Regulating mobile mental health apps.

Mobile medical apps (MMAs) are a fast-growing category of software typically installed on personal smartphones and wearable devices. A subset of MMAs are aimed at helping consumers identify mental states and/or mental illnesses. Although this is a fledgling domain, there are already enough extant mental health MMAs both to suggest a typology and to detail some of the regulatory issues they pose. As to the former, the current generation of apps includes those that facilitate self-assessment or self-help, connect patients with online support groups, connect patients with therapists, or predict mental health issues. Regulatory concerns with these apps include their quality, safety, and data protection. Unfortunately, the regulatory frameworks that apply have failed to provide coherent risk-assessment models. As a result, prudent providers will need to progress with caution when it comes to recommending apps to patients or relying on app-generated data to guide treatment.

Regulatory Disruption and Arbitrage in Health-Care Data Protection.

This article explains how the structure of U.S. health-care data protection (specifically its sectoral and downstream properties) has led to a chronically uneven policy environment for different types of health-care data. It examines claims for health-care data protection exceptionalism and competing demands such as data liquidity. In conclusion, the article takes the position that healthcare- data exceptionalism remains a valid imperative and that even current concerns about data liquidity can be accommodated in an exceptional protective model. However, re-calibrating our protection of health-care data residing outside of the traditional health-care domain is challenging, currently even politically impossible. Notwithstanding, a hybrid model is envisioned with downstream HIPAA model remaining the dominant force within the health-care domain, but being supplemented by targeted upstream and point-of-use protections applying to health-care data in disrupted spaces.

Developments in Genetic and Epigenetic Data Protection in Behavioral and Mental Health Spaces.

The legal system has been preparing for an explosion of epigenetic issues in public health, environmental regulation and litigation. So far, this explosion has been muted, and for now epigenetic data protection merely seems to be "enjoying" the same technological and legal challenges experienced by other clinical and research data. However, three areas of development suggest where epigenetic data protection may prove problematic. This article examines these three issues, noting the rapid expansion of research based on EMR-sourced clinical data, the large number of data protection models that can apply to genetic data (including point-of-use prohibitions on discrimination and confidentiality), and the increasing and controversial dangers of deidentified information being reidentified.

Alliances to disseminate addiction prevention and treatment (ADAPT): A statewide learning health system to reduce substance use among justice-involved youth in rural communities.

BACKGROUND: Youth in the justice system (YJS) are more likely than youth who have never been arrested to have mental health and substance use problems. However, a low percentage of YJS receive SUD services during their justice system involvement. The SUD care cascade can identify potential missed opportunities for treatment for YJS. Steps along the continuum of the cascade include identification of treatment need, referral to services, and treatment engagement. To address gaps in care for YJS, we will (1) implement a learning health system (LHS) to develop, or improve upon, alliances between juvenile justice (JJ) agencies and community mental health centers (CMHC) and (2) present local cascade data during continuous quality improvement cycles within the LHS alliances. METHODS/DESIGN: ADAPT is a hybrid Type II effectiveness implementation trial. We will collaborate with JJ and CMHCs in eight Indiana counties. Application of the EPIS (exploration, preparation, implementation, and sustainment) framework will guide the implementation of the LHS alliances. The study team will review local cascade data quarterly with the alliances to identify gaps along the continuum. The study will collect self-report survey measures longitudinally at each site regarding readiness for change, implementation climate, organizational leadership, and program sustainability. The study will use the Stages of Implementation Completion (SIC) tool to assess the process of implementation across interventions. Additionally, the study team will conduct focus groups and qualitative interviews with JJ and CMHC personnel across the intervention period to assess for impact. DISCUSSION: Findings have the potential to increase SUD need identification, referral to services, and treatment for YJS.

Assessing the Thin Regulation of Consumer-Facing Health Technologies.

