If I'm reading the article correctly, this is allowed by HIPAA already and is already happening (for research purposes and by third party healthcare companies?).
I would much rather google handle this data rather than unknown third parties with their own agendas, at least with google, the data comes with privacy risks that are relatively well known and might actually be useful for clinicians due to google's expertise on AI/pattern classification work which is primarily what medical diagnoses is about now (IANAD so perhaps this is incorrect).
HIPAA lets companies share data with other companies as long as it meets two requirements-
1. The company that collects the data (the covered entity) has to have a Business Associate Agreement in place with the company they're sharing it with. This basically affirms that the other company is aware of their HIPAA requirements and intends to follow them.
2. The Business Associate needs to access the data to do the job they were hired for, which in turn should be related to patient care.
There are definitely a lot of companies out there doing this already, but I will say that the people with the data are not exactly giving it up easily. HIPAA makes it so that in the event of a breach the Covered Entity is responsible for beach notification to the patients. That means there's a huge incentive for hospitals, radiology groups, and anyone else who collects this data to make sure that the people they share it with have the proper safeguards in place. There are a ton of hoops to jump through, normally including independent third party audits. I've seen a few medical AI companies fail simply because they didn't have the security and no one trusted them with data.
That's true if the data is PHI, which means that it's personally identifiable. Per TFA, Google is using anonymized data. There are a bunch of companies that do this already, for example my last startup had anonymized health records from ~240 million Americans.
We had biostatisticians on staff as well as third party companies review our de-idenitification regularly. From a population level we were quite solid.
That said, were I an attacker trying to re-identify a specific person's data it would be hard to do with just basic demographic information but if you combine some specific health knowledge (a couple health problems you know your coworker has) or appointment info (date, type of doctor, stuff that may also come up in common conversations) it gets a lot easier.
Even though this happens... Google still makes me nervous because...
- Other large companies with other big agendas have violated rules on data sharing to improve performance in other areas. Amazon comes to mind with how they used markeplace data on vendors to produce their own competitive products. Rules are regularly broken.
- Will Google let auditors really have enough insight to make sure data is kept in a controlled manner? Google is so secretive.
If a data broker started a secure file sharing service I wouldn't trust them. That's how I feel about this.
As someone who actually works at Google Health (on an unrelated project), it pains me to see folks suggesting that this type of thing could happen.
I can tell you with 100% certainty that there is no way in hell that any of the health data for a project like this could possibly ever be used for advertising to patients. Someone on an eng team with access to this data (which is VERY tightly controlled) who have to write a data export pipeline and deliberately export that data to Ads, and someone on the Ads side would then have to deidentify that data and join it with advertising data.
Getting someone to write an export pipeline that will be consumed by other folks in Health, and actually get it used in practice is hard enough, when dealing with all the data restrictions. What you're suggesting is just not going to happen.
You shouldn't think of Google as one giant org with a big pot of shared data. It's really dozens of orgs, each with their own sub-orgs, which all have their own databases, file storage, etc. Getting access to data owned by a team the next aisle over is hard. Getting access to data from another org is basically impossible without a ton of oversight.
Google has proven before that they can't be trusted this way. Even when accidents happen their first instinct is to cover it up.
> Google exposed the private data of hundreds of thousands of users of the Google+ social network and then opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage, according to people briefed on the incident and documents reviewed by The Wall Street Journal.
The Google reputation is so bad that my previous company was actually asked by customers if we used Google Cloud, with the implication that they wouldn't work with us if we did.
The concern wasn't about ads, it was about patient privacy. You guys basically put together a search engine for medical encounters, allowing physicians to access medical records they shouldn't be able to: https://www.wsj.com/articles/behind-googles-project-nighting...
Can you elaborate more? I don't believe the search engine produced did not let physicians access anything they weren't supposed to. This is well stated in their public documentation.
The feature which seems to be freaking people out is sound-alike searching based on patient name. This isn't a new feature at all; it's been specified as an optional feature in the DICOM standard for literally decades.
Seconding this as another Google engineer (I work on data quality for Google's Knowledge Graph). There would have to be at least four utter failures and drastic-divergences-from-past-behavior spread across multiple organizations, multiple bureaucratic and technical processes, and potentially even multiple companies.
