Google’s Larry Page wants to ‘save 100,000 lives’ by analyzing your healthcare data

By Eerke Boiten, University of Kent | June 28, 2014

Talking up the power of big data is a real trend at the moment and Google founder Larry Page took it to new levels this week by proclaiming that 100,000 lives could be saved next year alone if we did more to open up healthcare information.

Google, likely the biggest data owner outside the NSA, is evidently carving a place for itself in the big data vs life and death debate but Page might have been a little more modest, given that Google’s massive Flu Trends programme ultimately proved unreliable. Big data isn’t some magic weapon that can solve all our problems and whether Page wants to admit it or not, it won’t save thousands of lives in the near future.

Big promises

Saving lives by analysing healthcare data has become a major human ambition, but to say this is a tricky task would be an enormous understatement.

In the UK, the government has just produced a consultation on introducing regulations for protecting this kind of information alongside care.data, a huge scheme aiming to make health records available to researchers and others who could work with it.

Given the ongoing care.data debacle, this is a broadly sensible document and a promising start for consultation. In particular, it identifies different levels of data. Data that could be used to identify an individual person should not be shared in the same way as other types of data.

But, like Page, the UK government is also presenting a false vision for big data. It has said review after review have found that a failure to share information between healthcare workers has led to child deaths. It’s an emotive admission but rather beside the point in the big data perspective.

It is indeed entirely credible that many tragic failures within the NHS might have been prevented by someone sharing the right information with the right person. Sharing is essential, but when the NHS talks about sharing, it means linking and sharing large medical databases between organisations. Surely no case review has ever claimed that the mere existence of a larger database of information would have got the right knowledge to the right person.

Medical data sharing may be a good thing in many ways, but unfortunately there is no clear case yet that it prevents child deaths and other tragedies. It is only big data, not magic. Preventing child deaths appears to be brought in as emotional blackmail, expected to trump the valid concerns over the NHS’ big data plans.

To view the full article, please visit Google’s Larry Page wants to ‘save 100,000 lives’ by analyzing your healthcare data

Your Doctor Knows You’re Killing Yourself. The Data Brokers Told Her.

Shannon Pettypiece and Jordan Robertson | Bloomberg News | Jun 26, 2014 11:35 AM CT

You may soon get a call from your doctor if you’ve let your gym membership lapse, made a habit of picking up candy bars at the check-out counter or begin shopping at plus-sized stores.

That’s because some hospitals are starting to use detailed consumer data to create profiles on current and potential patients to identify those most likely to get sick, so the hospitals can intervene before they do.

Information compiled by data brokers from public records and credit card transactions can reveal where a person shops, the food they buy, and whether they smoke. The largest hospital chain in the Carolinas is plugging data for 2 million people into algorithms designed to identify high-risk patients, while Pennsylvania’s biggest system uses household and demographic data. Patients and their advocates, meanwhile, say they’re concerned that big data’s expansion into medical care will hurt the doctor-patient relationship and threaten privacy.

Related:

“It is one thing to have a number I can call if I have a problem or question, it is another thing to get unsolicited phone calls. I don’t like that,” said Jorjanne Murry, an accountant in Charlotte, North Carolina, who has Type 1 diabetes. “I think it is intrusive.”

Acxiom Corp. (ACXM) and LexisNexis are two of the largest data brokers who collect such information on individuals. Acxiom says their data is supposed to be used only for marketing, not for medical purposes or to be included in medical records. LexisNexis said it doesn’t sell consumer information to health insurers for the purposes of identifying patients at risk.

To view the full article, please visit Your Doctor Knows You’re Killing Yourself. The Data Brokers Told Her.

Congress sits on hands as health privacy wanes

By David Pittman | Politico.com | 6/12/14 5:00 AM EDT

Everyone from legal scholars to patient privacy advocates — and even the White House — are saying the country’s landmark health privacy law is antiquated and needs to be updated.

But Congress doesn’t appear to be moving any legislation on the issue.

Backers of tougher health data privacy rules argue that much has changed in how people’s health information is collected and handled since the law governing patient records was passed in 1996. Protections added in 2009 don’t fully address the problem, they say.

The Health Insurance Portability and Accountability Act — commonly called HIPAA — largely applies to use of data by health care providers and insurance companies. But they are a smaller and smaller slice of who deals with patient information today.

For example, employee wellness programs, which are increasingly popular and hold potentially private information such as pregnancy status, don’t fall under the HIPAA umbrella. Hospital discharge data is sold by 33 states, according to the Federal Trade Commission, but only three do so in a HIPAA-compliant fashion.

