“Gimme my damn data!” The stage is being set to enable patient-driven disruptive innovation.

This is an essay I (mostly) wrote April 28 on Vince Kuraitis’s e-Care Management Blog, part of his series with David Kibbe MD about the Federal EMR incentives, titled “Is HITECH Working?” The series is, in my opinion, the most useful update I’ve seen on this complex and vital aspect of the future of healthcare. Vince and David made important edits and added the great appendix at end.

by Dave deBronkart (e-PatientDave), Vince Kuraitis, and David C. Kibbe

So far this series has looked at HITECH participation by hospitals (grumbling but in the game) and physicians (wary, on the sidelines), kudos for ONC’s three major policy points, and how HITECH is already moving the needle on the vendor side. Today we’re going to look at the reason the whole system exists: patients.

It’s possible to look at the patients issue from a moral or ethical perspective, or from a business planner’s ecosystem perspective. In this post we’ll simply look at it pragmatically: is our approach going to work? It’s our thesis that although you won’t see it written anywhere, the stage is being set for a kind of disruption that’s in no healthcare book: patient-driven disruptive innovation.

We’ll assert that in all our good thinking, we’ve shined the flashlight at the wrong place. Sure, we all read the book (or parts), and we talk about disruption – within a dysfunctional system.

If you believe a complex system’s actual built-in goals are revealed by its actual behavior, then it’s clear the consumer’s not at the core of healthcare’s feedback loops. What if they were?

We assert that to disrupt within a non-working system is to bark up a pointless tree: even if you win, you haven’t altered what matters. Business planners and policy people who do this will miss the mark. Here’s what we see when we step back and look anew from the consumer’s view:

  1. We’ve been disrupting on the wrong channel.
  2. It’s about the consumer’s appetite.
  3. Patient as platform:
    • Doc Searls was right
    • Lean says data should travel with the “job.”
    • “Nothing about me without me.”
  4. Raw Data Now: Give us the information and the game changes.
  5. HITECH begins to enable patient-driven disruptive innovation.
  6. Let’s see patient-driven disruption. Our data will be the fuel.

1. We’ve been disrupting on the wrong channel.

The disruptive innovation we’ve been talking about doesn’t begin to go far enough. It’s a rearrangement of today’s business practices, but that’s not consumer-driven. Many pundits, e.g. the ever-popular Jay Parkinson, note that today’s economic buyer isn’t the consumer, which is screamingly obvious because consumer value isn’t improving as time goes by.

When we as patients get our hands on our information, and when innovators get their hands on medical data, things will change. Remember that “we as patients” includes you yes you, when your time comes and the fan hits your family. This is about you being locked in, or you getting what you want.

I (Dave) witnessed this in my first career (typesetting machines) when desktop publishing came along. We machine vendors were experts at our craft, but desktop publishing let consumers go around us, creating their own data with PageMaker, Macs and PostScript. Once that new ecosystem existed, other innovators jumped in, and the world as we knew it ended.

(Here’s a tip from those years: this outcome is inevitable. Ride with it, participate in it, be an active participant, and you can “thrive and survive.” Resist and within a generation you’ll be washed away.)

2. It’s about the consumer’s appetite.

We don’t hear it often in healthcare, but disruption Is driven by shifts in buyers’ appetites over time. As products improve, some buyers reach a point where “more” is no longer attractive. If we had 800 mpg cars, a 900 mpg one wouldn’t have more appeal. Other factors start to win.

Clayton Christensen took this analysis to a deeper level In a 2002 paper, as he scrutinized not whole products but deeper questions of how vendors should make strategic decisions to be more competitive: should they make tightly integrated high-performance disk subsystems, or should they build modular components that might run a bit slower but offer more versatile configurations?

In “Disruption, disintegration and the dissipation of differentiability” [subscription required] he demonstrated that the answer varies with time, depending on whether buyer appetites were being fully served: when people want more, they accept a proprietary interface, but once appetites are satisfied, other factors win out. In disk components, when speed is sufficient, buyers find more value in the flexibility of open interfaces.

If you view your health data as a modular component in the “health web of the future,” you see that today it’s tightly integrated – with your provider. That prevents you from seeking care elsewhere, and it prevents you from adding value to your own data by applying innovative tools. To us that’s harm. It’s not just restraint of trade, it’s restraint of health.

Give us our data, and let us feed it to other tools, and Katie bar the door. More on this in a moment.

3. Patient as Platform:

In Dave’s HHS testimony last week at the Meaningful Use workgroup, he cited Doc Searls , one of the great visionaries of the Web’s early years: in 1999 he co-authored The Cluetrain Manifesto, which foresaw the social impact of people getting together on the web.

