Questions for NYeC about the SHIN-NY
This is my correspondence with NYeC about New York's health information system. Despite their claims of being transparent and accountable to the public, they have refused to answer basic questions.
I’ve mentioned that New York eHealth Collaborative (NYeC, pronounced “nice”), the nonprofit organization that runs the SHIN-NY, has refused to answer my questions. I am publishing my correspondence with NYeC below for anyone who wants to take a look.
I think this exchange illustrates some of the problems with the current state of journalism, as well as the lack of transparency surrounding major government projects that impact our lives.
I got in touch with NYeC to ask some questions about upcoming changes to the SHIN-NY because I want to be accurate in my reporting. That’s a standard part of journalism. I submitted my inquiry through the NYeC website contact form and I sent it to someone whose contact information is provided on the site.
I received friendly responses to both inquiries, and I included both people who responded to me in my reply when I emailed NYeC my list of questions. (I have removed their names from the correspondence below.) When I sent my detailed questions, I received a curt refusal to answer them.
One thing that the NYeC representatives asked me for was the name of the outlet I was writing the story for. It was my hope to bring this story to a larger outlet than my Substack, because I think it deserves a larger audience. I told the NYeC representatives that I was pitching publications and named one of them.
Presumably, if I had told them I was already contracted to write the story for a major publication, they would have answered my questions. But many journalists work independently now and have to pitch stories as freelancers or self publish.
That creates a catch-22: You need to do basic research before you can pitch a story, but no one will answer your questions until after you have a contract with a major outlet, which you need a solid pitch to get.
Not having consistent backing from a major publication often leaves journalists relying on FOIA requests and other bureaucratic processes that take so long they’re a hindrance to timely reporting.
I would have been happy to show NYeC my press credentials, tell them more about my plans for publication, or give them any other information they needed, but they stopped responding to me. It was not NYeC.
Fortunately, I’ve been able to find enough publicly available information to write my story without having NYeC answer my questions. I’m confident in its accuracy. Most of my questions were fact checks and clarifications on information I’d already found.
But there is no reason NYeC should not have answered my questions, which are basic, clear, and well informed. It should be obvious from the nature of the questions that my purpose was journalistic accuracy.
The SHIN-NY is funded by New Yorkers, stores our personal information, and was created to serve our needs. NYeC claims to be “governed by an open and transparent process.” The organization should answer questions about how the SHIN-NY works not just from journalists but from anyone who lives in the state of New York.
I encourage you to send your own questions (or mine, below) to NYeC, and to take advantage of the public comment period for the SHIN-NY regulatory amendments, which is open until April 15, 2024.
And I encourage NYeC to rethink their refusal to answer questions. I will be continuing my efforts to bring my coverage to larger publications and larger audiences. Stonewalling journalists is neither good public service nor good optics.
Correspondence with NYeC:
From: Aimee Marina <no-reply@nyehealth.org>
Sent: Thursday, March 14, 2024 4:39 PM
To: info@nyehealth.org <info@nyehealth.org>
Subject: New submission from Contact UsName Aimee Marina
Your Email aimeemarina@protonmail.com
Your Message Hello! I'm a journalist researching the upcoming changes to the SHIN-NY and have some questions. Would you be able to put me in touch with someone who can address technical and policy aspects of changes that are coming to the system? The topics I'm interested in asking about include how the SHIN-NY will support the 1115 waiver, how SDOHs and CBOs will be integrated into the SHIN-NY system, and how privacy and security issues will be addressed.
Thank you! I look forward to hearing from you.
On Friday, March 15th, 2024 at 9:41 AM, [name] wrote:
Good Morning Aimee,
Thank you for your note. First, for which media outlet are you reporting?
I would be happy to answer any questions you may have regarding the proposed Department of Health regulation changes to the SHIN-NY. If you can send me the questions, I can discuss internally here and see who would be best suited to respond.
Thanks so much,
[name]
[This is another initial reply from someone at NYeC.]
