Regarding, “When Privacy Laws Do More Harm Than Good”

Privacy forms the basis of liberty. The problem lies not with the laws but with those who fail to disclose needed information when required.
Privacy laws allow for the disclosure of information in cases involving the health and safety of individuals or the risk of serious harm. I issued a fact sheet to clarify this point and identified circumstances when personal information could be disclosed under Ontario’s privacy laws, which I oversee. It is similar in other Canadian jurisdictions.
In the United States, both the Health Insurance Portability and Accountability Act and the Family Educational Rights and Privacy Act also permit the sharing of information in situations involving imminent threats to health or safety. For students this could include elements of threatened suicide, other threats or unsafe conduct. The Privacy Act has a provision allowing for disclosure in compelling circumstances.

Companies linking health factors to benefits

First they tried nudging. Now companies are penalizing workers who have high health risks such as obesity and high blood pressure or cholesterol as insurance costs climb.

Lee Morrison, 51, doesn’t mind the push, which came in the form of added insurance charges from his employer, Western & Southern Financial Group.

“I knew if I wanted to be healthier and pay less, it was up to me to do something about it,” said Morrison, who has lost 54 pounds and lowered his body mass index enough to earn refunds the past two years.

A small number of companies have linked health factors to what employees pay for benefits, but the practice is expected to grow now that some federal rules have been finalized, spelling out what’s allowed by law. Employee advocates worry that other anti-discrimination laws such as the Americans with Disabilities Act won’t cover the person who is 20 or 30 pounds overweight.

The businesses are deducting from employees’ paychecks, adding insurance surcharges or offering insurance discounts or rebates only to low-risk workers.

“Employers know they have to do something,” said Garry Mathiason, a senior partner at the national employment and labor law firm Littler Mendelson, based in Boston. “I believe that in just the next two years more employers will turn to penalties to change employee behavior.”

{Much like revelations of how Wal-Mart uses employees’ medical costs and personal health information to make hiring, promotion, and decisions about what health benefits to offer, this story tells about how other companies are taking a similar approach. The insurance industry no longer takes any risk insuring large numbers of people in ‘risk pools’. Insurance today is simply a cost-plus business: whatever health care costs, insurers increase our premiums to ensure their profits stay high. So insurers use any and all of our health personal health information against us to deny benefits or increase our premiums. ~ Dr. Deborah Peel, Patient Privacy Rights}

Shhhhh! (10 Secrets the EHR Companies Don’t Want You to Know)

Getting physicians to use an Electronic Health Record (EHR) is not an easy task. Getting them to fork over thousands of dollars for one is even harder–and yet EHR companies have demonstrated an astounding ability to convince many physicians to spend ridiculous amounts of money for software that all too often actually decreases efficiency and increases frustration. How do they do it? Before I expose the secrets of how EHR companies get the unwary to sign on the dotted line, full disclosure is in order: I own an EHR company, and many of the issues discussed below could be construed as being self-serving (indeed, many are). Thus, keep in mind that these are my own opinions based on years in the field as both a vendor and a practicing physician, and may not reflect the opinions of the publisher of this magazine or anybody else.

In 2001, as a family physician wishing to use an EHR in my practice, I researched a number of solutions and found them to be overly complex and well outside my price range. Eventually, I gave up and decided to develop my own software, Amazing Charts. Since that time, in addition to running a private family practice, I’ve sold my EHR to more than 1,500 practices. Yet, I’m a Birkenstock-wearing family doctor first, and a salesman second, so I felt it was time to expose the seedy marketing and sales techniques that continue to fool so many physicians into adopting over-priced and overly complex EHRs. Physicians tend to learn from the experience of others, either anecdotally or from peer-reviewed sources. We assume the information presented to us by reputable institutions, experts, and our colleagues is unbiased and that potential conflicts of interest are fully disclosed. When it comes to the EHR industry, this assumption is incorrect.

Secret #1: (EHR awards have been bought!)
What first provoked me to explore the dirty secrets of the industry was discovering that most of the coveted awards prominently displayed by EHR companies are judged by people who are getting paid by them. Although this may be reasonable under some circumstances (eg, the expert judge is also providing legitimate consulting services to the EHR company), it is completely unethical if it isn’t openly disclosed—and in the case of EHR awards, the judges’ monetary relationships are not disclosed.

