“A recent study in the Journal of the American Informatics Association reports that nearly one in eight patients has withheld information from their healthcare providers due to security concerns. Moreover, most of the respondents were very concerned about the security of their information when it was being shared electronically or by fax. Just last week, advocacy organization Patient Privacy Rights sent a letter to the U.S. Department of Health & Human Services urging the agency to improve privacy protections of patients’ electronic health records, particularly in the cloud and in HIEs.”
Last Thursday, September 12, PPR sent a letter to U.S. Health and Human Services (HHS) Secretary Kathleen Sebelius, urging the immediate implementation of tough new patient privacy protections for digital health records. With privacy now leading the the list of major issues troubling the public in the digital age, PPR believes meaningful and comprehensive data privacy protections are critical components when it comes to restoring patient trust.
In the letter, PPR recommends that HHS:
- Allocate 1% of HIE (Health Information Exchange) funding to ensure all patients can choose an “HIE of One” a program that directs all personal data disclosures, which are visible to the patient without restriction or delay.
- Mandate portals for patients and physicians and require the use of voluntary patient email addresses be used for Record Locator Services (RLS). With these technologies, every state can easily and inexpensively offer an “HIE of One” to those who want to decide who may use their data.
- Require health IT systems to build technology so patients can segment their data for privacy, research, and any other disclosures – allowing patients to decide whether any sensitive data may be used.
- Provide funding to build and maintain a complete health data map, a service that allows patients to see and understand data flows across the nation and throughout the world. As present, Americans have no “chain of custody” for personal health data and no way to know who is collecting and using health data.
Read the full letter here.
Read the press release here.
“Health privacy and security are often mentioned in tandem, but Deborah Peel, Founder and Chair of Patient Privacy Rights and Adrian Gropper, Chief Technology Officer of Patient Privacy Rights, took a different view in a recent Institute for Health Technology Transformation (iHT2) webcast.”
“The presentation, titled “Competing for Patient Trust and Data Privacy in the Age of Big Data” detailed a few of the nuances between patient data privacy and security and why privacy is so significant as healthcare organizations pull together huge data sets for health information exchange (HIE) and accountable care.”
To view the full article, please visit: Pairing patient privacy with health big data analytics
The webcast can be viewed at: Competing for Patient Trust and Data Privacy in the Age of Big Data Webinar
To view the full article, please visit: Five More Organizations Join Lawsuit Against NSA Surveillance
“The five entities joining the First Unitarian Church of Los Angeles v. NSA lawsuit before the U.S. District Court for the Northern District of California are: Acorn Active Media, the Charity and Security Network, the National Lawyers Guild, Patient Privacy Rights and The Shalom Center. They join an already diverse coalition of groups representing interests including gun rights, environmentalism, drug-policy reform, human rights, open-source technology, media reform and religious freedom.”
To view the full article, please visit: The FBI’s New Wiretapping Plan Is Great News for Criminals
US technology is designed for ‘exceptions’ and ‘outliers’, i.e., ‘worst-case’ scenarios like terrorists and unconscious patients.
Bruce Schneier concludes his May 29th essay:
“Finally there’s a general principle at work that’s worth explicitly stating. All tools can be used by the good guys and the bad guys. Cars have enormous societal value, even though bank robbers can use them as getaway cars. Cash is no different. Both good guys and bad guys send e-mails, use Skype, and eat at all-night restaurants. But because society consists overwhelmingly of good guys, the good uses of these dual-use technologies greatly outweigh the bad uses. Strong Internet security makes us all safer, even though it helps the bad guys as well. And it makes no sense to harm all of us in an attempt to harm a small subset of us.”
Fear-driven technology harms Democracy and health:
- Example #1: FBI
Bruce Schneier’s essay (below) tells how US-created security flaws help the wrong people (criminals and terrorists) and harm the rest of us (law-abiding citizens).
- Giving the government access (via back doors, brute force decryption, etc) to everyone’s data to find terrorists is the ‘worst-case’ scenario used to justify destroying strong data security protections.
- But law-abiding people, businesses, and government really NEED strong data security protections to function everyday online.
- Criminals and terrorists can exploit the security flaws created to catch them to steal information and harm governments, individuals, and corporations; but ordinary citizens and businesses can’t build or afford security technology to protect their own data.
