Drug info firms target prescriber data laws

Doctors do not have a privacy right to their prescription-writing habits, data-collection firms say as they sue in Vermont and Maine.

After landing a first-round federal court victory against a 2006 New Hampshire prescriber privacy law, data-gathering firms are targeting similar laws set to take effect next year in Maine and Vermont.

Legislators in those two states, wary of a similar legal upset, shied away from a New Hampshire-style ban on any marketing use of prescriber data. Instead, they crafted legislation allowing physicians and other prescribers to choose whether drugmakers can access their prescription data.

In Maine, doctors could opt out of data sharing; in Vermont, they could opt in.

But prescription-data-collection firms IMS Health Inc., Verispan LLC and Source Healthcare Analytics Inc. filed federal lawsuits in late August challenging the new laws. The complaints argue that they violate the U.S. Constitution’s First and 14th Amendments as well as the Commerce Clause.

“The problem with the Maine and Vermont laws is that they create an entirely new and unprecedented privacy right for physicians in their professional conduct,” IMS spokesman Randy Frankel said. “Improving our health care system depends on access to more information, not less.”

Improving Health Care: Why a Dose of IT May Be Just What the Doctor Ordered

The Information Technology & Innovation Foundation-10/01/07-Information technology (IT) is a major driver of innovation and economic growth.1 Health IT promises to revolutionize health care by improving the quality and containing the costs of care. For the American health care system to benefi t from advances in IT,it must adopt electronic health records (EHRs). An EHR2 contains the complete medical history of a patient, including a full listing of illnesses,laboratory tests, treatments, drugs administered, and allergies.
Health IT is not just about merely digitizing medical records to create a paperless office, although doing this will achieve considerable savings—it is also about fundamentally transforming the health care system so that both doctors and patients have access to information and tools that allow them to better manage their care. This new IT-enabled model of health care has the potential to improve preventive health care and chronic disease management and reward medical practices with financial incentives for effective and efficient care. It has the potentialto give health care researchers the data they need to identify and deliver best practice care and continuously improve the quality of health care. Finally, health IT has the potential to empower consumers to better understand and manage their own health care conditions, needs, and treatments.
Recognizing the importance of IT to health care, President Bush issued an executiveorder in 2004 calling for the rapid deployment of a nationwide interoperable health information technology network, including EHRs for all Americans, within 10 years. The U.S. Department ofHealth and Human Services (HHS) has led this effort. Unfortunately, the results of the national health information network initiative to date have been disappointing. So far, for example, HHS hasnot established comprehensive standards for the network.

Prying eyes: Protecting patient records

Cases of identity theft steal headlines, but simple curiosity is the biggest culprit for security breaches inside hospitals and practices. Here’s how to prevent it — and how to catch the snoopers.

Electronic access to patient data has made it easier to look up information — sometimes too easy.

You’ve probably heard stories about employees or others tapping patient information systems for identity theft. But the more frequent problem is snooping — curious staff or others with system access who look at information they’re not authorized to see.

It sounds innocent, but HIPAA and an increasing number of state laws that cover disclosure of information breaches don’t make distinctions based on intent. An information breach is an information breach, which means physician practices not only have to find ways to keep gawkers away but also must be ready to carry out consequences — or face them — if a breach occurs.

Diagnosis kills veteran’s benefits

Christopher Gearhart served 13 years in the military. He would have put in more time were it not for a hospitalization, a diagnosis and a discharge last year.

While on duty last December, Gearhart, 35, of Cape Coral fell into a state of mania.
He doesn’t remember much, only that he was going nonstop, 24 hours a day. It was worse than being drunk, Gearhart said. Colleagues would recount what he did or said, and Gearhart could recall none of it.

The soldier was sent to a private psychiatric hospital and diagnosed with bipolar disorder, a chemical imbalance that causes his emotions to swing wildly — from mania to depression. His discharge came soon after, and with it, the military washed its hands of him, he says.

Gearhart is receiving no Veterans Administration benefits. He has no job, no disability pay, and most critically, no health benefits. He is managing his illness with whatever drug samples doctors at Lee Mental Health are able to find for him. The drugs otherwise cost $2,000 a month, Gearhart said. He said U.S. Army officials reclassified his bipolar disease as a “personality disorder,” which covers such things as antisocial, obsessive or histrionic behaviors.

