to their charts, but from a care delivery standpoint routing clinical data from a provider to a patient and then back to another provider is unnecessarily slow and error prone.
Bingo.

If you search for my previous comments in this thread, you can see my concerns about the general state of IHE's.

In one of the comments I mentioned about Blue Button, which allows patient's to pull their data. (To be fair, I haven't really seen the button in too many places out in the wild).

I guess ultimately in order to be able to get your charts from where ever you move, all those smaller IHE's need to feed into one repository and then have those scale up from county to county and even statewide.

The problem with that of course is how all the partner systems are queried or what profiles that have decided to use. i.e. will a data source being pushing documents to the repository every time there is a new patient or update, or will that network go out and ping every data source for their most up-to-date record.

If PatientBank is just dealing with Fax primarily and working with FHIR, I am curious how long they will work with Fax until there is a high adoption rate of FHIR for them to be able to get properly clinical items, that one of their clients could then pull their data and then push their data to their new provider.

I think you might have mixed up HIEs and IHE.

With XCPD there's no real need for one central repository. Independent systems can interoperate on a peer-to-peer basis. In the USA a central patient chart repository would be a non-starter anyway for political and business competition reasons.

We didn't hire Josie because she wasn't' a "cultural fit."

real reason: due to a previous medical records hack, we found out she had HPV.

Will you guys be looking for interns next summer? I'm a CS major who's currently finishing up a software engineering internship at a major healthcare company. I'd love to get in touch, if so.
Hey Meegul, thanks for your comment! We'd love to chat! You can always reach out to me at mert@patientbank.us or info@patientbank.us!
In what ways does this offering differ from Microsoft's HealthVault? Is it that you do the gathering of health data on behalf of the patient?
Great question! For Microsoft's HealthVault, patient would have to gather the records themselves AND enter the information into HealthVault manually.

We make it super easy for patients to gather their medical information and make it even easier to manage (share with physicians, family members etc.) their information.

Lots of exciting stuff happening in this space! PatientBank is a gamechanger too. Annotating records and storing it for drug discovery is the biological dream.

Let's find twins where one has the disease and the other doesn't and slap in the PlaidAPI to see their daily behavior to find potential drug targets. Something big coming up hopefully.

-----------------------

EMR Records Aggregation

-----------------------

HumanAPI

GetMedal

BloomAPI

UsePrime

ZweenaHealth

Doctrly

Carebox

GorillaHealth

NuskiHealth

PicnicHealth – If you’re developing an application and want to preview what records look like in here, message me. Happy to help you:

-----------------

HIPAA Compliance

-----------------

There’s a host of SDKs that revolve around spinning up HIPAA compliant applications. They’re each worth looking at.

Aptible

Catalyze

TrueVault

ClearData

Google & Amazon HIPAA Capabilities/Offerings to Developers There’s even large Fortune 500’s playing in the space of making HIPAA compliant backends more viable for the early stage innovator.

Google’s HIPAA Offering

Amazon’s HIPAA Offering

Thanks for the comment, kumarski! Excited to see a lot of awesome work being done here.
As someone who's worked in drug discovery and development, I wish finding bio-markers and drugging targets were this easy so we could improve the lives of millions of patients. Patient phenotypic information is locked up in the clinic notes often as free text or is no longer entered very well at all because doctors are rushed seeing more patients. Tools like The human Phenotype ontology format help solve this problem and are being used in translational biomedical informatics. http://human-phenotype-ontology.github.io/downloads.html
It isn't easy.

A lot of folks in silicon valley percieve that the FDA is holding back leviathan innovation for drugs. Just not the case.

How is it possible that the technologies that most people think are important for drug discovery have become hundreds, thousands, or billions of times cheaper, while the cost of R&D, per drug discovered, increased roughly 100 fold between 1950 and 2010.

Even with all those great advances. Eroom's law is still a pervasive thing. The proof is in the pudding and suggests that brute-force techniques don't relate to ROI.

Patent System as is. We have a patent system that encourages developing drugs that interact with a small number of enzymes and molecules that we already know and understand how they operate. Low if not zero risk.

