Search

Our Take: There are several basic issues and challenges in deploying AI that all clinicians and administrators should be aware of and inquire about to ensure that they are being properly being considered when AI is being implemented in their organization. Applications of artificial intelligence in healthcare hold great promise to increase both the scale of medical discoveries and the efficiency of healthcare infrastructure. As such healthcare-related research and investment has exploded over the last several years. For example, according to the State of AI Report 2020, academic publications in biology around AI technologies such as deep learning, natural language processing (NLP), and computer vision have grown over 50% a year since 2017. In addition, 99% of healthcare institutions surveyed by CB Insights are either currently deploying (38%) or planning to deploy AI (61%) in the near future. However, as witnessed by recent errors discovered surrounding the application of an AI-based Sepsis model, while AI can improve quality of care, improve access and reduce costs, models must be implemented correctly or they will be of questionable value and even dangerous. Key Takeaways: According to Accenture’s “Artificial Intelligence: Healthcare’s New Nervous System” report, AI for health is expected to grow at a 40% CAGR through 2021. Researchers working to uncover insights into prescribing patterns for certain antipsychotic medications found that approximately 27% of prescriptions were missing dosages. Even after doing work to standardize and label patient data, in at least one broad study almost 10% of items in the data repository didn’t have proper identifiers. Academic publications in biology around AI technologies such as deep learning, natural language processing (NLP), and computer vision have grown over 50% a year since 2017. The Problem: While it is commonly accepted that computers can outperform humans in terms of computational speed, in its current state many would argue that artificial intelligence is really “augmented intelligence” defined by the IEEE as “a subsection of AI machine learning developed to enhance human intelligence rather than operate independently of or outright replace it.” Current AI models are still highly dependent upon the quantity and quality of data available for them to be trained on, the inherent assumptions underlying the models as well as the human biases (intentional and unintentional) of those developing the models along with a number of other factors. As noted in a recent review of the book “I, Warbot” about computational warfare by Kings College, AI lecturer Kenneth Payne, “these gizmos exhibit ‘exploratory creativity'-essentially a brute force calculation of probabilities. That is fundamentally different from ‘transformational creativity”, which entails the ability to consider a problem in a wholly new way and requires playfulness, imagination and a sense of meaning.” As such, those creating AI models for healthcare need to ensure they set the guardrails for its use and audit its models both pre and post-development to ensure they conform to existing laws and best practices. The Backdrop: When implementing an AI project there are a number of steps and considerations that should be taken into account to ensure its success. While it is important to identify the best use and type with any kind of project, given the cost of the technical talent involved, the level of computational infrastructure typically needed (if done internally) and the potential to influence leadership attitudes towards the use and viability of AI as an organizational tool, it is even more important here. As noted above one of the most important keys to implementing an AI project is the quantity and quality of data resources available to the firm. Data should be looked at with respect to both quality (to ensure that it is free of missing, incoherent, unreliable, or incorrect values) and quantity. In terms of data quality, as noted in “Artificial Intelligence: A Non-Technical Introduction”, data can be: 1) noisy (have data sets with conflicting data), 2) dirty (have data sets with inconsistent and erroneous data), 3) sparse (have data with missing or no values at all, or, 4) inadequate (have data sets that have contained inadequate or biased data). As noted in an article in “Extracting and Utilizing Electronic Health Data from Epic for Research”, “to provide the cleanest and most robust datasets for statistical analysis, numerous statistical techniques including similarity calculations and fuzzy matching are used to clean, parse, map, and validate the raw EHR data.” which is generally the largest source of healthcare data for AI research. When looking to implement AI it is important to consider and understand the levels of data loss and the ability to correct for it. For example, researchers looking to apply AI to uncover insights into prescribing patterns into second-generation antipsychotic medications (SGAs) found that approximately 27% of the prescriptions in their data set were missing dosages and even after undertaking a 3-step correction procedure, 1% were missing dosages. While this may be deemed an acceptable number it is important to be aware of the data loss and know this information in order to properly evaluate if it is within tolerable limits. In terms of inadequate data, ensuring that data is free of bias is extremely important. While we have all recently been made keenly aware of the impact of racial and ethnic bias on models (ex: facial recognition models trained only on Caucasians) there are a number of other biases which models should be evaluated for. According to “7 Types of Data Bias in Machine Learning” these include: 1) sample bias (not representing the desired population accurately), 2) exclusion bias (the intentional or unintentional exclusion or certain variables from data prior to processing), 3) measurement bias (ex: due to poorly chosen measurements that create systematic distortions of data, like poorly phrased surveys); 4) recall bias (when similar data is inconsistently labeled), 5) observer bias ( when the labelers of data let their personal views influence data classification/annotation), 6) racial bias (when data samples skew in favor of or against certain ethnic or demographic groups), 7) association bias (when a machine learning model reinforces a bias present in a model). In addition to data quality, data quantity is as imperative. For example, in order to properly train machine learning models, you need to have a sufficiently large number of observations to create an accurate predictor of the parameters you’re trying to forecast. While the precise number of observations needed will vary based on the complexity of the data you’re using, the complexity of the model you want to build, and the impact of the amount of “statistical noise” generated by the data itself, an article in the Journal of Machine Learning Research suggested that at least 100,000 observations are needed to train a regression or classification model. Moreover, it is important that numerous data points are not captured or sufficiently documented in healthcare. For example, as noted in the above-referenced article on extracting and utilizing Epic EHR data for study based on research at the Cleveland Clinic in 2018, even after doing significant work to standardize and label patient data, “approximately 9% [1,000 out of 32,000 data points per patient] of columns in the data repository” were not using the assigned identifiers. While it is likely that methods have improved since this research was performed, given the size and resources that an institution like the Cleveland Clinic had to bear on the problem, it indicates the larger size of the problem. Once the model has been developed there should be a process in place to ensure that the model is transparent and explainable by creating a mechanism that allows non-technologists to understand and assess the factors the model used and what parameters it relied most heavily upon in coming to its conclusions. For example, as noted by the State of AI Report 2020, “AI research is less open than you think, only 15% of papers publish their [algorithmic] code” used to weight and create models. In addition, there should be a system of controls, policies, and audits in place that provide feedback as to the potential errors in the application of the model as well as disparate impact or bias in its conclusions. Implications: As noted in “Artificial Intelligence Basics: A Non-Technical Introduction” it’s important to have realistic expectations for what can be accomplished by an AI project and how to plan for it. In the book, the author Andrew Taulli references Andrew Ng, the former Head of Google Brain, who suggests the following parameters; an AI project should take between 6-12 months to complete, have an industry-specific focus, should notably help the company, doesn’t have to be transformative, and, have high-quality data points. In our opinion, it is particularly important to form collaborative, cross-platform teams of data scientists, physicians, and other front-line clinicians (particularly those closest to patients like nurses) to get as broad input on the problem as possible. While AI holds great promise, proponents will have to prove themselves by running targeted pilots and should be careful not to overreach at the risk of poisoning the well of opportunity. As so astutely pointed out in “5 Steps for Planning A Healthcare Artificial Intelligence Project: “artificial intelligence isn’t something that can be passively infused into an organization like a teabag into a cup of hot water. AI must be deployed carefully, piece by piece, in a measured and measurable way.” Data scientists need to ensure that the models they create produce relevant output that provide context and the ability for clinicians to have a meaningful impact upon the results and not just generate additional alerts that will go unheeded. For example, as Rob Bart, Chief Medical Information Officer at UPMC noted in a recent presentation at HIMSS, data should provide “personalized health information, personalized data” and should have “situational awareness in order to turn data into better consumable information for clinical decision making” in healthcare. Along those lines, it is important to take a realistic assessment of “where your organization lies on the maturity curve”, how good is your data, how deep is your bench of data scientists and clinicians available to work on an AI project in order to inventory, clean and prepare your data. AI talent is highly compensated and in heavy demand. Do you have the resources necessary to build and sustain a team internally or will you need to hire external consultants? How will you select and manage those consultants, etc.? All of these are questions that need to be carefully considered and answered before undertaking the project. In addition, healthcare providers need to consider the special relationship between clinician and patient and the need to preserve trust, transparency, and privacy. While AI holds a tremendous allure for healthcare and the potential for it to overcome, and in fact make up for its underinvestment in information technology relative to other industries, all of this needs to be done with a well-thought-out, coherent and justified strategy as its foundation. Related Readings: Artificial Intelligence Basics: A Non-Technical Introduction. Tom Taulli (publishers site) Artificial Intelligence (AI): Healthcare’s New Nervous System An Interdisciplinary Approach to Reducing Errors in Extracted Electronic Health Record Data for Research 5 Steps for Planning a Healthcare Artificial Intelligence Project

