Press Release for Health Privacy Summit 2011

View as a PDF

FOR IMMEDIATE RELEASE

LBJ School of Public Affairs and Patient Privacy Rights Foundation to Co-Host
Inaugural International Summit on Health Privacy June 13 in Washington, D.C.

“Getting IT Right: Protecting Patient Privacy in a Wired World” to Look at the
Fundamental Role of a Patient’s Right to Privacy in Health Information Technology

AUSTIN, Texas, May 11, 2011 – The Lyndon B. Johnson School of Public Affairs and the Patient Privacy Rights Foundation will co-host the nation’s first public summit to discuss the future of health privacy in the digital age. “Getting IT Right: Protecting Patient Privacy in a Wired World” will be held on June 13, 2011 at the Georgetown Law Center in Washington, D.C. The event is the first in a planned series of forums on this theme and coincides with the creation of the U.S. government’s plan for a new health information technology (HIT) infrastructure, which will collect personal health information. For agenda and registration information, visit: http://www.healthprivacysummit.org/

The summit will be interactive and audience members will be expected to contribute questions to panels and participate in work groups to identify urgent health privacy needs, along with the immediate steps needed to deliver responsible and realistic solutions.

Deborah C. Peel, MD, chair of the board of directors of Patient Privacy Rights, Summit co-host, explained, “The goal of the summit is to create the world’s premier public forum on health privacy issues by uniting a ‘brain trust’ of experts – academics, advocates, government, health care, and those in the technology field – who are willing to work together to ensure health privacy is a center-piece of U.S. health care system reforms. We’re very pleased with the response to the Summit, from panelists and speakers to sponsors, which no doubt speaks to the importance and urgency of these issues today and into the future.”

Whether or not the new HIT infrastructure will afford individuals proper control over the sharing of their personal health information is the key issue that will be addressed. Benedicte Callan, Sid Richardson Fellow of health innovation and policy at the LBJ School, feels that the United States is reaching a crossroads in patient privacy with the creation of the HIT infrastructure.

“Designed well, this digital health information system could be the foundation for a more efficient 21st Century health care system,” said Callan. “It could lower costs, make care more safe and effective while leading to new treatments by benefiting research. But without proper protections built in up front, the HIT system could compromise the fundamental rights of citizens to protect their most sensitive personal health information.”

In summation, “The LBJ School has been preparing leaders for 40 years to help find innovative solutions to the most complex public policy issues and challenges of our modern world,” said Robert Hutchings, Dean of the LBJ School of Public Affairs. “Therefore, we see it as critically important to engage in this issue on every level—local, state, national, international—through research and collaborative partnerships in conferences such as this one. We are especially pleased to join with Patient Privacy Rights and with the other conference participants on working together towards solutions to one of the greatest privacy challenges of our time.”

The Lyndon B. Johnson School of Public Affairs is a graduate component of The University of Texas at Austin. The School’s mission is to develop leaders and innovative ideas that will help our state, the nation and the international community address critical public policy challenges in an ever increasingly interconnected and interdependent world.

Patient Privacy Rights is the nation’s leading health privacy watchdog and leading consumer voice for building ethical, trustworthy HIT systems. For more information, visit: http://patientprivacyrights.org/.

Major sponsors to date include: Microsoft, Jericho Systems, ID Experts, e-MDs, Inc., and Medical Research and Materiel Command, Telemedicine and Advanced Technology Research Center at the U.S. Department of Defense.

###

“Getting IT Right: Protecting Patient Privacy Rights in a Wired World”

Official Pre-conference for CFP2011

June 13, 2011 Georgetown Law Center Washington, D.C.

“Getting IT Right: Protecting Patient Privacy Rights in a Wired World” is the nation’s first open and inclusive public forum to discuss the future of health privacy in a digital age. The conference will be held June 13, 2011 at the Georgetown Law Center in Washington, D.C. and is the result of a partnership between the Lyndon B. Johnson School of Public Affairs at The University of Texas at Austin and the Patient Privacy Rights Foundation, the premier health privacy advocacy organization in the United States.

