An Interview with Susannah Fox by David Driscoll


This past week we had the chance to sit down with Susannah Fox, one of our advisors here at Ciitizen, for a conversation about technology and health. Susannah is the former Chief Technology Officer for the U.S. Department of Health and Human Services, and she specializes in providing strategic advice related to research, health data, technology, and innovation, targeting areas of the healthcare system that need to work better for patients and caregivers. She was in town to participate in the Andreessen-Horowitz podcast, along with Ciitizen CEO Anil Sethi and a16z general partner Vijay Pande -- but we got her alone for a twenty minute one-on-one beforehand, discussing everything from mental health to social media usage among young adults. Our conversation is below:

Ciitizen: You’re a mainstay at a number of large health conferences these days, and you’re also an eloquent speaker. How did you get started in your career?

Susannah: I was a start-up kid in the early nineties and then worked in journalism, helping to start a website for a magazine. I then became a researcher, and I was trained to only ever speak publicly about a subject that I had personally researched, whether talking to a reporter or on stage speaking at an event. It’s really good training for being careful with your words, which is important when you work in government.

Ciitizen: What I really admire about your blog and your writing is that you focus on technology and health coming together, but with technology more as a medium for human interconnectivity. It’s not about replacing human interaction but rather enhancing it. How did you get started with peer-to-peer health, and why does that subject continue to drive you?

Susannah: This interest at the intersection of health and technology started when I was at the Pew Research Center’s Internet Project, which began in the year 2000 as a way to look at the social impact of the internet on American society. I often like to say that was back when dinosaurs ruled the internet because it was such early days. Only about 50% of American adults had access to the internet at that time, and the Pew Charitable Trusts tasked us with doing national surveys, talking to people about how they were using the internet in regard to their civic life, their education and their children’s education, and their health and health care. Rebecca Rimel, the head of the Pew Charitable Trusts, was sitting in a conference one day where people were talking about the social impact of the internet as opposed to the business impact and no one had any data to show. She thought we should be talking about this important cultural phenomenon with data, so she allocated money to start the Pew Internet Project.

Ciitizen: What type of data did you ultimately find?

Susannah: When we started looking at various aspects of American society and how the internet was affecting it, health care emerged very clearly and early in our research as a part of the world that was deeply affected by the internet and technology, but we were coming at it from the consumer point of view. There were already researchers who were looking at it from the pharmaceutical companies’ point of view or from the doctors’ point of view. So much of the conversation in the late nineties and early 2000s surrounding the internet was about the stock market and how the web was changing business. Instead, we started by talking with regular people about how they used the technology and that got me interested in the patient perspective and the caregiver perspective.

Ciitizen: Did you start down that path on your own, or were there others that helped guide you?

Susannah: Early on I was very lucky to be taken under the wing of Tom Ferguson, who was an amazing MD and the first medical editor of the Whole Earth catalog. He was an early internet pioneer and someone who believed from the beginning of his medical training that the most important thing health care can do is to push as much knowledge and power as possible to the patients so that they can solve their own problems. That’s actually where health and well being lives: at home, not in the clinic. He encouraged me to start doing field work. I studied anthropology in college and he encouraged me to use that background to ask questions. More importantly, ask questions that people want to answer.

Ciitizen: What do you mean by “questions that people want to answer?”

Susannah: This past year I did a survey where we looked at how teenagers and young adults are using social media, especially in regard to their emotional well being. There’s a lot of public conversation about the rise in depression, anxiety, and suicidality in this age group, and it’s very concerning. It also happens to coincide with the rise of social media, so there has been some blame. The adults think if their kids could just put down their phones, they would feel better. Hopelab and Well Being Trust, who are the sponsors of this research, asked me and my co-author Vicky Rideout to take a look at this. We did a survey where we asked some questions that are clinically-validated scales for depression. What’s really important is that we asked the teens and young adults to tell us, in their own words, how they use social media when they’re feeling blue. No one had ever done that before, giving the power to the respondent in the survey, and we were almost overwhelmed by the response. We had over 600 responses to one open-ended question. It was almost as if teens and young adults had been waiting to answer it!

Ciitizen: They say you can always learn more by listening.

