Privacy Form Delivers Precious Little Protection to Citizens

ou know the drill — you appear for a first visit at a doctor’s office or treatment clinic and among the routine papers for your signature is a Notice of Privacy Practices that explains the federal privacy standards set by HIPAA. You sign that too and all is well… or is it? In fact, the paper you have just signed notifies you that your right to privacy concerning even your most personal health issues no longer exists.
A common misperception is that the “P” in HIPAA stands for privacy. Actually, though the “Health Insurance Portability and Accountability Act” was initially intended to help consumers obtain continual health insurance coverage after leaving a job, despite certain preexisting medical conditions, as well as provide standards for electronic transmission of health-care information. Protecting the individual right to privacy in passing those records along was a secondary concern — though an important one. The regulations to protect patient privacy put a burden on health-care providers and insurance companies — particularly as the nation moves toward development of a national health information system. Addressing those concerns (“administrative simplification” as it was called by Congress) resulted in a complicated and ultimately ineffectual law that, on the one hand, recognizes and protects an individual’s right to privacy with regard to health information — but, on the other hand, fails to delineate those privacy rights that individuals should have. All this was explained to me by James C. Pyles, a Washington, DC, attorney who specializes in health privacy issues and legal issues associated with HIPAA. “I find this ironic, in that the original intent of HIPAA was to protect consumer rights,” he told me.
Obviously doctors and other health-care providers need to be able to disclose information about diagnosis and treatments to insurance companies to the extent it is necessary for reimbursement — that’s not the issue. Rather, the problem is, the way HIPAA now reads makes it acceptable for doctors and insurance companies to use and disclose personal health information in identifiable form for routine purposes defined as treatment, payment or health-care operations — terms that are so broadly defined, says Pyles, that the “least imaginative insurance company can justify nearly any disclosure in any situation, even if the patient wishes to pay privately.” This right to disclose also extends to all business associates of insurance companies and physicians, with no requirement of an audit trail to keep records of these uses and disclosures.

Next president faces skeptical HIT crowd

Now that the presidential candidates, both Democratic and Republican, have taken their first shots at defining their ideas for health care and the role of IT, all eyes are turning to the future to try and determine how that might play out in a new administration.
The short answer is that no-one knows because, particularly in health care, the devil is in the details. And so far there’s been very few details forthcoming from the candidates about how they will use IT for health care reform.
For one thing, a new president won’t have total control of the field whenever he or she comes into power. They’ll have to deal with a number of partially formed initiatives that can’t just be wished away.
“They’ll have to come to grips with the legacy of the Bush administration and what (Health and Human Services) Secretary Leavitt has done,” said Scott Wallace, president and chief executive of the National Alliance for Health Information Technology (NAHIT).
The Office of the National Coordinator for Health Information (ONCHIT) will still exist when the new administration takes over, he said. And Leavitt is continuing to push ahead with his plans to replace the American Health Information Community (AHIC), which has been the government’s principal advisory body on such things as interoperability and standards, with a public/private organization.

Failure, de-installation of EHRs abound: study

Failures of electronic medical-record systems are part of the lore of healthcare information technology.

Not surprisingly, a recently released survey of healthcare IT use conducted by the Boston-based Medical Records Institute found data to back up the legends.

The institute, which for 23 years has sponsored the annual Toward an Electronic Patient Record, or TEPR, trade show, has for the past nine years conducted an annual survey of attitudes and opinions about healthcare IT.

Nearly 19% of respondents to the survey this year indicated they either have in the past experienced the de-installation of an EMR system (12%) or are now going through a de-installation (7%).

Considering a number of EMR vendors have had products installed in ambulatory-care settings for more than a decade while some pioneering hospitals have been computerizing for several decades, the replacement rates should not be surprising.