Scrap the national IT plan … and do it right instead!

In a recent editorial , Modern Healthcare argues that the current national health information technology (IT) efforts should be abandoned since they can’t succeed unless “the federal government mandates a single healthcare information technology platform for all healthcare providers and heavily subsidizes its adoption.” While we agree that the current efforts are not progressing well, we are not willing to dismiss health information technology’s potential to improve care, increase efficiency, and reduce costs.
Health Record Banks and Consent Management Tools Can Overcome Problems with Current Health IT Efforts
Over the past several years, more than enough time and energy has been spent trying to automate our existing, inadequate system of health information “exchange” between various healthcare stakeholders. Not only have these efforts failed to solve the problem of making complete patient records available, they are also numbingly complex, frighteningly expensive, and a massive threat to privacy. It is time to use ‘smart’ technology and build a system of Health Record Banks that can provide more complete electronic patient information with informed consent whenever and wherever needed. Health record banks with independent consent management tools that automate the process of obtaining permission for each release of information can make the records needed for safe and effective medical care available while fully protecting every individual’s right to health information privacy.
Health Record Banks (HRBs) would provide everything needed for an effective nationwide health information system: 1) consumer-controlled access to medical records; 2) financial sustainability; 3) incentives for physicians to acquire and use electronic health record (EHR) systems in their offices; 4) ironclad privacy protection; 5) stakeholder cooperation; and 6) access to health data for consumer-authorized secondary uses such as medical research.

RTI public comment period ‘a sham’: reader

The public comment period made available by RTI International is a sham. Who in the public would ever know that the study had been commissioned and where they could make a public comment. And why did it take so long to release the report? They knew the real public would be outraged.
Only 5% of the population has ever heard of RTI, and the healthcare community (those who may have heard of RTI) does not routinely monitor the RTI site for the existence of such a comment period.
I think the comment from the IT executive asking for access to the payer’s system is on the money. Chittaranjan Mallipeddi, chief executive officer of MedPlexus in Sunnyvale, Calif., said: “For fair play, I think physicians should ask to have access (to payers’ systems). The payers should be open to that.”
Much of the National Health Information Network effort is a lie clothed in deception: the deception of its alleged prime motivation—about improving healthcare for human beings. It really is a way for the CMS and all payers to continue to deny paying for necessary medical services.
I am in the industry and I am outraged. You really can’t trust the government. This is just another example.
{Even people in the healthcare industry agree that the idea that the RTI process included the public is a sham and that the public will NEVER agree to electronic health records that function as “spyware” for the insurance industry. ~ Dr. Deborah Peel, Patient Privacy Rights}

IMS Health, Wolters Kluwer Health and Verispan Challenge State Laws Restricting Access to Critical Healthcare Information