The Driver: On July 31, Truveta raised an additional $95M in a Series A round funded by its 17 health system partners all of whom contributed the same amount. Since we last wrote about Truveta back in February (please see Backed by Big Hospitals, a Former Microsoft Executive Wades into the Messy Business of Selling Patient Data, The HSB Blog 2/22/21) Truveta has added an additional three health system partners and increased the number of medical records which will be used to identify optimal health interventions. Truveta’s goal is to use this data across sub-populations to improve patient care and promote health equity. The company stated that funding will be used to grow the Truveta team and strengthen the company’s cloud infrastructure. Key Takeaways: Truveta’s health systems partners give it access to data that represent approximately 15% of the medical records in the U.S. and patients in 40 states. Truveta’s platform allows researchers to account for biases where different groups receive different medical recommendations due to clinician bias. Truveta believes the sheer volume of their data set will be an advantage, given there are nearly 7,000 rare diseases affecting 30 million people in the U.S. alone. Truveta’s platform has the ability to improve medical education amongst future healthcare providers as it delivers insights for underrepresented populations. The Story: Founded by former Microsoft executive, Terry Myerson who led the Window’s and Devices Group, Truveta emerged from stealth mode last Fall by partnering with 14 health systems (now totaling 17). According to the company’s website, its partnership with the 17 health systems provides them with “an unprecedented data platform” given that their partners represent approximately 15% of the medical records in the U.S. and patients in 40 states. In addition, given the concerns about privacy and security of data in its models Truveta has committed to transparency and privacy agreeing to allow third-party audits of their “security and anonymization technology”. Truveta collaborates with leading clinical researchers, allowing their input on its data analytics platform. Along those same lines, Truveta recognizes the concerns about transparency and explainability in AI models and has also committed to closely collaborating with the health systems and health systems’ leaders who hold voting seats on the board of directors to ensure their models are fair and equitable. As the company states on its website, “health providers own Truveta, reinvesting any earnings they receive from Truveta back into the communities they serve”. The company is growing rapidly going from less than 20 employees in October to over 100 today. According to Geekwire, researchers at Truveta’s health system partners are just starting to access the company’s datasets and it is anticipated that outside entities will be able to access data by the end of the year. The Differentiators: Truveta has trained machine learning models to aggregate patient data from partnered health systems and insurance claims to better clinicians’ datasets and allow for early health interventions. Although a common criticism of some machine learning models is that they may have been trained on data sets that inadequately represent minority populations, and are unable to detect racial biases in healthcare, the geographic and ethnic diversity of Truveta’s health system partners allow for substantial patient diversity. For example, while there are similar efforts by other systems, such as Duke and Partners, and commercial competitors, Truveta believes they have an advantage given the breadth of their health system partners and amount of coordination. In addition, as noted by Geekwire, Truveta believes that the strong heavy data consolidation between Truveta and its partners will allow it to get more rapid answers to which treatments can be more effective as well as which patient populations may be most at risk for certain diseases or conditions. As highlighted on the company’s website, Truveta believes the sheer volume of their data set will be an advantage, given “there are limitations to how much information a provider can retain as there are nearly 7,000 rare diseases affecting 30 million people in the U.S.” The Big Picture: As we noted in our article back in February, while many “stakeholders consider patient data as something owned by the individual...loss of control over patient data is dangerous and can lead to a loss of privacy, discrimination, and many other problems. Although Truveta is using de-identified data, pieces of information could be used to re-identify patients by those who have malicious motives. The most ethical way to utilize patient data to improve outcomes is to be transparent with patients and ask for their consent in sharing the data.” Patient anonymity should be prioritized. Given the rise of ransomware attacks, cybersecurity protocols have to be of the utmost importance and audited and tested frequently to ensure patient privacy and security of data. In addition, as noted in a Forbes article entitled “Truveta Wants To Save Lives With Data But That’s A Tall Order”, the company needs to be clear about how much data can improve health equity. As the article points out, our knowledge of health inequities has dated to at least as far back as the Surgeon General’s report in 2000 yet little has changed. In part, this is because existing data collection mechanisms are not designed to document [social determinants of health] variables either because they are intangible, as in the presence of a welcoming environment within a health system, or not collected in a manner granular enough to be meaningful.” As such, as the article concludes, “solving our health system challenges and making healthcare equitable for all must extend well beyond the data.” Seattle Data Platform Truveta Raises $95M, Adds 3 Health Systems to Network, Seattle Startup Truveta Raises $95M for Ambitious Vision to Aggregate Data Across Healthcare Systems, Truveta Wants To Save Lives With Data But That’s A Tall Order

Our Take: Put quite simply, the recent dismantling of Google’s Google Health unit brings into question whether tech companies such as Google, Amazon, Apple, etc. will meaningfully be able to penetrate the healthcare industry in the ways they have disrupted other industries such as retail and media. In part this is due to the failure to acknowledge and adapt to the fact that healthcare is dramatically different from technology in structure, degree of regulatory oversight, policies, and financial resources. Designing, building and implementing solutions in the tech industry is dramatically different than selling products and services into the healthcare industry. As we noted in our piece back in March (please see “Big Tech & Retail Disruptors Continue to Run Into Same Challenges in Healthcare”, 3/22/21), “the varied nature of healthcare data, the intricate nature of data privacy and security rules such as HIPAA and CCPA, and the often complicated relationships between patients, providers, and payers can make navigating the space difficult at best.” Tech companies should expect and be prepared to adapt their solutions to a continual learning process thorough from the inception through iterative rounds of implementation and execution to the necessary follow-up changes post-mortem. Key Takeaways: According to CB Insights, Big tech has invested in deals worth a cumulative $6.8B since the start of 2020. Tech companies have promised to transform, disrupt, and revolutionize the current system, yet still struggle. On average the healthcare industry spent 5% of revenues on IT in 2020 compared to an overall industry average of 8.2% and 24.7% for the software industry. The U.S. healthcare industry is an $8.3T industry growing approximately 4% per year. The Problem: Big Tech (exemplified by Google, Amazon, IBM, Apple, etc.) in one way or another have all expressed the goal to “change the face of healthcare as we know it.” However, not only is that goal incredibly broad and far reaching, as anyone who has ever worked in healthcare can tell you, it is much easier said than done. Virtually all of these organizations have experienced setbacks of varying degrees and have not had the degree of success many would expect given their level of investment. In addition, while Google stated that shutting Google Health would move “teams closer to the work or some of our core areas” and “will be good for execution”, departing CEO, David Feinberg was hired less than three years ago with the goal of “figuring out how to organize Google’s fragmented health initiatives, which overlap among many different business groups.”, according to a CNBC report at the time. Had Google’s investment actually been paying off or at least showing signs of paying off, one doubts this would have happened. While each case is different, we believe there are some common issues behind big tech (and many retailer’s) struggles in gaining traction in the healthcare industry. These include, too ambitious and unfocused, goals which lack a centralized long-term vision, inability to understand the nuances of how the sub-sectors of the healthcare market differ from each other, and how the tech industry differs from healthcare as well as the need to take different approaches to make progress in the healthcare market. As we noted in our March blog, achieving change in healthcare can be methodical, require broad consensus, and involve cross-collaboration support from broad swaths of an organization or parts of the industry. The Backdrop: Big Tech companies like Amazon, Google, and Apple as well as retail giants like Walmart, have been attempting to gain a solid foothold in portions of the healthcare industry since the early 2000’s. As noted by CB Insights, drivers of big tech’s investment in the healthcare industry include: 1) enterprise interest in smart devices, 2) the so-called consumerization-where consumers take greater control of their own care, 3) The explosion of health data, 4) Demand and application of AI and automation to streamline care and improve accuracy, and 5) Healthcare’s disproportionate cost burden in this country. With this in mind, Amazon, J.P. Morgan and Berkshire Hathaway partnered to form Haven in 2018, with a stated goal of finding ways to reduce healthcare costs for employees and improve patient satisfaction. In addition, while Amazon has been directly involved in healthcare since its acquisition of Pill Pack in 2018, in the last several years Amazon has added Amazon Pharmacy, Amazon PrimeRx and earlier this year Amazon Care. While Amazon is among the first of big tech companies to become directly engaged in care delivery and appear to be having some success, it remains too early to tell. Similarly, Apple has been involved in Health primarily through the iWatch and the Apple Fitness program but has also been developing services for its iOS ecosystem via the Apple HealthKit/CareKit. However, press reports recently noted that Apple would be scaling back a key health initiative, the Apple HealthHabit which many viewed as an attempt to eventually commercialize learnings from Apple’s internal health clinics. Along those same lines, while Google will be dismantling Google Health, Google’s investments in nine separate health initiatives will continue including Care Studio, Cloud healthcare Products, YouTube Health Initiatives, as well as AI research centering on chest X-rays and mammography. As noted by CB Insights, big tech invested over $3.7B in 2020 and has invested over $3.1B in healthcare year-to-date in 2021. While big-tech is attempting to capture a portion of the almost $4.0 billion in healthcare spending, the question remains whether they will figure the best way to penetrate the complex and intricate healthcare market. Implications: While healthtechs growth and underlying industry drivers have been propelled by the COVID pandemic, healthcare remains stubbornly difficult for big tech to penetrate. While over the years big tech has promised to transform, disrupt, and revolutionize the current system, gains have been far more modest. Compared to technology (and many other industries), healthcare