He continues to be a pretty slick thinker: he’s now involved with VRM (Vendor Relationship Management), which turns CRM (Customer Relationship Management) on its head, putting the customer at the center. Wikipedia says, “The purpose of VRM is to equip individuals with tools that provide both independence from vendor ‘lock-in’ and better means for engaging with vendors.” Hm, sound familiar?

a) Doc Searls was right. So imagine Doc’s reaction when, in 2008, he had a medical crisis and his MRI data, for which he’d paid, couldn’t be read by another physician (another vendor).

He ended up with a time-pressured choice to do surgery that proved unnecessary – and which caused a 1-in-20 complication. He posted that “the closed and proprietary nature of heath care is itself a disease that needs to be cured. … I believe the best way to fix health care is for patients to be the platform for the care they get from doctors and institutional systems.” Jon Lebkowsky’s excellent post illuminates the parallels with the e-patient movement.

b) Lean says data should travel with the “job.” Doc’s idea is consistent with Lean, too.

In March I (Dave) participated in my hospital’s annual Lean retreat, so I had occasion to read Lean Hospitals, by Mark Graban , Senior Fellow at the Lean Enterprise Institute. He recounts how lean manufacturing outperforms massive ERP systems.

ERP tries to keep all information under central control and deliver it where and when needed in the manufacturing process. Well, give that a Fail: in a Lean factory, data travels with the product, so it’s always where it’s needed when it’s needed. Graban notes, “Lean supports the idea of having exactly what you need, where you need it, when you need it.”

Lean has two arguments for this approach. First, in Lean, moving things around is a classic type of waste. Why not keep it where it’s needed? Second, when errors happen, root cause analysis often reveals that the right information wasn’t where it was needed, at the moment it was needed. (See also AHRQ’s “Five Rights of Clinical Decision Support”.)

In healthcare the consequences of inaccessible facts can be mild or catastrophic. From the consumer perspective it’s crazy to pay a professional to develop information about my health for me and not let me take it with me.

c) “Nothing about me without me.” A byword of the patient safety movement, the phrase “nothing about me without me” is credited to Diane Plamping PhD. She articulated this in 2000 following a five-day Salzburg Seminar retreat, with 69 participants from 24 countries.

4. Raw Data Now: Give us the information and the game changes.

People often ask, “If we give you your data, what are you going to do with it?” We don’t know – that’s the point: innovators haven’t gotten their hands on it yet!

Twenty years ago Tim Berners-Lee invented the Web. In his TED talk a year ago he told why: he worked in a fascinating lab, and people would bring fascinating and useful information on all sorts of computers. “I would find the information I wanted in some new data format. And these were all incompatible. The frustration was all this unlocked potential.” He proposed the Web: linked data.

It can be hard to see huge potential in a simple change. After Tim’s boss died, the original proposal was found in his papers. In the corner he’d written, “Vague, but exciting.”

Tim’s next big vision says today’s internet stops short: it lets us see other people’s interpretations of datasets, not the data itself. So his 2009 TED talk agitates for change. By the end of the talk he had people chanting, “Raw Data Now.”

Pew understands this: they’ve released all the raw survey data for Susannah Fox’s new study of chronic disease so others can split and crunch however they like. And open data is a hallmark of the Open Science movement.

What if instead of altering healthcare within today’s system, we could do what Eric Dishman proposed at TED and find ways to detect problems before there’s any sign of trouble?

Here’s a glimpse: Dave’s friend Dorron Levy (a data geek if there ever was one, but no physician) has come up with a deeply geeky analysis of the MIT Sudden Cardiac Death EKG database. In these graphs don’t worry what the axes mean. (His analysis is proprietary.) Each shows his analysis applied to digital EKG data from five people, all apparently healthy:

Everyone in the second graph died within 24 hours.

They all looked healthy, and so did their EKGs. But those five dropped dead. His analysis spots early warning signs with clever logic. Imagine if that logic was embedded in some sensor that beeps when trouble’s starting. If you were at risk, wouldn’t you want one?

Why has nobody in the healthcare industry expressed interest in this? We don’t know, but we’d sure like more early warning sensors.

Dorron says one of the main factors holding him back is the lack of more data to analyze. Meanwhile, gazillions of petabytes sit locked up in silos. Rapunzel, Rapunzel, let down our data.

5. HITECH begins to enable patient-driven disruptive innovation.

HITECH has a number of specific provisions that will reunite patients with their data (see the Appendix below). This is a great start!

6. Let’s see patient-driven disruption. Our data will be the fuel.

By definition, intractible problems resist conventional thought. If we want real change, let’s consider alternate approaches, ideally from deep thinkers who can see the structures that keep the problems in place.

So yes, we’ll gladly quote Tim Berners-Lee, because his big idea 20 years ago worked out pretty well – the power of linking documents – and now he wants to link the data itself. And we’ll quote Doc Searls, because his Cluetrain ten years ago foresaw things that some of us are only now learning: the internet gives us autonomy.

