Privacy goes Public

When it comes to advancing healthcare IT you’re more likely to hear about standards, interoperability, sustainability and affordability before you’ll hear about privacy. Most smart legislators and federal officials know to mention it in their second breath or in the fine print, but not front and center.

I’d venture to guess that recent turn of events are going to change all that.

Deborah Peel, MD, staunch activist for privacy, practicing psychiatrist and founder of the Patient Privacy Rights Foundation, won some major ground last month in her effort to capture attention everyone’s attention on the issue of privacy and medical records.

First, Microsoft, Inc. launched a platform Oct. 4 for personal health records that will strictly abide by privacy standards that Peel and a coalition of activists agree will keep control in the patient’s hands.

Now suddenly the radar is bleeping with activity. This has private industry’s attention. Will everyone in the healthcare IT business have to decide to abide by the privacy principles Microsoft has embraced or be left behind? Peel thinks so.

To back that up, Peel and the Coalition for Patient Privacycame to Capitol Hill Oct. 18 to formally urge Congress to pass basic privacy protections this year. “Setting national privacy standards is a job for Congress, not unelected agency appointees, who for the most part represent industry,” they said.

Presidential hopeful Hillary Clinton (D-N.Y.) gave an address at the Kaiser Family Foundation in Washington, D. C. on the same day, endorsing healthcare IT as a cornerstone of improving America’s floundering healthcare system. She proposed a healthcare IT bill this summer with what some would call strong privacy language.

But not strong enough for Peel, who says she has yet to see a bill coming out of Washington with the kind of protection Americans need to ensure their lives are not destroyed by rampant exposure of private health and genetic information that could bring about prejudice in the workplace, at a very minimum.

As if on cue, a bevy of curious healthcare workers took a peek at George Clooney’s medical records last month, causing swift disciplinary action by Palisades Medical Center, where Clooney was being treated. A media blitz ensued, rounding off a month unlike any we have seen when it comes to shedding light on the issue of privacy.

Strange Bedfellows on Health Privacy: ACLU & Microsoft

What do the ACLU, Gun Owners of America, the Free Congress Foundation and Microsoft have in common? A hankering for patient privacy, it seems.

With some 40 other groups, they sent congressmen a letter yesterday urging them to “establish basic privacy protections” for health records, and soon. (Or see the press release.)

They complain that no federal statute establishes a right to health privacy and dismiss the HIPAA privacy regulation as “really a ‘Disclosure Rule’.” Their letter charges that forging “national privacy standards is a job for Congress, not unelected agency appointees.” A similar group — marrying the Christian Coalition and the National Center for Transgender Equality, among others — lobbied last year as well.

For Microsoft, it may be no coincidence that its political activism comes soon after the company unveiled HealthVault, online software and a service that would let patients store what medical information they want in a central place, giving health-care providers ready access (through Microsoft-compatible applications, naturally). Microsoft edged out Google in the online health-records race, as the Health Blog noted earlier this month.

Along the way Microsoft consulted with privacy advocates such as Deborah Peel, an Austin, Texas psychotherapist and founder of Patient Privacy Rights, one of the groups at the center of the lobbying campaign. Microsoft got Peel’s support in part by agreeing to a host of privacy guidelines, including external audits to ensure its privacy protections are what they advertise. (Peel says her group is funded by donations from individuals and honoraria for her speeches.) “We know that consumers are very concerned about the privacy of their private health data,” Peter Neupert, vice-president of Microsoft’s Health Solutions Group, said at the product’s launch in Washington, D.C., earlier this month.

{Sadly Theo comes to the conclusion that ‘Too many restrictions on what medical providers can see may blunt the advantages of electronic records — and could even hurt patient care’?  That is the insurance and data miners spin—of course they want to cast consumer control as impeding care, but consumers know exactly which people to share their records with in order to get effective care. No one trusts all doctors equally and all doctors do not need to know the same things about us. ~ Dr. Deborah Peel, Patient Privacy Rights}

Bill sought to shield medical data

A bipartisan mix of lawmakers and private companies say Congress should pass legislation protecting the medical records of patients from potential identity theft and abuse.

