On October 18th, 2019, the United States House Committee on the Judiciary discussed a topic that has the potential to have massive, long-lasting repercussions for the healthcare industry: data privacy.
As lawmakers discussed the role tech giants play in the global handling of individual data and the privacy – or lack thereof – that goes along with opting-in to the use of widely popular tech tools such as Google, Facebook, and LinkedIn, leaders in the healthcare industry are beginning to deduce how this ongoing conversation will impact patients, providers, and insurers.
New data privacy laws coming down the pipeline will inevitably affect operations, competition, and stability in all industries, including healthcare. In order to best prepare your healthcare organization to absorb and rebound from the upcoming changes, consider how an evolution of our nation’s data privacy laws could impact healthcare from every angle.
Generally, when lawmakers and regulatory bodies discuss data privacy they are most concerned with issues pertaining to electronic health records (EHR) and practice management (PM) systems that contain patient health information. However, as the healthcare industry as a whole continues to become more inclusive of technology, we also need to consider data privacy in the context of governance and regulatory compliance issues.
The House Committee hearing on data privacy will have a significant effect on these critical aspects of healthcare operations simply (or, perhaps, not so simply) due to the way that the government is going to treat data moving forward. This data may be actual health information such as data from a patient’s visit to the doctor for flu treatment or data as surface-level as names, addresses, and phone numbers.
As the federal government becomes more involved with big data and how individual data is collected, stored, and used, these laws are going to primarily change what healthcare organizations are allowed to do with that information. While these changes are mostly going to impact the healthcare industry from the standpoint of regulatory compliance, privacy, and security, eventually this will extend out to the health plans and insurers to impact their business, as well.
Health insurance companies represent the largest repository of patient data in the entire healthcare system. In particular, the big five health plans have access to data and the processing power to extrapolate key information from that data that has the potential to significantly widen the competition gap between them and smaller competitors.
While health insurance companies – and the plethora of data they have in their repositories – have not yet been brought into the folds of discussion with the House Judiciary Committee, other big data players have, including Mark Zuckerberg and Sheryl Sandberg, the CEO and COO of Facebook, respectively.
Massive corporations like Facebook and others continue to collect more data, leverage that data, and grow larger and more powerful thanks to that data. When there is a significant breach of data, regulatory agencies fine these large corporations. However, the recent hearing revealed that both Zuckerberg and Sandberg were given full immunity from legal prosecution for anti-trust and privacy violations in exchange for helping shape the landscape of data privacy laws.
As a result, the biggest players at the table are allowed to continue growing in size and power, receiving fines that are rather insignificant in the grand scheme of the revenue these companies are generating, and ultimately the people feeling the biggest effects are the competitors and the end-users.
In time, as we watch modern data privacy laws take shape, we will likely see the same pattern repeat itself in the healthcare industry – with the big five health plan providers sitting at the discussion table and smaller competitors being forced to play catch-up indefinitely.
As these privacy laws change and go forward, if there is not a clear delineation of what can and cannot be done with that data, the leading health plans will be able to withstand the small fines and settlements and still see their overall value and stock go up as a company because the true value is hidden in the data they are able to collect.
As a case study, let’s look at Amazon – one of the most popular household brands in the United States. Amazon Health, which was established in 2018, is Amazon’s own health plan and health management company for all Amazon employees. The pilot program launched earlier this year to serve the company’s 566,000 employees.
Because Amazon is always looking to be the best in any vertical – whether that is online shopping, cloud storage, or now healthcare – they have been hiring CEOs, CIOs, CFOs, and other industry leaders from healthcare companies. By bringing this high-caliber expertise in-house, Amazon is quickly becoming a threatening competitor in the marketplace.
When Amazon bought the online pharmacy PillPack, that was the company’s first foray into that market of directly serving patients. Most recently, Amazon acquired Health Navigator, a health startup that provides the interfaces for telemedicine and online health services.
Inevitably, Amazon will expand its employee-only pilot program to offer health plans, online pharmacy services, and telemedicine services to consumers. As one of the world’s kings of consumer data collection, storage, and analysis, Amazon is perfectly positioned to compete with the largest health plans in America today.
While healthcare has always been in a league of its own thanks to protected health information laws such as HIPAA, other information has not always been protected, such as phone numbers or addresses. As these big tech companies fight it out in these hearings, the results will trickle downstream to impact healthcare and fundamentally change the industry’s rules around what counts as protected information and how that data is handled.
For example, only a few healthcare companies utilize app-based programs right now. However, that is not to say that app-based healthcare management will not be the norm five years from now.
Data privacy laws may protect our health information now (such as diagnoses, prescriptions, etc.), but they may not protect our location data or other valuable data gathered by apps and phones that could be tied to our healthcare in the future. In time, that data can be used to sell things to healthcare consumers and discourage competition in the larger market.
The House Judiciary Committee hearings and the derivations of data privacy laws that come from them may not affect us for a year or more, but they will affect us in time. When we talk about privacy in terms of surveillance or anything that can be used to define a subset of demographics or patients, we are dealing with the lawless, rule-less Wild West of healthcare.
With Facebook and data hoarders sitting at the discussion table, Amazon stepping into the healthcare market, and other large corporations grabbing the opportunity to get into healthcare, shifts are bound to happen – and quickly!
Privacy and security in healthcare are constantly evolving subjects. It can often be overwhelming to ensure your organization stays compliant as the goalposts move backward, forwards, and sometimes sideways.
Here at John Lynch & Associates, we help your organization stay on top of changes taking place throughout the industry and ensure that you are properly positioned to succeed. Make sure you are ready for those rapid shifts by contacting us today.
Join hundreds of industry leaders and get our perspective on critical issues healthcare organizations face in a demanding environment, delivered to your inbox.