You can find the agenda, a list of speakers, and more relevant news on the summit at the official website:www.healthprivacysummit.org.

Register Now: www.healthprivacysummit.org/registration

Steady Bleed: State of HealthCare Data Breaches — Comments

Comments on Information Week Article: Steady Bleed: State of HealthCare Data Breaches

This is a very ominous story. As every state rushes to connect offices and hospitals with weak security and privacy together to exchange data, the federal government is giving doctors and hospitals tens-to-hundreds of thousands of dollars to install electronic health records that also lack ironclad security and also prevent patients from controlling their records. Hooking systems of ‘weak links’ to thousands of new systems that are also ‘weak links’ is a prescription for disaster.

Like the author, Patient Privacy Rights has been pointing out the abysmal state of health data security for years. What the author does not know is Congress LISTENED TO PATIENTS. Senator Snowe deserves credit for these consumer protections because she refused to allow the meaningful breach protections she crafted to be weakened. Powerful support by the bipartisan Coalition for Patient Privacy (see our letter to Congress) helped convince Congress to put Senator Snowe’s tough breach reporting and tough penalties into the stimulus bill. Perhaps now those who hold our sensitive health data will start to take security seriously.

What is really new in this story are FairWarning’s report about the very high monthly frequency of breaches in doctor’s offices and major hospitals in the US and across the world. The statistics from FairWarning show clearly that the number of breaches officially reported to HHS are just the tip of the iceberg. See quotes:

  • 200-bed hospital with a few small clinics, Rurally based: 24 confirmed incidents [breaches] per month.
  • U.S. based physician practice with 20 clinics metro and rurally dispersed: 29 confirmed incidents [breaches] per month.
  • UK based teaching hospital in major metropolitan area as well as rurally based facilities: 130 confirmed incidents [breaches] per month
  • Top 50 U.S. Health System with multiple affiliated hospitals and clinics – Based in a major metropolitan area: 125 confirmed incidents [breaches] per month.

You can see reported breaches to HHS affecting 500 or more here: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

New HIPAA rules need more clarification

When it comes to the new HIPAA privacy and security standards, it seems like everybody has an opinion. Quite a few organizations are spreading the word about the comments they’ve filed in response to the changes HHS proposed in July…

…On the consumer side, the Coalition for Patient Privacy, led by Dr. Deborah Peel’s Patient Privacy Rights Foundation, is lobbying hard for the final rule to restore the right to patient consent for PHI disclosure that HHS stripped from the HIPAA privacy rule in 2002.

“We strongly recommend that HHS require the use of the consent and segmentation technologies showcased June 29 at the Consumer Choices Technology hearing sponsored by HHS/ONC for all HIT systems, HIE and the NHIN,” the coalition says in its letter. “The innovative, low-cost, effective privacy‐enhancing technologies available that can empower patients to have ‘maximal control over PHI’ should be viewed as what is possible now, not 10 years from now.”

Coalition Urges HHS To Restore Patient Control Over Access to Health Data NOW

On Monday, September 13th 2010, the Coalition for Patient Privacy sent in comments to HHS regarding Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under the HITECH Act. Ensuring Americans’ control over health information is critical for quality health care and the success of health information technology (HIT). The Coalition applauds the efforts of the Department of Health and Human Services (HHS) to revise HIPAA. However, the Coalition also urges HHS to require use of robust electronic consent and segmentation tools to assure compliance with the consumer privacy and security protections in HITECH and existing rights in state and federal law and medical ethics.

View the proposed modifications to HIPAA
View the Full Comments from the Coalition for Patient Privacy
View the Press Release

ONC IS MAKING HISTORY!

ATTEND THE FIRST EVER HEARING ON PRIVACY-ENHANCING TECHNOLOGIES IN THE NATION.

Register here.

The hearing, scheduled all day on June 29th, will showcase 7 innovative, existing privacy-enhancing Health IT products and systems, and future technologies. The technologies will be discussed by 4 experts and the Privacy and Security Tiger Team.