My experience has been that Google's internal culture has always been extremely serious about restricting access to privacy-relevant data. On top of that, there's recently been a big push to defend against malicious internal actors, things like engineers intentionally creating backdoors or the like. You'd have to work to specifically and intentionally override defaults to mislabel the data and every piece of code that works with it, actively defeat multiple layers of access-control tech, get the code to accomplish that past privacy-and-security review by engineers from the privacy and security team, lie continuously and fake a bunch of supporting evidence when requesting about four different kinds of quota, hide your column names and API definitions from infrastructure engineers doing migrations and routine load-management stuff, lie to a bunch of lawyers and general Search+Ads PMs during launch reviews, and more. It's just not going to happen.
It's also not going to happen because "someone at the top told everyone to do it and nobody complained", either. Googlers pitch shitfits like no employee body I have ever seen, and using health data to drive ads would instantly cause internal messaging to explode into a tornado of hatred. I've seen it happen for less.
Like QuercusMax said, using totally-aboveboard anonymized-and-aggregated-and-scrubbed query logs is already hard enough, enough so that my team has a policy of just plain not doing it. I have a coworker whose account is irrevocably tainted because he used to work on a project that used data from the "This result is wrong" button on search results with biographical information about public figures. Misusing health data like this would be so obnoxious and difficult as to be unbelievable.
Even if we don’t worry about ads, Google doesn’t exactly have a good track record with patient privacy. Look at what you guys did with Ascension, allowing physicians to access medical records from other hospitals within the system based on similarity.
To be clear, just because something represents a common-sense workflow improvement or might be useful to the physician doesn't mean you can just go and do it. While it might be a good idea to pull similar cases (or counterfactual examples) from your vast set of patient records, it doesn't mean it's LEGAL. Medical records are not like case briefs, you can't just crack open someone's record without proper consent.
For the unaware - this particular hospital chain (HCA) is super, super shady.
It's a for-profit institution, which is alarming in and of itself when the bar for hospitals to be nonprofit is so low (and when most of the "non-profit" hospitals are essentially for profit institutions anyway.)
> HCA Inc. (formerly known as Columbia/HCA and HCA - The Healthcare Company) has agreed to pay the United States $631 million in civil penalties and damages arising from false claims the government alleged it submitted to Medicare and other federal health programs, the Justice Department announced today.
I work as a data engineer in an academic medical research institution.
Most electronic medical records (EMR) systems are really about billing. Yes, there are clinically relevant data fields available but a large amount of what we were after as researchers was only available in free-text. Data abstraction is still mostly a human-expert driven activity. It would be fun if that could be better automated but there is significant ambiguity in clinical notes and pathology reports.
And don't get me started on data-ownership "turf wars." We often got significant pushback and simple refusal to have regular data feeds of IRB-approved data fields for collection with patients who were consented to studies.
Nothing was more annoying to me to get shot-down when trying to get data from our hospital EMR (again, data that was specifically approved for research use by IRB for patients already consented to studies) only to hear later about private enterprise "partnerships" that had full and unlimited access to all EMR data . . .
This is extremely spot on, Cerner goes to far as to tie almost everything to a billing encounter (FIN). Yet the documents still come over as PDFs that clinicians have to parse through.
The risks of unfettered access to EMR is that conditions can be inferred and future profitabilit of patients predicted so that they can be steered to different types and qualities of care (for good or for evil).
For-profit healthcare will overall optimize for profits before patient outcomes. It's as certain as gravity. FPH should be illegal.
Any organization that does not optimize value capture will be short-lived. Neither for-profit, nonprofit nor governmental business models are necessarily aligned towards improving patient outcomes over revenue. However revenue is a critical feedback loop to enforce change in the face of poor outcomes.
The Medicare agency cut off funding for heart transplants at [a nonprofit hospital] last year after the Chronicle-ProPublica investigation documented an outsized number of patient deaths and unusual surgical complications following the procedure in recent years.
The US is a money and capitalism first culture. This is before things like privacy. I'm not suggesting what is right or should be but rather an observation of what is the case.
I am involved with phone call centers. I have a lot of numbers. I use phone numbers like others use throwaway catch-all email addresses.