{Failure of electronic health records (EHR) systems is not just lore, according to a study conduced by the Boston-based Medical Records Institute. About 19% of respondents said they had experienced the de-installation of an EHR system in the past (12%), or are going through such an experience now (7%).” About half the respondents worked in ambulatory settings, about half in hospitals. “According to the survey, the two top priorities “for strategic decisions in IT” were a need to improve clinical processes and workflow efficiency, chosen by 52% of respondents, and the need to improve the quality of care, selected by 22%. The need to share data came in a distant third place, at just under 8%, and perhaps significantly, down from 14% in last year’s survey.” Growing concerns about sharing data via EMRs may reflect greater awareness that disclosure of EMRs far beyond the healthcare system is for devastating for consumers jobs and lives~Dr. Deborah Peel, Patient Privacy Rights}

House committee clears healthcare IT bill

The House Science and Technology Committee has cleared a bill aimed at boosting the role of information technology in healthcare. The legislation also charges the National Institute of Standards and Technology (NIST) with establishing a program on healthcare information enterprise integration.

It is standards work that is already under way under the purview of HITSP, the Healthcare Information Technology Standards Panel, which is part of the federal American Health Information Community.

HITSP Chairman John Halamka, MD, said he recently met with the author of the bill, Michael Quear, and it was clear that “the same collaborative relationship between HITSP and NIST that we have today would persist.”

H.R. 2406, to authorize the National Institute of Standards and Technology to increase its efforts in support of the integration of the healthcare information enterprise in the U.S. , was introduced by Committee Chairman Bart Gordon (D-TN).

{“The new House bill, HR 2406, which cleared the Science and Technology Committee is another legislative attempt to encourge the use of technology in healthcare. But it totally fails the Americans people because it does not restore our rights to conttrol who sees or uses our personal health information. This bill ensures that our health data can be exchanged, but does not ensure that we can prevent unfettered access to personal health information for unwanted or discriminatory uses. This bill serves the interests of data theives, not patients’ need to have their privacy rights restored. Without privacy, health technology will fail because consumers will avoid going to doctors, will lie and omit critical data, and get no care or bad quality care. Privacy rights are essential and must be guaranteed in all electronic health systems or people will not be willing to go see doctors.” ~Dr. Deborah Peel, Patient Privacy Rights}

Let patients decide who sees personal information

For 30 years, a Texas psychiatrist watched her patients lose their jobs, get denied insurance or otherwise suffer because of information she was required to turn over to third parties.
ut at least that information was contained in paper files that provided some control over who saw them. Today, the advent of electronic health databases in an era of weakened federal privacy laws can be a toxic combination, warns Dr. Deborah Peel.
Fearful that the unnecessary release of private medical information could become the biggest source of discrimination, she’s become a warrior for medical privacy rights. Listening to her, you could get pretty cranked up, too.
Peel’s case centers on the 2002 HIPAA (Health Insurance Portability and Accountability Act), adopted to provide continuity of health coverage. The bill was intended, she argues, to provide a right of consent for patients before their medical information could be released into electronic networks. But it was left to the secretary of Health and Human Services to set the standards to ensure that right. She says in HHS hands, the law morphed and now has the opposite effect, because officials caved in to lobbyists for the insurance, pharmaceutical and hospital industries, among others.

Psychiatrist Among Powerful Voices in Health Care

The psychiatrist who founded and chairs the organization Patient Privacy Rights uses the spotlight recently shined on her to call for stricter protections for medical records.
What does Texas psychiatrist Deborah Peel, M.D., have in common with Gov. Arnold Schwarzenegger and Sen. Hillary Clinton? For one thing, all three were voted among the most influential voices in the nation’s health care system.
The readers of Modern Healthcare magazine voted the practicing psychiatrist of 30 years and founder of the foundation Patient Privacy Rights fourth among the 100 “Most Powerful People in Health Care” in August. The sixth annual list was based on 12,600 reader-submitted nominations and final balloting for the 300 most-nominated people. Nearly 265,000 votes were cast.
Peel was listed behind Sister Carol Keehan, president of the Catholic Health Association; former Massachusetts Gov. Mitt Romney; and California Gov. Arnold Schwarzenegger. The magazine’s readers said they thought she was more powerful than health heavyweights such as Sen. Edward Kennedy, House Speaker Nancy Pelosi, and Bill Gates.
Peel became known through her work with the nonprofit foundation she launched in 2003 in Austin, Texas, after realizing the implications of the privacy rule issued as part of the Health Insurance Portability and Accountability Act (HIPAA).
The rule “legally authorized more than 4 million entities to use and disclose our personal health information without our consent and over our objections,” she said in an interview with Psychiatric News.
Those users of health record information can include financial institutions or employers, who could use what they read in the records to reject loan applicants or job seekers, for example.
“Information technology companies’ business models are based on selling the patient data entered with their software, because [those data are] so valuable,” Peel said.

