Re: “You for Sale, A Data Giant is mapping, and Sharing, the Consumer Genome”

Below comment in response to the New York Times article “You for Sale, A Data Giant is Mapping, and Sharing, the Consumer Genome.”

Acxiom is the poster-child for why tough new laws are needed to protect personal information on the Internet, in electronic systems, and on cell phones ASAP. No data should be collected about Americans without prior meaningful, informed consent.

Natasha Singer’s story is a must read to understand how the use of personal data threaten people’s jobs, reputations, and future opportunities. The information is analyzed and sold to those who want detailed real-time profiles of who we are, including the health of our minds and bodies. Data analytics enable Acxiom to create and sell far more intimate, detailed personality and behavioral portraits than our own mothers or analysts might know about us (and would never share).

Most people have never heard of Acxiom or other hidden data users. Today, most Americans have no idea that personal data is used by thousands of corporations and government agencies to make decisions about whether they will receive jobs or benefits.

Even though the hidden data mining industry began by using personal information to improve marketing and advertising, Acxiom proves that the kind and amounts amount of identifiable data being collected are simply unacceptable. As for the collection of health information, the data mining industry is clearly violating Americans’ very strong legal, Constitutional, and ethical rights to control and keep personal health data private. To the public, this is theft of personal health information.

On June 6th at the 2nd International Summit on the Future of Health Privacy, Professor Latanya Sweeney of the Harvard Data Privacy Lab along with Patient Privacy Rights introduced theDataMap.org. This project will enable citizens and whistleblowers to help create a detailed picture/map of where sensitive personal health information flows, from prescription records, to DNA, to diagnoses. Without a ‘chain of custody’ for our identifiable health data, it’s impossible to know who uses our data or why. A ‘chain of custody’ for personal health data could show us whether potential employers or banks had bought or received our health data, learn about the many ways the federal government uses health data as described in the Federal Health Information Technology Strategic Plans, and see the names of for-profit and public research and public health institutions that use personal health data.

Health data has long been used to discriminate against people for jobs, insurance, and credit. This fact is so well known that every year tens of millions of us refuse to get early diagnoses and treatment for cancer, depression, and sexually transmitted diseases. Hidden data flow causes bad health outcomes; treatment delays can be deadly. We need the same kind of control/consent over the use of electronic health data that we have always had for paper medical records.

US Internet and electronic systems have made us the most intimately surveilled people in the Free World. In Europe, strong laws and privacy-enhancing technologies prevent hidden data collection and data flow, so everyone benefits from technology and harms are avoided.

European standards for the collection of personal data were created after WW II, when data were used to decide who would die. Europeans consequently passed the world’s toughest data privacy laws, preventing personal data from being collected or used without consent.

Europe also established regional Data Privacy Commissioners to defend citizens’ rights to control the collection and use of personal information and ensure data accuracy. The US needs them too.

Unless we know where trillions of bytes of our personal data flow, who uses it and why, we cannot weigh the benefits and risks of using the Internet, electronic systems, or cell phones. It’s time for Congress to end the massive hidden flows of personal data.

Can Privacy & Electronic Medical Records Coexist? — Quotes PPR

An article written at Pacific Standard discusses the struggle to maintain patient privacy when electronic health records are becoming the norm. To view the full article, please visit Can Privacy & Electronic Medical Records Coexist?.

A few key quotes from the story:

“…researchers have to figure out how to digitize some of your most sensitive personal information to make it easily accessible to you and your doctors without compromising your privacy before the many other parties who might also like to peek at this data. Researchers lament that it’s currently impossible to track all of the places your digital medical information travels once you leave the doctor’s office. Certainly, pieces of it are shared with your doctor’s office, your doctor’s hospital, your insurance company, your pharmacist and the pharmaceutical company that makes your medicine. Your personal information may also be anonymized and aggregated with other patients to produce data sets used by researchers or traded on the commercial market.”