The coalition includes liberal lawmakers, such as Rep. Edward J. Markey, Massachusetts Democrat; the conservative Family Research Council; and Microsoft Corp.

“Medical information is probably the most sensitive and personal information that we have about ourselves. Without strong privacy safeguards, a health [information-technology] database will become an open invitation for identity thieves, fraudsters, extortionists or marketers looking to cash in on our medical histories,” Mr. Markey said, adding that “tough privacy safeguards” are necessary to reap the benefits of integrated health databases.

The electronic medical record legislation working its way through Congress would allow data-mining companies and “4 million other individuals and entities” to secretly access millions of private medical records, creating a potential boon for misuse and identity theft, they say.

“If you think we’ve got a problem with identity theft now, just wait,” said Dr. Deborah Peel, who chairs the Patient Privacy Rights coalition, a group asking Congress to pass laws ensuring individual privacy protections for medical records.

Coalition to Congress: Don’t pass health IT bill without privacy protections

A coalition of 47 organizations that span the political spectrum today called on Congress to refrain from passing health information technology legislation unless the measure would protect the privacy of health information.
At a press conference on Capitol Hill, the Coalition for Patient Privacy released a letter it is sending to members of Congress to influence the content of health IT bills pending in the House and the Senate.
“Despite the good intentions of the Health Insurance Portability and Accountability Act (HIPAA) and its ‘Privacy Rule,’ the current regulations leave all Americans’ personal health information completely vulnerable and exposed,” the letter stated.
“Setting national privacy standards is a job for Congress, not unelected agency appointees, who for the most part represent industry,” the letter added.
Deborah Peel, founder of Patient Privacy Rights and leader of the coalition, said that in the 18 months since the coalition held its last press conference on Capitol Hill, Microsoft Corp. and other organizations have joined the coalition. “Congress was amazed that so many people were in favor of privacy from both sides of the issue,” she said.

Microsoft joins lawmakers, activists to demand patient privacy rights

Lawmakers, corporations and activists joined today to urge Congress to protect patients’ medical privacy rights. Activists say such rights are not adequately protected, especially when it comes to electronic health records.

At a Capitol Hill briefing sponsored by the Coalition for Patient Privacy, at least 46 states, national organizations and corporations, including Microsoft, petitioned Congress to include adequate patient protection in any healthcare IT legislation it may pass.

Today’s request is based on the Coalition’s extensive 2007 patient privacy principles and calls for privacy that applies to all health information regardless of the source, the form it is in, or who handles it.

According to Deborah Peel, MD, founder and chair of Patient Privacy Rights, the Coalition developed the privacy principles to serve as standards for legislation. Today’s effort is just a small part of a greater effort to curtail passage of currently proposed federal healthcare IT legislation that Peel said offers consumers no control over access to personal health information.

Your Health Data, Plugged In to the Web

Microsoft launched a free, ad-supported online health portal called HealthVault yesterday that allows people to upload their medical records to the Web and share the information with doctors.

Microsoft beat not only the federal government to the punch but also a number of other companies, such as Google and Steve Case’s Revolution Health, that reportedly have been working on similar portals. Some privacy advocates are concerned that such sites could expose sensitive medical data to hackers and outsiders, but Microsoft said it has spent the past several years consulting with experts to ensure that HealthVault will keep personal information private.

Several other countries have already implemented nationwide medical-record networks that they say are secure. In Germany, for example, patients can carry all their medical records on a single computer chip.

The U.S. government’s attempts to automate doctors’ offices have been less successful.

Studies have estimated that creating a nationwide electronic medical-record network would save more than $500 billion in medical costs over 15 years, but doctors are slow to adopt technology that has been commonplace in banking and retail for more than a decade. About 90 percent of physicians and more than 80 percent of hospitals still use paper records, according to Nancy Szemraj, a spokeswoman for the Department of Health and Human Services.

