Coalition to Congress: Don’t pass health IT bill without privacy protections

A coalition of 47 organizations that span the political spectrum today called on Congress to refrain from passing health information technology legislation unless the measure would protect the privacy of health information.
At a press conference on Capitol Hill, the Coalition for Patient Privacy released a letter it is sending to members of Congress to influence the content of health IT bills pending in the House and the Senate.
“Despite the good intentions of the Health Insurance Portability and Accountability Act (HIPAA) and its ‘Privacy Rule,’ the current regulations leave all Americans’ personal health information completely vulnerable and exposed,” the letter stated.
“Setting national privacy standards is a job for Congress, not unelected agency appointees, who for the most part represent industry,” the letter added.
Deborah Peel, founder of Patient Privacy Rights and leader of the coalition, said that in the 18 months since the coalition held its last press conference on Capitol Hill, Microsoft Corp. and other organizations have joined the coalition. “Congress was amazed that so many people were in favor of privacy from both sides of the issue,” she said.

Microsoft joins lawmakers, activists to demand patient privacy rights

Lawmakers, corporations and activists joined today to urge Congress to protect patients’ medical privacy rights. Activists say such rights are not adequately protected, especially when it comes to electronic health records.

At a Capitol Hill briefing sponsored by the Coalition for Patient Privacy, at least 46 states, national organizations and corporations, including Microsoft, petitioned Congress to include adequate patient protection in any healthcare IT legislation it may pass.

Today’s request is based on the Coalition’s extensive 2007 patient privacy principles and calls for privacy that applies to all health information regardless of the source, the form it is in, or who handles it.

According to Deborah Peel, MD, founder and chair of Patient Privacy Rights, the Coalition developed the privacy principles to serve as standards for legislation. Today’s effort is just a small part of a greater effort to curtail passage of currently proposed federal healthcare IT legislation that Peel said offers consumers no control over access to personal health information.

Peel leads battle to protect medical privacy

Imagine if FedEx ripped open every package it delivered and made copies of the documents inside before delivering the package. And then imagine that it sold those copied documents to anyone it did business with who wanted to buy the information. You’d stop using FedEx, right?

Welcome to the dark underbelly of our nation’s medical data, says Dr. Deborah Peel, an Austin psychiatrist and founder of the Patient Privacy Rights Foundation.

“Everybody rips it open and copies it. The health IT industry is not a trusted courier,” Peel says. Even though the Health Insurance Portability and Accountability Act passed in the mid-90s eventually included provisions that would recognize the “right of consent” of patients, the rule was amended in 2002, Peel says.

That change virtually eliminated the right of consent — and a consumer’s right to privacy along with it, Peel argues. “That’s 2,000 years of medical ethics wiped out by appointees to a federal agency,” she adds. Now, Peel says that thousands of companies — insurance companies, large employers and even data miners in Bangalore — can now gain access to private medical data.

Keeping the Record Straight

Hospitals and doctors are putting their paper records into digital form–and now you can, too. Having an electronic “personal health record” has been “a huge timesaver,” says Suzanne Mintz of Kensington, Md., who runs the National Family Caregivers Association. Her husband, Steven, has had multiple sclerosis for 33 years, but they can now provide years of his neurological and medical reports to a new doctor at the touch of a button.

An array of Internet services and software for everything from desktops to pocket PDAs and cellphones now allows you to gather your medical information from various sources and update it easily. The idea: Having that health history at your fingertips—including any medications you’re taking and the dosages, your lab results, and even your living will—makes for better, more coordinated care. It’s particularly useful, says Eric Pan, an instructor in medicine at Harvard Medical School and a senior scientist at the Center for Information Technology Leadership, for the person “seeing an allergist, a cardiologist, and a radiologist—sometimes all in the same day.”

If storing the data at home is what you aim to do, a desktop program or an Internet-based system like the one the Mintzes use may be the answer. HealthFrame is a downloadable product available for about $40 that lets users keep track of appointments and medications; input indicators like blood pressure, weight, and cholesterol and graph them over time; and attach original documents, such as doctors’ notes and billing receipts. For $5 a month (or $8 for two people), the Internet-based Medikeeper adds access to a “MediLibrary” of information on diseases and a toll-free number that health professionals can call to access medical records in an emergency. Two weeks ago, Microsoft announced that it would enter the business. Users of its new online HealthVault service can upload and store their medical information free. For a fee of $9.95 a year, a HealthVault partner program called icePHR will soon make that information available to emergency medical personnel who are treating patients after accidents, say. They’ll punch in a number stored in the person’s cellphone.

