The Precision Medicine Initiative and Patient Health Data

The recent Precision Medicine Initiative Summit at the White House saw dozens of private entities committing to join with the administration in supercharging the effort to enroll one million patients into precision medicine research programs, collecting and securely sharing data about them – including genomic data – all in an effort to crack the code of intransigent medical conditions and provide answers and therapies in a “precision” manner, looking for solutions that serve each patient best. (Also referred to as the N of 1 approach.) NIH is on the Precision Medicine bus as well.

President Obama took part in the proceedings (see White House video in this post) and in addressing the reach of the initiative, he noted that “precision medicine … is … empowering individuals to monitor and take a more active role in their own health.” This was a striking statement, and it has a number of implications. For our present purposes, the key issue thus raised by the President is that of the inextricable link between precision medicine, information access and participatory medicine.

In the weeks leading up to the PMI Summit, OCR has worked to reframe and re-communicate the “rules of the road” for health data privacy and security, taking this opportunity to burnish communications about HIPAA and clarify all parties’ rights and responsibilities under these rules — particularly emphasizing patient empowerment when it comes to health data.

This confluence of communications brings to mind the HITECH Act — part EHR promotion, part beefing up of health data privacy and security rules. Just as the HITECH Act and OCR were helpful in pre-emptively calming potentially anxious constituencies about security in the face of digitization, so, too, the PMI and OCR seek to present a unified front: let’s harness “big data” to solve big problems in healthcare, but let’s be sure that patients have a seat at the table through equal access to patient data and control of patient data.

What is notable about the recent government issuances regarding HIPAA — through an excellent series of blog posts and guidance (and blog posts about the guidance) — is that there is no new law or regulation on the books. The federales (including, notably, Jocelyn Samuels, Deven McGraw and Lucia Savage) have simply taken this opportunity to review a range of issues that have come to their attention (whether through the government’s developer portal for HIPAA questions or otherwise) and to clarify the official position on a wide range of issue regarding HIPAA compliance. The key thrust of the blog posts and fact sheets with real-life scenarios is to remind everyone out there that HIPAA supports interoperability “because it gives providers permission to share PHI for patient care, quality improvement, population health, and other activities.” The posts and the embedded fact sheets go into some detail on “situations in which a covered entity is permitted, but not required, to use and disclose PHI without first having to obtain a written authorization from the patient.” More specifically, (a) permitted uses and disclosures: what they are, and how they advance the national goal of interoperability, (b) examples of exchange of health information for care coordination, care planning, and case management, both between providers, and between provider and payers examples of interoperable, permissible exchange of PHI for quality assurance and population-based activities,

The guidance entitled Individuals’ Rights under HIPAA to Access their Health Information (including FAQs) also clarifies and explains existing rules rather than breaking new ground. OCR deals with a tremendous volume of complaints and inquiries and has stated that it is not able to do much beyond inform a covered entity that it ought to release records when a complaint regarding noncompliance with a request is filed. It appears to be the agency’s hope that clearer explication of the rules as they exist will drive the regulated community to a better compliance posture, particularly in light of the long-promised increased attention to enforcement coming from the agency.

One key element of the guidance that seems to break new ground (but is presented as a clarification) is the section regarding permissible fees that may be charged to patients seeking copies of their medical records. Given the significant volume of discussion that has surrounded this particular issue over the years, it is not surprising, and the move towards a rational fee level for patients is encouraging, and is even expressed with a policy preference that covered entities should provide individuals who request access to their information with copies of their PHI free of charge.

However, the concern about copying fees, which is important in the current environment, is a non-issue in the health information ecosystem using the Flow Health Operating System for Value Based Care. Connections into the universal patient data layer provide continuous access to patient records for everyone on the care team — patients, family members, caregivers, health care providers. It is no longer necessary to get a copy of a record out of one system in order to deliver it to another system (the paper or traditional query-response HIE approach).

The twin announcements of the Precision Medicine Initiative and the HIPAA enforcement posts and guidance emphasize the government’s decision to continue down a path — on its own, and as a prod to other actors in the public and private sectors — to harness “big data” to solve big problems in healthcare, while ensuring all the while that the data used in the process is maintained in a secure and private manner, and making sure that patients have a seat at the table through equal access to patient data and control of patient data.

Flow Health’s platform enables the real-time data exchange and access necessary for next-generation healthcare and layers in the machine learning and predictive analytics needed to bring healthcare to a new level.

Thank you for taking the time to learn about Flow Health. Flow Health is presenting at HIMSS 2016 Venture+ forum. We invite you to see all of our #HIMSS16 posts. If you would like to know more about Flow Health and how we can help your organization succeed, please contact us today at

A version of this post first appeared on my home blog, HealthBlawg.

Leave a comment