And when Doc’s stuff hit the fan, he saw immediately that we’re the big stakeholders, the ones who win or lose depending on the accuracy and availability of the information our doctors have at decision time.

So as HITECH promises to give us our data, we call out: “Innovators, start your engines. Fuel is on the way.” Disruption is a real dynamic, driven by real forces. Put the data in the consumer’s hands, and let real patient-driven disruption begin.

APPENDIX – HITECH Provisions to Share Data With Patients

Stage 1 — 2011 (from Meaningful Use NPRM, December 2009)

  • Physician (EP) Objectives
    • Send reminders to patients for preventive/ follow up care
    • Provide patients with an electronic copy of their health information (within 48 hours)
    • Provide patients with timely electronic access to their health information within 96 hours of the information being available to the EP
    • Provide clinical summaries for patients for each office visit
  • Hospital Objectives
    • Provide patients with an electronic copy of their health information (within 48 hours)
    • Provide patients with an electronic copy of their discharge instructions and procedures at time of discharge, upon request

Stage 2 – 2013 (Note: Items for Stages 2 and 3 are from an initial Meaningful Use Matrix endorsed by the Health IT Policy Committee ( HITPC) in June 2009. Details and specific rules have not yet been developed.)

  • Physician (EP) Objectives
    • Access for all patients to PHR populated in real time with health data
    • Offer secure patient-provider messaging capability
    • Provide access to patient-specific educational resources in common primary languages
    • Record patient preferences (e.g., preferred communication media, health care proxies, treatment options)
    • Incorporate data from home monitoring device
  • Hospital Objectives
    • Access for all patients to PHR populated in real time with patient health data
    • Provide access to patient-specific educational resources in common primary languages
    • Record patient preferences (e.g., preferred communication media, health care proxies, treatment options)

Stage 3 – 2015

  • Physician (EP) and Hospital Objectives
    • Patients have access to self-management tools
    • Electronic reporting on experience of care
    • Provide patients, on request, with an accounting of treatment, payment, and health care operations disclosures

Posted in: general




18 Responses to ““Gimme my damn data!” The stage is being set to enable patient-driven disruptive innovation.”

  1. ben says:

    In order to produce the graphs above, which is a longitudinal analysis of EKG data across multiple patients, the person collecting that information for research purposes must: a) Obtain IRB approval from the treating hospital, which can take a very long time, b) obtain informed consent from each patient OR a HIPAA waiver of consent from the IRB (more likely the second, being that the patients in question were dead at the time he is looking for this data) and c) store this data in a HIPAA-compliant database if it contains ANYTHING that could be considered PHI or PII. In other words, not microsoft access or excel.

    A lack of following ANY of these rules to a T, could _UNDER HITECH_ expose the principal investigator to criminal or civil charges, due to the revisions to HIPAA included in HITECH.

    Giving a single person their own data is one thing, but the types of activities espoused in this article would require collection (and analysis) of data from multiple patients, which is very very dangerous stuff due to the way the patient privacy laws in our country work (hipaa and 21CFR11 in particular)

  2. Ben, what are you (apparently) complaining about? The MIT database already exists.

    I think you’re missing the point of this in the article. The point, which may not be clear enough, is that this fellow identified a pattern that can be used *prospectively* to anticipate SCD by monitoring a patient’s digital EKG.

    Re “privacy laws,” I’m informed (by people smarter than I) that the HIPAA law itself doesn’t contain a thing about privacy: all that is in the ensuing regulations created over the years by HHS regulators. By design, regulations can be changed far more easily than an act of Congress. I’m not saying HIPAA’s not a tangled mess, just pointing out that the privacy mess isn’t in the law.

    What do you mean by “the activities espoused in this article”?

  3. Susannah Fox says:

    Expressing no opinion, just pointing out that a debate has also broken out on the THCB version of this post:


    And now back to my lurking…

    • Thanks, SFox – as usual you spotted something worth spotting.

      I’m distressed with the ignorance and kneejerk nature reflected in many of the comments over there. (I believe this is the correct link for that post’s comments.)

      Commenter Merle Bushkin summed it up perfectly:

      As one reads the responses to e-Patient Dave’s posting, it’s striking to note that virtually everyone is responding true to form, taking just the positions you would expect them to take. Not one of the regular THCB posters has removed his/her blinders.

      Dave just lobbed a bomb in our midst by saying the status quo MUST change and patients MUST be heard. Everyone tips their hat and then completely ignores what he said.

      So I threw another stinkbomb, pointing out that those who were complaining didn’t even seem to understand what the term “disruptive innovation” means, so no wonder this industry fails to exhibit it: for the most part we-all don’t even know what innovation looks like, much less how to make it happen.

      Sorry, I know I’m usually Mister Nice Guy, or at least Mister Grin, but this is pretty absurd. Please, people, let’s get some GOOD MINDS working on this!