{The VA is accessing veterans’ personal health information without consent to justify discharge and denial of veterans’ benefits. The VA appears to be doing this to cut the high costs of providing medical care. Veterans’ medical records are searched for pre-existing conditions or symptoms to justify altering diagnoses, so veterans can be discharged from military service and disqualified from receiving any veterans’ benefits. These practices are identical to those of some private insurers. Private insurers also search past medical treatment records for information that could justify altering patient diagnoses, in order to deny treatment and benefits, even after the treatment has been provided. Those who retroactively change patients’ diagnoses to save costs are NOT physicians who actually treat these patients, but VA or insurance company employees. The VA abuses triggered a congressional inquiry last summer. Representative Hare and Senator Obama of Illinois filed legislation to place a moratorium on the military mal\king anymore diagnoses of “personality disorder.” The real problem is patients do not control access to their sensitive medical records. Employers and the government should never have access to personal health information–the temptation is too great to use that information to harm people. ~ Dr. Deborah Peel, Patient Privacy Rights}

Patient Privacy Violated

Local pharmacies on Carter’s list

Two Evansville pharmacies are among 36 pharmacies and pharmacists Indiana’s attorney general says violated patient privacy by improperly disposing of private health information.

Attorney General Steve Carter announced Thursday in a Civic Center news conference that his office filed administrative charges earlier in the day against the pharmacies and individuals in central and Southern Indiana. He said he will seek sanctions against their licenses.

Google Wants to Track Your Medical History — And Your Genome

In a recent review of 23 internet companies by a consumer watchdog group, Privacy International, Google was the only one to receive the lowest grade, reserved for those with “comprehensive consumer surveillance and entrenched hostility to privacy.”
With that low mark in mind, you might find the idea of Google’s having its virtual hands on your medical history a bit disturbing. The company, and its rival Microsoft, are each taking the first steps toward the burgeoning, and lucrative, industry of electronic health-records management.
Having your medical records in an accessible, searchable and consistent format is certainly appealing. But you, and your doctor, would also become a magnet for advertisers offering services based on your particular medical history.
Eminent technology investor and pundit Esther Dyson isn’t worried about privacy policies, her personal records being hacked, or these companies cooperating with the National Security Agency. In fact, she wants you to turn over not just your medical records, but your personal genetic sequence as well.
In a recent interview on Charlie Rose, Dyson explained that she’s among ten people about to put their health histories and genetic sequences on the internet for public viewing. She optimistically predicts that lots of us will soon entrust such information to online companies, albeit in private accounts.
{Today Americans have no legal rights to control the use and sale of their medical records at all, thanks to HIPAA. Once you give a private corporation the rights to use, own, sell, aggregate, or ‘study’ your genetic data, you can never make those highly sensitive records private again. You will endanger opportunities for jobs, credit, admission to schools, and insurance coverage for everyone who is related to you—especially your children and grandchildren. Your decision will harm your family for generations. It is a grave mistake to participate in any electronic records systems until Congress restores our right to control who can see and use our health information and until you are guaranteed control all disclosures from your electronic records by ironclad legal contracts and “smart” technology that ensures your rights to privacy.}

Electronic medical records at risk of being hacked, report warns

The electronic health record systems that automate the digitized medical histories of U.S. patients are severely at risk of being hacked, a new report has claimed. A fix requires better collaboration between CIOs and vendors.
The warning comes from the eHealth Vulnerability Reporting Program (eHVRP), a collaborative of health care industry practitioners and technology providers. It was formed last year to assess the security of the nation’s electronic health records.
“There was not one system we could not penetrate and gain control of data,” said eHVRP board member Daniel S. Nutkis. “These systems were not any worse than banking systems. But the banking systems have elaborate security mechanisms sitting on top of them.”
{Security of electronic health records is nil, yet the government and industry promote the adoption of these grossly unsafe technologies anyway, risking exposure and theft not only of health information, but also of all the demographic amd financial data that is included in health records.~Dr.Deborah Peel, Patient Privacy Rights}

W.Va. Ends Reporting to Drug Companies

The state’s health care plan for public employees has decided drug companies don’t need to know what medications are being prescribed to its members.

The Public Employees Insurance Agency has asked its pharmacy benefit manager, St. Louis-based Express Scripts, to stop providing that information to drug manufacturers.

Advocates of ending the disclosures say the drug companies use the information to encourage doctors to prescribe brand name medications instead of cheaper, generic equivalents.

“Basically, we’re shooting ourselves in the foot,” said Delegate Don Perdue, D-Wayne, the chairman of the House Health and Human Resources Committee.

Even though Express Scripts has agreed to stop providing the information to drug companies, Perdue said he’s still considering introducing legislation to ban the practice for any company providing pharmacy benefits to West Virginia state health plans.

Express Scripts said it would comply with the PEIA’s request.

