Myth: The Benefits of Electronic Health Records Outweigh the Privacy Risks
Fact: It’s impossible to weigh the ‘benefits’ of EHRs vs. the ‘risks’ when we have no way of knowing what all the ‘risks’ are. Current health IT systems and data exchanges enable unlimited hidden use and sale of personal health data.
There is no map that tracks hidden disclosures of health data to secondary, tertiary, quaternary, etc, etc users. It’s crazy, but we have no ‘chain of custody’ for our most sensitive personal information, health data.
How can we make informed decisions about using EHRs when there is no map to track the 100s-1000s-1,000,000s of places our personal health information, from prescriptions to DNA to diagnoses, ends up?
Take a look at this website: http://www.theDataMap.org
· Harvard Professor Latanya Sweeney leads this project to map the hidden flows of health data.
· Patient Privacy Rights is a sponsor.
· Not only is it impossible for individuals to make an informed decision about the risks and benefits of EHRs, but it’s ALSO impossible for Congress to create sane health reform and healthcare laws, formulate appropriate health and privacy policies that provide ironclad data privacy and security protections when we have no idea where PHI goes, who uses and sells it, or what it’s used for.
· One example of not knowing where/how our personal health data ends up: Identifiable diabetic patient records are sold online for $14-$25 each. See: http://abcnews.go.com/Health/medical-records-private-abc-news-investigation/story?id=17228986&singlePage=true#.UFKTXVHUF-Y
If you think about privacy-destructive health IT, it is the exact opposite of what patients expect. And it violates patients’ strong existing rights to health information privacy and control over personal health data:
· One example: Patients give pharmacies a prescription for only one purpose: to fill their prescription. They don’t expect all 55,000 US pharmacies to sell every prescription, every night. The prescription data mining industry sells our easily identifiable prescription records collects 10s-100s of billions in revenue every year.
· Another example: Patients expect physicians to keep their records private. They don’t expect physicians or EHRs to sell their sensitive data, treating patient data as another way to make money. But selling patient data is the business model of almost all EHRs, including Practice Fusion, Greenway, Cerner, Athena, GE Centricity, etc, etc. Patients give doctors information for one purpose only: to treat them. They don’t expect it to be used and sold by Business Associates, subcontractors, and subcontractors of the subcontractors for other purposes. Again, in the US patients have had a very long history of rights to health information privacy in law and ethics (the Hippocratic Oath).
Fact: the public will only trust health technology if they control their health data and can have real-time lists of those who use their health data. Hidden use of personal health data must stop. Users should ask our consent first. We need control, accountability and transparency to trust health technology.