Coronavirus upends medical privacy

With help from Mohana Ravindranath (@ravindranize) and Martin Matishak (@martinmatishak)

Editor’s Note: Morning eHealth is a free version of POLITICO Pro eHealth’s morning newsletter, which is delivered to our subscribers each morning at 6 a.m. The POLITICO Pro platform combines the news you need with tools you can use to take action on the day’s biggest stories.Act on the news with POLITICO Pro.

Quick Fix

— Coronavirus upends privacy: The pandemic is prompting government officials to turn to more surveillance — and that might be a privacy nightmare.

— Watchdog: VA’s EHR project risks patient safety: An unrealistic schedule and poor communication could put patients at risk, according to a pair of OIG reports examining the Veterans Affairs Department’s electronic records project.

— What about audio?: Doctors’ groups want to know: When it comes to pay, what about telephone visits?

eHealth tweet of the day: EPICparodyEMR @EPICEMRparody “As long as it takes up 99% of the note and you have to scroll through pages to find anything useful, I am happy with it either way.”

WEDNESDAY: Inspired by the Twitter account Bad Legal Takes’ discovery of a truly hilariously bad HIPAA take, your correspondent wants to know: What’s the worst citation of, or argument about, HIPAA you’ve seen? Share some truly misguided HIPAA takes at [email protected]. Discuss ridiculous ideas about what HIPAA does or doesn’t permit socially @dariustahir, @ravindranize, @POLITICOPro and @Morning_eHealth.

POLITICO Pro is here to help you navigate these unprecedented times. Check out our new Covid-19 Coverage Roundup, which provides a daily summary of top Covid-19 news coverage from across all 16 federal policy verticals as well as premium content, such as DataPoint graphics. Please sign up at our settings page to receive this unique roundup sent directly to your inbox every weekday afternoon.

Driving the Day

CORONAVIRUS UPENDS MEDICAL PRIVACY — Government officials are turning to technology in their quest to contain the coronavirus, with potentially long-term consequences for patients’ privacy.

Apps to notify individuals when they come into contact with infected patients, gadgets that can tell authorities when someone breaks quarantine and other proposals in the name of public health are a potential privacy nightmare, experts say. Apps can be poorly designed or misused, potentially exposing individuals to harm, for example.

Governments are also disclosing more data about affected patients; in South Korea, officials have been analyzing sensitive information like credit card purchases and disclosing people’s paths through the world. It’s led to some stigma for patients, potentially endangering trust in the system.

OIG: VA’s EHR PROJECT RISKS PATIENT SAFETY — An “aggressive, likely unrealistic” schedule and poor communication afflicted the VA’s multibillion-dollar EHR project, potentially endangering patient safety, a pair of reports from the department’s Office of Inspector General concluded.

The department failed to secure necessary physical infrastructure — ranging from laptops and computers to proper heating and cooling systems — which in turn threaten EHR performance, the first report says.

And the department’s EHR office failed to communicate effectively with Spokane, Wash., staff about the transition, the second report says. Some software functions — like medication refills — were planned to be temporarily unavailable as the facility transitioned from VistA to Cerner. Local staff came up with 84 potential work-arounds or mitigations in August 2019, the report says, but “were unable accurately predict patient safety risks because of incomplete information on which capabilities would be available.”

In a statement, Cerner said it takes patient safety seriously and valued the IG findings. “We are confident we have addressed the challenges outlined in these reports,” the company said, noting its process of rolling out the software in batches “is designed to enable VA and Cerner to identify challenges early and address them quickly, which is exactly what we are doing.”

WHAT ABOUT AUDIO? CMS has expanded the number of video consultations it pays for during the pandemic, but some providers and patients using flip phones and landlines find themselves out of luck. The virtual check-ups generally need both an audio and a visual component to be covered, frustrated health care groups point out.

This week the American Medical Group Association urged CMS to clarify that audio-only visits are sufficient to get diagnosis information both for risk adjustment and to coordinate patients’ care. In a letter to HHS and CMS this week, the group warned that “for many patients, accessing care via video is simply not an option,” often because of lack of broadband.

PUBLIC HEALTH DATA WOES — Of top importance to the next stage of the pandemic: whether policymakers, public health officials and contact tracers will have sufficiently high quality data to keep an eye on any outbreaks. Here’s a roundup:

— White House plan: The Trump administration on Monday released a testing and surveillance plan (in the public health, not “Enemy of the State” sense). Public health experts are worried the levels of testing won’t be sufficient to keep track of any Covid-19 hotspots.

Techies, on the other hand, have another worry: that the government’s surveillance systems are too balky to function well, as your correspondent wrote with colleague David Lim. They rely on proactive reporting from doctors, emergency rooms, large events and schools, said Doug Fridsma, the former chief scientist at the Office of the National Coordinator for Health IT.

That means the data tends to lag an actual outbreak, and may not be a strong “early warning signal when people are not going to the ER, large events, schools or seeing their health care providers,” he said.

— Senators on CDC data: Several lawmakers urged Senate leaders this week to include even more technology funding for public health departments in upcoming coronavirus legislation. The additional funds could help state, local and federal public health groups “move from sluggish, manual, paper-based data collection to seamless, automated, and secure IT systems,” wrote the senators, led by Richard Blumenthal and Tim Kaine.

They’re not the only ones concerned about data reporting. Earlier this week Sens. Mitt Romney and Kyrsten Sinema urged CDC to support the modernization of state public health systems. “We are deeply concerned federal public health officials are behind the curve in assessing public health threat levels, because they lack immediate visibility into population health data,” they wrote.

— California’s “contact tracing” army: In the states, California is planning to build an army of 10,000 people — aided by an online platform — to help suss out contacts of newly infected patients and warn them of potential disease, our colleague Victoria Colliver reports.

FDA MEETING: The FDA scheduled its first in-person meeting in months for June 30 — with the caveat that the meeting may shift to a virtual format. The agency is slated to discuss its data modernization strategy, and will cover subjects like data-sharing, real-time dashboards and privacy.

MILITARY MATTERS — With military medical centers seeing more patients due to the Covid-19 pandemic, the Pentagon’s inspector general on Monday shared best practices for protecting sensitive health data.

“Because [military treatment facilities] use different methods to collect patient data, such as in-person and virtual triage, continuing to exercise due diligence to protect patient data is needed now more than ever with the increased patient loads at MTFs and alternative care facilities the DoD is helping to build and operate,” the report states.

The IG cited government statistics that there were 570 reported breaches between April 2018 and April 2020 that compromised the personal information of 46 million patients. It also compiled ways to improve security, like using multifactor authentication and strong passwords, managing network vulnerabilities and encrypting sensitive data to better protect patients.