is a risk-averse, lethargic, bureaucratic colossus. While the tech industry’s mantra has often been celebrated as “move fast and break things”, healthcare proudly points to Hippocrates and his oath to “do no harm.” While tech companies have often had the luxury of resources and the ability to “throw bodies” at problems, healthcare has consistently been underresourced and has historically underinvested in its information technology infrastructure. For example, according to Flexera, on average the healthcare industry spent 5% of revenues on IT compared to an overall industry average of 8.2% and an average of 24.7% for the software industry. In addition, as noted earlier, tech companies differ from healthcare in terms of information security and data privacy rules as well as in the amount, integrity and availability of data. Consequently, tech companies looking to make greater inroads in healthcare need to learn to take a more nuanced and less blunt approach to change. In particular, tech companies need to understand the capabilities and limits of each unique organization they are dealing with in terms of quantity and quality of data as well as the ability to produce it in a timely fashion. In addition, they need to realize any system change in healthcare requires broad consensus from both clinical and technological stakeholders. Those looking to transform the system need to know how to implement cross-platform collaboration, as well as the ability to create and grow a base of support for a project from within the organization in order to create or overcome resistance to change. The healthcare industry’s approval process is time-consuming and not only slows down the pace but consistently brings opportunities for greater complexities and inertia to enter into the process. While tech companies have often reflected the personality of a dominant founder or founders (ex: Jeff Bezos, Steve Jobs, Bill Gates, Larry Page and Sergei Brin) most hospital systems are the products of years of development, rarely a single individual (perhaps with the exception of HCA and the Frist family). This difference in culture also drives a much greater need for consensus and garnering the support of numerous stakeholders. As STAT news pointed out in reporting on the break up of Google Health, “rather than using a single business unit to overhaul healthcare, tech companies including Apple, Amazon, and Google might be better equipped to aim a series of decentralized health efforts on one or two problem areas of the industry.” Lastly, one of the considerations tech companies should remember is, tech companies see themselves as the solutions rather than contributors to the solution. This attitude of the industry works well within the competitive fast-paced tech industry but in healthcare, it would only cause setbacks. Related Reading: Will Breaking Apart Google's Health bets give them a Better Shot at Success? Big Tech in Healthcare: Here's Who Wins and Loses as Alphabet, Amazon, Apple, and Microsoft Target Niche Sectors of Healthcare Is Healthcare too Hard for Big Tech Firms? Google Dismantles Health Division in Strategy Overhaul Google says Health Projects will Continue even as it Unwinds Dedicated Health Division

The Driver: Earlier this month Covera Health raised $25 million in a Series C financing led by Insight Partners with participation from existing investors including Equity Group Investments. The company plans to use this funding to help expand its first product, Centers of Excellence Radiology, which is deployed by both employers and health insurance plans to guide patients toward the highest-quality radiology providers based on their requirements. As noted by MobiHealthnews, Covera Health “partners with providers to give them insight on reducing errors, and it works with payers to avoid unnecessary care and promote value-based payment.” Key Takeaways: The error rate in diagnostic imaging is on average 3 to 5 % and there are as many as 40M diagnostic imaging errors annually. Covera claims to be able to boost delivery of more accurate care, while “reducing downstream care costs by as much as 30%” The company states that they cover over 1 million patient’s lives and the project will be able to scale its radiology platform to cover over 20 million patients by 2021. At least 12 million Americans will receive a misdiagnosis every year. 40-80,000 people die from complications due to misdiagnosis annually. The Story: Covera Health an AI-powered quality analytics platform was founded in 2017 in New York and has raised $57 million to date. According to the company’s website, their platform “generates robust measures of diagnostic accuracy across pathologies and patient types which are then used to validate accuracy relative to their peers.” This “allows them to pair patients with radiologists who excel at diagnosing their specific issue.” The company states that they cover over 1 million patient’s lives and the project will be able to scale its radiology platform to cover over 20 million patients by 2021. Covera believes its quality assessing platform allows employers and health plans to choose their preferred radiology providers according to their needs while allowing payers to choose value-based care and cutting costs by saving on unnecessary care. By reducing medical errors and preventing misdiagnosis the platform can improve health outcomes and quality of care. It has gained the trust and interest of stakeholders who are motivated to improve health outcomes and improve patient’s quality of care. Covera Health has a team of clinical and strategic advisors onboard. The Differentiators: Covera has designed an analytics platform that leverages advanced data science and artificial intelligence to help reduce and eliminate systematic medical errors, initially focusing on diagnostic imaging. This area is particularly ripe for research as the company notes, “though radiologists have an average operational error rate of only 3% to 5%, retrospective studies of more advanced imaging technologies such as MRIs and CT scans have found error rates of 30% or more for complex diagnoses.” In diagnostic radiology systematic error rates are due to a number of potential factors including increased workload, understaffing, distractions and interruptions, technical errors, and mental fatigue. Covera selects top radiologists for their Radiology Centers of Excellence program based on a detailed assessment of 10 years of medical records and radiology scans involving millions of data points. According to the company, this is made possible by “a unique data-sharing arrangement with radiology providers, (which grants direct access to records to a quality-review panel comprised of experienced, subspecialized radiologists), together with its proprietary artificial intelligence algorithms.” This process has allowed Covera to identify more than 1,000 top-performing imaging centers nationwide while simultaneously providing radiologists participating in the program with valuable insights that can help them improve their practices. Covera claims to be able to boost delivery of more accurate care, while “reducing downstream care costs by as much as 30% in a study of 80,000 employees in a blinded statewide trial”. The Big Picture: According to a 2018 article in RadioGraphics, there are approximately 40 million diagnostic errors involving imaging annually worldwide and approximately 75% of malpractice suits filed against radiologists relate to diagnostic errors. As noted above there are systematic circumstances that can lead to diagnostic errors (workloads, distractions, fatigue) as well as issues with interpretation of scans that can be attributed at least in part to sub-specialization differences. However, medical errors in diagnostics can also be attributed to systemic issues deriving from biases and underrepresentation within the sheer number of imaging data points which can lead to a faulty diagnosis. For example, according to a recent article in Healthline, women, and people of color are likely to face misdiagnosis 20-30% times more than their white or male counterparts. As a result, the burden of acquiring proper care is shifted to the patient instead of to the provider, where it should reside. AI-powered patient analytics platforms like Covera Health rely on machine learning algorithms to sort through patient-centered data and reduce the rate of misdiagnosis emanating from the imaging department. Catching and preventing misdiagnosis early can mean that patients may forego unnecessary procedures, resulting in lowering costs and improving care. As noted in Healthline, “whether it’s AI analyzing mass amounts of patient data to help doctors better understand where they might go wrong to changing the way medicine is taught, the medical community must be receptive to critiques and suggestions about how to ensure that the level of misdiagnoses are reduced over time as are actual rates of error.” References: Health Data Analytics Platform Covera Health Lands $25M in Series C Funding, Covera Health Raises $25M in Series C Financing to Fuel Growth of Its Healthcare Quality Analytics Platform, Fundamentals of Diagnostic Error in Imaging

Our Take: To fully complete the transition to the digitalization of healthcare we must incorporate greater humanity, compassion, and empathy in the care we deliver. While there was a rapid shift from in-person care to telemedicine and digital health during the pandemic, it is essential not to lose sight of the importance and differences in the expression of compassion, humanity, and empathy between digital and in-person care. In a period where social isolation and fear of seeing clinicians in person, even when sick, has led to a reduction in preventive care visits, telehealth has played a key role in maintaining that much-needed connection among patients, clinicians, and care-delivery networks. Digital health has and will make it easier for patients to communicate with doctors without having to travel, saving them time, energy, and cost, therefore enhancing access in a myriad of ways, however, caregivers cannot lose sight of the need to blend the use technology with the need for old-fashioned authentic human connections with their patients. Key Takeaways: Clinicians routinely interrupt patients after only 11 seconds when patients are describing symptoms, yet patients generally provide relevant diagnostic information if they are allowed 35 seconds to speak. Educational training that included self-reflection and reflective writing aimed at increasing empathy showed 100% of students experienced a positive change in empathy. Raising awareness about digital empathy is the first step in educating trainees and preparing them for this technologically driven world. More than 80% of diagnoses are made on history alone while less than 40% of patients give given the chance to talk about why they came in for their visit. The Problem: The patient-provider relationship revolves around trust, human connection, and compassion between patients and doctors. Many clinicians believe that over 80% of diagnoses can be discovered by doing the patient history alone. Therefore it is important for clinicians/ providers to determine what they need to prepare for during their visits. It is not only about the patient as a person exhibiting symptoms of a disease, but also the process of understanding those symptoms within the context of the patient’s life by taking a brief moment to communicate and connect with the patient. For example, studies have shown that on average doctors routinely cut off patients within 17 seconds of patients describing their symptoms when in fact if they had let them talk for only 3 minutes patients would have given them relevant diagnostic information. By allowing patients this time and letting them open up, they can explain their unique circumstances which can contribute meaningfully to the diagnosis. Digital healthcare has many advantages and has given patients greater access to clinicians who are now more available and approachable in some ways than they were before, but clinicians must make sure they are present, focused, and actively listening to patients to create the same bond as in-person care. The use of technology to establish a communication channel between patient and provider should not be an excuse for the loss of compassion and emotional connection between them. The Backdrop: According to a recent McKinsey report entitled, “Telehealth: A Quarter-Trillion- Dollar Post-COVID-19 Reality?” 