New Framework Details 15 Core Health Privacy Principles

To view the full article, please visit New Framework Details 15 Core Health Privacy Principles.

HealthDataManagement.com recently posted this article about Patient Privacy Rights’ Privacy Trust Framework. The article tells HealthDataManagement readers “The Framework is designed to help measure and test whether health information systems and research projects comply with best privacy practices in such areas as whether patients have control over their protected health information, an organization obtains meaningful consent before disclosing data and obtains new consent before secondary data use occurs, patients have the ability to selectively share data, and the organization uses servers housed in the United States, among other factors.”

The key principles for our Privacy Trust Framework:

*Patients can easily find, review and understand the privacy policy.

* The privacy policy fully discloses how personal health information will and will not be used by the organization. Patients’ information is never shared or sold without patients’ explicit permission.

* Patients decide if they want to participate.

* Patients are clearly warned before any outside organization that does not fully comply with the privacy policy can access their information.

* Patients decide and actively indicate if they want to be profiled, tracked or targeted.

* Patients decide how and if their sensitive information is shared.

* Patients are able to change any information that they input themselves.

* Patients decide who can access their information.

* Patients with disabilities are able to manage their information while maintaining privacy.

* Patients can easily find out who has accessed or used their information.

* Patients are notified promptly if their information is lost, stolen or improperly accessed.

* Patients can easily report concerns and get answers.

* Patients can expect the organization to punish any employee or contractor that misuses patient information.

* Patients can expect their data to be secure.

* Patients can expect to receive a copy of all disclosures of their information.

The full framework can be viewed at Privacy Rights Framework.

The Ethics of Publishing Genomes: Can Today’s Family Members Give Consent for the Next Generation?

To view the full article by Andrea Peterson in ThinkProgress, please visit: The Ethics of Publishing Genomes: Can Today’s Family Members Give Consent for the Next Generation?

In the early 1950′s, doctors at Johns Hopkins took the cells from Henrietta Lacks’ tumor and, without her consent, have used them for years for research. Earlier in March, the entire genome of Henrietta Lacks was published with neither the knowledge nor consent of her surviving family. This privacy breach has “started a new chapter in that tale about the complex relationship between researchers and the privacy of genetic information.”

Some key quotes from Dr. William Pewen, Assistant Professor of Public Health and Family Medicine at Marshall University, and a former top health care adviser to the now retired Sen. Olympia Snowe (R-ME):

  • -“The release of Henrietta Lack’s genome illustrates the fact that genetic information isn’t an individual matter — it impacts family members as well. This underscores the need to ensure the rights of individuals and preserve the confidentiality of research data. Once patient privacy is lost, problems are simply compounded. Just how can today’s family members give consent for the next generation?”
  • -“[i]n an age of technology advances and ‘Big Data’ analytics, it’s clear that medical data can be used in countless detrimental ways. That will simply be fostered if we allow ethics and human rights to be undermined by expediency.”

The Immortal Life of Henrietta Lacks, the Sequel

This is an amazing article written by Rebekah Skloot, author of ‘The Immortal Life of Henrietta Lacks’, demanding consent and trust.

Rebecca is right—-the only way Americans will trust researchers is when they are treated with respect and their rights of consent for use of genomes and genetic information is restored.

The public does not yet realize that they have no control over ALL sensitive health information in electronic systems. We have NO idea how many hundreds of data mining and research corporations are collecting and using our blood and body parts. We ALSO have no control over our sensitive health information in electronic systems violating hundreds of years of privacy rights.

This week the many stories about CVS showed employers can force employees to take blood tests, health screenings, and be forced into “wellness” programs–all of which REQUIRE collection of sensitive health information—which employees cannot control.

We have NO map of who collects and uses personal health data—Henrietta Lacks family was NEVER asked for consent to use her genome.

Contribute to build a map to track the thousands of hidden users of health data at: www.localhost:8888/pprold

Attend or watch the 3rd International summit on the Future of Health Privacy (free). Register at: www.healthprivacysummit.org

Big Data Is Opening Doors, but Maybe Too Many

To view the full article, please visit Big Data Is Opening Doors, but Maybe Too Many.

Steve Lohr likens today’s Big Data issues to the introduction of the mainframe computer in the 1960s. Even then, new technology threatened the “common notions of privacy”.

A few key quotes from the article:

“…the latest leaps in data collection are raising new concern about infringements on privacy — an issue so crucial that it could trump all others and upset the Big Data bandwagon. Dr. Pentland is a champion of the Big Data vision and believes the future will be a data-driven society. Yet the surveillance possibilities of the technology, he acknowledges, could leave George Orwell in the dust.”

