Medical Companies Form Group To Protect Electronic Health Records

A consortium of nine companies in the health-care industry are banding together to create a set of security practices to better protect the information in electronic medical records.

The companies, including hospital-chain HCA Inc., and medical-insurance providers Humana Inc. and Highmark Inc., have committed to use the security practices, which they will develop along with Health Information Trust Alliance LLC, or Hitrust, a Frisco, Texas-based organization created to oversee the project. Hitrust says it has received applications from more than 40 companies hoping to participate and its goal is to have 155 participants by the end of February. The companies hope to complete the security standards by the end of 2008.

“The industry has come to recognize that the current model for security isn’t working,” says Daniel Nutkis, Hitrust’s chief executive. These standards will make it possible for companies to “trust the people accessing their systems,” he says.

Cops Become Drugstore Cowboys in Vermont

Most politicians support measures like so-called “prescription monitoring programs” mindlessly, figuring that if allowing the government access to medical records of scummy drug addicts will reduce their numbers, all is good.
But when state police start entering pharmacies to get full prescribing records of anyone taking a Schedule II controlled substance like Oxycontin– as the Green Mountain Daily blog [hat tip to Daily Kos] says is now happening in Vermont– perhaps they’ll wake up and smell the sickly odor of the death of the 4th Amendment. In the eyes of the police, every pain patient — and consider that some 30 percent of the population suffers some form of chronic pain — is junky slime.
Says Siobhan Reynolds, founder of the indispensable Pain Relief Network, “We saw from the beginning of the government’s shift to the “war on prescription drug abuse” that this was where this whole thing was headed. Until now, the systematic violation of patient’s 4th Amendment rights was more or less hidden from public view. Now, the Vermont police have pulled back the veil for all of us to see the vicious witch hunt being perpetrated against people unfortunate enough to require Controlled Substances for the treatment of serious illness.”

Mixed reviews for Leavitt’s IT statement

Not surprisingly, the Healthcare Information and Management Systems Society, the Chicago-based trade group for healthcare information technology developers and users, supports the call yesterday by HHS Secretary Mike Leavitt for Congress to tack a healthcare IT adoption mandate onto pending legislation to the annual, year-end fix of the Medicare physician payment system
Dave Roberts, HIMSS vice president of government relations, said with a key House IT booster bill, the Healthcare Information Technology Enterprise Integration Act, stalled and the Wired for Health Care Quality Act still under negotiation in the Senate because of challenges over privacy, security and healthcare quality provisions, “It looks like the Medicare fix might have some opportunity for providing healthcare IT legislation” in the near term.
Discussions on that legislation are under way with a decision on final language expected tomorrow in the Senate Finance Committee. Roberts said that committee members Sen. John Kerry (D-Mass.) and Sen. Debbie Stabenow (D-Mich.) “would like to put some HIT or e-prescribing language into that legislation.”
There has been a lot of talk about the government investing only in electronic-prescribing systems, Roberts said, but HIMSS has been lobbying members of Congress that a boost be given to a wider spectrum of healthcare IT.
Still, he said, “We support any legislation that encourages the use of IT to transform healthcare.”
{HHS Secretary Leavitt calls for privacy-destructive health technology legislation to be tacked on to the annual ‘must-pass’ bill to fix Medicare’s pay cuts. Leavitt wants Congress to legalize the multi-billion dollar/year health data mining industry by passing “Wired” (S. 1693), instead of restoring Americans’ rights to control access to electronic health records, which is what the public wants. Leavitt’s plan would force physician groups to support unethical data mining and theft of patients’ health records by over 4 million health-related businesses and government agencies. What an interesting tactic: make doctors choose between getting paid for treating the elderly or standing up for the ethical use of electronic health records as required by the AMA Code of Medical Ethics and the Hippocratic Oath.~Dr. Deborah Peel, Patient Privacy Rights}

Study Finds Gaps Between Doctors’ Standards and Actions

Physicians Think They Should Report Errors and Incompetence — but Say They Often Do Not

Physicians are among the most trusted professionals in America, but a new survey shows that when it comes to dealing with colleagues’ mistakes or incompetence, many doctors abandon the high standards they espouse.

The first-of-its-kind survey of more than 1,600 physicians, published today in the Annals of Internal Medicine, found that 45 percent said they did not always report an incompetent or impaired colleague to the appropriate authorities — even though 96 percent agreed that doctors should turn in such people.

HHS urges Congress to include IT adoption in physician payment fix bill

Secretary of Health and Human Services Michael Leavitt urged Congress yesterday to include a requirement for doctors to use electronic health records as part of any proposed Medicare physician payment bill.

