THE HORSE IS OUT OF THE BARN
Companies are starting to sell “risk scores” to doctors, insurers and hospitals to identify patients at risk of opioid addiction or overdose, without patient consent and with little regulation of the kinds of personal information used to create the scores.
While the data collection is aimed at helping doctors make more informed decisions on prescribing opioids, it could also lead to blacklisting of some patients and keep them from getting the drugs they need, according to patient advocates. Health insurance giant Cigna and UnitedHealth's Optum are also using risk scores.
There’s no guarantee of the accuracy of the algorithms and “really no protection” against their use, said Sharona Hoffman, a professor of bioethics at Case Western Reserve University. Overestimating risk might lead health systems to focus their energy on the wrong patients; a low risk score might cause a patient to fall through the cracks.
No law prohibits collecting such data or using it in the exam room. Congress hasn’t taken up the issue of intrusive big data collection in health care. It’s an area where technology is moving too fast for government and society to keep up.
“Consumers, clinicians and institutions need to understand that personalized health is a type of surveillance,” says Harvard University professor Eric Perakslis. “There is no way around it, so it needs to be recognized and understood.”
The justification for risk scoring is the terrible opioid epidemic, which kills about 130 Americans a day and is partly fueled by the overprescribing of legal painkillers. The Trump administration and Congress have focused billions on fighting the epidemic, and haven’t shied from intrusive methods to combat it. In its national strategy, released Thursday, the White House Office of National Drug Control Policy urged requiring doctors to look up each patient in a prescription drug database.
Health care providers legitimately want to know whether a patient in pain can take opioids safely, in what doses, and for how long — and which patients are at high risk of addiction or overdose. Data firms are pitching their predictive formulas, or algorithms, as tools that can help make the right decisions.
The practice scares some health care safety advocates. While the scoring is aimed at helping doctors figure out whether to prescribe opioids to their patients, it might pigeonhole people without their knowledge and give doctors an excuse to keep them from “getting the drugs they need,” says a critic, Lorraine Possanza of the ECRI Institute.
The algorithms assign each patient a number on a scale from zero to 1, showing their risk of addiction if prescribed opioids. The risk predictions sometimes go directly into patients’ health records, where clinicians may use them, for example, to turn down or limit a patient’s request for a painkiller.
Doctors can share the patients’ scores with them — if they want to, the data mongers say. “We stop really short of trying to advocate a particular opinion,” said Brian Studebaker from one of the risk scoring companies, the actuarial firm Milliman.
According to addiction experts, however, predicting who’s at risk is an inexact science. Past substance abuse is about the only clear red flag when a doctor is considering prescribing opioid painkillers.
But several companies POLITICO spoke with already are selling the predictive technology. None would name customers. Nor would they disclose exactly what goes into the mathematical formulas they use to create their risk scores — because that information is the “secret sauce” they’re selling.
Congress has shown some interest in data privacy; a series of hearings last year looked into thefts of data or suspect data sharing processes by big companies like Facebook. But it hasn’t really delved into the myriad health care and health privacy implications of data crunching.
Consumers have a “basic expectation” that the data they provide to websites and apps “won’t be used against them,” said Sen. Brian Schatz (D-Hawaii), who co-sponsored legislation last year barring companies from using individuals’ data in harmful ways. The HIPAA privacy law of the late 1990s restricted how doctors share patient information, and Schatz says “online companies should be required to do the same.”
A bill from Sen. Ed Markey (D-Mass.), S. 1815 (115), would require data brokers to be more transparent about what they collect, but neither his bill nor Schatz’s specifically address data in health care, a field in which separating the harmful from the benign may prove especially delicate.
How your health information is sold and turned into ‘risk scores’ - POLITICO: Information used to gauge opioid overdose risk is unregulated and used without patient consent.
HIPAA regulations appear to prohibit personal information from release to the public, so 'bare statistics' are only available, unassigned to a particular patient. It is unknown at this time what PHI is transmitted to a provider..
Companies are starting to sell “risk scores” to doctors, insurers and hospitals to identify patients at risk of opioid addiction or overdose, without patient consent and with little regulation of the kinds of personal information used to create the scores. Over the past year, powerful companies such as LexisNexis have begun hoovering up the data from insurance claims, digital health records, housing records, and even information about a patient’s friends, family and roommates, without telling the patient they are accessing the information, and creating risk scores for health care providers and insurers.