“Researchers and industry innovators gunning for that 2014 deadline have to figure out how to set all of this information free — when it comes to maximizing the benefit to you as a patient — while, on the other hand, keeping it under some kind of control. And it’s not entirely clear how that architecture might look.”

“‘My big fear is that if we don’t build these systems right, people won’t see doctors,’ said Deborah Peel, the executive director of Patient Privacy Rights and the moderator of the conference discussion.”

Experts discuss technology and privacy protections at 2nd International Summit on the Future of Health Privacy

See full story at: HIPAA remains in play as technology outpaces privacy protections

Speakers from the 2nd International Summit on the Future of Health Privacy were interviewed in this article about their ideas and opinions concerning the outpacing of privacy protections by technology. Because technology is being invented quicker than privacy laws can be written and imposed, people everywhere are at risk of having their private medical records used without their knowledge and consent. On June 6-7, over 50 speakers and 300 participants met up to discuss the issues brought about by such technological advances at the 2nd International Summit on the Future of Health Privacy. To learn more about the Health Privacy Summit, please visit HealthPrivacySummit.org.

“Experts assembled on June 6 in Washington for a panel discussion on electronic medical records and privacy noted that HIPAA provides only a minimum standard for safeguards, not a template for best practices. Panelists at the International Summit on the Future of Health Privacy added that the stakes are high when it comes to EMRs and privacy.

“Electronic technology is a game-changer, legally, because the damage that can be done to someone is perpetual and the damages that can be awarded are incalculable,” said James Pyles, co-founder and principal of the law firm of Powers, Pyles, Sutter & Verville….

…Joy Pritts, chief privacy officer for the Office of the National Coordinator for Health Information Technology, said the main problem is technology is moving faster than privacy laws can be written

“I approach this in a simplistic way,” Pritts said. “I look to see, do you have a right to privacy for your health information? So far, the courts say you do. The tort laws say you do. Standards of professional ethics of nearly every segment of the medical profession say you do. The HIPAA privacy rule does not say that at all.””

Learn more about the Health Privacy Summit here.

Top Experts Discuss Privacy Risks at 2nd International Summit on the Future of Health Privacy

Patient Privacy Rights and Georgetown University Law Center’s O’Neill Institute for National and Global Health Law Host Event

Psychiatry Patient’s Story Highlights Growing Threat to Privacy

WASHINGTON–(BUSINESS WIRE)– When a lawyer named “Julie” sought psychiatric treatment in Boston, she never imagined that the notes of sessions with her therapist would be digitized and made available to thousands of doctors and nurses—even dermatologists and podiatrists with no conceivable need for such private records. But that is precisely what happened. “Personal details that took me years to disclose during therapy are being shared throughout my medical network, against my will,” Julie says. “It’s destroyed my trust with my doctors.”

Julie will tell her story for the first time at the 2nd International Summit on the Future of Health Privacy, to be held in Washington, DC, on June 6-7. Sponsored by Patient Privacy Rights, the nation’s leading health privacy watchdog, and Georgetown University Law Center’s O’Neill Institute for National and Global Health Law, the Summit will explore the often-alarming privacy implications of the nation’s race to digitize patient medical records.

“Every state requires patient permission before sensitive mental health records can be shared with other doctors. But Julie found that hundreds of pages of intimate records, some detailing her abuse as a child, were open to the entire staff of her Boston-based healthcare system,” says Dr. Deborah Peel, founder of Patient Privacy Rights. “Julie is an example of how major electronic health records systems can actually strip patients of their privacy rights. Her tragic story highlights the need for the Privacy Summit—to shine light on these abuses and find solutions to protect patient privacy.”

40 Health-Privacy Experts Drive Debate:

More than 40 health-privacy experts from around the globe will gather for the Summit, including top U.S. government officials and leading CEOs, physicians and academics, along with several hundred live and virtual attendees. Speakers will discuss new policies including a Health Privacy Bill of Rights, data exchanges, secondary uses of health data and social media platforms that threaten patient privacy. In addition, the founder of Harvard’s Data Privacy Lab will announce the launch of a yearlong project, the first of its kind, to map the hundreds of secret organizations and agencies where private medical data is sold and shared in the United States.