76% of consumers were interested in using telehealth in the future, up from 11% in 2019. In addition, the report also found that 57% of healthcare providers viewed telehealth more favorably than they did prior to COVID. While telehealth and digital healthcare tools had been around for years, given the fact that both providers and patients had to transition to virtual care almost overnight, the transition was not smooth. Both patients and providers had to acclimate themselves to this new normal. For seniors, for whom medical and social care was a primary form of in-person interaction, the lack of in-person medical care contributed to feelings of social isolation, loss of a bond, and the loss of empathy that many patients felt deeply. For years clinicians have recognized the role of empathy in patients’ care. As noted in “The Emerging Issue of Digital Empathy”, published in the American Journal of Pharmaceutical Education, empathy increases both patient satisfaction and compliance and enhances a practitioner’s ability to treat patients. The article goes on to note that empathy has strong positive effects on patient’s health outcomes and helps reduce the risk of malpractice litigation. Digital communications are often devoid of many of the non-verbal cues typically associated with in-person interactions which can lead to more impersonal interactions. Consequently, clinicians must pay careful attention to how they relate to patients in digital visits. As noted by Charles Alessi, MD, Chief clinical officer at HIMSS, COVID-19 forced us to jump into digital modalities to deliver care, but empathetic care isn’t just about care related to COVID-19, it is really is about the care we give in our everyday interactions with patients and citizens. As he stated, ”virtual platforms were made available quicker than we can imagine yet it was reported that patients were scared and wanted more authentic human interaction when seeking information. Patients not only wanted to be seen and heard but also listened to.” Along those lines, a study published in the Journal of General Internal Medicine reported that only 36% of patients are given the opportunity to speak up about why they came in for their visit; while only 20% of specialists actually asked their patients what was wrong. While many clinicians struggle with communication even with in-person settings and maintaining two-way communication seems difficult, human touch can often cover up a lack of effective communication skills. However, when dealing with digital interactions, clinicians must call on an entirely new skill set. Caregivers need to recognize, understand and resonate emotionally with the patient’s complaints, distress, and pain. Compassion and empathy in the digital health platform will provide a strong foundation in building this ever-growing virtual health platform. Efforts to address the issue of digital compassion, empathy, and communication should be integrated into clinical training and must be a building block to delivering optimal patient care. Implications: While empathy, compassion, and active listening can come easier to some than others, it is not an innate skill. For example, as noted in a recent article entitled, “How Technology Can Advance Empathetic Care“, empathy can be taught to nurses and doctors, with new ways of communicating that add more to the overall care of a patient. Moreover, although technology can seem like a barrier to human touch, technology can also be deployed to help train the skills that improve empathetic care. Virtual reality and augmented reality tools have been shown to help nurses who have recently received academic training but have not received practical experience directly working with patients. Augmented reality scenarios can teach clinicians how to handle difficult conversations and deliver bad news. In addition, technology allows facial recognition technology to provide instant feedback to clinicians on their effectiveness in reading a patients’ demeanor via the computer. Clinicians must recognize that technology used in a healthcare setting is usually biased in their favor to give them insights into a patient’s physiological condition and may also provide insights into their emotional state. For example, so-called “Compassion tech” which Andy Shin the Chief Operating Officer of the American Hospital Association Center for Health Innovation proposes defining as “knowledge-based products or services that improve the ability of users to recognize, understand and resonate emotionally with another’s concerns, distress, pain or suffering” can aid in gaining insights to a patient but are not a substitute for establishing strong solid communication with that patient. While technology can be used to bridge the gap between provider-patient relationships we continue to recommend 5 steps for connecting with patients via digital health, these include 1) staring into the camera when you speak with a patient; 2) don’t interrupt and instead allow patients to tell their story; 3) where possible use visual clues from a patients surroundings to learn more about their situation; 4) learn the art of the pause, actively train yourself to stop and listen to the patient; and, 5) embrace natural interruptions on video (ex: kids, dogs, etc.) on both sides of the interaction, they humanize it. All of these actions allow you to create a stronger, more lasting connection with your patient (please see our webinar entitled “Transforming the Digital Health Experience to Build Consumer Engagement, Loyalty, and Brand” with Ingrid Lindberg, Co-Founder, aubreyAsks & CXO of Chief Customer). Related Readings: Digital Health is a Cultural Transformation of Traditional Healthcare Compassion Tech: Merging Technology, Consumerism and the Human Connection for Health Innovation How Technology can Advance Empathetic Care The Emerging Issue of Digital Empathy Telehealth: A Quarter-Trillion-Dollar Post-COVID-19 Reality?

The Driver: Recently, Vera Whole Health raised $50M from Morgan Health, the new healthcare-focused firm founded by JP Morgan Chase following the closure of the Haven joint venture. Founded in 2008, Vera Whole Health provides comprehensive coordinated healthcare services that are working to move employers towards value-based care and away from traditional fee-for-service models. Through employer-funded worksite clinics in 11 states, Vera provides care at a cost-efficient price point measured via optimal health outcomes to for employees. Vera Whole Health has raised over $95.5M and is backed by CD&R with other investors including Transformation Capital, Archimedes Health Investors, Leerink Transformation Partners, and Puget Sound Venture Club. With the closing of this new funding, Vera Whole Health has fostered a partnership with Central Ohio Primary Care Physicians Inc. to expand its services in Columbus. The Takeaways: Subscription services are more efficient, it costs physicians almost $100K/year just to bill for their services (JAMA). According to STAT health, 8% of each U.S. health care dollar goes to administration, compared to 3% among comparable nations. While value-based care has been around for a generation, a 2020 survey found almost ¾ of physician practices report over ¾ of revenue comes from FFS. Employer-based coverage can be a retention tool with a 2018 AHIP survey finding “46 percent said health insurance was either the deciding factor or a positive influence in choosing their current job”. The Story: Seattle-based Vera Whole Health provides value-based care that attempts to holistically treat patients and not just isolated symptoms by offering employers a fixed-fee model to enhance employee’s productivity. Vera operates their clinics either at or near an employer’s location providing primary care services extending beyond preventive care to include behavioral health services, occupational health services, pediatrics, physical therapy, and more. Driven to improve population health cost management and health outcomes, Vera Whole Health conceptualized an Advanced Primary Care (APC) model in 2012. The company states that the APC model contrasts against the traditional fee-for-service model by “delivering the essential 1:1 patient-provider relationship through informatics, referral management and care coordination, and integrated health coaching”. Applying robust informatics helps optimize care by empowering physicians to identify care gaps and quickly assess who “is in need of screenings or other preventive services” improving patient’s long-term health outcomes. Using the active care coordination aspect of Vera’s APC assures that the provider is able to guide patients through their treatment plan and refer to specialists which improves adherence and compliance to their care plan. Vera also deploys integrated behavior change coaches who help empower patients to commit to their health goals. The company has stated that “employers under contract with Vera have seen an average patient Net Promoter Score of 90, and improved health outcomes and utilization”. The Differentiators: As noted above, Vera is attempting to offer holistic value-based care which is seeking to help patients achieve their optimal social, behavioral, and physical health in a cost-efficient manner. By using a subscription-based model instead of a fee-for-service one, which operates on a fixed fee that is paid in advance, providers are incentivized to maintain and improve patient’s health by anticipating and preventing disease instead of being paid based on the volume of service. Vera claims they can reduce the employer’s healthcare costs by 21% and have over a 1.4:1 ROI in the first year their solution is deployed. Vera’s APC model also allows providers to improve care by connecting financial incentives to the quality of care and not to the volume of care or just the cost of services rendered. This enables providers to see fewer patients relative to a traditional provider and schedule what Vera refers to as “time rich appointments” since clinician’s schedules don’t have to be as tightly packed. Additionally, Vera’s APC model employs a broad care team that is made up of an allied staff including nurses, health coaches, and behavioral health experts. As a result of the increased employee engagement Vera is able to achieve by centralizing primary care, Vera has been awarded a Certification of Validation by the Care Innovations Validation Institute, an independent organization that evaluates health plans. The Big Picture: For approximately the last ten years since the passage of the Affordable Care Act (and many would argue, even before) the U.S. healthcare system has been shifting from one based on reimbursement for procedures volumes (fee-for-service) to one based on quality, outcomes, and satisfaction (value-based care). This is due as much as anything to the large amount of waste, inefficiency, and simple lack of results in proportion to over healthcare spending in the U.S. According to the American Medical Association, the U.S. spends over $3 trillion annually on healthcare, yet over half of American’s have one or more chronic conditions including heart disease and diabetes. Clearly, the system is unsustainable as it doesn’t prioritize preventative care measures since it’s more advantageous to practice defensive medicine, and patients and doctors are not incentivized to be proactive in their care. Programs like Vera Whole Health which are subscription-based can not only encourage more holistic care of patients but help reduce administrative costs which could account for 25-30% savings. In addition, by attempting to reach patients through the employer-sponsored insurance market (ESI) Vera can engage them early enough in their helathcare lifecycle to help prevent and effectively treat many of these conditions. Moreover, by working through employers, Vera is enabling employers to attract and retain new and existing employees in what is a very tight labor market effectively turning healthcare into a competitive advantage. Vera Whole Health Grabs Morgan Health’s Interest—and a $50M Investment; Central Ohio Primary Care Bringing PE-Backed West Coast Startup to Columbus Employers; Fee for Service is a Terrible Way to Pay for Health Care. Try a Subscription Model Instead

