Health IT group drafts privacy recommendations

A federally chartered advisory work group charged in June with devising recommendations on privacy and security policies to support the government’s electronic health-record system subsidy program presented today its near-final list of guidelines to the Health Information Technology Policy Committee.

The work group, known as the privacy and security tiger team, met Monday and released what amounts to a consensus report on its recommendations, said Deven McGraw, co-chair of the tiger team and director of the Health Privacy Project at the Center for Democracy and Technology, a Washington think tank. The Health IT Policy Committee advises the Office of the National Coordinator for Health Information Technology at HHS…

According to the tiger team’s draft document posted on the HIT Policy Committee’s website, the team’s recommendations are based on “fair information practices,” a now globally accepted set of privacy policy guidelines that stems from a 1973 report by the U.S. Department of Health, Education and Welfare.

“All entities involved in health information exchange—including providers and third-party service providers like Health Information Organizations (HIOs) and intermediaries—follow the full complement of fair information practices when handling personally identifiable health information,” according to the tiger team proposal.

Health Privacy by the Numbers

I’m married with children, so the concept of personal privacy is one that I abandoned years go.

Even so, I was somewhat surprised to learn that I am at “high risk” for having my private health information breached. On a scale of zero to 60, with 25 being the threshold for high risk, I scored a fig-leaf-curling 40 on a new test intended to gauge my vulnerability to health-data thieves. The color-coded equivalent of a “40” is a retina-searing red, which seems to indicate that nefarious entities are making off with my blood-pressure readings as I type this sentence.

The epiphany of unsecured data arrives courtesy of Patient Privacy Rights, which on Wednesday released its new Health Privacy Risk Calculator. The quiz calculates risk according to users’ answers to six questions. Unless you pay cash for everything, take no medications and forgo the customs of contemporary living, you too are at risk, according to PPR, which calls itself “the nation’s leading health privacy watchdog.”

Privacy Risk Calculator

Is your sensitive health information at risk of being exposed and sold?

Take the following quick quiz to see if your health privacy is at risk.

Please Note:
Keep track of the total points earned by each answer
to calculate your health information’s privacy risk.

BEGIN THE PRIVACY QUIZ RISK CALCULATOR

HHS Withdraws Controversial Breach Notification Rule under HITECH

A recent HHS decision to withdraw the HIPPA final “breach notification” rule drew praise from patient privacy advocates, who cited the need for stronger privacy protections…

The Patient Privacy Rights Foundation, a privacy watchdog organization, called the move “a huge step in the right direction,”and reiterated its objections to the “harm standard.”

WSJ Exposes Web Tracking Truths

This story should prompt a flood of investigative reporting about the secret, highly lucrative data theft and mining industries. And health information is THE most valuable personal information of all.

“Consumer tracking is the foundation of an online advertising economy that racked up $23 billion in ad spending last year.”

The story shows that the data theft and data mining industries are selling real-time access to specific people—a FAR more intrusive practice than buying a location on a webpage:

“These profiles of individuals, constantly refreshed, are bought and sold on stock-market-like exchanges that have sprung up in the past 18 months.”

“Advertisers once primarily bought ads on specific Web pages—a car ad on a car site. Now, advertisers are paying a premium to follow people around the Internet, wherever they go, with highly specific marketing messages.”

And, of course, sensitive health information is being stolen too:

“On Encyclopaedia Britannica Inc.’s dictionary website Merriam-Webster.com, one tracking file from Healthline Networks Inc., an ad network, scans the page a user is viewing and targets ads related to what it sees there. So, for example, a person looking up depression-related words could see Healthline ads for depression treatments on that page—and on subsequent pages viewed on other sites.”

“Healthline says it doesn’t let advertisers track users around the Internet who have viewed sensitive topics such as HIV/AIDS, sexually transmitted diseases, eating disorders and impotence. The company does let advertisers track people with bipolar disorder, overactive bladder and anxiety, according to its marketing materials.”

Ubiquitous surveillance and data theft is used to track and discriminate against every American in real time. Ads are NOT innocuous and helpful:

“We’re driving people down different lanes of the highway,” Mr. Cheyney says.

“Some financial companies are starting to use this formula to show entirely different pages to visitors, based on assumptions about their income and education levels.”

“Life-insurance site AccuquoteLife.com, a unit of Byron Udell & Associates Inc., last month tested a system showing visitors it determined to be suburban, college-educated baby-boomers a default policy of $2 million to $3 million, says Accuquote executive Sean Cheyney. A rural, working-class senior citizen might see a default policy for $250,000, he says.”