The Health Record Paparazzi is Above the Law and In Bed With Congress

We learned today that all of us are a bit like George Clooney: the Health Record Paparazzi loves a celebrity, but it loves the average American just as well. Instead of intrusive cameras flashing and TMZ taping our every move, we have insurers, employers, hospitals, doctors, pharmacies, drug companies, marketers, creditors and banks digging around for our most personal, intimate information.

HIPAA protects no one, including movie stars. The HIPAA regulations were changed by a Bush appointee that defy the ancient doctor-patient promise that when a patient goes to their doctor, whatever they share will be kept private. No one can make that guarantee anymore. To see the fine print visit Patient Privacy Rights.

Over 4 million individuals and businesses can see and use our health records, without consent and over objections. HIPAA is so broad it is hard to imagine who doesn’t have a legal right to your most personal details.

The Health Record Paparazzi can be stopped — but only by an act of Congress. Right now, Congress is working on legislation that will open up your health records even more. Everyone will have control over your health information except the patient.

We must have federal legislation that guarantees our right to control our most personal information and requires meaningful, enforceable penalties for everyone who shares our information without consent.

Privacy Concerns Prompt VA Hospitals To Withhold Cancer Data

Department of Veterans Affairs officials are citing patient privacy concerns in their decision to stop providing states with information on cancer patients treated at VA hospitals, a move that researchers say could hinder the national cancer surveillance program’s ability to accurately collect cancer statistics, the New York Times reports.
Hospitals are required by state laws to submit data, including a cancer patient’s name, address, age, race and medical history. The information is then used to compile cancer rates and help researchers track statistics.
VA in August instituted a new national directive that sets conditions for state use of patients’ personal data and has said it cannot provide data until states sign the directive.
The directive states that any researcher who wants to use the personal data of VA patients must either get permission from the VA’s undersecretary of health or find a VA researcher to collaborate with and get permission from the hospital’s ethics board. The directive also requires patient information to be encoded to prevent unauthorized access.
{The VA has a simple and reasonable step to guard the privacy of every veterans’ cancer data. Requiring states to get consent from the VA’s Undersecretary of health or find a VA researcher to collaborate with before accessing such personal health information are helpful until it becomes simple and easy to ask every veteran for electronic consent to use their health records about cancer treatment. “Smart” technology exists today—independent electronic consent management tools—that allows every American to decide when and if to share their sensitive health information for research. We must pressure Congress to restore our control of personal health records. Before we share our health records, we need to be certain that the information is secure, that the researchers will guard it, and that it will be destroyed when the study ends. Population-based research does NOT require identifying information. Any need for identifiable health records should meet a very high standard to prove why the study cannot be done on de-identified data.}

Your Health Data, Plugged In to the Web

Microsoft launched a free, ad-supported online health portal called HealthVault yesterday that allows people to upload their medical records to the Web and share the information with doctors.

Microsoft beat not only the federal government to the punch but also a number of other companies, such as Google and Steve Case’s Revolution Health, that reportedly have been working on similar portals. Some privacy advocates are concerned that such sites could expose sensitive medical data to hackers and outsiders, but Microsoft said it has spent the past several years consulting with experts to ensure that HealthVault will keep personal information private.

Several other countries have already implemented nationwide medical-record networks that they say are secure. In Germany, for example, patients can carry all their medical records on a single computer chip.

The U.S. government’s attempts to automate doctors’ offices have been less successful.

Studies have estimated that creating a nationwide electronic medical-record network would save more than $500 billion in medical costs over 15 years, but doctors are slow to adopt technology that has been commonplace in banking and retail for more than a decade. About 90 percent of physicians and more than 80 percent of hospitals still use paper records, according to Nancy Szemraj, a spokeswoman for the Department of Health and Human Services.

