Re: Pres. Obama appoints Todd Park nation’s CTO

The new US Chief Technical Officer (CTO) was chosen for using “innovative technologies to modernize government, reduce waste and make government information more accessible to the public.”

What role does the CTO have in protecting individuals from technology harms? Whose role is it to protect the public from damaging technologies and “big data”?

Technology could enable break-through health research and improve the quality of healthcare. But we won’t have complete and accurate health data needed for transformative research when millions don’t trust electronic health systems. The 35-40% of the public who are “health privacy intense” realize US law doesn’t adequately protect their rights to health privacy.

The full article by Bernie Monegain in Healthcare IT News: President Obama appoints Todd Park Nation’s CTO

Digital Records May Not Cut Health Costs, Study Cautions

This excerpt is taken from Steve Lohr’s article in the New York Times: Digital Records May Not Cut Health Costs, Study Cautions.

“Computerized patient records are unlikely to cut health care costs and may actually encourage doctors to order expensive tests more often, a study published on Monday concludes.

Industry experts have said that electronic health records could generate huge savings — as much as $80 billion a year, according to a RAND Corporation estimate. The promise of cost savings has been a major justification for billions of dollars in federal spending to encourage doctors to embrace digital health records.

But research published Monday in the journal Health Affairs found that doctors using computers to track tests, like X-rays and magnetic resonance imaging, ordered far more tests than doctors relying on paper records.

The use of costly image-taking tests has increased sharply in recent years. Many experts contend that electronic health records will help reduce unnecessary and duplicative tests by giving doctors more comprehensive and up-to-date information when making diagnoses.

The study showed, however, that doctors with computerized access to a patient’s previous image results ordered tests on 18 percent of the visits, while those without the tracking technology ordered tests on 12.9 percent of visits. That is a 40 percent higher rate of image testing by doctors using electronic technology instead of paper records.”

Doctors order more X-rays, not fewer, with computer access

This excerpt is taken from Lena H. Sun’s article in the Washington Post National: Doctors order more X-rays, not fewer, with computer access.

“In the debate over the high cost of health care, federal policymakers have always claimed that one way to cut costs is for doctors to use electronic medical records and other information technology. Doing so, they say, avoids duplication and saves money.

But new research suggests that may not be the case.

Doctors who have easy computer access to results of X-rays, CT scans and MRIs are 40 to 70 percent more likely to order those kinds of tests than doctors without electronic access, according to a study to be published in the March issue of the journal Health Affairs.

“On average, this is comparing doctors who had electronic medical records and those who didn’t,” said lead author Danny McCormick, a physician and assistant professor of medicine at Harvard Medical School.

Researchers say the findings challenge a key premise of the nation’s multibillion-dollar effort to promote the widespread adoption of health information technology.

“This should give pause to those making the argument,” McCormick said. Instead of saving money, that effort could drive costs higher, he said.”

Re: Offense must be the new defense, RSA chief says

In response to the Government Security News (GSN.com) article: Offense must be the new defense, RSA chief says

From a major cybersecurity conference, “IT systems already are or will be compromised and security efforts must shift to detecting and mitigating compromises and protecting data in compromised systems.”

FLASH: Health data systems are just as compromised as those in every other sector of the economy and government, but it’s rarely mentioned. With the HIT and healthcare industries in denial, who will secure and protect the nation’s electronic health information?

At the same conference a solution was proposed, “the future of security and privacy in a world in which vulnerabilities and exploits are inevitable lies in protecting data through the use of metadata associated with policies that will let creators and owners control data.”

FYI: last year meta-tagging health data to protect privacy was proposed by the President’s Council of Advisors on Science and Technology (PCAST). PPR testified at the HIT Policy Committee in favor of meta-tagging health data. But the HIT and Healthcare lobbies killed it.

It’s back to business as usual: selling and using abysmal health IT systems and data exchanges without effective privacy or security protections — so healthcare corporations, hospitals, health plans, doctors, HIT companies, labs, pharmacies, etc can all use or sell our personal health data for discrimination and other purposes we would never agree to.

It’s time for Congress to support the Administration’s new Consumer Bill of Privacy Rights and put people in control of personal data online and in data systems by requiring robust, existing privacy and consent technologies or meta-tagging. Americans’ longstanding legal and ethical rights to health privacy must be restored so people are willing to participate in electronic health systems.

Without remedies now, “trust in our digital world is at risk.”