Our Take: Health disparities are even more dominant in the 18 states that did not expand Medicaid under the Affordable Care Act (ACA), leading to greater unnecessary drains on state budgets. For example, in West Virginia which did expand Medicaid, the uninsured rate among Blacks and Hispanics dropped by over 60%, while the decline was under 20% in states that did not expand Medicaid. Similarly, as noted in a study by the Commonwealth Fund, while Medicaid expansion increases total Medicaid spending by approximately 23% and federal Medicaid spending by 38%, it has not increased state Medicaid spending, at least in the period between 2015-2019. As noted in the report, this is because “states can save from 15 cents to 40 cents on every dollar of care it can shift to expansion (assuming 2020 expansion match rates).” Given the emerging disparities in healthcare access and affordability amongst Americans, the expansion of Medicaid by the states is crucial to help reduce the differences in health outcomes, the prevalence of chronic diseases, and other health disparities. Key Takeaways: During 2014–17, Medicaid expansion was associated with a 4.4 percent to 4.7 percent reduction in state spending on traditional Medicaid. Although the ACA improved healthcare access and reduced the rate of the uninsured, it did not close the racial gap in healthcare coverage (Health Equity) According to the Commonwealth Fund, “states can save from 15-40 cents on every dollar of care it can shift to expansion (assuming 2020 Federal fund matching rates).” Over 500K Louisianans have enrolled in Medicaid since expansion in 2016, including those seeking care for hypertension (59K), colon cancer (53K), and diabetes (22K) all conditions that disproportionately impact the underserved. The Problem: Enacted in 1965, Medicaid, is a joint federal and state healthcare program that is financed jointly by funds provided by the federal government and state governments. Under the program, the federal government matches each dollar of state spending on its Medicaid program. The federal match rate varies by state and is based on what is referred to as a federal “matching formula”. The percentage match ranges from a minimum of 50% to nearly 79% in the poorest state (Alabama) and averages just over 56% nationwide for FY 2022. Under the ACA Medicaid coverage was expanded to nonelderly adults with income up to 138% FPL (~ $17,000 for an individual in 2019) with enhanced federal matching funds. Prior to enactment of the law, individuals typically had to meet very strict state eligibility standards to qualify with many low-income adults failing to qualify and thereby lacking coverage. Moreover, most states and federal laws also excluded adults without dependent children from Medicaid no matter what their income level (or lack of it). The ACA effectively eliminated many of these burdensome eligibility criteria and extended coverage to adults that did not have dependent children. However, as part of the ACA, states were required to expand Medicaid coverage or face a penalty. Arguing that States should have a choice in expansion, in 2012 the National Federation of Independent Business (NFIB) backed by a number of states sued to block the implementation of the ACA in the National Federation of Independent Business v. Sebelius (“Sebelius”). In this case, the states argued against the constitutionality of Medicaid expansion since it compelled states to follow federal regulations, among other things. In 2012, the Supreme Court ruled letting the bulk of the ACA stand but held that penalizing states for not expanding Medicaid was an unconstitutional exercise of Executive branch power, thereby leaving it to the states to decide whether to expand Medicaid. Following the Supreme Court’s ruling in Sebelius expansion of Medicaid became largely a political litmus test with states run by Democratic governors largely expanding Medicaid and states run by Republican governors largely opposing the expansion of Medicaid. This resulted in a patchwork of policies and coverage for the underserved and low-income individuals. The Backdrop: Due to the polarizing nature of the ACA and the political environment in the U.S. at the time, many states chose not to expand Medicaid for their residents. Since, as noted by the Kaiser Family Foundation, “Medicaid is the nation’s public health insurance program for people with low income and covers 1 in 5 Americans. With the vast majority of Medicaid enrollees lacking access to other affordable health insurance. including many with complex and costly needs for care”, many were left without care or substandard care. However, it was not until recently that studies look at the disparity of care among the underserved between expansion and non-expansion states. Not surprisingly these studies have found distinct differences in care for low-income and minority populations in Medicaid expansion and non-expansion states. For example, a November 2020 article in Health Affairs found that “by comparing changes in outcomes for low-income women in expansion and non-expansion states, [they] document greater pre-conception health counseling, pregnancy folic acid intake (which reduces the likelihood certain birth defects in newborns), and postpartum use of effective birth control methods among low-income women (reducing the likelihood of unplanned pregnancies) all associated with Medicaid expansion. This is particularly important as according to the March of Dimes, Medicaid covers roughly half of all births in the United States, including many high-risk pregnancies. In addition, a study entitled “Medicaid and Mortality: New Evidence from Linked Survey and Administrative Data” (“Medicaid and Mortality”) found that failure to expand Medicaid in states likely resulted in 15,600 additional deaths over this four-year period that could have been avoided had these states elected to expand coverage.” The study stated that individuals aged 55 to 64 in low-income households have four times higher mortality rate compared to 0.4 mortality rate for higher-income individuals in the same age group. Similarly, according to the Center for Budget on Budget and Policy Priorities (CBBP), “the share of opioid-related hospitalizations in which the patient was uninsured has plummeted 79 percent in expansion states, compared to just 5 percent in non-expansion states.” The CBBP also notes that more than 550,000 Louisianans have enrolled in expansion coverage since the state expanded Medicaid in 2016, including those seeking treatment for hypertension (59,000), colon cancer (53,000), and diabetes (22,000) all conditions that disproportionately impact the underserved and low-income communities. Implications: While the ACA was successful in helping to reduce racial and ethnic disparities in healthcare coverage, particularly among the uninsured, the results were uneven due to the differences in coverage for expansion and non-expansion states. As demonstrated above additional disparities in access and quality care can be mitigated by further expanding Medicaid to those states that have chosen not to do so. For example, according to the Kaiser Family Foundation, if all states that are currently eligible to expand Medicaid were to do so 2.2 million people would gain coverage as would an additional 1.8 million people with incomes of between 100% and 138% of the federal poverty level. This is particularly important as KFF points out more than 30.2% of nonelderly adults without coverage said that they went without needed care in the past year because of the cost compared to 5.3% of adults with private coverage and 9.5% of adults with public coverage. Moreover, as noted earlier, this expansion would come at savings to the states of between 15-40 cents of any dollar the state spends on care. In addition, an analysis by the CBBP finds that costs for uncompensated hospital care, which was provided by hospitals but never paid, would actually decline by approximately $18B (using 2016 dollars) if Medicaid expansion were broadened. As demonstrated by the Coronavirus Pandemic, the underserved and low-income are most at risk in healthcare. As highlighted in Medicaid and Mortality above, Medicaid is the largest insurance provider for 72 million low-income Americans who often face higher rates of “diabetes (by 787%), cardiovascular disease (552%), and respiratory disease (813%) relative to those in higher-income households” with the authors concluding that Medicaid expansion can dramatically reduce mortality rates for low-income individuals. Clearly underserved communities stand to receive greater health benefits, lower prevalence of chronic conditions, and a reduction in the rate of uninsured by expanding coverage. Related Readings: Did Obamacare Expand Access to Insurance for Minorities? In Some U.S. States, Hardly at All States' Performance in Reducing Uninsurance Among Black, Hispanic, and Low-Income Americans Following Implementation of the Affordable Care Act Medicaid and Mortality: New Evidence From Linked Survey and Administrative Data When States Don’t Expand Medicaid, Women Suffer The Impact of Medicaid Expansion on States’ Budgets Chart Book: The Far-Reaching Benefits of the Affordable Care Act’s Medicaid Expansion

The Driver: On July 30th, Juno Medical raised $5.4 million in seed funding led by Vast Ventures and joined by Atento Capital, Company Ventures, humbition, RareBreed Ventures, and Lafayette Square. The membership-only New York-based startup is bringing modern whole family healthcare (adult primary care, women’s health, and same-day care) to underserved populations by ensuring price transparency for its consumers. Juno Medical will use the funding to expand to Brooklyn, New York, offer pediatric services, and has plans to expand across the U.S. by 2022. Key Takeaways: Juno works with all major health insurance (Anthem, Aetna, United Healthcare, Cigna, and Medicare) and offers but does not require a membership to get care. According to a study by the Health Resources and Services Administration (HRSA) medically, underserved populations have fewer practitioners, facilities, and higher infant mortality rates. Juno offers (but does not require) membership packages that are priced from $20/month for individual membership to $50/month for families for which members are provided access to “Convenience, Savings, Events, and Programs.” A 2017 survey showed that 96% of Americans overestimate how much they know about their health insurance coverage. The Story: Juno Medical, a tech-enabled primary care provider, was founded in April 2020 amidst the pandemic with its first flagship location in Harlem, New York, and has provided care to thousands of New Yorkers through their platform. Derived from Latin, the word Juno means to give aid and the company has incorporated that goal into its mission statement; providing care seven days a week across specialties in real-time. Juno’s platform displays transparent pricing on their website for both in-network and out of network costs for services including preventative care, follow-up care, same-day care, specialty