{Microsoft has set a new very high industry standard for ensuring the privacy of personal health information, i.e. ensuring that consumers control access to their sensitive health information. Microsoft’s HealthVault and its application partners have pledged to adhere to the 2007 principles of the Coalition for Patient Privacy, the toughest patient privacy principles in the nation. These principles are hardwired into the architecture of HealthVault and also enforced by contracts. In addition, HealthVault is being audited on whether it complies with the 2007 privacy principles and can require partner audits and end participation if a partner does not adhere to the standards for privacy.  For the first time, a major multinational corporation is being crystal clear about what it means by the word ‘privacy’ and is proving that its product actually does what they say it will do by obtaining outside audits of its privacy and security practices amd protections. All health technology vendors should meet these same ‘best practices’ for privacy if they expect consumers to trust and use their systems. ~ Dr. Deborah Peel, Patient Privacy Rights}

Candidates on Health IT: Bromides or Beliefs?

After the recent flurry of announcements, speeches and presentations focused on the major presidential candidates’ health care proposals it seems clear that health IT will be a permanent fixture in any future administration’s health care plans.

Just about all the candidates who have published their proposals, both Democrat and Republican, mentioned health IT as an essential part of future reform efforts.

Some, such as Sens. Hillary Clinton and Barack Obama, proposed spending billions of dollars to promote the use of technology. Others, particularly among the Republican candidates, talked about improving incentives for market-led programs and for state and local efforts.

And that’s all a big change from past presidential races, observers point out.

“Four years ago there was little attention being paid to this,” said Christine Bechtel, vice president of public policy and government relations at the eHealth Institute. “So it’s nice that many of the candidates now see (health IT) as an important element.”

Scott Wallace, president and chief executive of the National Alliance for Health Information Technology (NAHIT), also thinks that the understanding of how health IT works has made major strides since the last election.

“(The debate) is much more grounded than it was four years ago,” he said. “Then there was a tendency to look at technology as some kind of magic pixie dust that would make health care concerns go away. Now, politicians realize it involves a fundamental restructuring of how we think of IT and its role in health care.”

They see it now as “an integral part of the process and not a binary step,” he said.

But that also means that the issues involved with how IT can affect health care are much more complex, and that realization is preventing the presidential hopefuls so far from buttressing their proposals with many details of how they would prosecute their plans.

Microsoft launches HealthVault – platform for the people

Microsoft today launched a new technology platform it bills as the answer to how consumers can best get a handle on their healthcare information and share it.

Called Microsoft HealthVault, the technology not only has the support of healthcare providers, patient activists and device manufacturers, it also passes muster with one of the industry’s toughest privacy rights advocate Deborah Peel, MD, founder of the Patient Privacy Rights Foundation, one of 50 organizations that comprise the Coalition for Patient Privacy.

The company also unveiled a new search engine called Microsoft HealthVault Search.

The promise of HealthVault is that it will bring the health and technology industries together to create new applications, services and connected devices, said Peter Neupert, corporate vice president of Microsoft’s Health Solutions Group. People will be empowered to monitor anything from weight loss to diabetes, he said.

“People are concerned to find themselves at the center of the healthcare ecosystem today,” Neupert said, because they must navigate a complex web of disconnected interactions between providers, hospitals, insurance companies and even government agencies. Neupert added. “Our focus is simple: to empower people to lead healthy lives.”

Microsoft Wants Your Health Records

Step into a medical office, and you’re faced with a paradox of modern medicine. Just beyond the receptionist’s desk are all sorts of cutting-edge medical technology. Computed tomography scanners. Electrocardiogram machines. Bone densitometers.

But as you approach that desk to check in, you take a trip back in time. There the receptionist hands you a clipboard of forms. For the umpteenth time you fill in your name, age, allergies, medical history, and the like. For all the medical breakthroughs created by technology, medical records remain an anachronism.

That’s changing as more companies vie to bring medical records into the Digital Age. Webmd Health Corp. (WBMD) and insurers such as Aetna (AET), United HealthCare (UNH), and WellPoint (WLP) have provided electronic medical records to policyholders for years. More recently large employers such as Wal-Mart (WMT) and AT&T (T) have been banding together to offer electronic health record systems. Revolution Health Group, led by former America Online (TWX) boss Steve Case, is trying to crack the market, as is search giant Google (GOOG).

Convincing patients that Microsoft can safeguard their data, though, won’t be easy. Dr. Deborah C. Peel, the founder and chair of the consumer advocacy group Patient Privacy Rights, says she believes Microsoft’s servers are about as secure as they get. That’s because “if they spill the data, it would completely ruin” Microsoft’s reputation, says Peel. “It would be like the Exxon Valdez.”