I signed up for the covid vaccine through my family doctor who partners with a hospital. They required registration (no walk ups) and the online form was branded (domain, privacy policy, everything) to the hospital. I used a unique email address and a unique phone number. I'm a curious person.
To confirm the appointment they send you a text. Guess what number the text went to? Not the one I typed in. It was to a unique number that I only used with my Google billing account. (I was using a corporate computer in no way tied to Google.)
I looked into it and the hospital partners with a fourth-party health care scheduling servicer, who then has some sort of partnership with Google cause all I saw was that Google bought a low-percentage stake in the company.
Something tells me the integration between these types of companies and Google is much stronger than the article lets on.
> a large amount of what we were after as researchers was only available in free-text
Is there no way to parse this? Surely the EMR systems could have a simple key-value syntax. Patient history is too complex to be expressed that way but there is a lot of other valuable data that could. Blood pressure, for example. Ideally, things like lab results would already be stored as structured data.
Most of those lab values are more or less worthless outside of context - which is why so much time is spent on training docs on physio, pathophys, and history taking. I know that it's frustrating to hear, but it's why every "helpful" tech solution to date has resulted in increasing doc griping and burnout.
Even simple charts for numerical variables would be helpful though. For example, evaluating growth over time is important in pediatrics. In my country, mothers receive a booklet with all the charts and pediatricians are supposed to fill it with data during consults. When I open one of these, I usually find only two or three data points. Surely EMR software could do the same thing automatically.
In the US, growth charts for peds are already built into every EMR I know of. But even that isn't particularly nuanced: I want different charts at different ages based on, for instance, whether the kid is bottle or breast-fed. The difference will impact an interpretation of being under- or over-weight, and using the wrong ones can create the appearance that the kid is dropping off the growth curve at around two years old (which is to say, without context you can't even interpret just the trend itself). The EMRs aren't even at the "IF feeding==bottle, display.curveA; ELSE display.curveB" level of sophistication.
Which is another way of saying "even where it looks like the numbers matter unto themselves without context, nope, you still can't meaningfully interpret them without context."
"Lots of systems" is a stretch, only a few do. In fact, "support" is a stretch. Most EMRs (Cerner, Epic etc) only support HL7 as much as it gets them their CMMI / Promoting Interoperability certifications which are not relevant for actual use.
This is a bit of a simplification. HL7 is the standards body, not the standard itself - which (for everyone else who may not know) is "HL7 v2".
FHIR is an actually-JSON (+XML) health data protocol that is gaining adoption (most recently because of CMS Interoperability and Patient Access Final Rule), so it's not all bad.
FHIR is a breath of fresh air but it's so kinda worse because while it's great you still need the HL7 parser logic lying around in your code and now a bunch of additional code paths for FHIR
Prior to FHIR, there was actually an XML-based HL7 v3 as well. Mercifully, it collapsed under the weight of its own spec and rarely shows up in the wild these days. CDA still survives, but it's much easier to work with and being slowly made obsolete by FHIR resources.
IME the billing-centric view is mostly a US-centric view. If you talk to folks who've done EHR deployments in other countries (my dataset is mostly Canada/UK), a not insignificant amount of work is put into tweaking Epic/Cerner/etc. _away_ from being so billing focused. Your other points still resonate, though anecdotally I've seen less private sector interest in doing analysis over providing infrastructure or other COTS software here.
Some healthcare is vital (emergency intervention for heart attacks), some healthcare is grey-area quality of life (do I need glasses vs. LASIK?), and some healthcare is pure luxury (cosmetic). These are not all created equal.
Additionally, removing the profit motive has its own consequences. Ever notice how the front-desk staff that serves as your docs' connection to the rest of the healthcare sector generally suck? Try to get a preauth, or a drug renewal, or an etc. There's a reason they suck: if your doc is working with a price ceiling (as most are, due to health insurance if not due to socialized medicine), they have a hard cap on their annual income for the year. The difference between a 2/10 and a 10/10 service staff doesn't make a single extra cent of income for the doc, but they have to pay the difference in salary straight out of their annual take-home. How many docs are going to get an 80K/yr front desk vs. a 40k/yr front desk just out of charity?
>Ever notice how the front-desk staff that serves as your docs' connection to the rest of the healthcare sector generally suck?