“The World Economic Forum published a report late last month that offered one path — one that leans heavily on technology to protect privacy. The report grew out of a series of workshops on privacy held over the last year, sponsored by the forum and attended by government officials and privacy advocates, as well as business executives. The corporate members, more than others, shaped the final document.”

CVS imposes health penalty if workers’ body weight is not reported or they don’t quit smoking

To view the full article, please visit CVS imposes health penalty if workers’ body weight is not reported or they don’t quit smoking.

CVS has instated a very invasive new policy of charging workers a hefty $600 dollar a year fine if they do not disclose sensitive health information to the company’s benefits firm. According to the article, “Under the new policy, nearly 200,000 CVS employees who obtain health insurance through the company will have to report their weight, blood sugar, blood pressure and cholesterol to WebMD Health Services Group, which provides benefits support to CVS.” However, if employees refuse, they will be charged an extra $50 a month in health insurance costs.

Patient Privacy Rights’ Dr. Deborah Peel tells the public, “‘This is an incredibly coercive and invasive thing to ask employees to do,’…’Rising healthcare costs are killing the economy, and businesses are terrified, Now, we’re all in this terrible situation where employers are desperate to get rid of workers who have costly health conditions, like obesity and diabetes.’”

To learn more about this issue, please visit our Health Privacy Summit Website and register for the 3rd International Summit on the Future of Health Privacy.

Health IT Gurus predict the Next Big App

To view the full article, please visit Health IT Gurus predict the Next Big App.

“Mobile healthcare apps are multiplying fast and putting a vast array of new tools in the hands of patients and the providers who deliver their care. The pace and scope of innovation makes it hard to imagine what app developers will create next. So we put the question to some of the thinkers in the best position to know what’s needed and what’s possible.”

Here are a few key quotes from the article:

Dr. Deborah Peel, founder of Patient Privacy Rights Foundation, a privacy advocacy organization:

“People want control of their information. They want to be able to decide who sees it and make it go away. And so I think that the next big thing in healthcare is going to be that kind of control for patients over their information.”

Dr. Farzad Mostashari, head of the Office of the National Coordinator for Health Information Technology at HHS:

“We are going to be in an era where everyone is going to be looking to improve health and healthcare at lower cost. And we are going to be looking at every underutilized resource in healthcare. And the greatest, the most underutilized resource in healthcare is the patient and their family members…”

UPMC, Oracle to help with ID management

To view the article, please visit UPMC, Oracle to help with ID management.

UPMC revealed plans on Thursday to collaborate with Oracle in the development of cloud-based identity management technology to be utilized by small to mid-sized healthcare providers.

According to the article, “CloudConnect Health IT will enable healthcare users to easily manage computer accounts, including adding, modifying and terminating a user’s computer access, officials say. They’ll also help providers manage access based on the user’s job responsibility and provide self-service tools for retrieving forgotten passwords and unlocking accounts, as well as offer comprehensive management reporting.”

This poses a problem because, as Adrian Gropper, MD, points out “Proprietary identity systems risk being coercive of the patient to the extent that they allow aggregation of a patient’s records across multiple institutions without informed patient consent. Voluntary ID systems can be created that are not coercive while still offering the value of global uniqueness.”

Private traits and attributes are predictable from digital records of human behavior

Picture a box with 2,000 or 10,000 puzzle pieces inside—any one puzzle piece reveals nothing about the picture. But when all the pieces are assembled, an incredibly detailed picture FULL of information is created.

The data mining industry—including Google, Facebook, Acxiom and thousands more unknown corporations and foreign businesses—assembles the puzzle of who we are from thousands of bits of data we leave online. They know FAR MORE than anyone on Earth knows about each of us—more than what our partners, our moms and dads, our best friends, our psychoanalysts, or our children know about us.

The UK study (abstract below) shows how easy it is for hidden data mining companies to intimately know us (and sell) WHO WE ARE.

Most Americans are not aware of the ‘surveillance economy’ or that data miners can easily collect intimate psychological and physical/health profiles of everyone from online data.

The study:

-“demonstrates the degree to which relatively basic digital records of human behavior can be used to automatically and accurately estimate a wide range of personal attributes that people would typically assume to be private”

-“is based on Facebook Likes, a mechanism used by Facebook users to express their positive association with (or “Like”) online content, such as photos, friends’ status updates, Facebook pages of products, sports, musicians, books, restaurants, or popular Web sites”

-correctly discriminates between:

  • -Homosexual and heterosexual men in 88% of cases
  • -African Americans and Caucasian Americans in 95% of cases
  • -Between Democrat and Republican in 85% of cases
  • -For the personality trait “Openness,” prediction accuracy is close to the test–retest accuracy of a standard personality test

The “surveillance economy” is why the US needs FAR STRONGER LAWS at the very least to prevent the hidden collection, use, and sale of health data, including everything about our minds and bodies, unless we give meaningful informed consent.