care, and lab services. Juno works with all major health insurance providers including Anthem, Aetna, United Healthcare, Cigna, and Medicare, and does not require a membership to get access to quality care. Should a patient choose to become a Juno member, the membership packages are priced affordably at $20/month for individual membership (or $200 one-time payment) or $50/month for family membership (or $500 one-time payment). According to the company, membership in Juno Medical allows patients access to “Convenience, Savings, Events and Programs” which are not typically included in the health insurance offerings. For example, this includes discounts with local and national partners on things such as rock climbing, Pilates and, birth control services. In addition to evening and weekend appointment offerings, Juno members get exclusive discounts with their local and national partners. Members will also have access to virtual and live events aimed towards health, wellness, community, and lifestyle. The Differentiators: Identifying themselves as a “team of physicians, designers, engineers, and parents”, Juno is committed to bringing holistic, accessible, and affordable care to everyone. Since prices for healthcare services vary significantly and are often incredibly difficult to figure out, Juno’s price transparency allows consumers to make better-informed, real-time, decisions about when and how to choose the care they receive. Juno also works directly with the health insurance provider on behalf of the patient for out-of-network reimbursements easing the financial and time burden for those who may not have experience with the system. Similarly, patients can easily begin the process of managing their own care by booking their appointment with their preferred doctor more easily than with traditional insurance. Since Juno has relationships with all national health insurance providers, patients are spared the hassle of searching for providers on network directories which are often out of date. With Juno, patients simply fill out their insurance information with their preferred provider and they are ready to go. Juno even helps with such issues as transportation by providing discounts on rides to and from in-person appointments, By removing uncertainty around cost, enabling same-day service, and helping underserved patients Juno is effectively becoming a one-stop healthcare provider platform. Juno’s platform simplifies and streamlines the delivery process by giving its patients access to services such as virtual care, on-site labs, imaging, and diagnostics. The Big Picture: While for decades there have been numerous State and Federal efforts to enhance primary care for underserved populations, the most notable being the Affordable Care Act itself, health disparities and inequities remain a stubborn problem in U.S. healthcare delivery. While digital tools like telemedicine can help mitigate the barriers, they often remain inaccessible due to broadband connectivity issues. Conversely, Juno Medical is helping to simplify the health insurance process and portions of the physical delivery of care by ensuring price transparency and increasing the transparency around pricing. In addition, Juno’s focus of bringing high-quality care to underserved populations can even reduce health disparities and improve overall population health. For example as a report entitled “Understanding the Impact of Health IT in Underserved Communities and Those With Health Disparities”, “chronic diseases are a key driver of health care costs. They account for an estimated 75 percent of health care expenditures and disproportionately affect underserved groups.” Sadly, while that report was written in 2013, as laid bare by the Coronavirus pandemic, the situation is meaningfully unchanged. In addition, as noted in “Disparities in Multiple Chronic Conditions Within Populations” the underserved have a higher incidence of risk factors contributing to poorer quality of life. These costs can be substantial and have a meaningful economic impact on growth and productivity. For example, according to a recent study by the Episcopal Health Foundation, the state of Texas is incurring $2.7 billion in excess medical care spending annually as well as $5 billion in lost productivity due to preventable conditions. This lack of care leads to 452,000 life years lost due to premature deaths valued at $22.6 billion. Consequently, services like Juno’s which provide easy, affordable, and efficient access to care can help reduce disparities for what appears to be a fraction of the cost. Juno Medical Raises $5.4M in Seed Financing to Reimagine Primary Care for the 99% & Juno Medical Raises $5.4M in Seed Financing to Reimagine Primary Care for the 99%

Our Take: The constant advancement in technology and mobile health (mHealth) apps help improve care and patient experience but they give rise to questions around ownership (both beneficial and nominal) of patient data, as well as informed consent for data usage and security of that data. The questions and ethical dilemmas around data are numerous: will the data be kept confidential?, will the developer and user of the app properly safeguard and protect personal health information?, who actually is the rightful owner of healthcare data for clinical/research purposes or the commercialization of the data?, will the patient have the right to access the data and determine the method and length of time for which it will be stored. These are just a few of the questions that surround a patient’s right to know and understand what might become of their healthcare data. However, it is the individuals’ right to consent and make sure to understand the security of their data storage, transmission, access, and ownership that will allow individuals to make informed decisions. Key Takeaways: According to Visual Capitalist, the average American would need almost 250 hours to properly read all the digital contracts they accept for online services. There are many mHealth apps on the market that lack appropriate privacy and security measures and which also fail to inform users as to how their data will be used. One study found that of 79 apps certified as being clinically safe and trustworthy, 89% were found to transfer information online, 66% of which were not-encrypted. Continuing advances in technology and mHealth apps have made it increasingly difficult to protect user data highlighted the issues around patient access to data The Problem: The Health Insurance Portability and Accountability Act (HIPAA) addresses the need for privacy of medical records while acknowledging the need for and importance of individuals being able to access their own health information. To address the need for secure and private patient data, many mobile health apps develop lengthy “terms of use” documentation detailing exactly how their healthcare information will be used. However, the sheer length of the documents and the patient’s lack of healthcare/legal literacy often results in the individual skipping this step, assuming no harm will be done in the long run. In fact, in 2014 six Britons agreed to give up their first born in return for free wifi in a very brief experiment by an internet security company before it was shut down. Although commonly ignored, these privacy policies often lead to patients losing control of what and how much information will be tracked, used, and shared. Moreover, even in the rare instances when these policies clearly and succinctly disclose what information will be allowed to be shared with and used by the apps, these apps often ask for much more information than they need to actually perform their tasks. The Backdrop: The Health Insurance Portability and Accountability Act (HIPAA) passed in 1996 was among the first regulations to directly address the privacy of medical records. HIPAA acknowledges the need for, and importance of individuals accessing their health information to trust their information will be used and disclosed according to their expectations and with full transparency. Patient data confidentiality, privacy, and data security have an important place within the healthcare industry. The continuing advances in technology, which now include GPS enabled tracking technology and social media cookies to track consumption patterns, when combined with mobile health apps, have made it even more difficult to protect (or de-identify) health data and protect patients. For example, as was pointed out in an article in Health Affairs entitled, ”Why Aren’t More Patients Electronically Accessing Their Medical Records (Yet)?,” HIPAA, the predominant legal framework for health data, is already wildly insufficient for protecting health data, both because the re-identification of de-identified data becomes increasingly easy as the volume of data about individuals grows and because HIPAA applies only to a set of “covered entities,” which do not always include many of the parties developing and using new health apps and services. The latest studies indicate that research participants can be identified by their MRI scans alone, even after they have been stripped of all identifying information including the 13 identifiers that HIPAA uses to define “legally protected health information.” In addition, even when patients want to be able to access and understand what data they may have given to providers and payers, current system controls make it incredibly difficult for them to gain access to their own data. For example, while the recently implemented CMS and ONC data interoperability rules should provide patients with greater access to their own data, the rules are still in the implementation phase and it remains to be seen whether they will eventually provide patients with more timely, easier access to their data on a device of their choice. Similar issues arise with mHealth apps where both data privacy and ownership issues arise for patients. For example in an article entitled, “Developments in Privacy and Data Ownership in Mobile Health Technologies, 2016-2019”, the authors concluded that many mHealth apps on the market lack appropriate privacy and security measures. They noted that of 79 apps certified as being clinically safe and trustworthy, 89% were found to transfer information online, 66% of which were non-encrypted. In another study of 137 mHealth apps, more than 60% allowed transmission of health information via insecure methods and the same study showed 40% of apps failed to protect the integrity of the data they displayed. In addition, with various health applications, there are pages of legal descriptions and disclosures prior to a user gaining access which does not explicitly say with whom, why, and when their personal data/information will be shared. Moreover, users are typically confronted with privacy policies that are lengthy, not written in user-friendly language and end up unclear on what they are actually consenting to. As noted earlier, often out of frustration and a sense of powerlessness (ex: I have no choice), users often “agree” and continue without clearly understanding the depth of the privacy policies and they assume there is minimal risk while using the application. Finally, apps often end up inadvertently or indirectly obtaining data through inappropriate or overly broad permissioning. For example in an article entitled, “A Privacy and Security Analysis of Early-deployed COVID-19 Contract Tracing Android Apps,” the authors examined certain COVID contract tracing apps which operated on low energy Bluetooth technology and that did not require software permissions to be granted for such things as access to location data, ability to access the microphone, or access to a users contact details. This is particularly important in software because as noted in Wikipedia, software permissions are a means of controlling and regulating access to specific system-and device-level functions by software. Generally, permissions cover