Susannah: Yes, and that’s what you want to do when you’re going into a new or emerging field. You need to have humility, and you want to listen first before you ask these questions. You want to think from the perspective of the respondent, or user of the product. How can I put myself in their shoes? How can I better understand their perspective? Well…how about we just ask them? What we found is that teens and young adults use social media in a number of different ways, and they’re pretty savvy about it. They actually curate their feeds so that when they’re feeling sad, and when they’re feeling depressive symptoms, they specifically go to Instagram because they’ve curated their feed to include funny cat videos, or inspiring biblical passages—whatever they’re into.

Ciitizen: So would you say you specialize in understanding how people use technology surrounding their health?

Susannah: My friend Paul Tarini gave me my favorite description of what I do: he said you’re an internet geologist, meaning I study the patterns in the landscape, and I can give advice to companies, organizations, and individuals about the patterns that I see. I can make some predictions. I can sort of look and say there’s going to be an earthquake, but I don’t make a lot of judgments because I come from a researcher’s point of view. The one area where I really feel motivated to have a stronger point of view is when it comes to peer-to-peer health.

Ciitizen: I heard Anil talking to you earlier about the fact that we don’t have enough doctors in the world to treat everyone who needs help, so you have to ask: are there a number of problems we can help patients with that don’t require them to see a doctor? Could they instead reach out to a network of health professionals or trusted individuals?

Susannah: Exactly, if you think about the problems that we have in life, a lot of the challenges that we have with our health or well being, whether they’re physical or mental, are actually taken care of at home. The decisions we make about the food that we eat, whether we’re going to exercise today or not, how we’re going to curate our Instagram feed—these are all decisions that we are making without consultation. We naturally turn to peers for things that we know peers have information about. I’ve done some research that shows—and this is very reassuring to a lot of people in health care—people are still more likely to turn to a clinician when it’s something serious. So when they need a diagnosis, or they’re figuring out a treatment plan, people still turn to their doctor. But if it’s something everyday they’re just as likely to turn to a friend or a peer.

Ciitizen: What about for rare diseases or odd symptoms?

Susannah: What I saw in my field work was that people were more likely to go online in these instances because they might not have anyone in their social circle that could answer that question. Looking at this emotional well-being survey, we asked questions about gender identity and how someone identifies in terms of their sexual orientation, and the LBTGQ kids were much more likely to go online for their health information because they feel alone or rare. But here’s the really important thing to know: we all feel rare when we have a new diagnosis, which is why the power of peer-to-peer health is so important. We’re never going to have enough nurses, doctors, and clinicians to answer all these questions or quell these anxieties.

Ciitizen: That’s when people start talking about Dr. Google as a solution.

Susannah: Right, we’ve got Dr. Google now as the de facto second opinion, but that’s not good enough.

Ciitizen: What are some of the tech-related products you’ve seen out there that might offer support for patients? Besides Ciitizen, of course.

Susannah: I’m all about pushing power out to the edges of the network where humanity lives. I want to do whatever I can to increase people’s access to information, data, and the tools that they need to solve their own problems. In the clinical setting, I’m seeing some very interesting work at Cincinnati Children’s Hospital with their pediatric IBD and ulcerative colitis practice. They are part of a network of doctors who are sharing best practices all across the country, and they also have a parallel network of families because there’s a lot of home care when it comes to caring for kids with ulcerative colitis. They’re creating a platform that creates a sharing of knowledge between these two networks, between clinicians and patient families.

Ciitizen: It sounds like they recognize the power of patient knowledge.

Susannah: Any time people recognize the power of peer and patient knowledge, it’s a good thing. When a newly diagnosed woman with breast cancer is offered the opportunity to have—in addition to a clinical consult—the opportunity to talk with someone who has been through a similar process at the same hospital, that’s really valuable. Just somebody to talk to who’s ahead of them on the path who can provide advice. I’ve also seen some great work being done in recovery. The opioid crisis is something we’re dealing with in this country where we don’t have enough treatment centers, clinicians, and response to handle the problem. It’s a wonderful thing to see Mass General, where patients are going through withdrawal and recovery, matching patients with someone who can be a peer mentor when they get out. How might we scale that, however? How might this be a program that happens everywhere rather than just at this one hospital?

Ciitizen: When health services don’t offer enough support, patients then turn to technology to solve these issues for themselves, right?