Striking a balance between privacy and health

In the first of this two-part series on a study for the Institute of Medicine by researcher Alan Westin, emeritus professor of public law and government at Columbia University, we reported that many Americans will allow their heath records to be used for medical research, but privacy is a big issue. Many patients also want to be informed by researchers of the nature of the research project for which their personal information will be used. And, for many, they want to be asked for permission by researchers every time their medical records are used, according to a presentation by Westin earlier this month of preliminary findings from a survey conducted in September in conjunction with Harris Interactive.
Obtaining patient consent, at least in some form, was a threshold requirement for research project participation in which personal information was disclosed, according to an overwhelming majority of participants in Westin’s survey.
Only 1% of participants agreed that researchers would be free to use their health information without their consent while just 8% indicated an initial, “general consent” given in advance would suffice to have researchers use their information in future research projects without having to contact them.
In addition, just 19% would agree to have their personal information used without their consent “as long as the study never revealed my personal identity, and it was supervised by an institutional review board.”
Meanwhile, a plurality, 38% of survey respondents, would want researchers from “each research study … to first describe the study to me and get my specific consent for such use.”
And while respondent demographics were not a factor in many other survey areas, they mattered here. The survey found that higher-than-average percentages of respondents who insisted on researchers obtaining their consent for each use of their healthcare data included respondents who were: black (45%); college graduates (46%); in the working-class income bracket of $35,000 to $49,000 (45%); the pre-Medicare age group of 50-64 (43%); single women (43%); those with long-term health conditions (45%); those with a “sexual” condition (49%); mental health-service users (44%); and genetic-test takers (48%).
Another 20% were unsure about research participation and 13% would not want researchers to use their information or even contact them about a study “under any circumstances.”
“We have for 349 respondents detailed accounts of their participation in healthcare research,” Westin said. “When you ask people who have participated in healthcare information research, they come out even higher than the (general) public in saying they want notice and consent. They believe that expressed consent is the right thing.
{“Professor Westin’s latest survey on public attitudes towards research access to health information confirms what has always been found when Americans are asked about their privacy rights: they do not want researchers to see or use their sensitive personal health information without consent. What’s new is that many groups of Americans who are especially insistent about being asked for consent: African Americans, people with incomes of 35-49K, college grads, single women, those who used sought treatment for mental illness, those who had taken genetic tests, those with long-term health problems, those with sexual problems, and people aged 50-64. This survey should be a wake up call to all researchers and the Administration. They are trying to open access to every American’s medical records for research by administrative fiat without a national debate because they know the public would never agree.”~Dr. Deborah Peel, Patient Privacy Rights}

Strange Bedfellows on Health Privacy: ACLU & Microsoft

What do the ACLU, Gun Owners of America, the Free Congress Foundation and Microsoft have in common? A hankering for patient privacy, it seems.

With some 40 other groups, they sent congressmen a letter yesterday urging them to “establish basic privacy protections” for health records, and soon. (Or see the press release.)

They complain that no federal statute establishes a right to health privacy and dismiss the HIPAA privacy regulation as “really a ‘Disclosure Rule’.” Their letter charges that forging “national privacy standards is a job for Congress, not unelected agency appointees.” A similar group — marrying the Christian Coalition and the National Center for Transgender Equality, among others — lobbied last year as well.