On Nov. 1, the Centers for Medicare and Medicaid Services issued a final rule calling for a 10.1 percent reduction in payment rates for physicians beginning Jan. 1, 2008.

Physician groups hope to have this reversed by last minute legislation before Congress breaks for the holidays, and for the last five years, Congress has intervened to temporarily suspend requirements the would require decreases.

Despite Leavitt’s call for healthcare IT adoption, a physician payment fix bill already faces strain. Congress’ last-minute deferral of a 5 percent cut to Medicare reimbursements last year puts extra pressure on retaining the cut this year.

Privacy vs. Electronic Patient Records

Americans believe in the benefits of electronic medical records and think they outweigh the privacy risks. The risks may still be too high though.

Widespread adoption of electronic medical records has been a favorite recommendation for years of experts seeking to improve the quality and lower the cost of medical care in the United States.

Even Presidential candidates have been making noises about adopting electronic recordkeeping as part of their health care plans for the country. Senator John McCain suggested in a recent speech, for example, that electronic medical records could have helped to deliver better medical care to survivors of Hurricane Katrina, an environment in which conventional records were often unavailable.

{Very significant numbers of Americans, 40%, do not trust electronic health systems. The poll cited shows 60% of Americans are willing to trade privacy for the benefits of electronic health records. But 40% of the public NOT willing to trade privacy for electronic benefits is a huge and deal-killing number. All other polls on health privacy going back years show majorities do not want to trade privacy for benefits. These other polls also show that those who want privacy have chronic illnesses, are women, the elderly, or minorities (see other polls on our website). Health information is incredibly valuable—data miners like IMS Health, Thomason Medstat, and McKesson reap billions in revenues annually by selling the nation’s health records primarily to insurers and employers who use the data to discriminate against us. Not only will the inevitable explosion of data breaches destroy the credibility of hospitals, clinics, labs, and pharmacies, but revelations of corporate sale of personal health records will create huge public scandals like the recent revelations about Facebook beacons revealing what users purchased without their consent.~Dr. Deborah Peel, Patient Privacy Rights}

Top newsmakers: Making good on visions deployed in 2007

They dominated the headlines and made bold announcements that created huge impacts in the healthcare industry and across America.

Marquee names topped the results in our reader surveys for top policymakers, provider-based healthcare IT leaders who did the most innovative work in 2007 and vendor-based leaders who have advanced the cause of healthcare IT the furthest in 2007.

Policymakers: walking the walk

It seemed that every week Health and Human Services Secretary Michael Leavitt was making announcements. That constant visibility accounted for his being the runaway vote-getter as top policymaker of 2007.

From new standards for e-prescribing, personalized healthcare goals and global electronic health record standards to Medicaid transformation grants and commitment to healthcare system transparency, Leavitt is being touted for his healthcare IT focus. “Consistent messaging of the impact of technology on healthcare is penetrating every component of the industry,” said Kevan Nasserzadeh of Fair Isaac.

“I do not believe that the health IT battle will be won locally,” wrote in one reader. “Meaningful change will come from national initiatives such as those Mike Leavitt is driving, or at the least, the way will be paved by these early initiatives.”

President George W. Bush garnered support from businesses and other stakeholders for his value-driven healthcare plan with four cornerstone goals, including adoption of healthcare IT interoperability.

Despite his second-place finish, Bush has his detractors, most notably Deborah Peel, MD, of the Patient Privacy Rights. “Bush and his administration have pressed forward to create an illegal and unethical HIT system by eliminating patients’ right to control their personal health information,” she complained.

AOL, Netflix and the end of open access to research data

The authors of the Netflix de-anonymization study contacted me to point out that they originally published a draft of their results a mere two weeks after Netflix released its dataset. Netflix has known about their study for over a year.

Over the past year, there have been a number of high-profile incidents in which sensitive user data was accidentally revealed to the Internet at large. As a result, I believe that high-tech companies will never again share anonymized data on their users with academic researchers, at least not without requiring contracts and nondisclosure agreements. For the users and privacy advocates, this is probably a good thing. However, for researchers, the scientific community, and Internet users who want cool new technologies, this is almost certainly a change for the worse.

In 2006, Netflix released over 100 million movie ratings made by 500,000 subscribers to their online DVD rental service. The company then offered $1 million to anyone who could improve the company’s system of DVD recommendation. In order to protect its customers’ privacy, Netflix anonymized the data set by removing any personal details.

Researchers announced this week that they were able to de-anonymize the data, by comparing the Netflix data against publicly available ratings on the Internet Movie Database (IMDB). Whoops.

