If Particle has willing connected participants to Carequality who now seem to have questionable purposes, it seems that other on ramps have also done the same. Its a question that begs answering from all of the Implementors.
Thanks! The two articles on data flow really resonated with the challenges I face as an API product manager in fintech and healthcare. A key question is how providers and owners can maintain control of shared data and prevent unauthorized resharing, primary or secondary. Right now, this process is often a black box for users who give consent. I believe our industry needs to work towards greater transparency in data sharing practices.
Thanks for the articles...nice dive into the depth behind the headlines. As TEFCA rolls out and QHINs link together a health data panacea, since IAS is an approved use with a required response like treatment and presumably would not be expected to provide reciprocity to the network, is the next generation of "tech broh" napkins building a patient IAS app with strict identity proofing that is "free" in exchange for opting into the app provider using the patient data for secondary uses like marketing, research, mass torte qualification, etc.?
Thanks for the great article! QQ - where can you access the Carequality directory with the level of detail shown you show in your image (when talking about Pluto and secondary use)? Carequality has a UI search on their website, but it doesn't have that detail. Some cursory googling hasn't resulted in any obvious ways to access it via API or other pathway either.
Secondary use could be facilitated for national exchange networks through a central consent registry service. Washington State Health Care Authority is implementing such a service now; ConsentLink (powered by Midato Health) will be live in provider practices before the 1st day of summer. This service will be available to Washington Medicaid providers at no cost, and the state has plans to extend the use of the service to community-based organizations, tribal entities, corrections facilities, the statewide 988 crisis line, and other entities, for better coordination of care and services across distributed networks. Search for Washington Electronic Consent Management to learn more.
Dave Saville, some of us are building exactly that, but the patients can freely use the app and get their data even if they don't give consent to do other useful things with their data. We believe that initially only very sick patients may do so to get matched to clinical trials, or to find new oncologists, or to contribute their data to research. We hope that eventually all patients will want to control and potentially monetize their own data (as opposed to stupidly-named, nefarious companies selling their "anonymized" data out the back door without any patient consent at all).
I can not agree that companies mentioned are somehow indemnified. You seem to be assuming everyone connected are trusted. The only answer to TEFCA is zero trust .
Say more. Everyone connected *is* trusted. These networks are literally trust networks. Gonna blow your mind to learn what the first letter of TEFCA stands for.
Hi Brendan, anxiously awaiting PART 3! I know there is more. You still have not answered where can you access the Carequality directory with the level of detail shown you show in your image (when talking about Pluto and secondary use)? Where do you get Epic Incidence reports? Are these public sites? Seem like that might need some kind of login privileges to get access or notification of breach. As of this moment, ALL of the entities are still listed as ACTIVE on the Carequality Directory, meaning that ACTIVE DIRECTORY is dubious as heck.
yes! the Q-7475908 Issue Notification Third-Party Security and Privacy Risk. I wonder how many of these DONT get covered.t would really be interesting to see how many other third party's have been so flagged by Epic. Or is this the first? Me thinks about 5908 of them at least. I
If Particle has willing connected participants to Carequality who now seem to have questionable purposes, it seems that other on ramps have also done the same. Its a question that begs answering from all of the Implementors.
All on-ramps deserve scrutiny, yes
Thanks! The two articles on data flow really resonated with the challenges I face as an API product manager in fintech and healthcare. A key question is how providers and owners can maintain control of shared data and prevent unauthorized resharing, primary or secondary. Right now, this process is often a black box for users who give consent. I believe our industry needs to work towards greater transparency in data sharing practices.
Thanks for the articles...nice dive into the depth behind the headlines. As TEFCA rolls out and QHINs link together a health data panacea, since IAS is an approved use with a required response like treatment and presumably would not be expected to provide reciprocity to the network, is the next generation of "tech broh" napkins building a patient IAS app with strict identity proofing that is "free" in exchange for opting into the app provider using the patient data for secondary uses like marketing, research, mass torte qualification, etc.?
Yes, undoubtedly. I'd be okay with a world where we aren't funneling through providers and there's strict identity proofing and clear patient consent.
Thanks for the great article! QQ - where can you access the Carequality directory with the level of detail shown you show in your image (when talking about Pluto and secondary use)? Carequality has a UI search on their website, but it doesn't have that detail. Some cursory googling hasn't resulted in any obvious ways to access it via API or other pathway either.
Mentioned it in the first article but https://explore.redoxengine.com/ is a great tool for it
Ah, I missed that one... Hyperlinks are meant to be clicked through, aren't they ;-). Thank you!
Secondary use could be facilitated for national exchange networks through a central consent registry service. Washington State Health Care Authority is implementing such a service now; ConsentLink (powered by Midato Health) will be live in provider practices before the 1st day of summer. This service will be available to Washington Medicaid providers at no cost, and the state has plans to extend the use of the service to community-based organizations, tribal entities, corrections facilities, the statewide 988 crisis line, and other entities, for better coordination of care and services across distributed networks. Search for Washington Electronic Consent Management to learn more.
Great article!
Dave Saville, some of us are building exactly that, but the patients can freely use the app and get their data even if they don't give consent to do other useful things with their data. We believe that initially only very sick patients may do so to get matched to clinical trials, or to find new oncologists, or to contribute their data to research. We hope that eventually all patients will want to control and potentially monetize their own data (as opposed to stupidly-named, nefarious companies selling their "anonymized" data out the back door without any patient consent at all).
I can not agree that companies mentioned are somehow indemnified. You seem to be assuming everyone connected are trusted. The only answer to TEFCA is zero trust .
Or are you arguing that the only solution to this crisis to go back to an unnetworked state?
Say more. Everyone connected *is* trusted. These networks are literally trust networks. Gonna blow your mind to learn what the first letter of TEFCA stands for.
Hmm, a Pluto customer?
Hi Brendan, anxiously awaiting PART 3! I know there is more. You still have not answered where can you access the Carequality directory with the level of detail shown you show in your image (when talking about Pluto and secondary use)? Where do you get Epic Incidence reports? Are these public sites? Seem like that might need some kind of login privileges to get access or notification of breach. As of this moment, ALL of the entities are still listed as ACTIVE on the Carequality Directory, meaning that ACTIVE DIRECTORY is dubious as heck.
> Where do you get Epic Incidence reports?
The report was made available via several media publications:
https://digitalhealthwire.com/epic-vs-particle-the-data-exchange-debate/
yes! the Q-7475908 Issue Notification Third-Party Security and Privacy Risk. I wonder how many of these DONT get covered.t would really be interesting to see how many other third party's have been so flagged by Epic. Or is this the first? Me thinks about 5908 of them at least. I
Unfortunately Carequality pulled the plug on that tool with the level of detail I showed (I linked to it in the article).
https://www.linkedin.com/posts/brendan-keeler_brutal-appears-redoxs-useful-public-tool-activity-7191087531407384576-Tcpy?utm_source=share&utm_medium=member_desktop