For Microsoft, it may be no coincidence that its political activism comes soon after the company unveiled HealthVault, online software and a service that would let patients store what medical information they want in a central place, giving health-care providers ready access (through Microsoft-compatible applications, naturally). Microsoft edged out Google in the online health-records race, as the Health Blog noted earlier this month.

Along the way Microsoft consulted with privacy advocates such as Deborah Peel, an Austin, Texas psychotherapist and founder of Patient Privacy Rights, one of the groups at the center of the lobbying campaign. Microsoft got Peel’s support in part by agreeing to a host of privacy guidelines, including external audits to ensure its privacy protections are what they advertise. (Peel says her group is funded by donations from individuals and honoraria for her speeches.) “We know that consumers are very concerned about the privacy of their private health data,” Peter Neupert, vice-president of Microsoft’s Health Solutions Group, said at the product’s launch in Washington, D.C., earlier this month.

{Sadly Theo comes to the conclusion that ‘Too many restrictions on what medical providers can see may blunt the advantages of electronic records — and could even hurt patient care’?  That is the insurance and data miners spin—of course they want to cast consumer control as impeding care, but consumers know exactly which people to share their records with in order to get effective care. No one trusts all doctors equally and all doctors do not need to know the same things about us. ~ Dr. Deborah Peel, Patient Privacy Rights}

Ask and ye shall receive: study

Many Americans will do their part when asked to allow their heath records to be used for medical research, but the operative phrase is “when asked.”

And, for a plurality of those who do volunteer, that means being asked each and every time their records are to be used, according to a recent study whose author said that it may be the first of its kind, specifically focusing on patient attitudes about healthcare privacy in the area of clinical research.

A pair of preliminary reports and two PowerPoint presentations about the study conducted by veteran privacy researcher Alan Westin, emeritus professor of public law and government with the Department of Political Science at Columbia University, were presented during two days of meetings earlier this month in Washington before the Committee on Health Research and the Privacy of Health Information: The HIPAA Privacy Rule. The committee operates under the Board on Health Sciences Policy of the Institute of Medicine at the National Academies of Science.

Among its goals, the committee is to “consider the needs for privacy of identifiable personal health information and the value of such privacy to patients and the public,” according to explanatory material about it on the IOM Web site. The committee is to make recommendations about retaining or changing the status quo and seeking to balance “the needs and benefits of patient privacy … against the needs, risks and benefits of identifiable health information for various kinds of health research.”

{It’s no surprise to anyone but researchers that the public supports medical research, BUT not unless they are first asked for consent to use their health records. Consent for research will soon be easy and instantaneous when new online independent consent management tools become available that ensure we decide who sees our electronic health records. This story discusses the new Westin/Harris survey results on Health Research and Privacy, Oct 2, 2007. ~ Dr. Deborah Peel, Patient Privacy Rights}

Bill sought to shield medical data

A bipartisan mix of lawmakers and private companies say Congress should pass legislation protecting the medical records of patients from potential identity theft and abuse.

The coalition includes liberal lawmakers, such as Rep. Edward J. Markey, Massachusetts Democrat; the conservative Family Research Council; and Microsoft Corp.

“Medical information is probably the most sensitive and personal information that we have about ourselves. Without strong privacy safeguards, a health [information-technology] database will become an open invitation for identity thieves, fraudsters, extortionists or marketers looking to cash in on our medical histories,” Mr. Markey said, adding that “tough privacy safeguards” are necessary to reap the benefits of integrated health databases.

The electronic medical record legislation working its way through Congress would allow data-mining companies and “4 million other individuals and entities” to secretly access millions of private medical records, creating a potential boon for misuse and identity theft, they say.

“If you think we’ve got a problem with identity theft now, just wait,” said Dr. Deborah Peel, who chairs the Patient Privacy Rights coalition, a group asking Congress to pass laws ensuring individual privacy protections for medical records.