{This story demonstrates the incredible ease of re-identifying anonymized data. Consider the implications for the nation’s treasure trove of health data: anonymized or de-identified health records are clearly not safe either. Electronic health records contain far more pieces of identifiable information than Netflix ratings, making them far easier to re-identify.  Netflix released over 100 million movie ratings made by 500,000 subscribers to their online DVD rental service. The researchers gave an example about what they could learn by re-identifying the data of one Netflix user: ‘First, we can immediately find his political orientation based on his strong opinions about “Power and Terror: Noam Chomsky in Our Times” and “Fahrenheit 9/11.” Strong guesses about his religious views can be made based on his ratings on “Jesus of Nazareth” and “The Gospel of John”. He did not like “Super Size Me” at all; perhaps this implies something about his physical size? Both items that we found with predominantly gay themes, “Bent” and “Queer as folk” were rated one star out of five. He is a cultish follower of “Mystery Science Theater 3000”. This is far from all we found about this one person, but having made our point, we will spare the reader further lurid details.’ See Bill Yasnoff’s blog about Netflix—-he argues that the ease of re-identification of health data is why we need health trusts. If we consent, research can be done safely inside the health trust and we don’t have to risk releasing sensitive data.~Dr. Deborah Peel, Patient Privacy Rights}

For sale. Public Employees Insurance Agency drug data

The good news is that a company hired to manage prescription-drug bills for the state government has stopped selling information about state employees to other firms.

Express Scripts of St. Louis, the pharmacy benefit manager for the Public Employees Insurance Agency, ended the practice after PEIA complained.

The information was sold to data-mining organizations that use it to plot more effective advertising campaigns aimed at doctors to sell more of certain kinds of drugs, including brand-name medicines.

{Look what happened when West Virginia’s Public Employees Insurance Agency complained about the sale of 200,000 state employees prescription records to data miners. Express Scripts agreed to stop selling those prescription records. So if American consumers and patients sign our petition and take the petitions to their local pharmacies, those pharmacies will have to ask the same question Express Scripts asked. Is it better to stick to the business of selling medicines or should we risk losing our customers because we sell their prescription records.~Dr. Deborah Peel, Patient Privacy Rights}

Robust De-anonymization of Large Datasets-(How to Break Anonymity of the Netflix Prize Dataset)

We present a new class of statistical de-anonymization attacks against high-dimensional micro-data, such as individual preferences, recommendations, transaction records and so on. Our techniques are robust to perturbation in the data and tolerate some mistakes in the adversary’s background knowledge. We apply our de-anonymization methodology to the Netflix Prize dataset, which contains anonymous movie ratings of 500,000 subscribers of Netflix, the world’s largest online movie rental service. We demonstrate that an adversary who knows only a little bit about an individual subscriber can easily identify this subscriber’s record in the dataset. Using the Internet Movie Database as the source of background knowledge, we successfully identified the Netflix records of known users, uncovering their apparent political preferences and other potentially sensitive information.
Datasets containing “micro-data,” that is, information about specific individuals, are increasingly becoming public—both in response to “open government” laws, and to support data mining research. Some datasets include legally protected information such as health histories; others contain individual preferences, purchases, and transactions, which many people may view as private or sensitive.
Privacy risks of publishing micro-data are well-known. Even if identifying information such as names, addresses, and Social Security numbers has been removed, the adversary can use contextual and background knowledge, as well as cross-correlation with publicly available databases, to re-identify individual data records. Famous re-identification attacks include de-anonymization of a Massachusetts hospital discharge database by joining it with with a public voter database [22], de-anonymization of individual DNA sequences [19], and privacy breaches caused by (ostensibly anonymized) AOL search data [12].
{Worth reading even if you don’t understand math—the researchers explain a great deal about de-identification and why it does not protect privacy. Narayana and Shmatikov write, ‘The privacy question is not “Does the average Netflix subscriber care about the privacy of his movie viewing history?,” but “Are there any Netflix subscribers whose privacy can be compromised by analyzing the Netflix Prize dataset?” The answer to the latter question is, undoubtedly, yes. As shown by our experiments with cross-correlating non-anonymous records from the Internet Movie Database with anonymized Netflix records (see below), it is possible to learn sensitive non-public information about a person’s political or even sexual preferences. We assert that even if the vast majority of Netflix subscribers did not care about the privacy of their movie ratings (which is not obvious by any means), our analysis would still indicate serious privacy issues with the Netflix Prize dataset.~Dr. Deborah Peel, Patient Privacy Rights}