With the goal of maintaining greater transparency and the free flow of information in the nation’s healthcare system, three leading health information companies IMS Health (NYSE: RX), Wolters Kluwer Health, through its subsidiary Source Healthcare Analytics, Inc., and Verispan LLC today filed lawsuits in the U.S. District Courts for Maine and Vermont challenging new state laws that restrict the collection and disclosure of physician prescribing information.
The plaintiffs are seeking a court order to enjoin enforcement of the statutes, which take effect Jan. 1, 2008, and deny access to information that is central to improving the quality of care and ensuring patient safety. The statutes are based on New Hampshire’s “Prescription Restraint Law,” which was struck down as unconstitutional in U.S. District Court in April 2007 (IMS Health Inc. v. Ayotte).
According to the plaintiffs, the statutes conflict with the national movement toward greater transparency in healthcare practices and with the ruling handed down by U.S. District Court Judge Paul Barbadoro in New Hampshire earlier this year.
“The new laws in Vermont and Maine will have the same unintended consequences as the one in New Hampshire, blocking vital healthcare information from public view while doing nothing to drive down prescription drug costs or improve the health and well-being of citizens. In fact, it’s very likely they will have the opposite effect,” said Randy Frankel, IMS vice president, External Affairs. “While we would have preferred to work with both states on alternatives, they have chosen instead to follow the same path as New Hampshire. We feel we have no choice but to protect access to this essential information by opposing any legislation of this nature.”
In the state filings, the three companies reiterated their strong, unqualified support for patient privacy, noting that the prescribing information each collects is anonymized and does not reveal individual patient health records.
{The nations’ largest prescription data miners are suing Maine and Vermont to try to block laws those states passed to end prescription data mining. Data mining is theft. The data miners allege that they “protect patient privacy” and allege that the data they sell is used to “monitor and monitor and manage the safety of medications, implement drug recalls, rapidly communicate information to doctors about innovative new treatments and conduct public health studies”, “educate healthcare providers about the prescribing practices”, “ensure that the right doctors receive relevant, timely information about drugs and have the knowledge they need to make the right choices for their patients. “ Sounds really good, but it’s just not true. Their business is selling stolen prescription records to drug companies, employers, and insurers so they can pressure doctors to switch medications or for other uses. The claim that the stolen prescription data they sell is “anonymized” has never been substantiated. In fact many doctors report the opposite: i.e., that drug company representatives have complete lists of their patients’ names and the drugs they are taking. The key point is that these data mining corporations make billions by stealing the entire nation’s prescription records. It is impossible in the US to keep a prescription private—all 51,000 pharmacies are data mined daily and the data has been sold to insurers and drug companies for over a decade. These corporations do not have our informed consent to copy, sell, or use our prescriptions. Who wants a drug company or insurer to pressure their doctor to switch their medications? If my doctors are being pressured to prescribe different brands pf antibiotics or heart medicines—that pressure directly affects my treatment and puts me at risk of harm, whether or not they sell my name. ~ Dr. Deborah Peel, Patient Privacy Rights}

13 Million Grant for AHIC Successor


he Department of Health and Human Services has announced a grant of up to $13 million will be awarded for the design, creation and operation of a successor entity to the American Health Information Community.

AHIC, created and chaired by HHS Secretary Michael Leavitt, advises the department on how to advance health care information technology, including creation of a national health information network. Leavitt believes a new public-private entity will be more representative of industry stakeholders. Some others, including U.S. Rep. Pete Stark (D-Calif.) and the AARP interest group, believe AHIC remaining under the federal government umbrella would be more accountable.

Under a Notice of Funding Availability issued by HHS, the department anticipates one award with an initial payment of $2 million to support the design and creation of a successor entity during a four-month period. A subsequent $3 million payment will fund initial ongoing operations of the entity. Up to $8 million in additional funding will continue to support operations assuming availability of funds.

{Bad news for consumers: the federal government plans to completely ‘privatize’ the oversight of the health IT system by ‘privatizing’ AHIC, the current public-private consortium it set up to guide the development of the health IT system. It’s not that AHIC has so far protected the best interests of patients and consumers, but at least federal agencies that in theory have oversight and a duty to protect citizen’s interests are members of AHIC. AHIC is dominated by private industry appointees who are building the national health information network to facilitate the data mining and sale of every Americans’ health records. Consumers control none of their sensitive health information today—this new plan to privatize AHIC will ensure that never changes because its successor will have no public or government oversight. And the feds are going to grant some corporation $13 million dollars to set up the successor to AHIC. Ensuring private industry is in charge of the nation’s health information is like putting the foxes in charge of the hencoop.}

Health on the job

Dr. David French has diagnosed gallstones, acute renal failure and congestive heart disease. He has also prescribed antibiotics for an infected cuticle, treated poison ivy and found cancerous moles.
Those patients have wandered into Toyota Motor Corp.’s urgent-care clinic, just a few steps from the Camry assembly line at its Georgetown plant. And a plant pharmacy can deliver prescriptions to workers on the line.
Mammograms are coming, and an optometry service is in the works.
Toyota and other large corporations like Pepsi Bottling Group, Credit Suisse and Sprint Nextel have set up or expanded on-site health clinics in recent years. In Louisville, General Electric Co. is weighing the merits of an in-house clinic for workers at Appliance Park, company spokeswoman Kim Freeman said.
{The problem with employers supplying healthcare onsite is they will be tempted to use employees’ personal health information to discriminate. Employees who develop costly illnesses or have positive genetic tests may be fired or denied promotions.. Employers are not supppsed to violate patient privacy but many do despite the law, because employees don’t have the time or money to prove what happened or hire lawyers.. Employers that offer on-site clinics to lower their healthcare costs are setting up conflicts between what is best for the corporation and what is best for the patient or employee. ~ Dr. Deborah Peel, Patient Privacy Rights}