Your Privacy Is an Illusion: How MySpace Targets its Ads

There’s nothing quite like having your online profile mined for fun and profit. MySpace has revealed details of its new targeted advertising ploy to the New York Times. Not only does the system troll for overt clues like occupation, but it also analyzes the kind of music you listen to, the movies you watch, and who you’d most like to meet.
From this data it can determine whether you’re into indie rap, zombie movies, or have a thing for Samuel Jackson — and pelt you with advertisements accordingly. The system can even be used to target regional fan of a particular music genre for concert tours. “We are blessed with a phenomenal amount of information about the likes, dislikes and life’s passions of our users,” says Fox Interactive Media president Peter Levinsohn. Blessed. Thank goodness the Web’s denizens are so free with their personal information — it’s considered “digital gold.” These targeted ads are projected tol boost MySpace’s monthly revenue by $30 million. Maybe it will finally have enough free cash to fix the damn site.
{The author writes tongue-in-cheek, “Thank goodness the Web’s denizens are so free with their personal information — it’s considered “digital gold.”—–If only everyone who uses the Internet for health searches realized the exact same thing happens to any information they share with “health” sites: their highly personal data is stolen, mined, and sold. We advise you not to use the Internet for health searches—there are no laws protecting your data from theft or misuse and there are no audit trails to track who steals and sells your data. So you have no recourse for any harms like privacy violations that occur or for discrimination against you by insurers, employers, banks, and other corporations that buy your valuable data. ~ Dr. Deborah Peel, Patient Privacy Rights}

MN Health Department Yanks Baby DNA Rule to Avoid Judge’s Parent Consent Requirements

Minneapolis/Saint Paul The Minnesota Department of Health has suddenly and quietly withdrawn the newborn genetic screening rule which was set to be rolled out at the end of this month, says Citizens’ Council on Health Care (CCHC). “Clearly, the Minnesota Department of Health is not interested in protecting the genetic privacy and property rights of its newest citizens and their families. Instead they hope to use the legislative process to maintain their illegal ownership of baby DNA,” says Twila Brase, president of CCHC.

After CCHC forced the Department to hold a public hearing on the proposed newborn genetic screening rule on January 23, 2007, administrative law judge Barbara Neilsen ruled that portions of the proposed rule had “defects” and required specific changes, including:

  • Against the Department’s written wishes, Judge Neilsen required that parents of newborns be given a Tennessen Warning as requested by CCHC at the public hearing. The Warning, which is required for most data collection by government agencies, would fully inform parents of state government’s involvement in the testing program, the parent’s right to refuse government collection of DNA and genetic data, and how the data would be used and who could access the data if the parents permitted their baby to be tested for a list of genetic conditions.
  • The judge also required explicit opt-in parent consent for the retention of newborn blood and DNA, and for dissemination of blood and genetic information to genetic researchers. Countering the Department’s executive decision ten years ago to begin retaining and disseminating newborn blood without parent knowledge or consent, Judge Neilsen specifically stated that Minnesota law does not authorize such retention and dissemination, and in fact such activities now specifically violate the 2006 Minnesota genetic privacy law.

In July, Commissioner Dianne Mandernach appealed the ruling to the Chief Administrative Law Judge, Raymond R. Krause. The appeal was denied.

According to a Department letter tucked away on the health department’s website—no press release was issued—the Commissioner is now withdrawing the rule to “seek legislative guidance on storage and use of blood spots.”

Ms. Brase provides the following statements:

“The health department has cleverly avoided getting specific consent from parents of newborn babies. They’ve avoided fully informing parents about what’s happening to their children. They’ve withdrawn the rule in hopes of using the political process to sanction 10 years of illegal blood retention and genetic research, and specifically to get approval for state government ownership of the DNA of newborn citizens.

“The department’s decision strips the judge’s genetic privacy and DNA property protections from newborn babies and their families. The Department is clearly disregarding the privacy and property rights of citizens in hopes of eventually dismissing them through the legislative process.

“Obviously these DNA samples have great value, but they belong to parents and their children, and not the State of Minnesota,” Brase adds.

“We again call on the Governor to make the Department follow the rule of law.

“We call on the Governor to protect the genetic privacy and property rights of parents and children by dissembling the health department’s warehouse of DNA wrongly taken from children and their parents, and by requiring the Department to get explicit fully informed consent from parents for newborn genetic testing.

“Minnesota’s children and parents are waiting for the Governor to protect their legal rights.”

Key Documents:

MDH Letter to Judge Krause, August 29, 2007

CCHC’s Letter to Governor Pawlenty, July 24, 2007

CCHC’s Letter to Commissioner Dianne Mandernach, July 12, 2007

Chief ALJ Raymond R. Krause’s Reconsideration Order, July 3, 2007

MDH Request for Reconsideration, June 27, 2007

The ALJ Report (ALJ Barbara Neilsen), March 27, 2007

CCHC Testimony/Submitted Comments to ALJ, January 23/31, 2007:

CCHC Attachments to Testimony, January 31, 2007

Office of Administrative Hearing Newborn Screening Rule including all letters from the public