Hi Aimee,
Happy Friday!
If you can tell me what your questions are, it will help me to direct them to the right person. Also, what outlet are you writing for and are you working on a deadline?
Thank you!
Best,
[name]
On Wednesday, March 20th, 2024 at 10:13 AM, Aimee Marina <aimeemarina@protonmail.com> wrote:
Good morning, [names deleted]!
I'm including both of you here, because you both responded to me after I emailed the SHIN-NY and the Policy Committee specifically, and I assume you'll want to direct my questions to a single person. Thank you both for getting back to me.
My questions are below. If it would make sense for someone to go over them with me by phone or Zoom, just let me know so that we can schedule that conversation. I know that my questions might seem a little long, but I think they'll be pretty simple for someone who is knowledgeable about the SHIN-NY to answer. A lot of what I'm asking is just basic fact checking.
To answer your questions about outlets and deadlines: I need to have answers to my questions by Monday. Sometime this week would be great. I'm discussing publication of this piece with a couple outlets, including [name deleted], and will update you when I have an outlet confirmed.
Questions:
First, I have a few basic questions about how the modernized SHIN-NY system will work and support the new 1115 waiver:
My understanding from the documentation is that adding the statewide repository to the SHIN-NY will mean that there is a central repository for all data that is currently hosted by QEs, so that statewide data can be used for research and reporting purposes. I also understand that the data currently hosted by the QEs is patient information made available to it by the patient signing a consent form. So with the new system, when a patient signs the statewide consent form, that patient’s information will be sent to a QE and also to the statewide repository, and it will continue to be hosted in those two locations. Am I understanding all of that correctly?
What will the SDOH data path look like in the SHIN-NY, from the individual to the statewide repository and back out again? I’m guessing it’s something like:
- The individual fills out questionnaires and providers fill out assessments.
- At the CBO or other provider level, the collected information is encoded with a medical coding protocol such as ID10.
- The encoded data travels with the individual’s identity to a qualified entity or directly to the statewide repository medical/SDOH record for that individual, with a data exchange standard such as HL7 FHIR converting it to whatever data standard is used by the statewide repository and making it available for retrieval by SHIN-NY participants, DOH authorities, and whoever is doing data aggregation and reporting for 1115 waiver purposes (HEROs, etc.).
Is that generally correct, and if not, can you tell me how the system will work?
The amendments add “technical standards for interoperability and data sharing” to the list of things that SHIN-NY policy guidance must include. Does this include standardizing the medical coding standard used statewide? Or is it sufficient to standardize the exchange standard used by the statewide repository, QEs, and other high-level entities to hand off data? In other words, will health care providers, CBOs, etc., still be able to use a variety of coding standards and be compatible with the new system?
Will patient/client questionnaires and assessments be the only source of SDOH data, or will data from other sources such as private SDOH data providers (Experian Heath, etc.) be integrated into individuals’ personal information? If that isn’t planned for the immediate future, is it something the SHIN-NY could accommodate down the road?
Will the SHIN-NY be able to receive data from relevant (medical or SDOH-related) smartphone apps and integrate it into an individual’s records, now or in the future?
Second, I have some policy, privacy, and security questions:
Is there a draft of the new statewide consent form available publicly available now? (I haven’t been able to find that online.)
Is there a draft of the new statewide common participation agreement publicly available? Will it be modeled on the TEFCA 2 “Common Agreement for Nationwide Health Information Interoperability” with the goal of facilitating the integration of SHIN-NY into a fully interoperable national health information infrastructure in the future?
The amendments specify that each QE have the “procedures and technology . . . to allow patients to approve and deny access to specific SHIN-NY participants” Does that mean the statewide consent form will have opt-out options for limiting consent to apply to specified providers? Will there be options to opt out of consenting to share patient information with DOH or CBOs, for people who want their information shared only with medical providers?
Could you clarify what this text in the amendments means?
“SHIN-NY participants may, but shall not be required to, provide patients the option to withhold patient information, including minor consent patient information, from the SHIN-NY.”