Compare this to for-profit clinics like One Medical, where your appointment typically starts exactly on time and front desk staff are courteous, helpful, and responsive to calls and emails. This holds true to every location of theirs I've used across major US metros (NYC, SF, PHX, CHI) [1].
Anecdotally, one time I forgot my eyedrops on a trip to SF. I tried to get a hold of my ophthalmologist's office back in NYC so they could send a prescription to a pharmacy in SF. On hold for 25 minutes, disconnected, tried one more time then gave up. Opened One Medical app, requested a virtual visit, had a Dr on a video call in 3 minutes who confirmed my eye drops and submitted the prescription to the pharmacy I was sitting in.
I'm not sure how much of it is down to profit motive and I'm sure there are tons of other confounding factors, but it's hard to not notice the huge difference in experience.
[1] I work in the healthcare industry and I'm a happy One Medical customer; I initially got it as a perk thru work but upon leaving I coughed up the money to continue using them.
so let's clarify a few things.
All the things you described that suck (e.g. preauth, drug renewal, etc) are made to suck, on purpose, by ... drumroll ... you insurance company which, believe it or not is usually a for profit entity (USA USA USA) and therefore is incentivized to take your money and not pay any out in premium. Paying for your care to them is a loss, and what they do is try to minimize loss ratio. (remember obamacare loss-ratio cap checks from eon ago?). So how does, a for profit company that you paid premiums to ration your healthcare to minimize loss ratio: by creating the most arcane, convoluted, confusing and inefficient process standing between you and your care provider. This is not a bug with front desk, this is a feature of your for-profit insurance.
The flip side of the coin are of course all the STEMI docs, who show up there just to perform a dangerous and provably useless medical procedure day in and day out, because profit:)
It's like digging out an outhouse, it's ** all the way down.
Yes, let's clarify a few things. For starters, I'm a physician, and have formerly worked in health insurance at the management level. I assume your comment was aimed at someone at a different level of familiarity with the topic. I'd be happy to re-evaluate my understanding of your comment if you'd care to clarify with the newfound knowledge that I'll understand a more nuanced argument, if you care to provide one.
Responding to what you have written, however:
1. I provided a direct explanatory mechanism for how physician reimbursement caps lead to low-quality auxiliary services - by pointing out that investing in an activity or service that provides no marginal revenue is a strictly money-losing proposition. You assert, without mechanism or evidence, that this is strictly due to "for profit insurance." You need to clarify how the insurer, and their profit motive, creates this result - as the mechanism I put forward simply requires that the physician is has a fixed fee schedule and is at capacity volume. I won't go so far as to assert you should take my word on it, but you could do worse than listening to a doctor say "this is exactly what's going on in my and my friends' practices."
2. The majority of healthcare dollars in the United States flow through Medicare and Medicaid. Given that these services reimburse quite a bit lower in dollars/service than for-profit insurers, they actually make up a larger volume of total services rendered. I can't argue with a statement as vague as "usually a for-profit entity," but I can state more precisely that it "will be a non-profit entity for more than 50% of services and more than 50% of reimbursed dollars."
3. Minimizing loss ratio has nothing to do with what I said at all. If you can put forward a mechanism that translates my front desk expenses into reduced MLR for the payor, I'm listening with open ears. Look at this thought experiment: let's say my insurer's MLR stays flat, and I can accept a 100$/yr subscription fee from all of my patients to improve front-desk service, with the caveat that I'm taking a profit off the top. Would the insurer care? No? Is there anything the insurer's payment processes would do to affect this? No? Then the issue is my profit motive, not the insurer.
4. The convoluted payment processes are there to aid the insurer in sorting through their giant piles of paperwork (you didn't think that administering a health insurance network was low in bureaucracy, did you?) and, more cynically, to create pitholes for us to step into so patient care is denied reimbursement. You're going to have actually, again, provide a mechanism by which that translates into "Doctor doesn't improve services offered." Because I can tell you that if the bureaucratic hurdle that is insurance billing doesn't step me from billing in the current environment, then it's not going to stop me from billing for higher amounts if I could get them.
From the insurance side: I found the throwaway's reference of MLR very confusing and seems to be misinformed about the ACA market and MLR caps in particular.