Summit organizers also will announce the “The Best Privacy Technologies of 2012,” and companies will demonstrate new products that enhance patient control of personal health data.

Louis D. Brandeis Privacy Award:

To kick off the Summit, Patient Privacy Rights will honor the first-ever recipients of the Louis D. Brandeis Privacy Award. The privacy watchdog group will recognize Congressman Joe Barton (R-TX) and Congressman Ed Markey (D-MA) for their roles as leading congressional privacy advocates. And Alan Westin, Columbia University’s Emeritus Professor of Public Law and Government, and Ross Anderson, the University of Cambridge’s Professor in Security Engineering, will be honored for their groundbreaking work on consumer data privacy and security.

WHAT: The 2nd International Summit on the Future of Health Privacy
WHEN: June 6-7th, 2012
WHERE: Georgetown University Law Center
600 New Jersey Avenue, NW. Hart Auditorium, McDonough Hall
Washington, DC 20001

REGISTRATION: http://www.healthprivacysummit.org/d/3cq92g/4W

AGENDA: http://www.healthprivacysummit.org/d/3cq92g/6X

SPEAKERS: http://www.healthprivacysummit.org/d/3cq92g/6K

FOLLOW US ON TWITTER: @PrivacySummit

SPONSORS/PARTNERS: Accenture, CA Technologies, Dell, e-MDs, FairWarning®, Harvard Data Privacy Lab, IDExperts, Jericho Systems, Microsoft, PwC, RTI International, Telemedicine and Advanced Technology Research Center (TATRC), The O’Neill Institute at Georgetown Law Center, The University of Cambridge Computer Laboratory, The University of Texas School of Information

ABOUT PATIENT PRIVACY RIGHTS: Patient Privacy Rights is the nation’s leading bipartisan health privacy organization and leading consumer voice for building ethical, trustworthy healthcare IT systems. For more information, visit http://patientprivacyrights.org

Contact:
Keith Blackman, 202-730-5753
keith@blackmanmediasolutions.com
or
Jim Popkin, 202-686-6699
jim.popkin@sevenoaksmedia.com

Office of the National Coordinator of Health IT, HHS, Announces PPR Summit

To learn more visit Health Privacy Summit and HealthIT.

The Second International Health Privacy Summit is quickly approaching (June 6-7). Our keynote speaker, Farzad Mostashari, MD, ScM is the National Coordinator for Health IT and will be giving a wonderful presentation on “Creating a Culture of Privacy and Security Awareness.” The Office of the National Coordinator for Health IT has given great support to this event and will be participating as well. Here’s what they have to say about the Health Privacy Summit:

June 6-7
2nd International Summit on the Future of Health Privacy

Over 40 leading health-privacy experts from around the globe will gather in Washington, DC for the 2nd International Summit on the Future of Health Privacy to discuss privacy and security issues raised by emerging health technologies. Experts from the U.S. government, the private sector and academia will explore new laws and regulations, data exchanges, secondary uses of health data and social media platforms and how they relate to the privacy and security of patient health information.

National Coordinator for Health Information Technology – Farzad Mostashari, MD, ScM – will kick off this year’s event with a keynote presentation on “Creating a Culture of Privacy and Security Awareness.”

See the full list of speakers at http://www.healthprivacysummit.org/d/3cq92g/6K .

* Agenda: http://www.healthprivacysummit.org/d/3cq92g/6X
* Registration: http://www.healthprivacysummit.org/d/3cq92g/4W FREE to attend or watch live online!

20 Million Affected by Health Breaches

See full story at Govinfosecurity.com: 20 Million Affected by Health Breaches

“The federal tally of individuals affected by major healthcare information breaches since September 2009 now exceeds 20 million. But two recently reported major incidents, estimated to have affected a combined total of more than 675,000, have yet to make the list, which now includes 435 incidents.

