Sensitive data still pose special challenges

At a recent meeting of the National Health IT Policy Committee, the CEO of a large electronic health records (EHR) corporation said technology for “data segmentation”—which ensures patients control who sees and uses sensitive data—is something “vendors don’t know how to do.”  But that simply isn’t true. Vendors do know how to build that kind of technology, in fact it already exists.

At the same meeting, the National Coordinator for Health IT recognized the Department of Veterans Affairs and the Substance Abuse and Mental Health Services Administration for their “demonstration of technology developed for data segmentation and tagging for patient consent management”, but he seemed to forget that millions of people receiving mental health and addiction treatment have been using EHRS with consent and data segmentation technologies for over 12 years. Again, the technology already exists.

Facts:

  • -Technology is NOT the problem—it’s not too hard or too expensive to build or use consent and data segmentation technologies.
  • -Data segmentation and consent technologies exist:  the oldest example is EHRs used for millions of mental health and addiction treatment records for the past 12 years.
  • -All EHRs must be able to “segment” erroneous data to keep it from being disclosed and harming patients—that same technology can be used to “segment” sensitive health data.
  • -Data segmentation and consent technologies were demonstrated ‘live’ at the Consumer Choices Technology Hearing in 2010. See a video: http://nmr.rampard.com/hit/20100629/default.html
  • -Starting in 2001, HIPAA required data segmentation and consent technology for EHRs that keep “psychotherapy notes” separated from other health data.  “Psychotherapy notes” can ONLY be disclosed with patient permission.
  • -The 2013 amendments to HIPAA require EHRs to enable other situations where data must be segmented and consent is required. For example:
  • -If you pay out-of-pocket for treatment or for a prescription in order to keep your sensitive information private, technology systems must prevent your data from being disclosed to other parties.
  • -After the first time you are contacted by hospital fundraisers who saw your health data, you can opt-out and block the fundraisers from future access to your EHR.

The real problem is current  technology systems and data exchanges are not built to work the way the public expects them to—they violate Americans’ ethical and legal rights to health information privacy.

The public will discover that today’s health technologies and systems have fatal privacy flaws. The unintended consequence of using flawed technology is millions of people will avoid or delay treatment and hide information to keep their health information private and suffer from bad health outcomes.

US health technology should improve health and outcomes, not cause the health of millions to worsen.

How can the US fix the privacy flaws in health technology systems so EHRs and other health technologies can be trusted?

An American Quilt of Privacy Laws, Incomplete

The MOST “incomplete” US privacy law is HIPAA, which eliminated Americans’ rights to control the collection, use, disclosure and sale of their health data in 2001.

The new Omnibus Privacy Rule did not fix this disaster. It made things worse by explicitly permitting health data sales for virtually any purpose without patients’ consent or knowledge. These new regulations violate Congress’ intent to ban the sale of health data in the 2009 stimulus bill.

In addition to not being able to control personal health information Americans have no ‘chain of custody’ for their health data, so there is no way to know who is using or selling our health data.

We need a data map to track all the hidden users and sellers of our personal health information, from our DNA, to our diagnoses, to our prescription records:

  • -Watch Professor Sweeney describe the Harvard Data Privacy Lab/Patient Privacy Rights research project to track hidden users of our health data at: http://patientprivacyrights.org/thedatamap/
  • -WE NEED A DATA MAP TO SHOW THE GOVERNMENT IT’S TIME TO FIX THIS PRIVACY DISASTER!

Attend or watch the next health privacy summit June 5-6 in Washington, DC to learn about these urgent health data problems and potential solutions:

A new CVS wellness program raises privacy concerns

From the Thomson Reuters News & Insight article by Anna Louie Sussman, “A new CVS wellness program raises privacy concerns

(Reuters) – When nationwide pharmacy chain CVS Caremark Corp announced last week that its employees must submit to a medical exam or pay a $600 annual fine, some critics raised privacy concerns…

Under the CVS exam, which is free, tests will measure an employee’s weight, body fat, blood pressure, glucose levels and other health indicators. Workers who smoke must enroll in an addiction program by next year.