Press Release: Registration is Open for the 2012 Health Privacy Summit

February 28th, 2012

FOR IMMEDIATE RELEASE

Contact:
Deborah C. Peel, MD
dpeelmd@localhost:8888/pprold

(512)732-0033 or (512)820-6415

Announcing the 2nd International
Summit on the Future of Health Privacy
Is There an American Health Privacy Crisis?

Austin, TX – Patient Privacy Rights announces registration is open for the 2nd International Summit on the Future of Health Privacy: Is There an American Health Privacy Crisis?

We invite you to register for the Summit now.

The Summit will be held on June 6th-7th, 2012 at the Georgetown University Law Center. The O’Neill Institute at Georgetown Law is an academic partner, along with the Harvard Data Privacy Lab, RTI International, The University of Cambridge Computer Laboratory, and the University of Texas School of Information.

We are pleased to announce Ross Anderson PhD, FRS, will be a keynote speaker at the Summit. Anderson is a Professor in Security Engineering at the University of Cambridge Computer Laboratory as well as a researcher, writer, and industry consultant and expert in security engineering.

The 2nd International Summit on the Future of Health Privacy is the first and only international venue for serious discussions by experts and thought leaders on the urgent privacy issues raised by health technologies and architectures (including mHealth and ‘clouds’), by law and regulations, data exchange, secondary uses of health data, and social media platforms. The summit will also explore health privacy through the lens of US and international policies about health information privacy, such as the recent Consumer Bill of Privacy Rights and the EU Draft Regulation on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data.

The 1st International Summit on the Future of Health Privacy successfully created the first global public forum on the future of health privacy. The panels on urgent issues included health privacy experts from academia, industry, technology, consumer advocacy, top government officials, and international experts. Learn more about the 2011 Summit here. Videos are available.

Please register early, seating is limited. Registrants will be updated regularly on the agenda and new speakers and sessions in the coming weeks.

###

Patient Privacy Rights is the nation’s leading bipartisan health privacy organization and leading consumer voice for building ethical, trustworthy HIT systems. For more information, visit http://patientprivacyrights.org.

PPR in the Wall Street Journal

The Journal Report of The Wall Street Journal featured Patient Privacy Rights’ founder in a debate about Unique Patient Identifiers (UPIs). Deborah C. Peel, MD, founder & chair of Patient Privacy Rights, opposes UPIs, pointing out there are better electronic records systems that allow patients to control data exchanges for treatment and other approved uses.

You can read both sides of the debate at this link: “Should Every Patient Have a Unique ID Number for All Medical Records?”

While voting remains open, the scores have remained fairly static over the past month showing a clear victory. Deborah Peel, MD has won the debate for Patient Privacy Rights, exposing the dangers of UPIs in electronic health record systems. If you have not already, you can still vote “No” to UPIs, and help protect patients, privacy, and progress toward patient-controlled electronic health records. If you are in the main article, voting takes place on the left side of the screen below the picture of Michael Collins. You can also use this direct link to vote after reviewing the full debate.

To dispel the myths of UPIs:

  • Trying to separate UPIs from financial records would be like trying to separate SSNs from everything they have been linked to, including medical records!
  • UPIs will give government, industry, data miners, and others greater ability to collect all health information on individuals. Imagine giving everyone a unique financial identifier that they would use for all credit cards, banks, retailers, and other financial institutions. Would you feel your money was secure?
  • A surprising amount of patients already do not trust a paper-based system, and fear for their privacy even more with expanding Health IT. Having a UPI takes away the idea of patient control and consent, creating one very easy and obvious way for anyone with the means necessary to look up a patient’s full health record. Patients will only accept a system they can control.

We do our work to improve health care by protecting patient privacy. We encourage you to protect your own privacy rights by voting now.

Re: Sizing Up the Family Gene Pool

In response to the New York Times article: Sizing Up the Family Gene Pool

This story is about the fact that genetic testing companies sell people’s test results, compromising families’ and descendants’ future jobs and opportunities. “The NYTimes Ethicist” confirmed a questioner’s fears:

“As for the privacy issue, your concern is well founded. Many of these companies do use customers’ data for medical research or commercial applications, or they sell it to third parties whose interests you might never know. Legally they can’t do that without your consent, but the fine print on those consent forms goes by so quickly that it can be hard to follow.”