Exchange plans are just about the most price sensitive insurance product I can think of; in ACA markets typically the lowest premium plan will capture the overwhelming majority of the signups. Insurance co's are highly incentivized to optimize their MLR to provide the maximum amount of care up to the rebate threshold, while driving costs down as much as possible to ensure you can offer the lowest premium plan on the exchange and be the take-all winner.
Also, so much of prior auth, step therapy, etc are dictated by federal or state regulations and not necessarily what the insurer would like or prefer to do.
There are plenty of pain points in our insurance industry but to carte blanche blame "for profit" companies seems really lazy.
Part of the problem is informational. Payors, which may include those backed by nonprofit (like BCBS) and government (CMS), are tasked with reducing un-necessary and duplicative services. This is a critical duty in bending the high cost of healthcare.
Payors identify specific procedures or treatments which represent things they want more information about before they commit to paying for it. It is difficult work on the healthcare provider side to understand what requires pre-auth and provide the payor's decisional information. There is a HL7 group that is working on the problem, the DaVinci Project:
Interoperability challenges have limited many stakeholders in the healthcare community from achieving better care at lower cost. The dual challenges of data standardization and easy information access are compromising the ability of both payers and providers to create efficient care delivery solutions and effective care management models. The goal of the Da Vinci project is to help payers and providers to positively impact clinical, quality, cost and care management outcomes.
This is irrelevant. Even in a fully socialized healthcare system we would still want orgs and companies and the government looking at patient data to figure out better therapies. Just because the current data comes with price tags doesn't mean we should be stopping medical research on it.
For those curious about what it means to anonymize health information this NIST paper provides some context and the range of risk/value options when removing personally identifiable information from healthcare datasets.
Pretty frequently in these scare-generation articles there's no attempt to differentiate between someone using Google Cloud to do something, and Google itself doing something. Is this just a hospital chain making a deal for Google Cloud services to support their normal IT operations, or is Google actually using this data for something? If so, what is Google using the data for?
> Google has made a deal for access to patient records from HCA, which which operates 181 hospitals and more than 2,000 healthcare sites in 21 states, _so the tech company can develop healthcare algorithms_.
There is a whole division within Research called Google Health led by David Feinberg (https://www.linkedin.com/in/david-feinberg-4b5b76/) which works on these sorts of problems. It's sort of situated between Cloud and Research, as many of the problems they want to solve are... well, research problems that need large real-world datasets to solve.
Verily has its own things it wants to focus on, and I don't think large EHR analytics projects are one of them. Their ambitions are probably budget limited now (IE, they have to be selective about which projects to take on) while Google Research and Cloud have a lot of funding to build products like this.
I applied for a job at Verily a while back out of a desire to pivot out of my current industry. Once I got up close to it though I had a little trouble sussing out how they would operate separate from Google, which I think is going to have to be the case eventually. Stuff like this just makes it even harder to see. (edit: I wonder if it has anything to do with patents/ip)
Everyone I actually talked to was great though and I wish then the best.
56 comments
[ 2.7 ms ] story [ 106 ms ] threadI would much rather google handle this data rather than unknown third parties with their own agendas, at least with google, the data comes with privacy risks that are relatively well known and might actually be useful for clinicians due to google's expertise on AI/pattern classification work which is primarily what medical diagnoses is about now (IANAD so perhaps this is incorrect).
1. The company that collects the data (the covered entity) has to have a Business Associate Agreement in place with the company they're sharing it with. This basically affirms that the other company is aware of their HIPAA requirements and intends to follow them.
2. The Business Associate needs to access the data to do the job they were hired for, which in turn should be related to patient care.
There are definitely a lot of companies out there doing this already, but I will say that the people with the data are not exactly giving it up easily. HIPAA makes it so that in the event of a breach the Covered Entity is responsible for beach notification to the patients. That means there's a huge incentive for hospitals, radiology groups, and anyone else who collects this data to make sure that the people they share it with have the proper safeguards in place. There are a ton of hoops to jump through, normally including independent third party audits. I've seen a few medical AI companies fail simply because they didn't have the security and no one trusted them with data.