Early this year, Dr. Blumenthal met with the bipartisan Coalition for Patient Privacy. He told us our idea for this conference struck him as “very intriguing. Two principles should animate our policy development. Patients/consumers come first, and the process should be fair and open.” So he agreed to hold a hearing.

Register to attend the hearing at: http://www.blsmeetings.net/consumerchoicetechnologyhearing/
For agenda see: http://healthit.hhs.gov/portal/server.pt?open=512&mode=2&objID=2833&PageID=19423

This is the first hearing ONC has ever held that is focused solely on privacy rights and patients’ expectations to control sensitive health records, from prescriptions to DNA. It is VERY timely because billions in stimulus dollars are about to flow.

What kinds of systems do you want to get the stimulus billions??? Current HIT systems that facilitate the data mining, theft, and sale of personal health information or systems that put YOU in control of YOUR information?

Inside-the-beltway domination of policy and standards by major legacy health IT vendors, many major hospitals, the health data mining industries, and physicians’ organizations has made it very hard for consumer and privacy advocates to be heard, even though we represent the majority of the American public. The fear is if they have to ask first to see or use our health information, we might refuse. And we might. But it’s our right to do so.

Today’s HIT systems put our jobs and our kids’ futures at risk by exposing everything from our prescription records to our DNA to sale and theft. Once our health data is exposed, like Paris Hilton’s sex video, we can never make it private again.

Showcasing technology that empowers patients to actively share data for treatment, personal benefit, and for research, while empowering patients to protect personal information to prevent harms is critical—especially now as HHS prepares to spend billions on EHRs and models for data exchange that do not require meaningful and comprehensive privacy controls.

The video of the hearing will be a critical online resource for the public, the media, states, and the world. There is no other way to learn about robust privacy-enhancing technologies that meet patients’ expectations and rights to control use of PHI while enabling compliance with strong state and federal laws, medical ethics, and our Constitutional rights to privacy.

Latanya Sweeney’s testimony and slides show the need to choose the right HIT technologies and systems up front, rather than letting “100 weeds fester.” See her testimony at: http://patientprivacyrights.org/wp-content/uploads/2010/04/Sweeney-CongressTestimony-4-22-10.pdf
See her slides at: http://patientprivacyrights.org/wp-content/uploads/2010/06/Sweeney-TrustworthyNHINDesigns.pdf

If you cannot attend in person, PLEASE listen in and comment at the end during the comment period or submit comments online. The video link of the hearing will be posted the following day.

TAKE PART: Tell ONC to build privacy-enhancing health IT systems you can trust. Tell ONC to build privacy-enhancing EHRs and systems for data exchange, don’t blow the stimulus billions on systems that will never be trusted.

If we don’t fight for our rights to control sensitive personal health information, we will never GAIN the right to control the rest of our personal information online and in the Digital World.

Thanks for helping to save privacy!

PR Firm Behind Propaganda Videos Wins Stimulus Contract

President Obama’s push for electronic medical records has faced resistance from those who question whether health information technology systems can protect patient privacy…

…Consumer advocates warned that the PR contract will only heighten skepticism about the security of online health records. A poll conducted last year by NPR, the Kaiser Family Foundation and the Harvard School of Public Health found that roughly six in 10 Americans lack confidence in the privacy of online health records.

“The public has always been very suspicious over whether electronic health information will be safe,” said Dr. Deborah C. Peel, a physician and founder of the Coalition for Patient Privacy, which includes consumer, privacy and health groups. Peel called Ketchum a “very, very troubling choice because the last thing the public needs are more tricks being pulled on them.”

Locking down privacy: Where do we draw the line?

Patient privacy dates back to ancient Greece, beginning with the physician and teacher Hippocrates, who is often called the father of Western medicine. He authored the Hippocratic Oath to establish best practices for his fellow physicians and to build trust with his own patients. It was necessary for him to keep the ailments of his contemporaries secret, lest they be subject to humiliation, personal harm or loss of opportunity.

