EHR and HIPAA, A Dilemma

EHR and HIPAA – Overview

Both are essential parts of running a successful business in health care.

An electronic health record (EHR) is a digital version of a patient’s paper chart. EHRs are real-time, patient-centered records that make information available instantly and securely to authorized users. (healthit.gov)

The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance. (digitalguardian.com)

PHI is any demographic information that can be used to identify a patient. Examples include: names, dates of birth, Social Security numbers, insurance information, phone numbers, full facial photos, and health care records, to name a few examples. (compliancy-group.com)

A Short History

EHR Emerging in the 1970s

US federal government began implementing VistA (formerly known as the Decentralized Hospital Computer Program) at the Department of Veteran Affairs. A study by the Institute of Medicine (now National Academy of Medicine) began in the 1980s, and its findings recommended the use of EHRs when they were published in 1991. (readwrite.com)

The Health Insurance Portability and Accountability Act introduced in 1996

The Health Insurance Portability and Accountability Act (HIPAA) was passed on August 21, 1996, with the dual goals of making health care delivery more efficient and increasing the number of Americans with health insurance coverage. Since its implementation, healthcare organizations have been issued huge fines for non-compliance, e.g. Anthem $16 million HIPPA fine paid in 2018.

The Dilemma

Tough regulations were implemented before the applications (EHRs, etc.) grow into their best format/position  in the healthcare system. The regulations made the softwares slow to upgrade/adjust themselves and prevented certain competitions.

EHRs are only an example of healthcare data regulated by HIPAA but a good one. It could have been a program like Apple Health Kit (on patients’ end) in the current era of well-designed apps like uber/gmail/amazon/instagram; but it was limited at the beginning stage and was left no time to refine itself. No wonder most parts are a vivid demonstration of tech/IT system some twenty years ago.

VistA/CPRS | Source: youtube

US Government Shutdown – an Incomplete List of Direct Effects in Business

On Jan 10, Fed Chair Jerome Powell commented at the Economic Club about government shutdown…

In the short term, if government shutdowns don’t last very long, they have typically not left much of a mark on the economy… A longer shutdown is something we haven’t had. If we have an extended shutdown, and I do think that that would show up in the data pretty clearly,… we would have a less clear picture into the economy if it were to go on much longer.

Here is an incomplete list of effects in business…

Gig Economy & Employment Issues in the 21st Century

今天公布的美国上一周 (9/23 – 9/29) Weekly Jobless Claims 降至 20.7 万例,接近 49 年低点。49 年最低点在两周前触及,9/9 – 9/15 那周的 Initial Jobless Claim 为 20.2 万例,是 1969 年 11 月以来的最低点。

昨天公布的 nonfarm private sector employment 数据也很出色,增加 23 万例。市场对于明天将公布 non-farm payroll 数据期望相当之高。

8 月的 unemployment rate 已降至 3.9%。Full-employment 社会的话题今年以来获得更多关注…

但在经济数据的背后,不应该忽视的是新型商业模式对于这些数据的影响 – uber, lyft, airbnb, grubhub, etc… so called “gig economy”。同时,原先简单粗暴的 employed/unemployed 划分已经不能充分反应新经济的就业问题。

把旧的思维模式强加在当前经济模式下,必然会有各式各样的问题:

  1. 原本 unemployed 人口通过 uber 等公司作为收入来源,没有 actively looking 或者没有 desire for or availability for work;然后一部分也不会当自己是 employed,由于是数据来源是 survey,最终导致部分人口没算在 labor force 里,不算做失业人口。一个参考是 08 – 13 年 labor participation rate 的下降。
  2.  gig economy 中的 “employer” 各方面没有保护,比如最低工资保障 mini wage,健康保险 health insurance,养老 pension,失业保护 unemployment insurance 等
    • 各州对于相关纠纷的判决有所不同,但都开始关注 independent contractor / employee 的问题。
    • 参考 case 1:加州 Lawson v. GrubHub,2 月 Judge Corley 支持 independent contractor [trial court];在下面的 case 之后,5 月 Lawson 上诉至 U.S. Court of Appeals for Ninth Circuit
    • 参考 case 2:加州 Dynamex Operations West, Inc. v. Superior Court,4 月底 California Supreme Court 支持按 employer 的划分,并采用 ABC test
      • (A) that the worker is free from the control and direction of the hiring entity in connection with the performance of the work, both under the contract for the performance of the work and in fact;
      • (B) that the worker performs work that is outside the usual course of the hiring entity’s business; and
      • (C) that the worker is customarily engaged in an independently established trade, occupation, or business of the same nature as the work performed.
    • 参考 case 3:纽约州 The New York State Unemployment Insurance Appeal Board 于 7 月支持 uber driver 在失业保险方面应算作 uber 的 employee
    • 相关 case – 领取失业福利的同时开 uber:Lowman v. Unemployment Compensation Board of Review [Pennsylvania Commonwealth Court],“by occasionally accepting offers of work such as that afforded by Uber, an individual does not make a ‘positive step’ toward establishing an independent business”,参见 Bruce L. Baldwin 文章
  3.  under-employment 问题。当前 gig economy 中的 independent contractor 更偏向于 lower-skilled 工作;以及拉低整体的 productivity。这是个更长期的问题。

BLS 有一项统计,在 2017 年 5 月,美国约有 1.6 million electronically mediated workers, accounting for 1.0 percent of total employment;uber 今年 9 月在自己的 blog 中称已有超过 90 万的 driver,两个数据也算 consistent。

下图来自今年 9 月 JPM 的一篇 research,更直观,但有 bias,在 JP Morgan 开户的人更可能参与在 gig economy 中

从整体看,这还不是一个大规模群体,但不难想象这是一个持续增长的群体。在 AI 和娱乐的未来,gig economy 的作用将更加明显。

Drones and Smart Glasses

今天我把有段时间没用过的 Mavic Pro 拿出来更新了一下软件。

又想起了在住的附近飞的时候跟周围人简单聊,开玩笑到 spy on neighbour…

加上前两天写到 Snap 的 Spectacle,加上再早之前的 Google Glass,觉得有一些共通可以放到一起,来看这一类带拍照摄影功能的电子产品在美国受到的阻力。

从小时候起,一直受到的教育也是不要随便照别人。但被强调的语境大多是在欧洲国家、美国等地。这确实是一个十分需要重视的问题。

iPhone 或其它手机,由于和照相机长得类似,操作也类似,被各国社会没太多阻力地接受。或许问题的关键就是是拍照和摄影的操作会被周围人知道,以及持续性。

知情与否 make a big difference – 一举起手机也暗示了周围人,有问题可以沟通

持续性也重要 – 一直拍照角度地举着手机一样会被排斥;手机可以迅速放下来

然而,无人机和智能眼镜,都有让被拍摄人注意不到被拍,以及对被拍多长时间不知情的 concern。

即使是手机,也有越来越多的 concern。

IMO, the line might not be drawn in the near term, but a consensus will be reached and hopefully most people will follow some sort of “best practices” .