Susannah: In a parallel world, so much is happening online without clinicians knowing about it. There are thousands of groups, whether they’re on old school listservs or Facebook, where patients are gathering together and sharing notes, and that’s where Ciitizen can really help to empower these communities. Right now people are sharing notes in a bespoke, handwritten way, carrying around notebooks with printouts of their records. How might we empower them with the industrial strength data that their clinicians have available to them? How might we make sure that those expert patient groups are really empowered with the information that they need?

Ciitizen: It’s interesting how often professionals underestimate consumers, in terms of their ability to figure out, understand, or educate themselves on very complex subjects. That, too, requires humility.

Susannah: I remember someone pointing out to me that the patient sitting alone in the exam room is actually surrounded by invisible loved ones who are waiting for the news at home. That patient may not fully understand what’s happening, but they might have a niece who is a nurse and who is waiting to get the information so that they can help recommend care. It reminds me of the idea of the long tail. There may only be a few people out there who are as geeky about a topic as we are, but you don’t know what they might create that other people may find useful. How can we free the data and give these people the ability to access the information when they want it? Most people don’t want to think about their health information until they have to. However, the minute they get that diagnosis, all of a sudden they want that data.

Ciitizen: Is technology the answer?

Susannah: What’s great is that the internet has created an expectation around access to data and giving feedback, so now people are more likely to write a review. That can be uncomfortable, until we realize that feedback can be a gift to the greater community. So how might we figure out how to receive these gifts? How might we allow someone who’s just been through a cancer treatment to tell the next person in line: “Remember to bring a blanket because it’s really cold when you wait for that MRI.” That’s not treatment advice. That’s just get-through-the-day advice.

Ciitizen: Thank you so much for taking the time to talk with us! I can’t wait to hear the a16z podcast with Anil and Vijay after the holidays.

HIPAA Compliance: Data By Email by David Driscoll

Today we’re going to take a look at two particular rights you have as a patient when requesting your personal records from a medical institution. I’m going to copy and paste them directly from my colleague Deven McGraw’s blog post outlining patient health data rights under HIPAA:

  1. You have the right to an electronic copy of any information that is maintained electronically (such as in an electronic medical records) — and you even have the right to have paper copies scanned into an electronic format (such as PDF) if the institution or organization has scanning capabilities.

  2. You have the right to get your health information sent to you by email — even if your email isn’t secure, as long as you acknowledge that you are comfortable with receiving your health information this way.

In short: all hospitals today should be able to send you your health information via email. Hospitals still communicate medical information - both with patients and with doctors and other hospitals - by fax; most likely use electronic, cloud-based fax services, which also offer e-mail as an option. Hospitals who have this capability must deploy it to send records to a patient if that’s consistent with the patient’s request.

Continuing with our comparison of the statistics quoted in Yale’s Assessment of US Hospital Compliance With Regulations for Patients’ Requests for Medical Records, let’s take a look at what that team uncovered in terms of compliance with these two rights:

  • All hospitals stated in telephone calls and on the forms that they could release information via mail.

  • Hospitals unable to provide records by fax stated that they could fax records  - but only to physicians.

  • Two hospitals reported not being able to release records electronically if the records were originally in a paper format.

Regular mail compliance not a problem, and—if you’re lucky—you might potentially get your data via fax, but what about our HIPAA right as patients to have our data sent via email? Of the 83 hospitals surveyed as part of the study, here’s a look at the breakdown of options provided (so long as you could get them on the phone, as the options offered on the form were far worse):

  • 69 of them offered in-person pick up

  • 55 would provide the information via CD-ROM

  • Yet, only 39 out of 83 hospitals (47%) were able to email patient records upon request.

That means roughly half of the hospitals in the Yale report are likely non-compliant with HIPAA regulations allowing patients to have their health record sent to them via email. Our numbers were surprisingly a bit better at Ciitizen.

  • 68% of the institutions we’ve worked with on behalf of patients were able to provide the data digitally via email, yet that still means roughly a third of the hospitals did not.

  • 16% could only provide digital records via CD-ROM (sent via mail) and another 16% only allowed for paper records.

  • And while 68% were willing to use e-mail, that willingness occurred only after escalating the request to a supervisor or someone in the hospital’s HIPAA compliance office.