It turns out that predicting a protein's structure from it's amino acid chain sequence is really tough.

I think it's stupid to patent pathways, treatment methodologies, research tools, and assays. This is a paralyzing bottleneck for the industry.

But anyways, yeah, I'm excited to see what comes out of the NIH and things like this ontology tool.

I'm working on this problem
If I can help, feel free to reach out to me. :)
Who is annotating the records?
At this point, everyone is trying to get the data from the hospitals and present it to the patient.

Is there anyone trying to compete with the giants in healthcare to make sure there is clean data to pull from in the first place?

I spend day and night manually reading CCD/CCDA's making sure they match the loose specifications that HL7 provides, but there seems to be so many disconnects between one vendor and another.

I am curious if your digitization of data is mostly pulling from these CCD documents themselves or actually performing OCR on physical data. Yes, there are also DICOM/PDF/etc that can act as attachments as well.

I saw in one of the comments you mentioned about integrating with hospital systems, I am curious to how that might correlate to what access you guys do have and to which patients as well. I am assuming you can piggy back on levels of consent and confidentiality that EMR's already have logic for.

Anyway good luck, if you guys are ever looking for remote (US-CA) let me know.

Is there anyone trying to compete with the giants in healthcare to make sure there is clean data to pull from in the first place?

We are. :)

I empathize with your problem with CCD/HL7v2 as much as you can imagine; which is why we support FHIR infrastructure across a number of use-cases. Feel free to reach out, I always enjoy chatting with people experienced in the space.

Thanks for the comment, leovander—very good points! Right now we give hospitals a number of ways to respond to PatientBank requests. Currently, the most common one is fax and we don't (yet) perform much processing of that data. In addition to fax, we allow hospitals to send CCD/CCDAs to us via DIRECT, and we allow them to upload arbitrary files directly to PatientBank as well.

In the future, we'll use whatever APIs we can to get records from hospitals. There's a lot of promising work going on in this space, and we're excited to see where the industry leads!

Clean data is hard, especially with such fragmentation, but there is progress! My company supports CCD/HL7 with as many other vendors as will work with us, but you're right in that the loose specifications make it very hard. I just worked on a project to import 1M+ patient records and we spent a long time verifying that we weren't just getting junk. "This field says it's an ICD-9 code, but I just see a string description..."

We also have a restful API that has a lot more traction with startups (honestly because it makes more sense). There is still so much legacy thinking around "documents" that we are more often trying to step back and think "is there a better paradigm we should be pushing here?".

How are you different from Picnic Health or CareSync?
Good question, hkiely! There are a number of great products out there to help people manage medical data—those are certainly two of them. Our focus at PatientBank right now is on just one piece of that problem: making sure people don't have to request their medical records over fax or in-person. What that means is that our market often differs from folks who use a personal health record. Many of our users have been asked by their doctor, their insurance company, or a lawyer to gather and share their medical records—sometimes even from just one specialist or hospital—and they want help doing so.
A good amount of your icons etc use "PB" as the abbreviation. In the US healthcare system, "PB" is often used for "professional billing," a function that the medical records department is often closely involved with. I can see this confusing the hospital customers who are providing the data.
Interesting. Last year my wife and I founded a mainland China outbound medical tourism business and had to get in to this stuff to facilitate servicing our customers. Of course, the Chinese system is very different to the US system.

That said, mostly these customers are interested in the US or Europe (for cancer and other serious operations) or Southeast Asia for lesser stuff. China is a HUGE and WEALTHY market just waiting for a decent player in this space. However, I am now focusing on another business (http://8-food.com/) and the focus of the business has shifted so that the average client has their medical records to be re-generated by foreign medical service providers. This is not ideal in some situations, such as remote second diagnosis (which I believe will grow steadily in popularity). If you would like a local partner for digitizing available records in China so that wealthy Chinese can access foreign medical service providers (high resolution film scanning, medical records translation, etc.), you could do worse than talking to us. Email in profile.