In Sickness, Health, and Cyberspace: Protecting the Security of Electronic Private Health Information

The electronic processing of health information provides considerable benefits to patients and health care providers at the same time that it creates serious risks to the confidentiality, integrity, and availability of the data. The Internet provides a conduit for rapid and uncontrolled dispersion and trafficking of illicitly-obtained private health information, with far-reaching consequences to the unsuspecting victims. In order to address such threats to electronic private health information, the U.S. Department of Health and Human Services enacted the HIPAA Security Rule, which thus far has received little attention in the legal literature. This article presents a critique of the Security Rule from both legal and technical perspectives. We argue that the Rule suffers from several defects relating to its narrow definition of “covered entities,” to the limited scope of information it allows data subjects to obtain about their health information, to the vagueness and incompleteness of the Rule’s standards and implementation specifications, and to the lack of a private cause of action. The article explores the difficult problem of crafting static regulations to adequately address rapidly changing computer and communications technologies and associated security threats to private health information. In addition, it develops detailed recommendations for improving safeguards for electronically processed health records

Artificial Intelligence and Discrimination in Health Care

Artificial intelligence (AI) holds great promise for improved health-care outcomes. It has been used to analyze tumor images, to help doctors choose among different treatment options, and to combat the COVID-19 pandemic. But AI also poses substantial new hazards. This Article focuses on a particular type of healthcare harm that has thus far evaded significant legal scrutiny. The harm is algorithmic discrimination. Algorithmic discrimination in health care occurs with surprising frequency. A well-known example is an algorithm used to identify candidates for “high risk care management” programs that routinely failed to refer racial minorities for these beneficial services. Furthermore, some algorithms deliberately adjust for race in ways that hurt minority patients. For example, according to a 2020 New England Journal of Medicine article, algorithms have regularly underestimated African Americans’ risks of kidney stones, death from heart failure, and other medical problems

In Sickness, Health, and Cyberspace: Protecting the Security of Electronic Private Health Information

The electronic processing of health information provides considerable benefits to patients and health care providers while at the same time creating serious risks to the confidentiality, integrity, and availability of the data. The Internet provides a conduit for rapid and uncontrolled dispersion and trafficking of illicitly obtained private health information, with far-reaching consequences to unsuspecting victims. To address such threats to electronic private health information, the U.S. Department of Health and Human Services enacted the Health Insurance Portability and Accountability Act Security Rule, which thus far has received little attention in legal literature. This Article presents a critique of the Security Rule. It argues that the Rule suffers from several defects relating to its narrow definition of covered entities, the limited scope of information it allows data subjects to obtain about their health information, the vagueness and incompleteness of the Rule\u27s standards and implementation specifications, and the lack of a private cause of action. This Article explores the difficult problem of crafting static regulations to adequately address rapidly changing computer and communications technologies and associated security threats to private health information. In addition, it develops detailed recommendations for improving safeguards for electronically processed health records

E-Health Hazards: Provider Liability and Electronic Health Record Systems

In the foreseeable future, electronic health record (EHR) systems are likely to become a fixture in medical settings. The potential benefits of computerization could be substantial, but EHR systems also give rise to new liability risks for health care providers that have received little attention in the legal literature. This Article features a first of its kind, comprehensive analysis of the liability risks associated with use of this complex and important technology. In addition, it develops recommendations to address these liability concerns. Appropriate measures include federal regulations designed to ensure the quality and safety of EHR systems along with agency guidance and well crafted clinical practice guidelines for EHR system users. In formulating its recommendations, the Article proposes a novel, uniform process for developing authoritative clinical practice guidelines and explores how EHR technology itself can enable experts to gather evidence of best practices. The authors argue that without thoughtful interventions and sound guidance from government and medical organizations, this promising technology may encumber rather than support clinicians and may hinder rather than promote health outcome improvements

The Use and Misuse of Biomedical Data: Is Bigger Really Better?”

Very large biomedical research databases, containing electronic health records (HER) and genomic data from millions of patients, have been heralded recently for their potential to accelerate scientific discovery and produce dramatic improvements in medical treatments. Research enabled by these databases may also lead to profound changes in law, regulation, social policy, and even litigation strategies. Yet, is “big data” necessarily better data? This paper makes an original contribution to the legal literature by focusing on what can go wrong in the process of biomedical database research and what precautions are necessary to avoid critical mistakes. We address three main reasons for a cautious approach to such research and to relying on its outcomes for purposes of public policy or litigation. First, the data contained in databases is surprisingly likely to be incorrect or incomplete. Second, systematic biases, arising from both the nature of the data and the preconceptions of investigators, are serious threats to the validity of biomedical database research, especially in answering causal questions. Third, data mining of biomedical databases makes it easier for individuals with political, social, or economic agendas to generate ostensibly scientific but misleading research findings for the purpose of manipulating public opinion and swaying policy makers. In short, this paper sheds much-needed light on the problems of credulous and uninformed uses of biomedical databases. An understanding of the pitfalls of big data analysis is of critical importance to anyone who will rely on or dispute its outcomes, including lawyers, policy makers, and the public at large. The article also recommends technical, methodological, and educational interventions to combat the dangers of database errors and abuses