That said, were I an attacker trying to re-identify a specific person's data it would be hard to do with just basic demographic information but if you combine some specific health knowledge (a couple health problems you know your coworker has) or appointment info (date, type of doctor, stuff that may also come up in common conversations) it gets a lot easier.
- Other large companies with other big agendas have violated rules on data sharing to improve performance in other areas. Amazon comes to mind with how they used markeplace data on vendors to produce their own competitive products. Rules are regularly broken.
- Will Google let auditors really have enough insight to make sure data is kept in a controlled manner? Google is so secretive.
If a data broker started a secure file sharing service I wouldn't trust them. That's how I feel about this.
I can tell you with 100% certainty that there is no way in hell that any of the health data for a project like this could possibly ever be used for advertising to patients. Someone on an eng team with access to this data (which is VERY tightly controlled) who have to write a data export pipeline and deliberately export that data to Ads, and someone on the Ads side would then have to deidentify that data and join it with advertising data.
Getting someone to write an export pipeline that will be consumed by other folks in Health, and actually get it used in practice is hard enough, when dealing with all the data restrictions. What you're suggesting is just not going to happen.
You shouldn't think of Google as one giant org with a big pot of shared data. It's really dozens of orgs, each with their own sub-orgs, which all have their own databases, file storage, etc. Getting access to data owned by a team the next aisle over is hard. Getting access to data from another org is basically impossible without a ton of oversight.
> Google exposed the private data of hundreds of thousands of users of the Google+ social network and then opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage, according to people briefed on the incident and documents reviewed by The Wall Street Journal.
https://www.wsj.com/articles/google-exposed-user-data-feared...
The Google reputation is so bad that my previous company was actually asked by customers if we used Google Cloud, with the implication that they wouldn't work with us if we did.
My experience has been that Google's internal culture has always been extremely serious about restricting access to privacy-relevant data. On top of that, there's recently been a big push to defend against malicious internal actors, things like engineers intentionally creating backdoors or the like. You'd have to work to specifically and intentionally override defaults to mislabel the data and every piece of code that works with it, actively defeat multiple layers of access-control tech, get the code to accomplish that past privacy-and-security review by engineers from the privacy and security team, lie continuously and fake a bunch of supporting evidence when requesting about four different kinds of quota, hide your column names and API definitions from infrastructure engineers doing migrations and routine load-management stuff, lie to a bunch of lawyers and general Search+Ads PMs during launch reviews, and more. It's just not going to happen.
It's also not going to happen because "someone at the top told everyone to do it and nobody complained", either. Googlers pitch shitfits like no employee body I have ever seen, and using health data to drive ads would instantly cause internal messaging to explode into a tornado of hatred. I've seen it happen for less.
Like QuercusMax said, using totally-aboveboard anonymized-and-aggregated-and-scrubbed query logs is already hard enough, enough so that my team has a policy of just plain not doing it. I have a coworker whose account is irrevocably tainted because he used to work on a project that used data from the "This result is wrong" button on search results with biographical information about public figures. Misusing health data like this would be so obnoxious and difficult as to be unbelievable.
To be clear, just because something represents a common-sense workflow improvement or might be useful to the physician doesn't mean you can just go and do it. While it might be a good idea to pull similar cases (or counterfactual examples) from your vast set of patient records, it doesn't mean it's LEGAL. Medical records are not like case briefs, you can't just crack open someone's record without proper consent.
It's a for-profit institution, which is alarming in and of itself when the bar for hospitals to be nonprofit is so low (and when most of the "non-profit" hospitals are essentially for profit institutions anyway.)
This sounds worse than a for-profit institution declaring itself as a for-profit institution.
What is it about the chain that is “super, super shady”?
https://www.justice.gov/archive/opa/pr/2003/June/03_civ_386....
Most electronic medical records (EMR) systems are really about billing. Yes, there are clinically relevant data fields available but a large amount of what we were after as researchers was only available in free-text. Data abstraction is still mostly a human-expert driven activity. It would be fun if that could be better automated but there is significant ambiguity in clinical notes and pathology reports.
And don't get me started on data-ownership "turf wars." We often got significant pushback and simple refusal to have regular data feeds of IRB-approved data fields for collection with patients who were consented to studies.