This urgent topic, ie whether the US should adopt strong data privacy and security protections like the EU—will be debated at the 3rd International Summit on the Future of Health Privacy June 5-6 in DC (it’s free to attend and will also be live-streamed). Register at: www.healthprivacysummit.org

2012 Sets New Record for Reported Data Breaches

Please view the full report at 2012 Sets New Record for Reported Data Breaches

Everyone knows that securing data is hard, but in healthcare much is still not even encrypted. 2012 broke the record for the most data breaches.

  • -”With 2,644 incidents recorded through mid-January 2013, 2012 more than doubled the previous highest year on record (2011)”

“The latest information and research conducted by Risk Based Security suggests that organizations in all industries should be on notice that they face a very real threat from security breaches. Whether it is the constantly increasing security threats, ever-evolving IT technologies or limited security resources, data breaches and the costs related to response and mitigation are escalating quickly. Organizations today need timely and accurate analytics in order to better prioritize security spending based on their unique risks.”

Some key statistics:

“The Business sector accounted for 60.6 percent of all 2012 reported incidents, followed by Government (17.9%),Education (12.0%), and Medical (9.5%). The Business sector accounted for 84.7 percent of the number of records exposed, followed by Government (12.6%), Education (1.6%), and Medical (1.1%).”

“76.8% of reported incidents were the result of external agents or activity outside the organization with hacking accounting for 68.2% of incidents and 22.8% of exposed records in 2012. Incidents involving U.S. entities accounted for 40.7% of the incidents reported and 25.0% of the records exposed.”

Snapchat and the Erasable Future of Social Media

Here is a recent article about SnapChat, which makes pictures and videos shared via the Internet disappear 10 seconds after they are seen.
Internet technologies constantly collect and use personal data without consent. American health IT systems do the very same thing: constantly collect and use sensitive personal health data without consent. New technologies that ‘erase’ data after a single use could prevent secondary collection, disclosures, and sales of everything from our diagnoses to prescription records to DNA.
We are constantly told young Americans don’t care about privacy. Would you be surprised to learn that’s wrong? The truth is the majority of people, young and old, want to control the use of personal data:

  • -”88 percent of participants from ages 18 to 24 responded that there should be a law requiring websites and advertising companies to delete all stored information about an individual upon request”
  • -”94 percent of people from 45 to 54 also supported the idea”

“The default setting for almost everything people share online is that it will live for eternity in the cloud” —-we are forced to surrender control of personal information just to be online. Who believes the US public agreed that total surveillance is a fair price for using the Internet?

Since we can’t STOP personal data from being collected, technologies like Snapchat  and Wickr that make data “erasable” are critical tools to help restore control over personal data.

Americans want the right to be forgotten, BUT FIRST AND FOREMOST, our constitutional RIGHT TO BE LET ALONE should be restored in the digital age.

KEY QUOTES from the article about Snapchat:

  • -”In the U.S., Snapchat was the second-most popular free photo and video app for the iPhone in early February, just behind YouTube and ahead of Instagram.”
  • -Pew Research Center survey found that 57 percent of all app users “have either uninstalled an app over concerns about having to share their personal information, or declined to install an app in the first place for similar reasons.”
  • -A January 2013 study by the Ponemon Institute… found social media to be among the least trusted industries when it comes to protecting customers’ privacy online.
  • -[Snapchat's] rapid growth demonstrates a huge business opportunity—namely, services aimed at the increasing number of people worried about their social media footprints.
  • -researchers at the University of California at Berkeley found that ….young Americans ….[are] as anxious as their parents about their permanent social records.
  • -88 percent of participants from ages 18 to 24 responded that there should be a law requiring websites and advertising companies to delete all stored information about an individual upon request
  • -94 percent of people from 45 to 54 also supported the idea
  • -“The early adopters of Snapchat are teens in the U.S.”
  • -“Whenever I ask someone, do they want control over the messages and media that they send to others, the answer 100 percent is yes,” says Sell. “There’s no question that this has mainstream appeal.”
  • -Sell talks of private communication as “a universal human right” that largely doesn’t exist in the current digital landscape in which big data companies are continuously harvesting and mining information about our every online utterance.

Ephemeral data is the future