NHIN, privacy front and center at HIT policy meeting

The head of federal efforts to boost the use of health information technology told members of an IT advisory panel Tuesday that they need to step back and take a second look at the proposed national health information network, and also come up some advice on a national policy framework for IT privacy and security that makes sense.

“The need became clear to me when we were talking about privacy and security,” at the prior HIT Policy Committee in September. Three privacy advocates gave testimony at that meeting.

“We realized,” Blumenthal said, the nation hadn’t “had a set of principles that make sense. We have decided it would be helpful to have a privacy and security work group.”

According to a slide presentation Blumenthal used while making his remarks, the new work group will “create recommendations based on results of the September privacy hearing.” He said the new HIT Policy Committee’s privacy and security work group will leverage the work of its counterpart privacy and security work group of the HIT Standards Committee, a second IT advisory panel created under the stimulus law, which is to provide recommendations to Blumenthal on technical matters…

…Another witness was Deborah Peel, an Austin, Texas, psychiatrist who founded the Patient Privacy Rights Foundation. Peel testified that patient control over the release of their health information is supported by the U.S. Constitution, many state constitutions and common law in all 50 states. Far from being a barrier to health information sharing, patient control over their information “is the easiest, cheapest, and most efficient enabler of health information exchange” in that it “assures ‘data liquidity’ by eliminating the need for expensive, complex and cumbersome agreements among stakeholders for HIE.”

A third privacy expert was Latanya Sweeney, a member of the HIT Policy Committee appointed to fill a slot reserved by statute for a privacy expert. Sweeney is an associate professor of computer science, technology and policy and director of its Data Privacy Lab. Sweeney has a doctorate in computer science from the Massachusetts Institute of Technology and reportedly worked under contract to the Defense Department on developing privacy protections in national security surveillance scheme, according to news reports.

Medical Records: Stored in the Cloud, Sold on the Open Market

When patients visit a physician or hospital, they know that anyone involved in providing their health care can lawfully see their medical records. But unknown to patients, an increasing number of outside vendors that manage electronic health records also have access to that data, and are reselling the information as a commodity.

In some case, the vendor contract specifies that the vendor has exclusive access to the health records in its database, according to Dr. Paul Tang, vice president and chief medical information officer of the Palo Alto Medical Foundation, and member of a federal privacy advisory panel.

Tang told ModernHealthCare in 2007 that he’d seen such contracts from large and small vendors. “Some [vendors] say they have ownership to data. There are contracts that say they will have real-time access to the database, that they will have exclusive access to the data, that they can resell the data. I think it would be unlawful that covered entities abide by that.”

According to Sweeney, 87 percent of the U.S. population can be uniquely identified simply from their birthdate, gender and zip code.

Patient advocate groups have called for greater oversight and regulation of the electronic health-record industry to control what software vendors can access and what they can do with the data.

The Word Is Out: Do You Know Who Owns Your Health Records?

This WIRED article, Medical Records: Stored in the Cloud, Sold on the Open Market, is based on yesterday’s NYTimes story that closed by quoting Patient Privacy Rights.

It points out the 2 KEY ways that electronic health systems violate patient privacy:
• Health technology vendors sell patient records without consent
• It is impossible to de-identify health information, so promises that the data can’t be re-identified must to be verified by outside audits

The chart at the top of the story is from our website—it shows the millions: businesses and government agencies—that today can do whatever they want with our health records, including selling them for profit.

The ‘fix’ is that Congress must restore patients’ rights to control personal health information——this right has been the foundation of the healthcare system for 2,400 years.

No one else should own our health records and no one should have access to them without our consent.

Think info about your Rx is private? Better think again

Do you know where your private prescription information is? As pharmacy chains, benefits companies and drug makers work more closely, your prescription history is being shared more than you might think.

“We have more information on the consumer and their behavior than anybody else, and we share it with our over-the-counter suppliers,” Thomas Ryan, president and chief executive, told investors last year. “We share it with our pharmacy suppliers. So we know how the consumer works.”