Nothing was more annoying to me to get shot-down when trying to get data from our hospital EMR (again, data that was specifically approved for research use by IRB for patients already consented to studies) only to hear later about private enterprise "partnerships" that had full and unlimited access to all EMR data . . .
tl;dr :
EHR are mostly about charts.
EMR are mostly about billing.
The risks of unfettered access to EMR is that conditions can be inferred and future profitabilit of patients predicted so that they can be steered to different types and qualities of care (for good or for evil).
For-profit healthcare will overall optimize for profits before patient outcomes. It's as certain as gravity. FPH should be illegal.
The Medicare agency cut off funding for heart transplants at [a nonprofit hospital] last year after the Chronicle-ProPublica investigation documented an outsized number of patient deaths and unusual surgical complications following the procedure in recent years.
https://www.houstonchronicle.com/news/investigations/article...
I am involved with phone call centers. I have a lot of numbers. I use phone numbers like others use throwaway catch-all email addresses.
I signed up for the covid vaccine through my family doctor who partners with a hospital. They required registration (no walk ups) and the online form was branded (domain, privacy policy, everything) to the hospital. I used a unique email address and a unique phone number. I'm a curious person.
To confirm the appointment they send you a text. Guess what number the text went to? Not the one I typed in. It was to a unique number that I only used with my Google billing account. (I was using a corporate computer in no way tied to Google.)
I looked into it and the hospital partners with a fourth-party health care scheduling servicer, who then has some sort of partnership with Google cause all I saw was that Google bought a low-percentage stake in the company.
Something tells me the integration between these types of companies and Google is much stronger than the article lets on.
Is there no way to parse this? Surely the EMR systems could have a simple key-value syntax. Patient history is too complex to be expressed that way but there is a lot of other valuable data that could. Blood pressure, for example. Ideally, things like lab results would already be stored as structured data.
Most of those lab values are more or less worthless outside of context - which is why so much time is spent on training docs on physio, pathophys, and history taking. I know that it's frustrating to hear, but it's why every "helpful" tech solution to date has resulted in increasing doc griping and burnout.
https://www.cdc.gov/growthcharts/index.htm
Which is another way of saying "even where it looks like the numbers matter unto themselves without context, nope, you still can't meaningfully interpret them without context."
That being said, it is JSON but much worse
FHIR is an actually-JSON (+XML) health data protocol that is gaining adoption (most recently because of CMS Interoperability and Patient Access Final Rule), so it's not all bad.
:/
For-profit healthcare is evil.
https://www.pbs.org/video/the-healthcare-divide-rv6npd/
Some healthcare is vital (emergency intervention for heart attacks), some healthcare is grey-area quality of life (do I need glasses vs. LASIK?), and some healthcare is pure luxury (cosmetic). These are not all created equal.
Additionally, removing the profit motive has its own consequences. Ever notice how the front-desk staff that serves as your docs' connection to the rest of the healthcare sector generally suck? Try to get a preauth, or a drug renewal, or an etc. There's a reason they suck: if your doc is working with a price ceiling (as most are, due to health insurance if not due to socialized medicine), they have a hard cap on their annual income for the year. The difference between a 2/10 and a 10/10 service staff doesn't make a single extra cent of income for the doc, but they have to pay the difference in salary straight out of their annual take-home. How many docs are going to get an 80K/yr front desk vs. a 40k/yr front desk just out of charity?
Compare this to for-profit clinics like One Medical, where your appointment typically starts exactly on time and front desk staff are courteous, helpful, and responsive to calls and emails. This holds true to every location of theirs I've used across major US metros (NYC, SF, PHX, CHI) [1].
Anecdotally, one time I forgot my eyedrops on a trip to SF. I tried to get a hold of my ophthalmologist's office back in NYC so they could send a prescription to a pharmacy in SF. On hold for 25 minutes, disconnected, tried one more time then gave up. Opened One Medical app, requested a virtual visit, had a Dr on a video call in 3 minutes who confirmed my eye drops and submitted the prescription to the pharmacy I was sitting in.
I'm not sure how much of it is down to profit motive and I'm sure there are tons of other confounding factors, but it's hard to not notice the huge difference in experience.
[1] I work in the healthcare industry and I'm a happy One Medical customer; I initially got it as a perk thru work but upon leaving I coughed up the money to continue using them.