{Microsoft has set a new very high industry standard for ensuring the privacy of personal health information, i.e. ensuring that consumers control access to their sensitive health information. Microsoft’s HealthVault and its application partners have pledged to adhere to the 2007 principles of the Coalition for Patient Privacy, the toughest patient privacy principles in the nation. These principles are hardwired into the architecture of HealthVault and also enforced by contracts. In addition, HealthVault is being audited on whether it complies with the 2007 privacy principles and can require partner audits and end participation if a partner does not adhere to the standards for privacy.  For the first time, a major multinational corporation is being crystal clear about what it means by the word ‘privacy’ and is proving that its product actually does what they say it will do by obtaining outside audits of its privacy and security practices amd protections. All health technology vendors should meet these same ‘best practices’ for privacy if they expect consumers to trust and use their systems. ~ Dr. Deborah Peel, Patient Privacy Rights}

Microsoft launches HealthVault – platform for the people

Microsoft today launched a new technology platform it bills as the answer to how consumers can best get a handle on their healthcare information and share it.

Called Microsoft HealthVault, the technology not only has the support of healthcare providers, patient activists and device manufacturers, it also passes muster with one of the industry’s toughest privacy rights advocate Deborah Peel, MD, founder of the Patient Privacy Rights Foundation, one of 50 organizations that comprise the Coalition for Patient Privacy.

The company also unveiled a new search engine called Microsoft HealthVault Search.

The promise of HealthVault is that it will bring the health and technology industries together to create new applications, services and connected devices, said Peter Neupert, corporate vice president of Microsoft’s Health Solutions Group. People will be empowered to monitor anything from weight loss to diabetes, he said.

“People are concerned to find themselves at the center of the healthcare ecosystem today,” Neupert said, because they must navigate a complex web of disconnected interactions between providers, hospitals, insurance companies and even government agencies. Neupert added. “Our focus is simple: to empower people to lead healthy lives.”

Dossia wants PHR deal kept under wraps

Something is amiss in Portland, Ore., with a project to provide personal health records to millions of workers at some of the nation’s largest employers. Exactly what the problem is, the employer coalition, called Dossia, doesn’t want the world to know. Dossia asked an Oregon judge to seal court records in a case between it and Omnimedix Institute, the not-for-profit organization designated to develop the personal health-record system for the consortium.

The formation of Dossia was announced with considerable fanfare in December 2006 by its founders. They are Wal-Mart, the nation’s largest private employer with more than 1.3 million workers; Applied Materials; BP America; Intel Corp. and Pitney Bowes. Between them, they claimed more than 2.5 million employees, dependents and retirees. A sixth corporation, giant pharmaceutical wholesaler, Cardinal Health, joined the Dossia coalition in February.

Piecing the story together from previously published reports, conversations with court and clerk’s office employees in Multnomah County, Ore., and from the Web site of Omnimedix Institute, it would appear money is at least a reason for the demand for secrecy, if not the root of the dispute.

According to a court employee, on June 22, Circuit Court Judge Jean Maurer signed a temporary restraining order sought by Dossia against Omnimedix barring it from filing suit against Dossia except under court seal. Circuit Court Judge Edward Jones, who took over the case, extended the temporary restraining order on June 26 and set a three-hour hearing tommorow on Dossia’s request for a preliminary injunction against Omnimedix. Jones also sealed all records for the case from June 26 forward, the court employee said.