Of course, we already know that simply getting access to your medical records in ANY format already requires multiple phone calls, most of which require escalations up the food chain to privacy officers. It should therefore come as no surprise to find so many institutions out of HIPAA compliance with other aspects of their data release procedures as well.

-Nasha Fitter

HIPAA Compliance: Form vs. Phone by David Driscoll

One of the most frustrating aspects of requesting your health information from a hospital is the actual requesting itself. While many institutions provide submission forms—both written and electronic—to handle the queries, you’re likely going to end up on the phone with a records department agent no matter what because of the discrepancies between the options available on these forms and the reality of your needs. Yale’s Assessment of US Hospital Compliance With Regulations for Patients’ Requests for Medical Records found that, “among the 83 top-ranked US hospitals representing 29 states, there was discordance between information provided on authorization forms and that obtained from the simulated patient telephone calls in terms of requestable information, formats of release, and costs.”

Looking at the stats, we can see exactly how those discrepancies break down:

  • As few as 9 hospitals (11%) provided the option of selecting the desired categories of information on the request form

  • Only 44 hospitals (53%) provided patients the option to acquire their entire medical record

  • On telephone calls, all 83 hospitals stated that they were able to release entire medical records to patients

At Ciitizen, helping patients request their health records is a daily office activity, and we’ve seen similar levels of discordance, not only with the discrepancies between what’s available on the form versus the phone, but also the amount of effort it takes to get someone on the phone who understands HIPAA’s right of access! On average, our team has found that:

  • A minimum of 3 escalations are often necessary in order to obtain reports

  • 50% of the time an escalation to the hospital’s chief privacy officer was necessary in order to get information released

  • Therefore, 50% of the hospitals we contacted—HALF!—were not compliant with HIPAA regulations right off the bat, requiring us to go up the food chain in order to exercise the right of access

Most of the time an escalation to a privacy officer was needed because our request via the form was denied, but as the Yale report supports: all hospitals are ultimately compliant if you can get them on the phone. Yet, while HIPAA requires hospitals to comply with patient requests for their health data, it doesn’t mandate how the requests themselves must be facilitated, but the the process shouldn’t be burdensome for patients.

So I have to ask: are incomplete data request forms that require patients to follow-up with multiple phone calls, often requiring escalation to the hospital’s privacy officer, considered “burdensome” under HIPAA?

Let’s not forget the Yale report also found that “three hospitals were unreachable, two of which provided no option to leave a voice message or reach a department representative.

If that’s not burdensome, what would fit that definition?

-David Driscoll

We Know There's A Problem by David Driscoll

On October 5th, a group of researchers at Yale University, under the supervision of the renowned Dr. Harlan Krumholz, released a somewhat damning article titled Assessment of US Hospital Compliance With Regulations for Patients’ Requests for Medical Records. However, at Ciitizen, we simply call it: “the Yale report.” The study begins with a single question:

“Are US hospitals compliant with federal and state regulations in their medical records requests processes?”

The rest of the report is a lengthy analysis revealing the answer to that query, one we’ve already known for quite some time in our experience helping patients access their health data:

There are “inconsistencies in the information provided by medical records authorization forms and by medical departments in select US hospitals, as well as potentially unaffordable costs and processing times not compliant with federal regulations.”

In short, you cannot depend on a hospital to give you access to your rightful health data whatsoever, let alone in the stipulated time frame. Of course, if you’ve been reading this blog over the last few months, you already knew that. We’ve been sharing horror stories from patients, doctors, health advocates, and other professional voices within the industry since September, hoping to shed some light on the burden our health system unfairly puts onto patients. What the Yale report has now given us is academic proof of that conjecture. Despite the patient’s right of access under HIPAA, the regulations that require hospitals to comply, it’s still not easy for patients to request their health data. Let’s look at some of the numbers.

“Among the 83 top-ranked US hospitals representing 29 states, there was discordance between information provided on authorization forms and that obtained from the simulated patient telephone calls in terms of requestable information, formats of release, and costs,” the article states. According to the statistics only 11% of the hospital forms offered patients the option to select categories of desired information, and only 53% provided patients with the option of acquiring their entire record.

