Grab for patient records

MEDICAL market research firm AsteRx plans a grab for doctors’ prescribing records with an offer of powerful business intelligence software free to GPs who sign up.

AsteRx managing director Jon Marshall says de-identified patient data provides valuable insight into healthcare trends — including the spread of infectious diseases — for which drug companies, pharmacists and others are prepared to pay.

“We essentially want to build a large network of GPs so that we can provide data that can be called on in times of need,” he said. “If we were extracting data from every GP in Australia, we would be able to track the swine flu, for instance.

“From the data we already collect I can tell you whether there has been an increase in immunisations, or increased incidences of flu, right up to yesterday’s figures.”

Data-mining: Australia Just Calls It Something Else

In Australia, the data mining industry pays doctors to sell patients’ prescription records. In the US they pay pharmacies, hospitals, and PBMs. See Article.

A complaint to the Australian Privacy Commissioner was dismissed because the data miners claimed that patients and doctors were “de-identified”. But it is very difficult to fully de-identify personal health data so that re-identification is impossible. If true, the industry should have offered proof that their methods actually work and that the data cannot be re-identified.

As in the US, the theft and sale of personal prescription records is rationalized with claims that it can be used to “provide valuable insight into healthcare trends– including the spread of infectious diseases”. The word that describes using data to provide “valuable insights” is “research”. It happens to be both illegal and unethical to do research without informed consent.

HIMSS & Who is Promoting HIT in Stimulus Spending?

This story tells how HIMSS and Harvard’s Blackford Middleton promoted spending billions on health IT in the stimulus bill.

HIMSS and Blackford believe that health technology will be the silver bullet that enables healthcare reform and kills/slows higher costs. That may be possible, but is highly doubtful because the billions are such a bonanza for the health IT industry.

Will this be yet another example of the stimulus billions being used to prop up large corporations, but not to save individual patients who are sick?

Not only does most of health IT vendor industry NOT care about whether healthcare reform succeeds or not, they actively fought to weaken Americans’ rights to privacy and security. By law, industry cares about maximizing revenue, not treating the sick.

So the BIG question is: will the government require all electronic health records systems to have the tough privacy and security measures the public expects and needs to trust these systems? Will the government require electonic health systems to build in our legal and ethical rights to privacy up front?

Most of the HIT industry lobbied to sell the same old dinosaur products and against privacy. The incumbents are very powerful and not interested in change OR IN OUR PRIVACY RIGHTS.

The Machinery Behind Health-Care Reform

Robert O’Harrow tells the story of how Harvard, Harvard Partners HealthCare, Blackford Middleton, and the Health Information and Management Systems Society (HIMSS), the health IT industry’s lobby, got $27B for HIT into the stimulus bill.

HIMSS used classic industry lobbying strategy:
1. Never let a crisis go to waste (in this case the economic crisis) to drive funding for industry.
  1. a. They were very clever because

  • i. The HIT industry was NOT failing (unlike the auto industry) and did not need a stimulus

2. Fund a ‘think tank’ to produce ‘research’ promoting HIT as a way to lower costs, improve healthcare, etc., etc.—in this case headed by Blackford Middleton MD of Harvard.
3. Use the ‘research’ to promote HIT and lobby for stimulus funds.
-Harvard-branded  ‘research’ is very powerful:
  1. b. Non-profit organizations were funded “
  2. to press for electronic health records”

  3. c. Blumenthal, Daschle, and the Obama Administration were ‘sold’ on the ‘research’.
  4. d. The ‘research’ gave Blumenthal, Daschle, and the Obama Administration a way to justify dismissing the problems OMB and other sceptics raised about the ‘research’
  • iii. Mark Frisse and Joseph Antos are sceptics quoted about the ‘research’.
  1. e. Congress was ‘sold’ on the ‘research’ which claims that HIT will reduce costs, etc.
4. HIMSS and the Harvard ‘think tank’ draft much of HITECH’s plan to purchase flawed HIT systems.
5. Congress passed the stimulus bill with $2B more for HIT than the $25B HIMSS recommended
6. Industry wins.
7. Public loses.
  1. f. The public’s expectations and rights of control over health information are eliminated by funding flawed HIT/EHRs and data exchanges.

The result almost 4 years later is we have no idea where our health data is held, who is using it or why—no health data map, no ‘chain of custody’ for where our data flows, no way to control health data in electronic systems or data exchanges, and no way to stop data sales (a recent example is Medtronics selling records from patients’ wireless heart monitors).

Soon, we will finally be able to download electronic copies of our health data, a crucial first step to restoring control over our own information. Once we have all our health information, then we can press to restore control over whi can see, use or sell it.
To view the full article, please visit: The Machinery Behind Health-Care Reform

The Machinery Behind Health-Care Reform

How an Industry Lobby Scored a Swift, Unexpected Victory by Channeling Billions to Electronic Records

When President Obama won approval for his $787 billion stimulus package in February, large sections of the 407-page bill focused on a push for new technology that would not stimulate the economy for years…

…A Washington Post review found that the trade group, the Healthcare Information and Management Systems Society, had worked closely with technology vendors, researchers and other allies in a sophisticated, decade-long campaign to shape public opinion and win over Washington’s political machinery.