Does it mean that participating providers don’t have to allow patients to opt out of signing the statewide consent form—in other words providers could choose to only treat patients who sign the form? Or does it mean that providers can give patients more granular opt-out options (sharing some but not all types of information, sharing with only some SHIN-NY participants, etc.)?
The amendments add “requirements and procedures for the disclosure of data, using the statewide data infrastructure, to the New York State Department of Health” to the list of things that SHIN-NY policy guidance must include. Does “data” in this context mean patient information or de-identified data? Or both?
The amendments specify that QEs will be required to “submit data, including patient information, using the statewide data infrastructure, to the New York State Department of Health.” Doesn’t the DOH already have the same access to patient information (as defined in the amendments) as other participating providers, through the clinical interface? What does this language change? Why is it being added?
I see that affirmative consent will be required by the new statewide consent system, and that consent can be revoked. If a patient revokes consent, will that patient’s information be deleted from the QE and statewide repository databases, or will it be retained for “break-the-glass” and public health emergency scenarios when written consent isn’t required for access?
In general, I’m trying to understand in what cases personal information, including both medical and SDOH information, will be de-identified, and when it will be re-identified. Will identifying personal information be provided to all SHIN-NY participants, including health care providers, CBOs, authorized DOH staff, and local heath department authorities? Will it only be de-identified for data aggregation and reporting purposes? Is there a re-identifying process for aggregated data? (For example, if you wanted to create a list of Medicaid recipients who have both medical condition X and SDOH Y, in order to contact them about services, could you re-identify aggregated data on those points to generate a contact list?)
As an alternative to the example above, can DOH staff simply use the SHIN-NY as a participant and generate a contact list of all individuals with condition X and SDOH Y, without needing to re-identify aggregated data from the statewide repository?
Creating a single database for personal information including medical records and SDOH data for all individuals who sign the statewide consent form means that there would be a single point of access to everyone’s personal information not just for care providers and public health authorities, but also for hackers and malicious actors. Is the SHIN-NY putting any new measures in place to ensure data security?
Thank you!
Aimee Marina
From: Aimee Marina <aimeemarina@protonmail.com>
Sent: Friday, March 22, 2024 9:24 AM
Subject: SHIN-NY questionsHello, [name].
I'm just following up on my earlier inquiry. Will you be able to put me in touch with someone who can answer my queries by Monday?
Thanks again for your help.
Best,
Aimee Marina
Hi Aimee,
Here are the links to all of the information that is publicly available online. We are unable to answer any further questions at this time.
The full text of the current regulations is available here: https://www.health.ny.gov/technology/regulations/
The text of the proposed amendments (proposed new language is underlined; proposed deletions are indicated by brackets [x]) is available here: https://regs.health.ny.gov/sites/default/files/proposed-regulations/Statewide%20Health%20Information%20Network%20for%20New%20York%20%28SHIN-NY%29.pdf
The proposed amendments will be in the public comment period until mid-April. Information on that is available here:
https://regs.health.ny.gov/regulations/proposed-rule-making
Information on the 1115 waiver to date is available here under the New York Health Equity Reform (NYHER): Making Targeted, Evidence-Based Investments to Address the Health Disparities Exacerbated by the COVID- 19 Pandemic tab- https://www.health.ny.gov/health_care/medicaid/redesign/medicaid_waiver_1115.htm
The current SHIN-NY Policies and Procedures, which contain the current model consent form, are available here: https://www.health.ny.gov/technology/regulations/shin-ny/docs/privacy_and_security_policies.pdf
Thanks,
[name]
Thanks for your response. I have already seen the documents you've linked to.
Can you tell me why you're not able to answer my questions?
They are all simple questions regarding how the SHIN-NY will work under the amended regulations. The answers to those questions should be public information available not just to journalists but to any New York resident. I'm sure they wouldn't take long for someone knowledgeable about the SHIN-NY to answer.
Best,
Aimee
I received no further response.
