Even if I did, I wouldn't want it anywhere near anything related to my healthcare. Requiring a Facebook account to sign up was a huge mistake.
We use FB to verify identity and help make it easier for you to invite friends and family, the people with whom you're already sharing your health info. Everything stays private within Prime.
In other words, personally speaking, it's not you that I don't trust, it's FB. I'd go out on a limb to say that's probably what the grandparent poster meant, too. I know, I know, blah, blah, blah, but I don't want to do the mental exercise of walking through the scenarios. "Okay, Prime has convinced me it's trustworthy, but how could FB hose me? Well, they could...". It's easier to just not use the app. And I want to use the app.
I really like the concept BTW!
EDIT: Seriously, I appreciate the desire to get your viral coefficients up and everything, but this is something that is actually important and can ruin people's lives; don't take it lightly.
Eh, it's not a disastrous problem -- this seems like it would be something you can change without any serious reworking of your central offering. You could also have a one-time, optional Facebook connection where the patient could authorize you to grab their contacts, and then have no further contact with FB.
In truth I hope my initial concerns are all wrong and you find a huge market. Best of luck.
I will also say that I think it would be great if our culture was a bit more open about our health on a personal level, rather than being so secretive. But I also understand the current need for that sometimes (like you point out in the job market) and so that's more so a personal hope than a product goal.
Thanks!
Awesome! Sign me up!
> Health is inherently social > Provide context for your friends and family by sharing real health information seamlessly. Focus on communicating about your health rather than communicating the technical details.
Yeah. No. Goodbye.
I would love to have all my records all in one place.
But why in the world would I want to share my high blood pressure/high cholesterol/chicken pox/herpes/aids etc. checkups with my friends and family?
The target market of the app is people who have close friends and family members that they want to keep in the know about their health. This might not be you, which is totally okay.
Maybe wellness is inherently social. I am a huge fan of Strava.
But there is no way I would give three guys in Oakland access to my medical records.
I know a lot of people who upload their scanned prescriptions and reports to Dropbox. Dropbox uses AWS S3 to store data.
Do the 3 guys from Oakland use the same infrastructure? I'm not sure. But Dropbox has access to your files.
I can't say you're someone who uploads medical data to cloud storage, so this is a more general question (since I'm sure more people will have these qualms): Why Dropbox and not Prime? Is it Guido? Drew? Those guys are from the Netherlands and Massachusetts respectively.
If there's a security concern, the NSA (and I'm sure other agencies) pretty much have access to everything, and those employees might just be a couple of guys from Oakland.
Note: This is something I can see as a valid concern from a lot of people, so this question is as much directed to the Prime team as it is to Steve.
Update: I wrote Oklahoma instead of Oakland everywhere.
Update 2: They _do_ use Amazon.
Some more background on us: I worked at Disqus for 3 years. I spent time on the Product team and helped engineer some of their tools too. Owen is a fantastic engineer who spent 4 years at Intel and Oracle before that. We know security, we know scale. We're fully HIPAA-compliant; we even worked with Amazon directly to ensure this. Everything is encrypted and no data is stored on the device.
What could we do differently to put your mind at ease about this? Are there specific technical points you have in mind?
This is a problem that desperately needs to be solved and we're solving it for the people who need it solved most: people who really need their real health records with them right now, whether to show at their next doctor appointment or to family at home or friends on the other side of the country.
Thanks for your thoughts.
"AWS enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) to leverage the secure AWS environment to process, maintain, and store protected health information and AWS will be signing business associate agreements with such customers."
Yes, people need access to their data. No, heath data is not inherently social. Sharing specific pieces of data with specific people does not mean health data is inherently social. I would seriously consider rebranding your efforts as a personal health data access mechanism that can also be specifically shared in the finest ways with specific people. And for the love of all that is holy, disassociate yourself from Facebook. Add your own sign up with email. Do not oauth with any other provider. As soon as you add FB/Google/Twitter/etc. you open the door to your customer having to ask the question about whether or not they want those companies having access to their data. Even if you say they will not, your customer will have to make a judgement call as to whether or not that is true.
> You tested positive for Herpes, Hepatitis, Chlamidia and HPV
Health and wellness has never been more social.
Also, higher-level: how should potential customers check if their provider is already on Prime?