Only exposure and public outrage over the deeply invasive secret data theft and data mining industries will shut them down. And it’s important to know that the government is one of the biggest customers of these stolen data profiles.

See the Wall Street Journal Article: The Web’s New Gold Mine: Your Secrets

HHS quietly withdraws HIPAA breach-notification rule

Following a firestorm of criticism from privacy advocates who say federal officials gave too much leeway to healthcare organizations that inadvertently disclose protected health information, HHS has without fanfare withdrawn its HIPAA “breach notification” final rule that had been submitted to the White House for budgetary approval.

The move was “to allow for further consideration, given the department’s experience to date in administering the regulations,” the HHS Office for Civil Rights posted on its website late Wednesday. “This is a complex issue and the administration is committed to ensuring that individuals’ health information is secured to the extent possible to avoid unauthorized uses and disclosures, and that individuals are appropriately notified when incidents do occur,” OCR explained…

…The decision thrilled the Patient Privacy Rights Foundation, headed by noted privacy watchdog Dr. Deborah Peel, which had been adamantly opposed to the so-called “harm standard.”

See the PPR Press Release supporting this decision.

The Web’s New Gold Mine: Your Secrets

A Journal investigation finds that one of the fastest-growing businesses on the Internet is the business of spying on consumers. First in a series.

Hidden inside Ashley Hayes-Beaty’s computer, a tiny file helps gather personal details about her, all to be put up for sale for a tenth of a penny… One of the fastest-growing businesses on the Internet, a Wall Street Journal investigation has found, is the business of spying on Internet users…

…The Journal conducted a comprehensive study that assesses and analyzes the broad array of cookies and other surveillance technology that companies are deploying on Internet users. It reveals that the tracking of consumers has grown both far more pervasive and far more intrusive than is realized by all but a handful of people in the vanguard of the industry…

…Healthline says it doesn’t let advertisers track users around the Internet who have viewed sensitive topics such as HIV/AIDS, sexually transmitted diseases, eating disorders and impotence. The company does let advertisers track people with bipolar disorder, overactive bladder and anxiety, according to its marketing materials.

Targeted ads can get personal. Last year, Julia Preston, a 32-year-old education-software designer in Austin, Texas, researched uterine disorders online. Soon after, she started noticing fertility ads on sites she visited. She now knows she doesn’t have a disorder, but still gets the ads.

Insecurities Plague Electronic Health Care

Information security and privacy in the healthcare sector is an issue of growing importance but much remains to be done to address the various issues raised by healthcare consumers regarding privacy and security and the providers’ perspective of regulatory compliance.

Writing in the International Journal of Internet and Enterprise Management, Ajit Appari and Eric Johnson of Dartmouth College, Hanover, New Hampshire, USA, explain that the adoption of digital patient records, increased regulation, provider consolidation and the increasing need for information exchange between patients, providers and payers, all point towards the need for better information security. Without it patient privacy could be seriously compromised at great cost to individuals and to the standing of the healthcare industry.

Switch To Digital Medical Records Raises Concerns

Watch the Video of these interviews and read the full story HERE.

OAKLAND, Calif. — At his high-rise medical office in Oakland, orthopedic surgeon David Chang recently switched from those familiar but cumbersome paper medical files to digital records, making the change ahead of a federal requirement that goes into effect for all medical providers in 2014.

Chang now has a private company store his patients’ records electronically.

“Not only was it free – which was fantastic – but it saved me time,” said Chang.

That company is Practice Fusion in San Francisco. It’s part of a booming industry in electronic medical records software. Its service is free to some 30,000 doctors. KTVU discovered the reason the service is free is because the company legally sells the patient medical information it collects. Buyers include drug companies, medical insurers and others. They can get it if they say it’s for research…

…Some were opposed to such wholesale distribution of patient information.

“This is a nightmare. This is a nightmare. It’s nothing we’ve ever seen before in medicine,” said patient privacy rights advocate Dr. Deborah Peel.

Peel she said many patients and doctors don’t know the federal government quietly eliminated patients’ privacy rights for electronic records.

“It’s a free-for-all. It’s the wild west,” said Peel…

…Dr. Peel said new technology, for as little as five dollars a year, could protect your privacy and allow you to opt out of research databases. Privacy advocates said concerned patients need to lobby their lawmakers now.