Financial System vs. Healthcare System

The financial system is often lauded as being good at protecting Americans’ sensitive financial and demographic data, but the evidence is not so clear. Heartland had a massive breach of credit card data in its system of sponsored banks. In addition to the $12.6 million in costs, it will also have to pay to “implement end-to-end encryption when payment data is sent from the merchant to the processor”.

Will breaches of healthcare data cost any less? That is highly doubtful. The pain and exposure is far worse and there are NO remedies. The privacy of health data can never be recovered or restored. With identity theft you can eventually recover from the damage and restore your credit.

Plus its harder to protect electronic health data because there is SO MUCH MORE sensitive personal data than exists in financial systems. Payment and credit card data are just the start, everything is included in electronic health systems, from prescriptions to DNA.

And compared to the financial industry, the healthcare industry has millions more employees—-of insurers, hospitals, pharmacies, data management and data warehousing corporations, HIT vendors, and even state and federal government agencies—-who all have access to sensitive data.

See article “Heartland breach cost $12.6 million, CEO says”

Heartland breach cost $12.6 million, CEO says

Heartland Payment Systems Inc. said it was experiencing losses this quarter as a direct result of a massive data breach it disclosed in January when investigators discovered a malicious program sniffing credit card data passing through its systems.
The company said it took a $2.5 million loss for the quarter as a result of spending more than $12.6 million in legal bills, fines from MasterCard and Visa and administrative costs.
The announcement was made during the company’s financial earnings call, where Carr said the costs associated with the breach could continue to climb.
“Our defense of the claims regarding the processing system intrusion remains ongoing,” he said. “Much of the legal work remains to be done and it is difficult to anticipate when these matters will come to a conclusion.”

First HIT Policy Committee Meeting on Stripping Privacy Away?

No surprise the new HIT Policy committee is gearing up to eliminate privacy, i.e. patient control over personal health information, using the excuse that the entire nation’s records are needed for biosurveillance and research without informed consent. See the quotes from Drs Calman and Clark. The title of the article says it all: “Committee studies public health, research“.

The committee is dominated by industry appointees who will make sure the policies they come up with grant unfettered government and industry access to Americans’ most sensitive personal data, from prescriptions to DNA.

What they don’t get is they will lose the public’s support and trust if they build a system where everyone’s health records can be data mined for any research purpose. A Westin/Harris IOM poll found only 1% of the public would allow researchers unfettered access to their electronic medical records. The government and the research community are completely at odds with the public’s rights to health privacy.

The reality is millions of Americans already refuse to participate in healthcare systems that harm them because they have no control over their medical records.

HHS noted in the Preamble to the HIPAA Privacy Rule that 600,000 Americans/year avoid early diagnosis and treatment for cancer because treatment records are not private private. Two million people/year with mental illness avoid diagnosis and treatment for the same reason: their records are not private. The Rand Corporation found that 150,000 Iraqi vets refuse treatment for PTSD because their treatment is not private, resulting in the highest rate of suicide in active duty military personnel in 30 years.

Can this commitee face reality when they have severe conflicts of interest and want the use of Americans’ health data?

The lack of privacy drives millions away from healthcare. And the lack of privacy causes suffering and death–bad outcomes.

It looks like patients’ and consumers’ best hope for preserving their health privacy rights in electronic systems may be Gayle Harrell. She may be the only committee member who can face reality.

Committee studies public health, research

The eligibility for $17 billion in economic stimulus law money for health information technology should include requirements for collecting and exchanging electronic public health data and research health data, several members of a federal advisory committee said today.

The Health IT Policy Committee, which met for the first time today, also discussed the possibility of setting out a foundation of principles that vendors must apply to allow for patients’ ownership and patients’ access to their electronic health records (EHRs).

“If we are looking at health IT as being transformational, then we need to think about patient ownership and control. We may need to set fundamental principles,” said committee member Dr. Neil Calman, who is also president of the Institute for Family Health.

The policy committee made no formal recommendations today. Members are planning to volunteer for several work groups in the next few weeks before reconvening.

Hackers Want Millions For Data on Prescriptions

The FBI and Virginia State Police are searching for hackers who demanded that the state pay them a $10 million ransom by Thursday for the return of millions of personal pharmaceutical records they say they stole from the state’s prescription drug database.

The hackers claim to have accessed 8 million patient records and 35 million prescriptions collected by the Prescription Monitoring Program.

“This was an intentional criminal act against the commonwealth by somebody who was trying to harm others,” Gov. Timothy M. Kaine (D) said. “There are breaches that happen by accident or glitches that you try to work out. It’s difficult to foil every criminal that may want to do something against you.”

Although the hackers had threatened to sell the data if they did not receive payment by Thursday, the deadline passed with no immediate sign that they followed through.