Finally, my first question when I see a service that will help me with sensitive, private data for free is: who is paying for this? Maybe the providers are paying; maybe the plan is to sell "non-personally-identifiable" data; maybe there will be ads and/or targeted 3rd party offers; but if the site is secretive about its business model, I assume the worst. In this case the privacy policy seems to suggest the latter two options, which are bad enough for email hosting, but really quite dangerous for medical data. The process of pseudonymizing medical data is difficult and necessarily imperfect; so the consumers of any pseudonymized data need to be responsible parties.
Good point about letting people check the full list of providers!
To the question about business model, all three of us agree wholeheartedly that free services rightfully bring a certain level of skepticism. All things considered we don't think it would be possible to charge for the app, but do feel there are not enough truly consumer-focused offerings in the health space. So we are thinking hard about what the revenue model will be. We don't have any plans to sell info in any regard and are under the impression that would require a direct opt-in from consumers if that offers any solace.
This is interesting. Are you then not considering exposing APIs to anonymous data or such like?
We are thinking a user driven OAuth style service would be valuable.
We must have a different definition of "any," since this will not get them from my primary care physician. His records are not computerized. (If I don't pay my copay at the time of my visit, my bill is typed on a typewriter.) He started practicing medicine in the late 1960s, joining his father's practice. I'm sure that some older doctors, in smaller towns (I'm in a D.C. suburb), are the same way.
Some quick facts:
* More than 50% of clinics and hospitals in the U.S. have an EHR (electronic health record system) of some kind: http://www.hhs.gov/news/press/2013pres/05/20130522a.html. That means they can give you an electronic copy of your record.
* Meaningful Use says providers have to offer records electronically.
* Meaningful Use Stage 2 (goes into effect in 2014) says doctors also have to offer the record in whatever format you as a patient choose.
* The whole main point of HIPAA, the reason why it came to be, is that it gives every U.S. citizen a right to their health record, and to the ability to take it with them wherever they go.
The bottom line is: if your doctor isn't giving you an electronic copy of your record — and in 2014, in the format of your choice — they're breaking the law. It's your right to have your health record, and not just in paper form.
So the overall point of what I wrote is still true — you have a legal right to your health record in the electronic format of your choosing:
> (ii) Notwithstanding paragraph (c)(2)(i) of this section, if the protected health information that is the subject of a request for access is maintained in one or more designated record sets electronically and if the individual requests an electronic copy of such information, the covered entity must provide the individual with access to the protected health information in the electronic form and format requested by the individual, if it is readily producible in such form and format; or, if not, in a readable electronic form and format as agreed to by the covered entity and the individual.
That's from HIPAA § 164.524 Access of individuals to protected health information. (c)(2)(ii). Direct link: http://www.ecfr.gov/cgi-bin/text-idx?c=ecfr&tpl=/ecfrbrowse/...
And that was also the point of OP's comment. OP was saying small practices might not always be able to provide a health record to their patients. Your health record is your legal right and so is an electronic copy (provided the data is stored electronically) as of the latest revision to HIPAA which has been in effect since September 2013.
>if not, in a readable hard copy form or such other form and format as agreed to by the covered entity and the individual.
If the records are only hard copy, then there is no requirement to convert them into an electronic format just to provide them to an individual. I know this is the case with my primary care physician and I think it may be the case with other smaller practices. Many of these may be small practices run by older doctors, so they may simply retire. If you've been practicing since say 1970 or so and haven't converted everything to electronic format by now, why bother?
Correct. Yet over 50% of providers have an EHR. And that number is growing every month.
> If you've been practicing since say 1970 or so and haven't converted everything to electronic format by now, why bother?
Because Meaningful Use incentivizes you to do so. The government gives you money.
I can fairly confidently say that I have never thought -- and I am almost never likely to think -- "Hey, you know what I need? A social network that tells all my friends when I get a colonoscopy."
There's a very interesting problem in this space we're about to all be hit by, right?
Most all of the healthcare problems we have could be solved/made better/made less expensive by massive data mining (disclaimer: I work in a related area nowadays). The problem is, to be most useful, that data has to be both complete and correlated with other such data points.
That pretty much destroys privacy as we know it, at least until we find some way of updating our societal mores to be less discriminatory.