functions that may have privacy implications, such as the ability to access a device's hardware features (including the camera and microphone), and personal data (such as device storage, the contacts list, and the user's present geographical location). For example, in the COVID contact tracing apps, the authors found the only permission requirement that existed was to agree to basic software permissions, and survey results showed the app did not require access to sensitive information. However, upon further examination the authors found that when it came to the contract tracing apps run-time permission accesses, they were actively accessing such permissions (effectively meaning the apps were gaining access to private data without a user’s consent). The authors also noted these apps weren’t transparent regarding the data collection, processing, sharing, and transfer practices, which lead to concerns about whether or not they are compliant with the existing privacy laws. Implications: Providing patients with the ability to determine what data they are giving up when they access certain systems is challenging and complex caused, in no small part by the intricate set of rules surrounding data privacy and security. This task is made even more difficult when one takes into account the numerous vendors, institutions, and third parties that need or have access to private patient information in order to make the healthcare ecosystem function. In the end, users may find themselves in situations where their information is easily identifiable and traceable. In some cases, different parties have attempted to overcome some of these concerns by sell de-identified data sets to data brokers who will use this patient data for research of commercial purposes, yet it is often easily reidentified. In addition, given the application of healthcare data for marketing purposes, this data if often resold or shared with third parties for such purposes. For example it shouldn’t be surprising that Reuters recently reported that if a mental health or smoking cessation app is downloaded, there is a likely chance it will share marketing, advertising, or usage tracking data with either Facebook or Google. In addition, a recent article in Forbes highlighted similar issues in the privacy policies of 25 of the 36 mental health apps Forbes examined, noting that the privacy policies of the apps in question did not note how the data collected by the app would be used. Given the growth of the digital healthcare industry it is imperative that users/patients are informed how their data will be used, potentially monetized and what specifically they are consenting to in easier to understand terms. While some will argue that it is not possible to simplify all terms and conditions, at a minimum it would seem they could be summarized upfront and then explained in more detail. For example, perhaps, the first 5 sentences could very clearly and plainly state what and how their data will be used, in language that is easy to understand since most users lack adequate healthcare and legal literacy. Where possible, terms should be targeted at the so-called average reader (generally assumed to be the 5th grade reading level) and use short sentences that either avoid or explain legal and contractual terms. Similar to privacy disclosures, data ownership disclosures should follow several rules like those suggested by the Dartmouth Institute. They recommend for the sake of privacy and security that mobile health app developers keep in mind: Complying with all relevant federal policies, regulations, and laws. Providing patients with the choice to opt-out of providing sensitive data. Providing patients with the choice to block the transfer of data to health care teams. Providing patients with the ability to block use of data for research purposes. In addition to fully informing and ensuring they understand how their data will be used, patients also have to make sure they have adequate knowledge and power over commercial discoveries that may emanate from their data. For example, in an article entitled, “If Your Medical Information Becomes a Moneymaker, Could You Get a Cut” the authors review the case of a patient being treated for testicular cancer at Memorial Sloan Kettering Cancer Center (MSK) in New York City, whose lymph nodes and other body parts were removed and used for profit-based, private research. He never paid attention to where these removed parts went but questioned who they actually belonged to - did it belong to him or MSK? Furthermore, were his body parts being used to advance medical research and not compensating him for it? The rules are under circumstances such as these are addressed under Federal HIPAA privacy rules. According to HIPAA, doctors can use patient data for research or to improve health care operations. However, if doctors are using information to develop a product they can sell or make a large monetary profit from, then it might fall outside the definition of “health care operations.” Being transparent is essential to meeting the standard of informed consent and fostering an open and honest relationship with patients, as is informing them when using their personal health information for healthcare research. Patients (and researchers) should also be aware that there is a difference in how patient data is approached in the U.S. and in Europe. For example, in “Developments in Privacy and Data Ownership in Mobile Health Technologies 2016-2019” the authors note that in the European Union, users have the right to be informed on what data will be collected as long as they are told how it will be used. By contrast, to the EU, the U.S. hardly informs what and how patient data will be used. Perhaps the U.S. should look to Europe and other countries' models and consider how they handle patient data privacy as a model for moving forward. Related Reading: Visualizing the Length of the Fine Print, for 14 Popular Apps Developments in Privacy and Data Ownership in Mobile Health Technologies, 2016-2019 A Privacy and Security Analysis of Early-Deployed COVID-19 Contact Tracing Android Apps Britons Sign Away First-Born Children for Free Wifi

The Driver: Recognizing the opportunity in “virtual first primary care” Oxygen Healthcare was launched during the Coronavirus pandemic to provide an end-to-end solution for physicians looking to rapidly deploy virtual-first primary care. Backed by $3M from Paul Heywood and with a founding team that has been involved in a number of successful startups, Oxygen offers AI-based solutions that provide clinicians with an entire virtual primary care ecosystem The Key Takeaways: Nearly 40% of physicians have a side-gig and almost 75% of them say that enjoy it at least as much, if not more than their primary job Integrated, virtual-first primary care practices like Oxygen will help clinicians streamline clinical workflows and improve the quality and cost of care Virtual primary care doctor, consulting, expert witness and investor are all popular additional sources of income for physicians Nearly 20% of primary care clinicians surveyed by the Primary Care Collaborative during COVID said someone in their practice plans to retire early or already had left the practice. The Story: Founded in 2020, Oxygen’s goal is to combine “the best of robotic automation, AI, and digital healthcare technologies to create an outstanding virtual healthcare experience.” Targeted primarily at independent practitioners, Oxygen allows them to quickly and easily establish their own virtual practice for approximately $200 per month. Oxygen also offers an affiliated group model but that is not as great a focus initially. The platform incorporates telehealth, an EHR, prescription ordering, and administration/billing all into one seamlessly integrated software package. The platform is designed to be “turn-key” so that a practice can be up-and-running within a matter of hours. Once operational, clinicians can prescribe medications, order lab tests, and have all data entered right into the integrated EHR. To get started on their platform, all providers have to do is set up their profile, declare their specialty and payment preferences, and establish their availability. Currently, Oxygen is in its initial rollout phase and the platform is open to all specialties. From the patient’s side, the Oxygen app is an intuitive, patient-friendly portal where patients are asked to complete their health profile and questionnaire before their appointments. Patients can choose their provider and request an appointment. Additionally, patients are sent push notifications for upcoming appointments. Currently, the Oxygen app has the capability to upload and integrate data from consumer wearables health apps such as the Apple Watch or Fitbit and is working on others. While Oxygen’s EHR does not currently integrate with the major provider-based EHRs , this capability is expected to be incorporated in the very near term. According to the company, their founding team has helped build investments with over $1B in value and been involved in successful startups with exits to Google, Oracle and others. The Differentiators: Oxygen’s platform gives independent physicians a rapid way to provide “virtual-first” telehealth services in a comprehensive, integrated platform, This eliminates the hassle and inconvenience of having to contract for separate EHR’s, billing/administrative functions, telehealth platforms, etc. In addition, Oxygen’s app is intuitive from both the clinician and patient side, the platform is easy to navigate, clear, and graphically appealing. In addition, Oxygen’s app allows clinicians to review lab/test results before they are sent to patients or have them sent directly to patients in a contextualized form (ex: high, low, within normal range), based on the clinician’s/patient’s preferences. This will become increasingly more important as healthcare consumerism increasingly drives the healthcare delivery model. In addition, by directly integrating data from consumer wearable devices, Oxygen’s system is allowing clinicians greater visibility into continuous monitoring of their patient’s daily lives and vital statistics. While there is some debate about the value of consumer-grade vs. medical-grade data, over time there is no doubt that this gap will close with improvements in technology and the information will become increasingly more valuable to clinicians in diagnosis and treatment. The Implications: Virtual first is increasingly gaining a lot of interest among both clinicians and digital healthcare investors as providers look to meet patients where they are. While it certainly won’t be appropriate for all cases, virtual-first can extend access to care for many who would not be able to or want to have to deal with the time or inconvenience of having to visit the doctor for a physical appointment. In addition, “virtual-first” is appealing for physicians who feel overworked and overburdened by the administrative portion of their jobs so are beginning to look at ways of supplementing or replacing income. For example, a recent article in Becker’s Healthcare noted that nearly 40% of doctors have side-gigs, prompted largely by income losses from COVID and that almost 75% of them like their side gig equally or more than their primary job. Services like Oxygen’s which are purpose-built for virtual care and help to optimize all facets of running a practice from billing right through referrals should benefit from this trend. In addition, by incorporating AI into their model, Oxygen will increasingly find ways to streamline the workflow and improve the quality and cost of care. Moreover, as providers and patients look to ways of extending care beyond facilities to incorporate remote patient monitoring “virtual-first” will already allow EHRs and other systems to incorporate the appropriate data and analytics so they can be analyzed and applied within clinical practice and workflows.