Responding to what you have written, however:
1. I provided a direct explanatory mechanism for how physician reimbursement caps lead to low-quality auxiliary services - by pointing out that investing in an activity or service that provides no marginal revenue is a strictly money-losing proposition. You assert, without mechanism or evidence, that this is strictly due to "for profit insurance." You need to clarify how the insurer, and their profit motive, creates this result - as the mechanism I put forward simply requires that the physician is has a fixed fee schedule and is at capacity volume. I won't go so far as to assert you should take my word on it, but you could do worse than listening to a doctor say "this is exactly what's going on in my and my friends' practices."
2. The majority of healthcare dollars in the United States flow through Medicare and Medicaid. Given that these services reimburse quite a bit lower in dollars/service than for-profit insurers, they actually make up a larger volume of total services rendered. I can't argue with a statement as vague as "usually a for-profit entity," but I can state more precisely that it "will be a non-profit entity for more than 50% of services and more than 50% of reimbursed dollars."
3. Minimizing loss ratio has nothing to do with what I said at all. If you can put forward a mechanism that translates my front desk expenses into reduced MLR for the payor, I'm listening with open ears. Look at this thought experiment: let's say my insurer's MLR stays flat, and I can accept a 100$/yr subscription fee from all of my patients to improve front-desk service, with the caveat that I'm taking a profit off the top. Would the insurer care? No? Is there anything the insurer's payment processes would do to affect this? No? Then the issue is my profit motive, not the insurer.
4. The convoluted payment processes are there to aid the insurer in sorting through their giant piles of paperwork (you didn't think that administering a health insurance network was low in bureaucracy, did you?) and, more cynically, to create pitholes for us to step into so patient care is denied reimbursement. You're going to have actually, again, provide a mechanism by which that translates into "Doctor doesn't improve services offered." Because I can tell you that if the bureaucratic hurdle that is insurance billing doesn't step me from billing in the current environment, then it's not going to stop me from billing for higher amounts if I could get them.
Exchange plans are just about the most price sensitive insurance product I can think of; in ACA markets typically the lowest premium plan will capture the overwhelming majority of the signups. Insurance co's are highly incentivized to optimize their MLR to provide the maximum amount of care up to the rebate threshold, while driving costs down as much as possible to ensure you can offer the lowest premium plan on the exchange and be the take-all winner.
Also, so much of prior auth, step therapy, etc are dictated by federal or state regulations and not necessarily what the insurer would like or prefer to do.
There are plenty of pain points in our insurance industry but to carte blanche blame "for profit" companies seems really lazy.
Payors identify specific procedures or treatments which represent things they want more information about before they commit to paying for it. It is difficult work on the healthcare provider side to understand what requires pre-auth and provide the payor's decisional information. There is a HL7 group that is working on the problem, the DaVinci Project:
Interoperability challenges have limited many stakeholders in the healthcare community from achieving better care at lower cost. The dual challenges of data standardization and easy information access are compromising the ability of both payers and providers to create efficient care delivery solutions and effective care management models. The goal of the Da Vinci project is to help payers and providers to positively impact clinical, quality, cost and care management outcomes.
http://www.hl7.org/about/davinci/index.cfm?ref=common
https://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.8053.pdf
Additional helpful works:
Anonymizing Health Data by Khaled El Emam, Luk Arbuckle
Building an Anonymization Pipeline by Luk Arbuckle, Khaled El Emam
Practical Synthetic Data Generation by Khaled El Emam, Lucy Mosquera, Richard Hoptroff
Accelerating AI with Synthetic Data by Khaled El Emam
Khaled El Emam's website: http://www.ehealthinformation.ca/
Verily has its own things it wants to focus on, and I don't think large EHR analytics projects are one of them. Their ambitions are probably budget limited now (IE, they have to be selective about which projects to take on) while Google Research and Cloud have a lot of funding to build products like this.
I applied for a job at Verily a while back out of a desire to pivot out of my current industry. Once I got up close to it though I had a little trouble sussing out how they would operate separate from Google, which I think is going to have to be the case eventually. Stuff like this just makes it even harder to see. (edit: I wonder if it has anything to do with patents/ip)
Everyone I actually talked to was great though and I wish then the best.