Ironically, more than 2,400 years later, patient privacy remains a fundamental issue, and the repercussions of information leaks are just as distressing. Areas of vulnerability have now expanded beyond the doctor-patient relationship in the exam room to encompass whole healthcare systems, communities, nations and even the global marketplace. With electronic information storage and transmission coming of age, whispering behind a closed door, as Hippocrates might have done, is obviously not enough to protect privacy.

Deborah Peel, MD, is the founder of Patient Privacy Rights (PPR), a national not-for-profit watchdog coalition. As a physician, she was inspired to adopt privacy as her mission in 1993 after an unnerving proposal from President Bill Clinton called for every patient encounter in America to be recorded in an electronic data-base. She was intimately familiar with the anxiety related to privacy in her own psychiatric-services practice, but the broad reach of electronic health records posed an imminent threat she just couldn’t ignore.

“For 30 years, I’ve been in the most privacy-sensitive specialty in medicine,” Dr. Peel says. “I’ve spent 30 years listening to how people’s reputations and lives are ruined. If you were in my shoes, you’d be doing this, too.”

They got it wrong… AGAIN!

See article: ‘Meaningful Use’ criteria released

Can you believe it? Doctors and hospitals that purchase electronic health records (EHRs) ‘wired’ for ‘back-door’ data mining will be paid to steal and use our sensitive health records without our permission!

The government and the massive health data mining industry won. Industry and the government’s plan to continue illegal and unethical data mining trumped Americans’ rights to health privacy.

The rules guarantee that employers, insurers, banks, and government will be able to use our sensitive health information—from prescriptions to DNA— to discriminate against us in jobs, credit, and insurance.

Instead, the new interim rules for EHRs should reward the purchase and use of ‘smart’ EHRs with consent technologies so patients control who can see and use their health records.

The stimulus billions will be wasted because doctors and hospitals will be rewarded for using obsolete, unethical EHR ‘clunkers’. Like the UK, the US will be forced to spend billions to correct a disastrously flawed national electronic health system that prevents patients from controlling their health records.

To understand the “meaningful use” criteria that SHOULD be required in EHRs, see the comments submitted to the Administration by the bipartisan Coalition for Patient Privacy, representing millions of Americans: http://www.localhost:8888/pprold/media/Coalition_to_HIT_PC_Meaningful_Use.pdf

When will the Administration and corporations get it? Privacy protections have to be tough and comprehensive if we want a national HIT system that consumers will trust and use.

To act, join www.localhost:8888/pprold to get e-alerts. Stop corporations and the government from using your sensitive health information for uses you would never agree to.

Living Online: Privacy and Security Issues in a Digital Age

Our lives are increasingly lived online. A large number of Americans routinely exchange information in cyberspace for personal, business, and other purposes. What privacy and security issues present themselves in this relatively new and increasingly ubiquitous space? What particular privacy concerns might apply when specific entities, such as the government, hold or process our information? What particular considerations might apply when the information being transmitted is particularly sensitive, such as health care information or financial information? How do privacy, security, and information ownership concerns function when information is being exchanged on social networking sites?

The November 3, 2009 event featured a lunchtime keynote address by Christopher N. Olsen, the Assistant Director in the Division of Privacy and Identity Protection at the Federal Trade Commission.

A panel discussion was held from 1 – 2:30 pm and featured:

  • Moderator, Jeffrey Rosen, Professor of Law at George Washington University and Legal Affairs Editor for The New Republic
  • Deborah C. Peel, MD, Founder and Chair, Patient Privacy Rights; Chair, Coalition for Patient Privacy
  • Lillie Coney, Associate Director, Electronic Privacy Information Center; Coordinator, Privacy Coalition
  • Alan Davidson, Director of Public Policy, Google

Here is the Video of the Panel:

Tuesday, November 3, 2009
11:30 am – 2:30 pm
Center for American Progress
1333 H. Street NW, 10th Floor
Washington, DC 20005