“Benefits companies are using patient information as a commercial pitch to drug companies. Is it an abuse of that relationship? Of course it is.”

But is it a violation of patient privacy laws? That is less clear.

The Health Insurance Portability and Accountability Act of 1996, commonly known as HIPPA, gives patients certain privacy rights over their medical information — for example, protection against marketing campaigns.

But some privacy experts say the CVS Caremark mailings don’t technically violate HIPPA regulations, because the letters are sent as educational materials to doctors, not as promotional campaigns.

Re-Identification. From Netflix to Health Records.

Today’s NY Times story points out the FACT that is very easy to re-identify supposedly “de-identified” information. Singer starts with how the Netflix “de-identified” data base was proven to be re-identifiable and moves on to describe Latanya Sweeney’s famous re-identification of the medical records of Gov Weld.

See the NY Times Article: When 2+2 Equals a Privacy Question

When 2+2 Equals a Privacy Question

TIME to revisit the always compelling — and often disconcerting — debate over digital privacy. So, what might your movie picks and your medical records have in common?

How about a potentially false sense of control over who can see your user history?

While Netflix and some health care concerns say they have been able to offer study data to researchers stripped of specific personal details like your name, phone number and e-mail address, in some cases researchers may be able to re-identify you by correlating anonymous information with the digital trail that you’ve left on blogs, chat rooms and Twitter.

Of course, you may be fine with that. On the other hand, you may not want complete strangers rummaging around in your history of movie selections or medical needs.

For example, contestants in Netflix’s competition to improve its recommendation software received a training data set containing the movie preferences of more than 480,000 customers who had, as they say in the trade, been “de-identified.” But as part of a privacy experiment, a pair of computer scientists at the University of Texas at Austin decided to see if it was possible to re-identify those unnamed movie fans…

…The Web site of Practice Fusion, meanwhile, quotes Ryan Howard, the chief executive, as saying that the company subsidizes its free record-keeping systems by selling de-identified data to insurance groups, clinical researchers and pharmaceutical companies. In an interview, however, Mr. Howard said Practice Fusion had not yet started selling patient information but that it intended to do so

NEW regulations require notifying patients if their personally identifiable medical information gets loose, and they prohibit selling protected health records. But privacy advocates said electronic health records remain vulnerable because no federal law now forbids the sale of de-identified health care data.

In 1997, for example, a researcher identified the medical records of William Weld, then the governor of Massachusetts, by correlating birthdays, ZIP codes and gender in voter registration rolls and information published by the state’s government insurance commission.

There are no current federal laws against re-identification, said Dr. Deborah Peel, a psychiatrist who is a director of Patient Privacy Rights, a nonprofit watchdog group in Austin, Tex.

“Once personal health data gets out there, it’s like the Paris Hilton sex tape,” Dr. Peel said. “It is going to be out there forever.”

NCI to open research grid to cancer patient ‘army’

The National Cancer Institute has developed Web-based tools that could give cancer researchers collaborating over the Cancer Biomedical Informatics Grid (caBIG) access to hundreds of thousands of new patients to study.

The National Cancer Institute has developed Web-based tools that could give cancer researchers collaborating over the Cancer Biomedical Informatics Grid (caBIG) access to hundreds of thousands of new patients to study.

Using the technology, the cancer-fighting agency hopes to tap an army of 1 million women now being recruited for a national breast cancer population study…

The Web-based application lets researchers form and maintain large breast cancer disease databases. Thousands of users will be able to access the database simultaneously to review and edit personal oncology information using just their Web browser. NCI will add related studies to the Web site to enrich the available information.

Open Source Research

See the Government Health IT article: NCI to open research grid to cancer patient ‘army’

Women desperate to cure breast cancer are contributing their sensitive personal health information to “an army” of researchers.

But there is no reason that these altruistic women have to risk their futures and their daughters’ futures to find a cure.

It’s possible to do research without risking their futures and their daughters’ and granddaughters’ futures by using privacy-protective technologies and robust informed electronic consent. But this project does NOT protect the privacy of these generous and well-intentioned women.

