Poll shows: We trust our doctors, not their systems

This computer world article by Lucas Mearian discusses a new survey from CDW, showing patients trust their doctors but not electronic health records. And Many respondents don’t even trust themselves with their own records!

See the full article: U.S. patients trust docs, but not e-health records, survey shows

Sadly, patients should not trust their doctors unless they know their doctors’ electronic health records systems do not sell their personal health information.

The public has no idea that many electronic health systems sell their data. Even doctors may not realize the EHR systems in their offices or in hospitals sell patient data. Many claim to sell “de-identified” data, but it is very easy to re-identify health data.

This practice of selling health data was banned in the stimulus bill but has not been implemented in federal regulations, so it continues unabated.

Worse, the proposed regulations are directed ONLY at the use of health data for marketing, NOT at the health data mining industry that sells real-time, sensitive, detailed patient data profiles to corporations, government, and anyone who can pay for it.

The point of the ban on sale of health data without consent was to end the daily sale of every American’s prescription records from all 54,000 pharmacies, to end the sale of health data from electronic health systems and data exchanges, and to end the sale of health data by all the other organizations that are part of the healthcare system food chain like: insurers, state governments, labs, data warehouses, data management companies, the data analytics industry, business associates, secondary and tertiary data users, etc., etc.

See a brief TV investigative story about one EHR vendor that gives the software to doctors for “free” because its business is selling the patient data: http://www.ktvu.com/news/24278317/detail.html

PPR Comments on the PCAST HIT Report

The President’s Council of Advisors on Science and Technology (PCAST) weighed in on the key problems with how the Administration is building health IT systems and data exchanges. They recommend that patients be able to meta-tag data to protect privacy, that interoperability requires adoption of a common “language”, and that the goal should be a “data-centric” system for research on all health records without consent. The report recommends that HHS and CMS decide when patient data can be used for “secondary” purposes without consent.

See the full PCAST report: http://www.whitehouse.gov/blog/2010/12/08/pcast-releases-health-it-report

Patient Privacy Rights letter of comments to HHS emphasized:

  • Privacy is essential to build in up front.
  • We should not rush to deploy systems and spend billions on electronic systems and data exchanges until we know the privacy technologies PCAST recommends are adequate.
  • The recommendations for de-identifying health data were insufficient. Extensive work needs to be done to ensure that standards for de-identification actually work.

See PPR’s full comments here: http://patientprivacyrights.org/wp-content/uploads/2011/01/PCAST-comments-PPR-Final.pdf

See PPR’s written testimony here: http://patientprivacyrights.org/wp-content/uploads/2011/05/Patient-Privacy-Rights-Testimony-PCAST-WG-Feb-15-2011.pdf

Medical-Privacy Alert: How Your Personal Health Records Are at Risk

“Storing your personal health information electronically is a double-edged sword: You get easy access to your medical history and the ability to quickly share your data with medical personnel, but you run the risk that your privacy will be invaded. Some online providers of health-information storage are covered by federal law, but others might leave you vulnerable.”

To view the full article, please visit: http://www.consumersdigest.com/health/article/medical-privacy-alert

Experts Forecast Top Seven Trends in Healthcare Information Privacy for 2011

A panel of healthcare experts representing privacy, trends, technology, regulatory, data breach, and governance were asked to weigh in with their forecasts for 2011. These experts suggest that as health information exchanges take form, millions of patient records—soon to be available as digital files—will lead to potential unauthorized access, violation of new data breach laws and, more importantly, exposure to the threat of medical and financial identity theft.

These predictions are supported by the recent Ponemon Institute’s Benchmark Study on Patient Privacy and Data Security, published November 2010, which found that data breaches of patient information cost the healthcare industry $6 billion annually; protecting patient data is a low priority for hospitals; and the healthcare industry lags behind the recently enacted HITECH laws…

Industry-Wide Experts Share Their Opinions and Insight…

Dr. Deborah Peel, M.D., practicing physician and founder of Patient Privacy Rights; the nation’s health privacy watchdog

“2011 will be the year that Americans recognize they can’t control personal health information in health IT systems and data exchanges. Will 2011 be the year that data security and privacy are the top of the nation’s agenda? I hope so. The right to privacy is the essential right of individuals in vibrant Democracies. If we don’t do it right in healthcare, we won’t have any privacy in the Digital Age.”…

Experts name top 7 trends in health information privacy for 2011

A panel of healthcare experts representing privacy, trends, technology, regulatory, data breach and governance have identified the top seven trends in healthcare information privacy for 2011.

The experts suggest that as health information exchanges take form, millions of patient records – soon to be available as digital files – will lead to potential unauthorized access, violation of new data breach laws and exposure to the threat of medical and financial identity theft.

“Endemic failure to keep pace with best practices and advancing technology has resulted in antiquated data security, governance, policy plaguing in the healthcare industry,” said Larry Ponemon, chairman and founder, Ponemon Institute.

“Millions of patients are at risk for medical and financial identity fraud due to inadequate information security,” he said. “Information security in the healthcare industry is at the fulcrum of economic, technological, and regulatory influence and, to date, it has not demonstrated an ability to adapt to meet the resulting challenges – but it must. The reputation and well-being of those organizations upon which we rely to practice the healing arts depends on it,” he said…