This article addresses the data protection and product safety regulatory models currently applied to consumer-facing health technologies. It explains how the design and structures of existing data protection and safety regulation in the U.S. have resulted in exceptionally thin protection for the users of consumer-facing devices and products that rely on or that facilitate consumer collection or aggregation of health and wellness data. It also examines some appealing legislative alternatives to the current thin model used in the U.S. and suggests a framework for prioritizing ameliorative regulation. To better understand existing regulatory models, their deficiencies, and how they should be reformed, the article employs an analytical model describing these regulatory systems across two axes. The vertical axis describes the quantity or depth of regulation, such as, for example, the strictness of the rules imposed by the regulatory model. The horizontal axis describes the reach of the regulation, the behaviors, products, or industries to which the regulation applies.

The emergence of national electronic health record architectures in the United States and Australia: models, costs, and questions.

Emerging electronic health record models present numerous challenges to health care systems, physicians, and regulators. This article provides explanation of some of the reasons driving the development of the electronic health record, describes two national electronic health record models (currently developing in the United States and Australia) and one distributed, personal model. The US and Australian models are contrasted in their different architectures ("pull" versus "push") and their different approaches to patient autonomy, privacy, and confidentiality. The article also discusses some of the professional, practical, and legal challenges that health care providers potentially face both during and after electronic health record implementation.

Mobile health: assessing the barriers.

Mobile health (mHealth) combines the decentralization of health care with patient centeredness. Mature mHealth applications (apps) and services could provide actionable information, coaching, or alerts at a fraction of the cost of conventional health care. Different categories of apps attract diverse safety and privacy regulation. It is too early to tell whether these apps can overcome questions about their use cases, business models, and regulation.

Electronic health records: international, structural and legal perspectives.

The EHR is a database record that incorporates a patient's health care details from conception to death and which can be distributed over a number of sites or aggregated at a particular source. This article describes the function and concept of the EHR by relating it to other medical information technologies, parallel changes in health care delivery, and a holistic health information model. The article compares the progress that Europe, Australia and the United States have made in the journey towards EHR implementation and concludes by highlighting some of the costs, barriers and consequences associated with the transition to a comprehensive EHR system.

Mixed messages: legal incentives and disincentives confronting technologically mediated care.

The "systems" approach to reducing medical errors is increasingly viewed as dependent upon technology. Issues with the legal system, however, may impede needed reforms. Historically there has been a pervasive disconnect between the legal system and changes in healthcare business models and structures. Further, difficult legal issues will accompany care that is increasingly technologically-mediated. This chapter identifies some of the most serious disconnects and makes suggestions for needed reform.

Health privacy is difficult but not impossible in a post-HIPAA data-driven world.

In the 13 years since their promulgation, the Health Insurance Portability and Accountability Act (HIPAA) rules and their enforcement have shown considerable evolution, as has the context within which they operate. Increasingly, it is the health information circulating outside the HIPAA-protected zone that is concerning: big data based on HIPAA data that have been acquired by public health agencies and then sold; medically inflected data collected from transactions or social media interactions; and the health data curated by patients, such as personal health records or data stored on smartphones. HIPAA does little here, suggesting that the future of health privacy may well be at the state level unless technology or federal legislation can catch up with state-of-the-art privacy regimes, such as the latest proposals from the European Commission.

Methylation array data can simultaneously identify individuals and convey protected health information: an unrecognized ethical concern.

BACKGROUND: Genome-wide methylation arrays are increasingly used tools in studies of complex medical disorders. Because of their expense and potential utility to the scientific community, current federal policy dictates that data from these arrays, like those from genome-wide genotyping arrays, be deposited in publicly available databases. Unlike the genotyping information, access to the expression data is not restricted. An underlying supposition in the current nonrestricted access to methylation data is the belief that protected health and personal identifying information cannot be simultaneously extracted from these arrays. RESULTS: In this communication, we analyze methylation data from the Illumina HumanMethylation450 array and show that genotype at 1,069 highly informative loci, and both alcohol and smoking consumption information, can be derived from the array data. CONCLUSIONS: We conclude that both potentially personally identifying information and substance-use histories can be simultaneously derived from methylation array data. Because access to genetic information about a database subject or one of their relatives is critical to the de-identification process, this risk of de-identification is limited at the current time. We propose that access to genome-wide methylation data be restricted to institutionally approved investigators who accede to data use agreements prohibiting re-identification.