EPtalk by Dr. Jayne 6/22/17

The HUMAN Project calls for New Yorkers to “help power the scientific research and societal solutions of the future.” The initiative is looking for 10,000 participants who are willing to share virtual reams of personal information, including cellphone locations, credit card habits, and blood samples over the next 20 years. Researchers plan to use the data for insights into health, aging, education, and more. Baseline data for accepted participants includes everything from basic laboratory panels to IQ and genetic testing with repeat labs every three years. Participants are eligible for a payment of $500 per family.

The mention of the word “family” made me wonder if they’re going to include children for all of the projects. Although minors are included in research studies, it’s usually for a defined goal rather than for a large set of projects. What happens when minors reach majority and no longer want their data shared? Can they opt out? The website mentions the need for research beta testers and will accept participants age 13 and older.

The project has paid a lot of attention to data safeguards including encryption and firewalls, but as we all know, nothing is non-hackable. They claim outside researchers won’t have access to raw data, but we’ve seen past efforts to re-identify anonymized data sets that have worked. The effort is being coordinated by New York University, and I would love to be a fly on the wall for institutional review board discussions. It looks from the website like they handle the consent process for their beta testing through an online consent portal that allows potential participants to watch videos about consent, which it says are “quicker and easier” than reading the full text of the informed consent document. Personally, I’d want to read every word, but that’s out of the question since I don’t live in New York City and that’s one of the primary screening criteria.

On the other hand, the National Institutes of Health is looking for 10,000 beta testing participants for its “All of Us” precision medicine research program. The beta program is the precursor to a plan to power their research with a cohort of 1 million patients as they look at genomic, clinical, and lifestyle data. The beta program will be coordinated by the University of Pittsburgh Medical Center, which plans outreach at more than 100 locations during the next five months. Ultimately, NIH plans for the program to last for 10 years, and it doesn’t appear to have any geographic restrictions.

Compared to the HUMAN Project, All of Us looks a bit more like a traditional research platform, open to adults in the US who are able to consent on their own and who are not in prison. Participants have to be over 18, although they may allow minors in the future. Also in contrast to the HUMAN project, participants aren’t required to have smartphones to participate. That’s likely to give it a broader cross section, although they’re narrowing it down to English and Spanish speakers currently with a plan to expand to more languages in the future. I don’t have an invitation code so I couldn’t get very far with the website. It’s a little less sexy than the HUMAN project but feels more accessible.

Given the nationwide nature of their 100 beta sites, and the fact that I’m a patient at one of their partner hospitals, maybe I’ll get an invitation. Participating would certainly be an experience. They hope to launch the major part of the national project in late 2017 or early 2018 – once testing is complete. I appreciate a vendor that says their go-live dates are fluid based on the results of testing, because you don’t always get that candor from EHR vendors. Not to mention, the technology isn’t the only thing being tested – it’s the systems, processes, and engagement approaches as well as their ability to build rapport with diverse groups of people in many regions.

All of Us has similar language on its website about data security and safeguards. Given the fact that NIH is sponsoring the initiative, I think it’s safe to say that they understand the implications of a breach or hacking. Thinking back to the HUMAN project and its app, though, it seems that most people don’t give a lot of care to how or with whom they are sharing their data on their phones. Among people I’ve informally polled, most accept all requests for application permissions (and therefore data sharing) because they don’t have the time or interest in determining whether they can use the app they want without allowing permissions. Indeed, we live in interesting times.

I mentioned last week that my EHR platform was experiencing some API issues, and I was annoyed by the fact that they kept sending us emails about the outage that offered no information. A reader responded, mentioning similar struggles and asked what changes would make the communication more meaningful. First, I’d like more information on what stage of investigation the issue might be in. Are they still gathering data? Are they running traces? Are they to the point of troubleshooting? Have they even identified the problem yet? Once the problem has been identified, I’d like to hear about potential timeline to resolution, whether they’re testing a fix, etc.

I’m sure a lot of customers don’t want that level of detail, although it is nice to know whether they’ve even found the problem and are fixing it or whether they’re still digging. I’d also like a published timeline for communication, like we had when I was a CMIO. If it was a critical outage, we provided an update every hour. Major but non-critical outages led to updates every other hour. And minor issues were updated mid-day and at close of business. Finally, I would want notification that the issue was resolved. In the case of the API issues we were having, there was never a notification that they were fixed. We stayed in the application with some workarounds rather than going to downtime procedures, but had we been on paper I definitely would have preferred a notification rather than having to keep checking to see whether things had been sorted. Since the problems were mostly with pharmacy search and e-prescribing, they were difficult to replicate using test patients.

Email Dr. Jayne.