Example: How great would it be to have automated notification of STD/STI risks (Siri suggests: wear a rubber if they take you home tonight, no reason)? How about having a simple way of being warned when cold season is actually happening in your area (some threshold of people in your vicinity are currently seeing a doc about a rhinovirus case, so be careful)?
Even more concretely: we can't optimize the hospital services because all that data is silo'ed and fragmented so badly. Your medical history is always incomplete.
First, health is inherently social. When you're sick, do you tell your loved one (boy/girlfriend, spouse, parent, close friends, etc?). Of course you do. You want them to know that you might need their care for a few days, that you might have to miss some events that you'd planned together, that you might need help going to the pharmacy to pick up some meds, etc. More serious health issues are even more social. Name one person you know who has suffered from a severe medical condition who has not told their loved ones. When my close family and friends are ill or going in for checkups that are potentially not routine, I want to know immediately what happened. If my loved one were to be drastically ill, I would want to know everything about their condition, the test results, the doctors' reports, the latest research, etc. Surely the HN community understands the desire to geek out over knowledge (health knowledge) and Prime aids that.
Furthermore, I recently suffered some major personal health issues. When I was in the midst of a flurry of doctors visits and medical procedures, my family and friends were all very curious to know what was happening and if they could help out, etc. I was already exhausted by the doctors' visits, and sharing the result of every test and exam with dozens of people was really straining for me. I was extremely lucky to have people near me who could assist me in spreading the word to the people who cared, but this whole "sharing information" problem would have been perfectly solved with Prime. I intentionally did not share any of my health information on Facebook, because I didn't trust Facebook's data privacy and sharing policies. While health is social, it's still private. But Prime may solve this.
For more routine procedures, I can see Prime being very useful. Did my elderly grandmother get her flu shot yet? Check. What was the result of my father's latest checkup about his cholesterol level? Easy to know.
Beyond "social", Prime provides centralized repo for all your medical data. Remember Mint? Remember how everyone gave up their bank passwords to a web-based service so they could see pretty charts and better budget and manage their finances? Remember how Mint took that information and sold ads and upsells against it? Yeah. Right. That's what is happening with medical data, too. Someone (Prime, perhaps) is going to be the one to collect all this information in one place, make it easy to read and understand, and become "the Mint of health data". I would bet on this. The world of health data is too fragmented to not be consolidated sometime soon.
The issues Prime faces are not small: first, ingesting data, and second, earning their users' trust.
I wish them the best of luck.
Any number of friends or random acquaintances who are seeking professional help for psychological reasons, or for cancer, or for something seen as embarrassing ("Hey Mom, I've been pissing blood due to a UTI--turns out you were right not to like her...").
"The world of health data is too fragmented to not be consolidated sometime soon."
Which is fucking scary...the ways that this can go wrong, especially given how ruthless and amoral and short-sighted your average startup is these days, are legion. I'd rather see a model similar to safety deposit boxes with revocable keys than the doubtless ad-driven pharma-sponsored nightmare that's probably being concocted in the Valley as we speak by some MBAs too stupid to know any better.
This is __highly__ subjective. I don't do this. But neither your comment nor mine proves anything.
I have a feeling they're coming from the premise that pre-Facebook no one wanted to share what they're doing, filtered pictures of what they're eating, etc. The world evolves. As someone else has mentioned, maybe they're ahead of their time. Then again, maybe not. The only thing they're getting flak on here is the social part of the product. I'm unwilling to believe they just did that for a "Web 2.0" badge. However, it'll be interesting to know how they figured health is inherently social.
Psychological illnesses, cancer, etc may be too sensitive to share. Even pregnancy for that matter. Fever, stomach aches, head aches may be noise - I know people who just trudge along their day without a second thought. But this is anecdotal.
I do think they're building something cool here and wish them the best of luck!
You're also right that it's subjective but it seems that at some point everyone comes to share or hear about health info and we are working to improve the communication difficulties in that realm.
Outside of people involved in the medical treatment (who would be prohibited from naming them by HIPAA), the fact that they haven't told their loved ones would mean that other people wouldn't really be able to name them, generally.
That doesn't mean they don't exist.
What is happening is that you are using the term "social" in a literal way, whereas in this context (the tech industry) it means something very specific.