As of May 23, the breach list includes 29 incidents in 2012 affecting a total of about 935,000. By far the largest of those breaches is a Utah Department of Health hacking incident affecting 780,000 individuals, including Medicaid clients, Children’s Health Insurance Plan recipients and others.”

Targeted attacks cost companies an average of $200k

See the full article at SC Magazine: Targeted attacks cost companies an average of $200k

It always costs more to repair than to prevent. The curious thing is that federal law mandated basic security protections in HIPAA, but industry never bothered because the law was never enforced.

Here we are 12 years after the HIPAA Privacy Rule was implemented:

· the Coalition for Patient Privacy got MUCH tougher security rules and enforcement into HITECH

· breaches are rampant

· 80% of hospitals still don’t encrypt data

What’s wrong with this picture? Register for the 2nd International Summit on the Future of Health Privacy June 6-7 in Washington, DC–attending or watching via live streamingvideo is free: http://tiny.cc/p4fqew Security technologies are critical for privacy—see top US computer scientists discuss “ideal” technologies for health data privacy and security.

Re: Data-Mining in Doctor’s Office Helps Solve Medical Mysteries

The story concludes that “the benefits (of research) outweigh the (privacy) concerns”. But that statement was made by a hospital administrator, not by the patients whose data were used without consent. They weren’t asked or notified.

There are several problems with the idea that the benefits of doing research without consent outweigh the risks:

·       the lack of privacy and control over health information causes bad outcomes: when people realize that they cannot control health records, millions refuse diagnosis and treatment for cancer, depression, and sexually-transmitted diseases

·       there is no need to choose between respecting patients’ rights to privacy and doing research—it’s a false choice, consent technologies can enable people to easily choose and give automatic consents for research projects they support, or be contacted case-by-case for permission

·       there was no public debate about whether every American’s electronic health information should be used for research without consent

·       current electronic systems do not allow patients to control any uses of their health data—-why continue to use such badly-designed systems?

·       there are no “dangers of over notification” with today’s systems—in fact, patients get no notice at all when personal data is used for research

Americans have not agreed to a healthcare system that turns them into electronic guinea pigs.

Why not build patient-centered systems so we can make important decisions about ourselves, instead of hospital administrators and researchers choosing for us?  “Nothing about me without me.”

Crunch Two Data Sets, Call Me in the Morning

See full article in Bloomberg Businessweek Article

As hospitals are acquiring more and more digital patient data, they are quickly turning to “Big Data” tech companies with expertise in data-mining, which “has already led to some measurable improvements in patient care” according to hospital administration. However, patients are rarely notified when their records are being used in this way because the data is exempt from federal privacy protection due to their necessity for “quality improvement”. “People do not like to have researchers of any stripe using their electronic health records”, says Deborah Peel, MD of Patient Privacy Rights. “As a matter of respect and autonomy and patient-centeredness, patients want to be asked. When they are asked, by and large, they support this. It’s the not-being-asked stuff that’s really bad”. A breakdown in patient-physician trust about data privacy can cause huge problems with patient care arising from patients refusing to share all necessary information with physicians as a means to avoid exposure.

Hospitals enlist vendors for data analytics help

See full article in FierceHealthIT:  Hospitals enlist vendors for data analytics help

“Providers are increasingly turning to big tech companies to help their data mining efforts, according to an article at Bloomberg Businessweek.

Vendors such as Microsoft, SAS, IBM and Oracle are giving mounds of data the once-over in an analytics industry that generated more than $30 billion last year, according to research firm IDC. That figure is expected to grow to $33.6 billion in 2012–and healthcare is a leading customer.

The practice of data-mining, however, raises concerns. Hospitals have been criticized for mining patient data as a means to market to the most lucrative patients, for example. And data mining only exacerbates the concerns of patient advocates such as Deborah Peel, founder of Patient Privacy Rights, who recently told Forbes that people will avoid seeing doctors if they feel their information isn’t secure.”