Vendors, privacy activists speak out on report

The RTI International recommendations got split reviews from Don Schoen, president and chief executive officer of MediNotes, a West Des Moines, Iowa, developer of EHR systems for ambulatory care, and chairman of the Electronic Health Record Vendors Association, a trade group affiliated with the Chicago-based Healthcare Information and Management Systems Society.
Schoen said that he supported some of the recommendations, particularly one that calls for vendors to not build into their systems prompts that suggest physicians could add more documentation to the record of a patient encounter to obtain a higher-paying evaluation and management code.
“I can’t speak for every product that’s out on the market today, (but) most members don’t have products that prompt docs at a certain level,” Schoen said. “Most measure what doctors have reported in their note and tell them this is the code that qualifies. The last thing the doctors want as well as the companies themselves is to stand under scrutiny to commit any kind of fraud. We’re out there to help our clients get paid for what they honestly and justifiably should.” But he also took issue with some of the procedures of the RTI work group that produced the report, including a lack of vendor participation and the short public comment period, both of which compared unfavorably with practices by CCHIT, he said.
“Not one of our vendors that we know of has been on that panel,” he said, adding that during the two-week comment period, on average only about 63 respondents voted in favor of the 14 recommendations, a response rate he called “ludicrous.”
{“The federal government (HHS) proposes to open up all our electronic health records to insurers and others to detect fraud. Guess what the cause of fraud is? Access to medical records by people we would never want to see them. Congress must restore our longstanding rights to control access to our personal health records that HHS eliminated in 2002. HHS has been out-of-control for years—–first it eliminated Americans’ rights to control who can see and use their medical records, now it wants insurers and others to have open access to our entire health records to stop fraud. Allowing even MORE unwanted users to have access will not stop fraud, it will increase fraud. The RTI report commissioned by HHS concludes that fraud will be greatly enhanced by today’s electronic records systems. It certainly will—unless patients once again control access to personal health records. HHS doesn’t want the exponential increase in fraud that will result from building a digital health system with no privacy rights to dampen enthusiasm for electronic health records. But who pays when the wrong people have open access our medical records for fraud, for identity theft, and for medical identity theft? We do—taxpayers and patients. We will pay the costs and suffer from the thefts—-yet we could easily PREVENT the wrong people from seeing our medical records and PREVENT fraud, if Congress restores the right to give consent before anyone can access our personal health information. The irony is ‘smart’ technology exists today that can easily give us the power to control all access to personal health information, no matter where it is stored. We have to demand that this ‘smart’ technology—called independent consent management tools—-be required throughout the electronic healthcare system. ~ Dr. Deborah Peel, Patient Privacy Rights”}

What is the Most Important Feature of a Payer-Offered Electronic Health Record?

Nearly nine out of 10 survey respondents said that electronic health records offered by health insurers should have appropriate privacy and security features, according to a survey by the Healthcare Information and Management Systems Society.

Eighty-two percent of survey respondents said that patients should own their own information, and 77% said patients should control the distribution of the data. The survey also found that 73% of respondents said the EHR should be easy to use.

Survey respondents were most likely to believe that EHRs offered by health plans should include insurance company data, such as claims data. However, about two-thirds of respondents also said they believed that payer-offered EHRs should include clinical data derived from hospital and ambulatory visits, as well as consumer-generated data.

{Professionals managing electronic records have the same serious concerns that consumers have about the lack of privacy and security in electronic health records systems. This is a poll of 101 members of HIMSS, an organization of health IT professionals. 87% believe that privacy and security are the most important features EHRs/PHRs should have and 53% had a low or very low level of confidence in the security of the products on the market. ~ Dr. Deborah Peel, Patient Privacy Rights}