{Dossia, major employers, and insurers are all pushing Americans to use personal health records cpontrolled by them. First, they should “do no harm” and urge Congress to pass legislation to ensure that patients control all access to their highly sensitive health records—wherever they are kept. Otherwise the electronic health system will become a supergighway for data mining electronic health records. Instead of benefitting from technology, all Americans will suffer discrimination and denial of jobs, insurance, credit, and admission to schools when our diagnoses and medications are known the world. ~ Dr. Deborah Peel, Patient Privacy Rights}

Legislation calls for healthcare IT trusts

A bill introduced in the House today would create healthcare information technology trusts. Rep. Dennis Moore, a Democrat who represents the Third District in Kansas, introduced the legislation that would establish a nationwide health information technology network. Under the Independent Health Record Trust Act, individuals would have the option of submitting their medical records to be managed electronically by health record trusts. In turn, these trusts would ensure the security, confidentiality and privacy of the medical information.
“Health information technology has the potential to dramatically improve the quality of healthcare for all Americans by significantly reducing medical errors, reducing wasteful administrative costs, and ensuring that appropriate and accurate information is available for medical decisions,” Moore said. “I believe that there is no better way to transition the medical community from paper-based medical records than by adopting independent health record trusts.”
Rep. Paul Ryan, a Republican representing the First District in Wisconsin, and 33 bipartisan colleagues joined Moore in introducing the bill in the House.
Moore said the bill has garnered the support of a large coalition of healthcare and public policy organizations, including the Progressive Policy Institute, Patient Safety Institute, Patient Privacy Rights, National Alliance of Hispanic Health and the Heritage Foundation.
“This act is truly historic,” Deborah Peel, MD, founder and chair of Patient Privacy Rights, said. “It marks the very first time that Congress has recognized the need to develop new laws to protect and strengthen Americans’ long-standing Constitutional rights and liberties in the digital age.”
{The Independent Health Record Trust Act will create the first and only data bank for medical records that cannot be data mined, because patients control all access to their records. This is historic—it is the first piece of federal legislation that establishes a safe and private patient-controlled data bank and establishes a federal right to health privacy. Unfortunately, the bipartisan legislation recently introduced in the Senate does not contain privacy protections, despite what this story reports. ~ Dr. Deborah Peel, Patient Privacy Rights

Exclusive: Major E-Health Records Project Unravels Into Legal Battle

Electronic health systems are supposed to help improve health care. But apparently, if you’re involved with a big project to build an e-health records system, it can be harmful to your own health. Side effects may include headaches, lost sleep, and lawsuits. Those are just some of problems being faced by those involved with the ambitious e-health record systems project launched in December by the Dossia Consortium, an employer coalition that includes Wal-Mart, Intel, Pitney Bowes, Applied Materials, British Petroleum, and Cardinal Health.
Dossia’s ambitious project to provide e-health records to more than 2.5 million employees, retirees, and dependents is unraveling, at least when it comes to the relationship it has with Omnimedix Institute, the nonprofit organization that Dossia hired to develop the system, which was to include a massive, federated data warehouse.
Legal papers are starting to fly. A temporary restraining order was quietly filed in late June by Dossia against the Portland, Ore.-based Omnimedix in the circuit court of the state of Oregon for the county of Multnomah. According to court papers filed by Dossia, Ominmedix is temporarily restrained from filing any suit of its own except under seal.
In its court papers, Dossia says it will “suffer immediate and irreparable harm” if Omnimedix files a public suit that reveals confidential details of the parties’ agreement. Dossia is seeking to settle its disputes with Omnimedix through arbitration.
{Without strong federal laws that ensure that Americans have the right to health privacy and access to all health records are controlled by patients, data banks like Dossia can be data mined. Many insurers and employers are setting up similar data banks. Government, the technology industry, and Congress are all aggressively pushing the nation to use personal health records (PHRs). But PHRs are designed NOT to be covered by existing strong state laws and medical ethics that guarantee privacy by requiring patient consent before records can be used or disclosed. It is also critical to know that so-called “de-identified” health records can always be re-identified. “De-identified” data taken from PHRs is NOT safe or private, and will be used to harm patients. Congress recently proposed legislation to set up independent health record trusts that are safe for storing PHRs. By statute, health trusts cannot ever disclose any data without patient consent and all data mining of PHRs in health trusts is prohibited. ~ Dr. Deborah Peel, Patient Privacy Rights}