“They draw blood, that’s data collection. You have to go through a screening, that’s data collection. You have to call WebMD’s center, that’s data collection. People’s sensitive health data is being used for commercial purposes,” said Dr. Deborah Peel, founder of the advocacy organization Patient Privacy Rights.

Dr. Peel on America Weekend with Paul Harris

PPR Founder and Chair, Dr. Deborah Peel, was featured on yet another radio station discussing the CVS Caremark wellness program which violates their employees right to privacy.

To listen to the full podcast, visit Paul Harris Online.

You can view more about the CVS program here.

The Immortal Life of Henrietta Lacks, the Sequel

This is an amazing article written by Rebekah Skloot, author of ‘The Immortal Life of Henrietta Lacks’, demanding consent and trust.

Rebecca is right—-the only way Americans will trust researchers is when they are treated with respect and their rights of consent for use of genomes and genetic information is restored.

The public does not yet realize that they have no control over ALL sensitive health information in electronic systems. We have NO idea how many hundreds of data mining and research corporations are collecting and using our blood and body parts. We ALSO have no control over our sensitive health information in electronic systems violating hundreds of years of privacy rights.

This week the many stories about CVS showed employers can force employees to take blood tests, health screenings, and be forced into “wellness” programs–all of which REQUIRE collection of sensitive health information—which employees cannot control.

We have NO map of who collects and uses personal health data—Henrietta Lacks family was NEVER asked for consent to use her genome.

Contribute to build a map to track the thousands of hidden users of health data at: www.localhost:8888/pprold

Attend or watch the 3rd International summit on the Future of Health Privacy (free). Register at: www.healthprivacysummit.org

Big Data Is Opening Doors, but Maybe Too Many

To view the full article, please visit Big Data Is Opening Doors, but Maybe Too Many.

Steve Lohr likens today’s Big Data issues to the introduction of the mainframe computer in the 1960s. Even then, new technology threatened the “common notions of privacy”.

A few key quotes from the article:

“…the latest leaps in data collection are raising new concern about infringements on privacy — an issue so crucial that it could trump all others and upset the Big Data bandwagon. Dr. Pentland is a champion of the Big Data vision and believes the future will be a data-driven society. Yet the surveillance possibilities of the technology, he acknowledges, could leave George Orwell in the dust.”

“The World Economic Forum published a report late last month that offered one path — one that leans heavily on technology to protect privacy. The report grew out of a series of workshops on privacy held over the last year, sponsored by the forum and attended by government officials and privacy advocates, as well as business executives. The corporate members, more than others, shaped the final document.”

Dr. Peel on the Willis Report

Dr. Peel appeared on the Willis Report with Tracy Byrnes on March 21, 2013. Once again, she was discussing some of the major privacy concerns associated with CVS’s new health care coverage plan and Wellness Programs in general.

Watch the interview below. If you’re unable to view it here, you can visit the Willis Report on FoxBusiness.com for the story.


Dr. Peel on Nightly Business Report

On Thursday’s episode of Nightly Business Report, Hampton Pearson reported on the CVS policy that penalizes employees who refuse to undergo yearly health screenings and submit their personal information to their insurer. Following the story, Dr. Peel and fellow guest, Tracy Burns, joined Tyler Mathisen and Susie Gharib to discuss the new policy.

Watch the video below, starting at the 13:56 min. mark (uses iFrame). If you’re unable to view it below, you can watch the segment here on YouTube.

Dr. Peel Talks with Gil Gross on NewsTalk 910

On Wednesday, March 20, 2013, Dr. Peel spoke with Gil Gross about the some of the implications of CVS’s new health plan and some of the concerns patients have about employers potentially having access to their private health information.

Listen to the full interview below (uses iFrame), or visit newstalk910.com if you have any trouble accessing it here.

Dr. Peel on ABC World News with Diane Sawyer

Dr. Peel’s interview for Steve Osunsami’s report on the CVS policy requiring employees to report personal health information or pay $50 more per month for coverage was shown during ABC World News with Diane Sawyer on Wednesday, March 20, 2013.

Watch the video below (uses iFrame). If you can’t see it below, you can check it out on ABCNews.com.