Our Take: With the rise of ransomware attacks, healthcare providers and application developers need to make sure they are practicing exceptional cybersecurity controls and security hygiene to avoid being victimized and to recover quickly if they are. As noted in a recent Forrester blog post, entitled “Ransomware: Surviving by Outrunning the Guy Next To You”, ransomware is about making yourself a less vulnerable target than others and protecting your critical infrastructure, ensuring that staff is familiar and practicing security protocols, reducing the potential places for malware intrusions and ensuring the safety of healthcare systems and patients. Key Takeaways: According to CISO magazine, 97% of organizations faced a mobile malware attack and 46% had at least one employee download a malicious mobile application in 2020. Between 2010-2017, over 176.4 medical records were breached by criminals aiming to monetize off of the medical and private information stored by the healthcare systems. According to the HHS, “4 out of 5 U.S. physicians have experienced some form of a cybersecurity attack.” Surveys indicate that recent ransomware attacks only heighten patient’s hesitancy to provide personal information and data online. The Problem: On May 1, 2021, Scripps Health in Los Angeles reported that it had begun experiencing a ransomware attack that would ultimately last several weeks. According to Scripps the attack exposed the health and personal information of approximately 150,000 patients, forced it to take its IT system offline for several weeks, and required medical personnel to revert to using paper-based records. This is only one example of the increasing rise in ransomware attacks on healthcare facilities that are occurring more frequently, putting patient’s information at risk and disrupting operations or entirely shutting down healthcare services. This not only places patients at risk but damages the healthcare organization’s brand and reputation. These ransomware incidents raise questions on the role healthcare systems themselves and users of these healthcare technologies and applications play in ensuring the security of patient data and their basic operating infrastructure as well. For example, according to HealthcareDive, “fewer than half of healthcare institutions met national cybersecurity standards last year” and IT and cybersecurity spending for healthcare systems remain low relative to other industries. The Backdrop: Cybersecurity, or lack thereof, is directly related to the protection of the delivery of healthcare to patients and patient health information. The possibility of a cyberattack increases the risk of exposing patient information, erasing or deleting health records, and even shutting down the entire system. Ransomware is a very dangerous example of what may result from attempts at email phishing or malware or targeted bugs. Ransomware is malware implanted by cybercriminals that utilizes encryption to in effect hold user information hostage for a ransom ranging in amounts from thousands to billions of dollars from the organizations that rightly own the data. Moreover, even when the demands for ransom are met, not all the data is recovered. For example, In 2020, the average “bill” paid to cybercriminals by companies to recover their information toppled upwards of 1.3 million dollars yet only about 69% of the stolen data was ever retrieved following this payment. Oftentimes, ransomware is launched into systems via emails and plug-ins such as USBs and other hardware. The data is encrypted so that owners of the data cannot access files, applications, or their databases unless they pay the ransom in order to get the “key” to decode or decrypt the data. Ransomware can also be designed to affect other parts of an organization’s systems. Due to the sensitive nature of its data and the life-and-death impact that data issues or delays can have on the quality of care the healthcare industry is vulnerable to and has been a prime target of ransomware. For example, in 2020 over a third of healthcare systems reported being hit with ransomware, and 65% of those reported that they had paid the ransom to cybercriminals to get their data unencrypted by the attackers. As noted above, this lack of IT security is in part due to institutional constraints, such as a lack of financial resources and understaffed and underfunded IT teams. These problems were heightened by the COVID crisis when healthcare systems had to deal with the stress of the shortage of physical facilities for patients and dramatically increased workloads on staff (some of whom became ill with COVID). Just as healthcare workers are expected to maintain certain practices and procedures for physical hygiene, healthcare organizations need to ensure they have and are following similar policies and procedures for data privacy and security and their online presence. These methods are most effective when they are communicated broadly throughout the organization, practiced widely, and the subject of drills so they can be put in place quickly in the event of an emergency. One suggestion for healthcare providers would be to follow the lead of organizations in the financial services industry, which generally have been at the forefront of cybersecurity controls. As such we would suggest that healthcare organizations implement the controls recommended by the New York State Department of Financial Services in a recent National Law Review article. These include: Email filtering and anti-phishing training for employees, including regular exercises and blocking malicious attachments and links; Vulnerability and patch management, including a documented program to identify, assess, track and remediate vulnerabilities on all enterprise assets; Multi-Factor Authentication, including for all logins to remote or internal privileged accounts; The disabling of Remote Desktop Protocol (“RDP”) access wherever possible, and if RDP is deemed necessary, restricting access only to whitelisted originating sources; Privileged access management, including implementing the principle of least privileged access; A way to monitor systems and respond to suspicious activity alerts, including an Endpoint Detection Response (“EDR”) solution; Comprehensive, segregated backups that will allow for recovery in the event of a ransomware attack; and An incident response plan that explicitly addresses ransomware attacks and will undergo testing, including with the involvement of senior leadership. Implications: The dramatic increase in ransomware combined with the proliferation of digital health tools requiring remote access has lead to an exponential increase in points of vulnerability points for healthcare suppliers, their partners, and their customers. As a result healthcare organizations need to make sure they look closely at any applications they may deploy in their systems to ensure they don’t expose vulnerabilities or create new ones. Similarly, application developers need to ensure they are following strong coding standards and design techniques and incorporating strong security tools from the earliest stages of development. While these may sound fairly straightforward, as noted in a recent article review in the Journal of Medical Internet Research, approximately 15% of the articles they studied noted that developers lack the expertise to secure mHealth apps, pay little or no attention to the security of mHealth apps and lack the resources for developing a secure mHealth app. As a result, we recommend that both app developers and those looking to deploy new digital health apps in their environment follow steps similar to the ones outlined in the W2S solutions blog entitled “Security Issues App Developers Need To Deal With While Developing A Mobile App.” While not meant to be exhaustive, the recommendations and others will help protect from ransomware entering an organization’s system. These include: Writing secure code, that uses strong coding practices like signing in and code hardening Encrypting data during development thereby making it more difficult to be accessed by malicious attackers Using third-party application libraries sparingly and testing code after using it to ensure the code is not compromised Using only authorized Application Programming Interfaces and using a central authorization for the complete API to ensure maximum security Deploying high-level authentication via such means as Multi-factor authentication (ex: OTP login, biometrics) Incorporating session management as a feature, in case the device is lost or stolen and using tokens instead of identifiers when managing sessions Testing continuously and properly, use emulators and penetration testing to determine any vulnerabilities Staying on top of evolving security technologies and threats to ensure that you are using the latest protection for your application Related Readings: Scripps Health EHR, Patient Portal Still Down After Ransomware Attack What Is Ransomware? Fewer Than Half of Healthcare Institutions Met National Cybersecurity Standards Last Year ​​More Than 1/3 of Health Organizations Hit by Ransomware Last Year, Report Finds. Security Issues App Developers Need To Deal With While Developing A Mobile App (Blog) A Wave of Ransomware Hits US Hospitals as Coronavirus Spikes

The Driver: Castor, a provider of clinical trial software to empower decentralized clinical trials, recently raised $45M in a Series B funding led by Eight Roads Ventures and F-Prime Capital with additional investments from existing investors Two Sigma Ventures and Inkef Capital. With offices in New York and Amsterdam, Castor is attempting to disrupt an antiquated clinical trials process that is often not digitally driven and which results in approximately 40% of trials being halted due to slow enrollment. The Takeaways: Less than 5% of patients participate in clinical trials and trial diversity is a persistent problem, particularly for certain disease populations. According to data from IQVIA, 49% of patients drop out of clinical trials before completion and 48% of trial sites miss their enrollment targets. On average new therapies take approximately 10 years to reach the market and cost approximately $3B to develop. A typical travel requirement is for patients to visit a trial site 15-20 times over a 6 month period. The Story: Founded in 2012, while CEO Derk Arts was doing his final medical internship in an intensive care unit in the Netherlands and had to assist with a clinical trial. As part of the trial, Arts had to input case report forms into each individual patient's case report file which then had to be combined in order to get results for the study. Upon using this system, Derk soon realized it would not scale easily. Building upon the programming experience he had used to help support himself while at school, it took him two weeks to build a prototype for use in the ICU, according to the company’s website. After doing a little more research Arts states that he came to find out “that almost all unfunded investigator initiated studies used Excel or SPSS for data collection” as colleagues noted open source software was too complicated to build and professional systems were too costly. According to the company, Derk soon partnered with a friend who was a PhD student and within two months they had built what was to become the Castor Electronic Data Capture system. Castor states that the EDC offers a “modern, self-service clinical research platform which enables every researcher worldwide to design studies and integrate data from any source in real-time.” Castor is attempting to use human-centered design to improve the speed, efficiency and patient experience of the clinical trial process. The Differentiators: Traditionally clinical trials are based around a physical trial site around which trial participants are recruited and to which they periodically report to have their blood drawn and other lab tests to evaluate the efficacy of the drug candidate. Often the process was very paper intensive and manually based. Castor is attempting to modernize this legacy process through the use of digital technology. Castor’s enrollment portal allows organizations to recruit, screen and obtain electronic informed consent forms in an automated fashion. This is extremely important as trials often have a difficult time recruiting diverse populations, in part because of the difficulties that many underrepresented communities have in accessing trial sites. For example, according to Pharma Voice, patients often have to travel an average of 50 miles to reach a trial site. In addition, Castor’s platform allows “participants to easily provide data, and stay up-to-date from the comfort of their own homes”. As noted above almost 40% of trials are halted due to missing enrollment targets, in part due to the burdens trials place on their participants such as manually having to keep records of medication administration, efficacy and side effects. By allowing trial participants to keep records and communicate through its app, Castor’s platform streamlines and simplifies the process for patients. In addition, with the average cost to successfully develop and bring a drug to market equaling approximately $3B, Castor’s products empower companies to drive down trial costs and speed delivery of new products helping to drive competitive advantage. This is achieved via real time visibility into trial data which facilitates monitoring patients and incorporating trial amendments (if necessary), and flexible remote data capture which provides an API that allows data collection from other systems. The Big Picture: As noted by Castor co-founder and CEO Derk Arts, prior to COVID, clinical trials were “stuck in a rut”, the process was cumbersome, required heavy manual input from both patients and trial personnel and did not allow for easy monitoring of side effects or changes in trial protocols. However, due to the need for social distancing and to limit exposure to COVID, digital clinical trials gain new popularity, By reducing travel time and expense for participants, which often spans several times per week over a six-month span, tools like Castor helped increase recruitment of more diverse trial panels and the recruitment of sub-populations which can be critical in certain diseases. In addition, as illustrated by a number of short trial stoppages during COVID vaccines development, rapid tracking and monitoring of drug candidate side effects can be crucial in helping speed products to market and in investigating potential issues or the need for changes in protocol. Moreover, the pace of pharmaceutical innovation relative to the amount spent on R&D is largely unchanged since the 1950’s, in part because of the difficulties encountered with recruiting, retaining and completing trains, Castor and products like it, which bring the process into the digital age, should help speed the pace of innovation. Castor, a Clinical Trial Process Company, Raises $45M to Create More Human-Centered Research, Castor Raises $45M Series B to Modernize the Clinical Trial Process and Maximize the Impact of Research Data on Patient Lives