Americans’ lack of control over sensitive personal health information in electronic systems is a true national disaster. Not everyone knows this yet, but President Obama does.

On Feb 22, the he introduced historic new privacy principles to guide the use of personal data in the global digital economy. He recognized the lack of privacy in current networked technologies and systems has severe economic consequences. See story on the White House Initiative: http://patientprivacyrights.org/2012/02/wh-initiative-consumer-privacy-bill-of-rights/

President Obama’s new principles address the causes of the privacy violation in the story:

  • Current federal law does not protect the right to health information privacy or the right of consent to use health data
  • neither HIPAA nor Genetic Information Non-Discrimination Act (GINA) prevent the systemic corporate business practice of selling Americans’ highly sensitive personal health information (like genetic test results)

He laid out an historic, tough new Consumer Privacy Bill of Rights to stop the data mining and data theft industries. The first principle is that of individual control: “Consumers have a right to exercise control over what personal data companies collect from them and how they use it.”

Key quotes from the Administration’s new “Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy”:

  • “Strong consumer data privacy protections are essential to maintaining consumers’ trust in the tech­nologies and companies that drive the digital economy.”
  • The President concluded, “It [privacy] has been at the heart of our democracy from its inception, and we need it now more than ever.”

The only way we can trust the Internet and have a vibrant global digital economy is if individuals control personal information online and in electronic systems. The right of informed consent before personal information is collected or used must be restored.

When will the health IT industry, Congress, and lawmakers across the US act to restore the right to privacy and control over personal information?

WH Initiative: Consumer Privacy Bill Of Rights

In a press release from the White House, February 22nd, 2012:

“The Obama Administration unveiled a “Consumer Privacy Bill of Rights” as part of a comprehensive blueprint to protect individual privacy rights and give users more control over how their information is handled. This initiative seeks to protect all Americans from having their information misused by giving users new legal and technical tools to safeguard their privacy. The blueprint will guide efforts to protect privacy and assure continued innovation in the Internet economy by providing flexible implementation mechanisms to ensure privacy rules keep up with ever-changing technologies. As a world leader in the Internet marketplace, the Administration believes the United States has a special responsibility to develop privacy practices that meet global standards and establish effective online consumer protection. ”

To read more about the proposed bill here are some additional resources:

Read Fact Sheet

Read Full Proposal

Additional White House Press Release

View the Press Conference on CNN’s Video Library

National experts to meet at HIMSS to promote health record banks

See the full article at: http://www.nhinwatch.com/perspective/national-experts-meet-himss-promote-health-record-banks

Experts are planning to meet at HIMSS to discuss “strategies to promote and accelerate development and adoption of HRBs – community-based personally controlled repositories of electronic health records.”

Some key points:

  • -”HRBs can provide effective and efficient health information infrastructure (HII) in communities by simultaneously addressing the interdependent requirements of privacy, stakeholder participation and financial sustainability.”
  • -”HRB allows patients to readily and conveniently manage their access permissions in one place. In addition to being an effective approach to privacy, patient control also ensures that stakeholders make information available.”

The article goes on to list the cost and efficiency revenue advantages of HRBs as well as the privacy implications.

Re: Big Changes Coming in EU Privacy Law

Regarding the article in the Genomics Law Report: Big Changes Coming in EU Privacy Law

The new EU standards for data privacy apply to health data and require the level of personal control over health data and informed consent that Americans expect from electronic health systems, but don’t have. US companies doing business in the EU will have to comply with these tough new privacy protections in a year or face penalties. If companies can build privacy-protective systems there, why not here?

Quote:

  • Companies doing business in the EU must prove “every subject has given consent for the processing of their data for specified purposes. Consent is defined as “any freely given specific, informed and explicit [emphasis added] indication of will,” and can be withdrawn at any time. The subject will also have a controversial “right to be forgotten and to erasure.” This means that when the subject withdraws consent or “the data are no longer necessary” for the purposes for which they were collected, the company must render the data inaccessible, including on the Internet.”

Americans feel the exact same way the European public feels; they too want ethics-based systems that comply with longstanding rights to health privacy.

Since US companies will have to comply with strong patient privacy rights in the EU, they could obviously do the same in the US. Unless the US builds in the same strong patient protections, research comparing electronic health records in the US and EU will be impossible.

The Administration should use the EU example to move forward and require US electronic systems and data exchanges be built to comply with Americans’ longstanding rights to control the use of personal health information.