How can hospitals expect to provide patients with their requested health data when there’s no option to specify the data they’re looking to request? Interestingly enough, when contacted by phone, 100% of the “reachable” hospitals said they could provide the complete record. It wasn’t that they couldn’t, you just had to call them directly. Isn’t that why we say “operator” or “representative” immediately when dealing with automated customer service? Because we know that getting a live customer service rep is often the only way to get anything done. But that’s if you can get access to someone directly. Three hospitals in the study were deemed unreachable, and two offered no customer service option whatsoever

There’s a lot to chew on in the Yale study. Too much for one blog post. Over the next few weeks, we’re going to delve deeper into some of the findings and compare the results with some of our experiences here at Ciitizen. Stay tuned.

-David Driscoll

#myhealthmydata by David Driscoll

Back in early October, we posted a blog called “Let’s ALL Start Asking For Our Health Data,” encouraging everyone out there—healthy or ill—to request their complete medical records from anywhere they’ve received care as a patient. The goal was to put pressure on hospitals to update their information release processes, many of which are not HIPAA compliant and put an unnecessary burden on patients in need of their health data.

At the end of that blog, we invited anyone who experienced pushback or a lack of compliance as a result of that request to share their story with us, as we wanted to shine a light on some of those encounters here at the Voice of Ciitizens. The responses came in swiftly, many folks obviously eager to get the frustration they experienced off their chests. One woman actually wrote us an email while she was on the phone with her health system! She vented:

“OMG, I am ready to blow a fuse. It has taken me over an hour to source one radiology department at my hospital system. They say they are centralized but have zero clue what that word means! They are under one umbrella (more likely for tax reasons than anything else) but appear to operate as individual groups. I have made over ten calls to ascertain where I can find my radiology imaging and they just can’t answer the question.”

There were many stories like this.

In early November, we followed up with a piece called “Dinosaur Technology,” referencing a series of Tweets we sent to CNBC journalist Chrissy Farr in response to the outdated formats used to share health data. The thread unleashed more responses from frustrated patients, many of whom found it easier to share quick snippets of their experiences on social media than write a personalized email about their story.

That got us thinking: if we came up with a specific hashtag for patients to use when sharing these frustrations online, these stories could be categorized and easily accessible for the public, shining an even greater spotlight on what’s happening around the country.

In the words of the late Justice Louis Brandeis, a champion of individual rights, sunlight is the best disinfectant — and it’s clear from what we’re witnessing that a number of health records departments need to clean up their data release processes. Starting today, we’re encouraging everyone out there to share their stories using the hashtag #myhealthmydata, so that we can continue to put pressure on health systems to improve their HIPAA compliance.

At Ciitizen, our belief is we can do more, together. Let’s start by sharing our health data stories in order to raise greater awareness for a problem that isn’t getting any better.

-David Driscoll

Giving Thanks by David Driscoll

From the entire team at Ciitizen, we’re grateful for the tremendous encouragement we’ve received thus far in our mission to help patients control their health data. The outpour of feedback from doctors, health professionals, patients, and patient advocates thus far has been humbling, and each day we continue to make progress.

With the team we’ve put together and the voices who have joined us here on the blog to help spread the message, we’re confident we will provide patients more options with the work we are doing.

Passion and enthusiasm are contagious, and our momentum is the the result of a tremendous group effort. We’ll be spending Thanksgiving with family and friends this Thursday, but we’ll be back in the office next week to continue right where we left off, emboldened by all the support we are so very thankful for:

We give thanks to all of the caregivers and family members advocating on behalf of loved ones who need access to their health history.

We give thanks to all of the investors, advisors, and colleagues who believe in the future of health data portability.

And we give thanks to everyone else out there committed to helping patients control their health data. Together, we can do more.

Happy Thanksgiving!

-The Ciitizen Team

Reluctance to Change by David Driscoll

Lisa Taylor-Belliveau wrote in her blog this past Tuesday, when discussing the lack of compliance from various health records departments: “Change is hard, and the reluctance to change is real and daunting.”

Ain’t that the truth, and don’t we all know it!

I, for one, find it continually difficult to change my lifestyle, my diet, my work schedule, my negative attitude towards our current political climate, and a number of other unhealthy habits I’ve acquired over the course of 38 years on this planet. Sometimes I know I should eat a salad and drink water before bed, but instead I eat a whole pizza and drink an entire bottle of wine. Despite the undesirable effects I sometimes suffer as the result of my personal decisions, I would often rather endure the discomfort than exert the effort necessary to exact any real changes to my daily living.

