Penn Medicine Streamlines Data Sharing With Startups
Penn partners with startups to help test new healthcare technology against real-world data.
9 Mobile EHRs Fight For Doctors' Attention
(click image for larger view and for slideshow)
Healthcare startups bring fresh ideas to the table, health systems bring real-world data, and together they have the opportunity to innovate.
Teaming up with startups is a worthwhile research and development strategy, if the process is structured correctly, said Michael Restuccia, VP and CIO of Penn Medicine, the hospital system affiliated with University of Pennsylvania's School of Medicine.
"You want to try to make the startups as successful as possible," Restuccia said. "But the only way to do that is to put some structure around the program."
If the startup's technology proves itself, Penn Medicine may become an early customer. At a minimum, Penn gets first look at a technology that seems promising and an opportunity to see if it really works. At the same time, the process needs to be selective and well-coordinated so that IT staff time and other resources are invested wisely.
The majority of the companies Penn Medicine works with are small startups with limited revenue. They're out to prove their idea can work, and that can't be done without patient data. One company developed an algorithm to identify high-risk patients with a chance of a 30-day readmission. The only way to prove their hypothesis was to team up with a health system flush with data -- Penn Medicine.
Penn Medicine's structure starts with a vetting process to determine which startups Penn Medicine will share their data with. The Committee on New Technology Related Opportunities and Latitudes (CONTROL) evaluates the companies to see which ones will fit in well with Penn's existing architecture.
Before the creation of CONTROL, Restuccia found working with startups to be chaotic.
"What we experienced was a bunch of aggressive organizations that, through some mechanism -- a friend, marketing effort or structured innovation tournament -- got entrance into Penn," he said. "Then, because they're aggressive and hungry and want to get their product to market the fastest, they stop at nothing."
There was no structure and no protocol. Startups would call the head of the data warehouse directly and request specific information. IT personnel wouldn't know what to prioritize -- the needs of the startup or the needs of Penn Medicine.
The CONTROL system keeps everyone on the same page. With more than 20,000 employees, the standardization of a system was necessary, especially when it came to overlapping technologies. Sometimes new technologies would be introduced that already existed within the hospital's infrastructure, but everyone wasn't coordinated, leading to a lot of wasted money and a lot of wasted time.
"With the CONTROL process, we can say, 'Don't investigate this new company because we already have the existing technology,'" Restuccia said.
Beyond the logistical hoops, there are legal implications as well. All patient data is de-identified prior to being shared. Even so, the startup must sign a business associate agreement stating it will protect the data under HIPAA guidelines, meaning it's on a secured server, locked and encrypted. The agreement also prohibits the sharing or reselling of any data. Penn Medicine puts several years of de-identified patient data on a central, secure server, and allows multiple companies access to the data for a set period of time, usually two to three months.
All of this is done at no cost to the startups.
"They have no money to start with," Restuccia said. "Any money we request, we're not going to get."
So what's in it for Penn Medicine?
"We want to be an earlier adopter of the technology," Restuccia said. "If it actually works, we'd gain benefits sooner than later and probably at a reduced cost."
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Cybersecurity Strategies for the Digital EraAt its core, digital business relies on strong security practices. In addition, leveraging security intelligence and integrating security with operations and developer teams can help organizations push the boundaries of innovation.