Genomes: Behold or Beware

Patients whose physicians “collaborate” with genetic testing corporations should beware. Today, Navigenics and all genetic testing businesses can legally sell genomic data. There is no way to know which ones sell or use data without informed consent and which don’t. Americans’ personal health information is extremely valuable to corporate America. Genomic data requires extreme privacy protection because it can be used to harm not only an individual but all his/her relatives.

According to Navigenics, the personal data shared is “aggregated” and “de-linked” from “your account information”, but Navigenics offers no proof that it cannot be re-identified.

As we learned from the NIH experience, it is very difficult to “de-identify” or “anonymize” genetic data. The NIH closed a public research data base of “de-identified” genetic data after researchers proved the data could be re-identified See: . Corporations that share “de-identified” or “anonymized” health data should be required to publish the algorithms that were used and prove the data cannot be re-identified.

Questions abound:
• How can anyone be sure that Navigenics protects the privacy of genomic tests without trusted external audits of their privacy practices and policies?

• Does Navigenics pay MDVIP’s doctors a “kickback” for “collaborating” each time a patient gets genomic tests? Does MDVIP inform patients that it has a contract with Navigenics and what each doctor is paid?

• Who is being paid for “collaboration”? What exactly are the financial and contractual terms of “collaboration” between MDVIP and Navigenics?

• Do MDVIP’s patients really understand the risks of using Navigenics to do the testing or the risks of letting Navigenics share their genomic data with unknown researchers and research organizations—-that can put their data into public data respositories and publish it in studies? Or the security risks that a particular public respository can be hacked?

• Are MDVIP’s patients coreced into taking Navigenics tests by their doctors? Most patients want to do what their doctors recommend. What is the consent process?

• Did MDVIP contractually sell or give their patients’ genomic data or to Navigenics to own or sell? Should the public trust Navigenics, a for-profit corporation, when personal genomic data is a very valuable commodity?

• Should any for-profit collaboration “define the standards in which preventive genomic medicine will be integrated into patient care for decades to come”? No consumer health privacy expertise, assessment, or input was sought.

• There is not yet an operational, trusted, consumer-led privacy certification organization to audit genomic testing corporations to certify they don’t sell genomic data and that consumers control sensitive personal genomic data in their data bases. In the absence of a trusted privacy certification organization, the privacy principles developed in 2007 by the bipartisan Coalition for Patient Privacy or the Code of Fair Information Practices could be used as guides for building a genomic testing and preventive healthcare system that consumers will trust and be willing to use.

• Would MDVIP’s patients still feel “the experience (was) positive”, “empowered rather than anxious”, and “desire to change their lifestyles and more productively work with their physicians” if they knew their doctors were paid by Navigenics and their data was sold and/or put in public data repositories with unknown security and privacy protections?

This blog is in response to the article: Physician network to use genomic-based preventive healthcare

Google Flu Trends spreads privacy concern

Google’s new Flu Trends tool, which collects and analyzes search queries to predict flu outbreaks around the country, is raising concern with privacy groups. Is the data truly de-identified?

The Electronic Privacy Information Center filed a Freedom of Information Act request asking federal officials to disclose how much user search data the company has recently transmitted to the Centers for Disease Control and Prevention, or CDC, as part of its Google Flu Trends effort.

Concern stems from what privacy groups claim is a disturbing lack of transparency surrounding the method Google is using to predict flu outbreaks. Google has publicly stated that all the data used is made anonymous and is aggregated, but there has been no independent verification of how search queries are used and transformed into data for Google Flu Trends, said the privacy groups.

“What we are basically saying is that if Google has found a way to ensure that aggregate search data cannot be used to re-identify the people who provided the search information, they should be transparent about that technique,” said Marc Rotenberg, Electronic Privacy Information Center’s president.

Senate gets early start on health reform plan

Sens. Baucus and Kennedy are working with a bipartisan group on the goal of moving a consensus bill through the Senate next year.

Washington — Even before Congress had closed the book on its 2008 session, leaders in the Senate began laying the groundwork for comprehensive health system reform in 2009.

Sen. Max Baucus (D, Mont.), chair of the Senate Finance Committee, on Nov. 12 released an 89-page vision for health system reform. The proposal calls for revising Medicare’s physician payment formula, requiring everyone to have insurance and expanding eligibility for Medicaid and the State Children’s Health Insurance Program. Baucus’ “Call To Action: Health Reform 2009″ is the culmination of months of committee hearings.

Sen. Edward Kennedy (D, Mass.), chair of the Senate Health, Education, Labor and Pensions Committee, is staking his own place in the debate. He announced Nov. 18 that three committee members would lead working groups on health reform to tackle the issues of prevention and public health, quality improvement and insurance coverage.

Putting data breach genie back in bottle? Good luck

A little more than a week ago, retail store operator TJX settled a class-action suit filed over the theft of 45.7 million credit and debit cards from its system. The settlement requires TJX to offer three years of credit-monitoring services to about 454,000 consumers, on top of paying for the cost of replacing driver’s licenses and cutting checks for other minor costs.