Why? Because change is hard, and my reluctance to change is indeed real and daunting.

But the strength of my willpower to impart a positive influence on my personal life is very different than the legal requirement for a medical records office to comply with mandated regulations that have now been in place for some time. My individual choices don’t violate any laws or regulations (usually), and they only affect me. However, the lack of compliance with federal HIPAA regulations by hospitals across the country affects countless patients in need of their health information, many of whom are counting on that data for survival.

Change is indeed hard, and some hospitals appear to be reluctant to change their policies. But I say: tough shit!

When a hospital doesn’t honor a patient’s rightful request to access his or her health data within the required timeframe, for example, the patient is the one who suffers. As Lisa added: “If privacy officers remain immune to the plight of the people they are there to protect, and unwilling to take advantage of new systems and procedures that can eliminate these obstacles, then this pattern is destined to continue.”

In order to enact hard change, you must first understand that it’s needed. To prolong making changes is to be human. To be oblivious to needed change, however, is negligent.

-David Driscoll

Overcoming the Obstacles by David Driscoll

Sitting in the office of Dr. Alexander Swistel at the New York-Presbyterian/Weill Cornell Medical Center, an internationally-recognized breast surgeon who has pioneered many of the newest advances in breast cancer treatments, I watched my 70 year old mother being examined after her third breast cancer diagnosis in 20 years. She was crestfallen. And I was confounded. Although we are still unraveling the mysteries of cancer - and why it happens to some people and not others - I couldn’t help but wonder how a woman who lives a five-star lifestyle, who maintains the ideal weight for her height, works out regularly, hasn’t touched dairy for over 20 years (heaven forbid sugar or gluten), and drinks water that has been perfectly PH-balanced via her $5000 counter-top machine, could possibly have cancer again?

Desperate for an answer, I blurted out; “It has to be genetic!” Carried away with my new powers of diagnosis, I forged ahead: “Is it possible she has BRCA?” Without missing a beat the reply was swift and curt. “No, she isn’t BRCA”. Clearly this information didn’t sit well with me. “How do you know that?” I retorted, quickly adding that she displayed all the markers. Dr. Swistel seemed to have already tired of my line of questioning. He stopped what he was doing and turned to me, his head cocked patronizingly to one side. “Would it make you feel better if I had her tested?”.

Although the wait would be over a month, I knew it then. She had it, I had it, my sister had it. But it turns out so does my brother and so do my nieces. So how was it that this simple blood test was overlooked for more than two decades? The answer is elementary: my mother’s medical records were incomplete. Had her full history been readily available, the doctor would have seen in a heartbeat that her previous diagnoses were overwhelmingly consistent with the profile of a BRCA1 carrier. And coupled with her Ashkenzi Jewish descent, he would also have known my family members were prime candidates.

And so began the inordinate struggle to get her test results shared among our family, a critical component of ensuring accurate genetic testing for us all. It was incredibly complicated. Selling my company to Disney was less involved than the process of obtaining and sharing health data. Yet, we are just another story in an endless stream of those who face inexplicable obstacles in attaining a patient’s medical records. Critical information that affects not just the patient’s outcome, but that of the family members as well.

Because of the overwhelming frustration, the fragmented and laborious process of medical records retrieval is too much to handle for so many. But not for me. Like all good things in life, timing is everything. As luck would have it, I was brought on as a consultant at Ciitiizen to help better understand the issues surrounding this retrieval process, and to help implement measures to correct it.

From my experience, the solution is surprisingly clear: health information management departments do not understand patients’ rights.

On top of that, privacy officers are not implementing revised processes to bring these departments into compliance. Why? Because change is hard, and the reluctance to change is real and daunting. If privacy officers remain immune to the plight of the people they are there to protect, and unwilling to take advantage of new systems and procedures that can eliminate these obstacles, then this pattern—one that has directly affected me and my family—is destined to continue. Change is what Ciitizen is fighting for. For you, for your families, and for the future of the personal healthcare industry.

-Lisa Taylor-Belliveau

Lisa Taylor-Belliveau is an Emmy nominated filmmaker and was the COO and co-founder of Real Savvy Media before selling the company to the Disney Interactive Media Group in 2010. She is currently a part of Ciitizen’s data retrieval team, helping patients obtain their health records via the HIPAA right of access.