- WORST CONSEQUENCES: people will not trust technology and governments, and cyber-wars can destroy people, governments, and corporations.
- Example #2: US health technology systems
The US eliminated data privacy in health technology systems, helping the wrong people (government and corporations) and harming patients.
- Government and corporations control the use of the nation’s health data. Medical emergencies are the ‘worst-case’ scenario used to justify this technology: if you are unconscious in an emergency room (a one-in-a-million), you can’t give consent to share your data.
- But the 299,999, 700 million US patients who are awake expect to control use of personal health data in order to trust doctors and technology.
- Government and industry control use of the nation’s data for various purposes without the knowledge of the public, there is no ‘chain of custody’ for health data and no data map to track uses. Some hidden uses may be beneficial and some may harm patients. Patients can’t buy or use privacy technology to protect health data.
- WORST CONSEQUENCES: 40-50 million people/year avoid or delay treatment, or hide information to protect the privacy of health information, risking their lives and health. Technology causes tens of millions of people who need treatment to suffer bad health outcomes.
In a Democracy, judges should approve spying on suspected criminals or terrorists. In a Democracy patients should be asked for consent to use personal health data. Advance directives or break-the-glass technology can permit access to health data when patients are unconscious.
In a Democracy, shouldn’t technology support ‘best-case’ scenarios , i.e., citizens’ freedoms and human and civil rights to privacy and health?
“A new survey finds that most internet users would like to be anonymous online, but many think it is not possible to be completely anonymous online.”
To view more great polls and surveys at PewInternet, please visit: Anonymity, Privacy and Security Online
“Half a dozen privacy groups have asked the Federal Trade Commission to stop Facebook from enacting changes to two of its governing documents… In addition to EPIC, CDD and Consumer Watchdog, representatives from Patient Privacy Rights, U.S. Public Interest Research Group and the Privacy Rights Clearinghouse also signed the letter.”
To view the full article, please visit: Privacy groups ask FTC to stop Facebook policy changes
“A coalition of six consumer privacy groups is calling on the Federal Trade Commission to enforce an earlier consent order with Facebook and block proposed changes in the social network’s Statement of Rights and Responsibilities and its Data Use Policy because the proposed changes violate the 2011 settlement with the Commission.”
“The changes will allow Facebook to routinely use the images and names of Facebook users for commercial advertising without consent,” the groups said. “The changes violate Facebook’s current policies and the 2011 Facebook settlement with the FTC. The Commission must act to enforce its order.”
Signing the letter were Consumer Watchdog, the Electronic Privacy Information (EPIC), the Center for Digital Democracy, Patient Privacy Rights, U.S. PIRG, and Privacy Rights Clearing House. Read a copy of the letter here: http://www.consumerwatchdog.org/resources/ltrfacebookftc090413.pdf
“Facebook has long played fast and loose with users’ data and relied on complex privacy settings to confuse its users, but these proposed changes go well beyond that,” said John M. Simpson, Consumer Watchdog’s Privacy director. “Facebook’s overreach violates the FTC Consent Order that was put in place after the last major privacy violation; if the Commission is to retain any of its credibility, it must act immediately to enforce that order.”
To view the full article, please visit: http://www.marketwatch.com/story/consumer-watchdog-and-other-privacy-groups-urge-ftc-to-block-pending-facebook-privacy-changes-2013-09-05
“A doctor put stickers on a patient who was under anesthesia, and a photo was taken. The lawsuit underscores how, despite hospitals’ rules, the pervasiveness of cellphones raises concerns about privacy.”
Quotes from Dr. Peel:
“‘The idea that people are using their cellphone or even have one in the operating room is crazy,’ said Dr. Deborah Peel, founder of Patient Privacy Rights, a nonprofit advocacy group in Austin, Texas. ‘It’s a massive security risk and incredibly insensitive to patients.’”
“In similar cases elsewhere, Peel said, hospital personnel often lose their jobs. In 2010, for instance, four employees at St. Mary Medical Center in Long Beach were terminated because they used cellphones to photograph a dead emergency-room patient and shared the photos with others, according to state records.”
To view the full article, please visit: http://www.latimes.com/business/la-fi-hospital-patient-privacy-20130905,0,7915045.story