  4. Deven McGraw says:

    The HIPAA Privacy Rule (and the federal Common Rule, which applies to federally funded research) is neither saint nor sinner when it comes to research using patient data. There are lots of improvements to be made (particularly re: getting more consistent interpretation) but protections are critical to promoting public trust in research. (I’m sorry, but just trusting researchers is not going to cut it here – we know from painful past experience that this is not possible). And Dave is right – HIPAA’s rules on research are all in regulation. That means they are still law – but we don’t need Congress to intervene to change them.

    Having said that, I would like to hear more about why you foresee crippling liability for researchers under HIPAA as modified by HITECH. Covered entities like hospitals and physicians are subject to more stringent civil penalties – and the clarification that criminal penalties can be imposed against individuals was a mere clarification (the Department of Justice has been pursuing individuals for blatant, intentional HIPAA violations for the last five+ years). But researchers don’t become covered entities or business associates just by virtue of obtaining data for research purposes (to be a business associate, the researcher would have to be performing a function on behalf of that covered entity — which is not usually the case for research, which is done to promote generalizable knowledge).

    Even if the research is being done by the covered entity (so there are penalties for violations), using best efforts to comply is not going to get you into trouble (especially with an agency that prefers to informally seek correction of HIPAA noncompliance vs. imposing penalties). I have yet to see anyone get punished under HIPAA for research done under an IRB waiver of consent…

    • Deven, I’m always grateful when you take time from your insanely busy DC schedule to educate and clarify for us here.

      I confess that despite good grades in civics, I was never clear that the privacy rules are NOT in the HIPAA law itself, but in the regulations; nor was I clear that they still have the force of law.

      Learning this stuff is a necessary part of getting engaged in the process. Nobody needs an ignorant partner, and that applies to patients, clinicians, policy goons and everyone else. I hope your contributions here are multiplied a thousandfold through social media. They certainly help me know what I’m talking about.

  5. Pete says:

    I research within the bounds of HIPAA all the time; in my experience it is a pretty smart, well designed law that gives a lot of flexibility given an accountable process. None of my post-HITECH discussions with med school general counsels (I spoke with several) have lent any credence to claims that the research climate changed meaningfully. Yes, I have to be careful with data, but this is a consequence of maintaining databases of protected data: in the age of paper and photocopiers, a breach affected a handful of individuals. In the age of the database, a breach could potentially affect thousands.

    For those who object to HIPAA’s protections, think about a case where there is an existing large national database that people would love to be able to query without consent: the IRS tax data. There are a lot of good, positive things that some people could do with access to that data, but I think we could all easily agree that providing access to it without consent and strong protections would be, at the least, controversial. HIPAA is, if anything, too weak as is is inconsistently interpreted and is generally applied with only minimal oversight: it is designed to create liability in the case of a discovered breach more than to prevent it. I would welcome people auditing my own data security protocols to give me better confidence that high standards are adopted by all. (My standards: hardware-firewalled SELinux, complete audit trails, strong two-factor authentication, PHI data encrypted at rest, all data encrypted in transit (PHI doubly so), only two people have password to view PHI, and detailed protocols disclosed to IRB and consenting patients to ensure liability if my team gets lazy and feels like short-cutting our own policies — a major source of breach.)

  6. […] are doing for location based applications today. o    The hard work of patient advocates like e-Patient Dave and Regina Holiday is most noteworthy in putting forward the patient’s voice and influencing […]

  7. […] I’ve seen Dave speak in the past so I was thrilled that he didn’t just pull out a standard keynote. If you want to understand the profile of the fully engaged patient of the future, find out where Dave is speaking next… and if he asks for his data, give him his damn data! […]

  8. […] was the first time I heard a reference to “gimme my damn data” from the platform – kudos, e-patient […]

  9. […] there’s only so much you can do. I hope that as we see more and more calls to “Gimme my damn data!“, we’ll also see more education for patients and their families about what that data […]

  10. […] and the VA use of the Blue Button format should be applauded! The Blue Button initiative was fully give-me-my-damn-data compliant! But promoting it as an alternative to a process that supports fundamental data reuse […]

  11. […] to insist upon full access to medical records, including physicians’ notes, and the e-patientrallying cry is now “Gimme my damn […]

  12. […] How can we engage with patients? Do we want to engage with patients? Do we want to give them their damn data? Can we? Will they go somewhere else if they have their data? Is it a strategic asset? Is this part […]

  13. […] We have this HealthVault thing, right? Well, thanks to Meaningful Use, every day more and more people are bringing their visit summary files to us. Some because they’re lucky enough to be part of a data sharing pilot, others because they’ve discovered Direct messaging — and yet more because they’ve just taken the initiative to demand a copy of their damn data. […]

Leave a Reply