The women’s data can be downloaded by “thousands of users”–all of whom make copies of their extremely sensitive, IDENTIFIABLE records. The records are identifiable so that the women can be contacted by researchers.

Some of the major things wrong with this picture:
1) The NCI system allows “researchers (to) form and maintain large breast cancer disease databases.” Is there any way to tell if the security is ironclad, state-of-the-art? No.
2) How many copies will researchers make? How many times will the data be replicated and backed-up across the world? No way to know.
3) What countries will copies of the records be kept in? No way to know.
4) How many and which researchers will download and keep their data? No way to know.
5) The researchers must sign agreements to protect and not sell the data, but there are no ‘data police’ to enforce those agreements. If there are no ‘data police’ watching this data, how do the women know it’s safe? No way to know.
6) What if a woman does not approve of a particular study or researcher who has their data? Can a woman prevent any researcher from using her information? No.
7) How will the data be handled after the research study is complete? How will the women know if it is destroyed? No way to know.
8) How safe is research access via a web browser? No way to know

The severe flaws in this plan are obvious. Fearful women desperate for cures are being exploited by the government and the research industry that designed these systems to serve their needs, NOT the women’s rights to privacy. Putting such sensitive data out into cyberspace KNOWING it can never be retrieved or destroyed is grossly irresponsible. Like Paris Hilton’s sex video, this data will live forever in cyberspace, risking future jobs and opportunities of every child of every woman desperate for a cure.

The NCI could do this a better way—we can have research and privacy at the same time. But the privacy protective technologies that can enable both are not being used. Why not?????

See our testimony Sept 18th at the national HIT Policy Committee and the many letters from the Coalition for Patient Privacy to federal agencies and Congress describing how to do research while protecting privacy.

And NO–the Genetic Information Nondiscrimination Act (GINA) DOES NOT protect our genetic data. It allows insurers and employers to have our genetic data and it has no enforcement. Zero. And HIPAA has no protections for genetic data either–it allows others to control and use our data without consent.

The cost of contributing to research should not be that your female descendents are unemployable. Unless data is protected, we will have generations of people who cannot work because employers will not risk hiring anyone at risk of getting a disease.

Netflix Contest Seen As Posing Privacy Risk

Privacy advocates are questioning Netflix’s plan to release “anonymized” data as part of an effort to crowdsource improvements to its recommendation system.

…Although Netflix says it won’t release customers’ names, some privacy experts say interested researchers will be able to determine people’s identities from other data that Netflix will make available.

NetflixOn Monday, University of Colorado law professor Paul Ohm issued a public plea to Netflix to change its plans. “Researchers have known for more than a decade that gender plus ZIP code plus birthdate uniquely identifies a significant percentage of Americans (87% according to Latanya Sweeney’s famous study),” Ohm wrote. He added that even without exact birthdates, interested researchers will be able “to tie many people directly to these supposedly anonymized new records.”

Ohm says that the planned release might violate the federal Video Privacy Protection Act, which bans movie rental stores from revealing personally identifiable information about consumers…

Netflix is about to commit a privacy Valdez with its customers’ viewing data

CU Boulder’s Paul Ohm writes about Netflix’s insane new plan to release millions of customers’ personal information — ZIP code, gender, year of birth — as a sequel to its Netflix Challenge. Latanya Sweeney’s famous study on de-anonymizing data has shown that date (not just year) of birth, gender and ZIP are sufficient to personally identify 87% of Americans. In other words, Netflix is about to put the behavioral data about viewing choices for millions of Americans into the public domain, despite its legal duty to keep this information private.

“Because of this, if it releases the data, Netflix might be breaking the law. The Video Privacy Protection Act (VPPA), 18 USC 2710 prohibits a “video tape service provider” (a broadly defined term) from revealing “personally identifiable information” about its customers. Aggrieved customers can sue providers under the VPPA and courts can order “not less than $2500″ in damages for each violation. If somebody brings a class action lawsuit under this statute, Netflix might face millions of dollars in damages.”

Additionally, the FTC might also decide to fine Netflix for violating its privacy policy as an unfair business practice.