Not only that, but TJX agreed to cut prices by 15 percent on all items in its stores–which include T.J. Maxx and Marshall’s–for one designated day. Given its existing sales levels, the TJX price cut is projected to offer $10.5 million in benefits to the public.

I think you’ll agree, readers, that this is a more elaborate set of reparations than most healthcare organizations ever make. Most settle for a letter of apology and credit monitoring.

Physician network to use genomic-based preventive healthcare

MDVIP, Inc., a national network of physicians based in Boca Raton, Fla., is collaborating with a personal genomics testing company in an effort to integrate genomic-based preventive healthcare in physician offices.
This initiative will provide MDVIP’s affiliated physicians with a genomic testing service from Redwood Shores, Calif.-based Navigenics.
Navigenics will provide MDVIP patients and their affiliated physicians with insight into their personal genetic predisposition for developing certain medical conditions where primary or secondary prevention could improve health outcomes.

Med-record-release business still trumping EHRs

Electronic health-record systems (EHR) won’t put an end to the ROI (Release of Information) business any time soon due to the still low levels of information technology systems in place in hospitals.

Electronic health-record systems won’t soon put an end to a niche industry that has grown up around outsourcing the release of medical records to patients and other organizations, according to both providers of and users of the service.

The prospects are good for the business called release of information, or ROI, only partly because of the relatively low levels of penetration of EHRs in healthcare, those same sources contend. Recent surveys by a team of Harvard researchers working under an HHS contract found that only 12% of hospitals have deployed even the most basic EHR system, and just 1.7% of hospitals have a full-featured EHR implemented across all hospital units. EHR adoption in ambulatory care remains similarly low, with 17% of practices using a bare-bones system and 4% with a complete EHR, according to the same researchers.

Still, most hospitals have started down the road to information technology adoption and many have multiple components of an EHR in place, often from different technology vendors. The hodgepodge creates system integration problems for both clinical and financial data users, but opportunities for ROI workers. It’s their job to take the disparate patient records—some on paper and some electronic—and create a cohesive whole copy for use outside the healthcare organization.

Are your medical records secure?

You might expect health-care providers and insurance companies to use the best security measures to keep your medical information private.
But a national expert on patient privacy said it’s naive to think that your health record is secure. And with the federal government pushing for more electronic records, security will only get worse.
“Because of the primitive state of health technology, there are a lot of risks with electronic records, frankly far more than paper,” said Dr. Deborah Peel, founder of Patient Privacy Rights, a nonprofit organization based in Austin, Texas.
Peel, who recently spoke at a health-policy conference in Columbus, said most people don’t know about all of the nonmedical staff people who have access to their electronic health information.
And she questions providers who promise privacy.

Letters: Which Way Privacy?

Re “You’re Leaving a Digital Trail. Should You Care?” (Nov. 30):

The article concluded with the director of the M.I.T.Center for Collective Intelligence as saying: “For most of human history, people have lived in small tribes where everything they did was known by everyone they knew.”

But when humans were all villagers, no one could learn or recall details like exact locations, every contact with tribe members, what each villager was doing, every villager’s wealth, or what every villager was thinking about or interested in 24/7.

Technology allows the collection and analysis of terabytes of information. Human memory can’t. That changes everything for America. Will we choose laws and policies that strengthen and safeguard our precious rights to freedom and liberty, and the right to be let alone in the digital age?

Deborah C. Peel, M.D.

Austin, Tex., Dec. 1

The writer is founder and chairwoman of Patient Privacy Rights, a consumer advocacy organization.

Security Fix

Digging Deeper Into the CheckFree Attack
The hijacking of the nation’s largest e-bill payment system this week offers a glimpse of an attack that experts say is likely to become more common in 2009.
Atlanta based CheckFree acknowledged Wednesday that hackers had, for several hours, redirected visitors to its customer login page to a Web site in Ukraine that tried to install password-stealing software.
While this attack garnered few headlines, there are clues that suggest it may have affected a large number of people. CheckFree claims that more than 24 million people use its services. Avivah Litan, a fraud analyst with Gartner Inc., said CheckFree controls between 70 to 80 percent of the U.S. online bill pay market. Among the 330 kinds of bills consumers can pay through CheckFree are military credit accounts, utility bills, insurance payments, mortgage and loan payments.

Blues plan to help overhaul U.S. healthcare with healthcare IT

BCBS proposes to Obama transition team a 5 point plan for employer based health IT system.

BCBS contends that President-elect Obama’s plan to build reform on an employer-based system is a good one. The company proposes five initiatives for reform, including:

  • Encouraging research on the procedures, drugs and devices that work best
  • Paying for performance
  • Empowering consumers and providers
  • Promoting health awareness
  • Fostering public-private coverage solutions.

According to Serota, the Blues are comprised of 39 independent health plans serving some 102 million members nationwide. Ninety percent of all U.S. hospitals and 80 percent of all U.S. physicians participate in Blue Cross Blue Shield. By sheer volume, the Blues’ reform plans will have an impact.