“I think HIPAA does a really good job where it’s relevant,” said Kirk Nahra, a privacy and information security lawyer at Wiley Rein. “What’s happened in the last 15 years is that the space where it’s not relevant has been what’s growing.”

HIPAA governs the doctor-patient and doctor-payer relationships, but it didn’t envision the rest of the universe, and that’s where there is a need for new privacy protections, Nahra said.

Health and fitness apps — of which there are nearly 100,000 available today — are probably the biggest concern. They fall outside HIPAA and are free to collect and share information on their users.

The Privacy Rights Clearinghouse concluded last year that mobile health and fitness apps “are not particularly safe” when it comes to protecting user privacy. They found 26 percent of the free apps and 40 percent of paid apps didn’t have a privacy policy. Furthermore, 39 percent of free apps and 30 percent of paid apps sent data to a third party not disclosed by the developer.

The FTC mapped where data was being sent from 14 free health and fitness apps. One transmitted data to 18 different third parties with diet, workout, personal identifiers and other information. Fourteen third parties received consumers’ names and email addresses, and 22 received gender, location and symptom-search information.

The free use of consumer information by app makers is one reason privacy advocates are concerned that Apple is entering the game. The tech giant announced last week it would make its HealthKit part of its iOS 8 operating system, set to be released later this year.

The FTC sees all of this as a problem and is looking to Congress for help.

In a recent report on data brokers, the commission recommended Congress consider legislation to force tech companies to obtain express consent from consumers before information is collected or shared.

A White House report on big data and privacy last month noted that current policy “may not be well-suited” in the future. While health data exchanges will help realize technology’s potential, the information often is shared “in ways that might not accord with consumer expectations of the privacy of their medical data.”

“Health care leaders have voiced the need for a broader trust framework to grant all health information, regardless of its source, some level of privacy protection,” the report said.

Despite the pleas for new rules on use of consumer health information, Congress appears to be sitting on its hands. Little legislation exists, and the issue has yet to gain traction.

“The only thing that is likely to get congressional interest is for there to be a major data tragedy,” said Nicolas Terry, health law professor at Indiana University law school. “It’s very hard at the moment to see much consensus out there. Everyone says they believe in privacy. Privacy is very important. Privacy is a right. But actually moving the ball forward to protect consumers, given the massive weight of the information lobby, seems very hard.”

Congress has been working on data security and breach notification issues — especially in light of recent high-profile cases involving Target and others — with a decent chance of passing something by the end of the year.

Privacy is another issue. “There’s no consensus on broader privacy issues,” Nahra said.

Lawmakers on Capitol Hill have taken some steps to improve consumer privacy protections since HIPAA was passed. Seeing the dawn of the advent of electronic medical records, they included several provisions in the 2009 HITECH Act, including a ban on the sale of personal health information, breach notification requirements and penalties for privacy violators.

One possible source of inaction is the seemingly immovable lobbying force. Companies such as Microsoft, Google, Siemens, the Mayo Clinic, WebMD, IMS Health and IBM all spent money lobbying Congress last year on health privacy issues, according to disclosure forms.

Even Nike — maker of the popular fitness app Nike+ that’s implanted on all iPhones — disclosed lobbying on privacy issues in 2013.

Terry said consumers could incite change if they demanded it. Automobile makers lobbied hard against safety regulations in the 1960s and 1970s, but car safety is ubiquitous today because of pressure from car buyers, he said.

The FTC has the authority to halt companies’ deceptive practices if they fail to disclose certain data uses to consumers, notes Justin Brookman, director of consumer privacy at the Center for Democracy & Technology, which advocates stronger protections.

As long as the FTC and Congress remain inactive, and consumers remain passive, it’s up to Washington power brokers to point out HIPAA’s inadequacies.

“I do believe it’s time that we look beyond [HIPAA],” Karen DeSalvo, national coordinator for health IT, said at the recent Health Privacy Summit. “As this field rapidly evolves, we need to think about what additional protections might need to be in place.”

To view online:
https://www.politicopro.com/go/?id=35019

 

 

Risking OCR and Patient Ire, Many CEs Don’t Comply With Patient Access Rules

June 2014 Volume 14 Issue 6
aishealth.com

REPORT ON PATIENT PRIVACY delivers timely news and business strategies for safeguarding patient privacy and data security.

In apparent defiance of final HITECH regulations, many HIPAA covered entities (CEs) are not offering patients the option of receiving an electronic copy of their medical records, let alone in the “form and format” of their choosing, as has been required since January 2013.

Some are imposing fees for copies and applying limits on what they will provide that do not appear to be in line with regulations. Health systems with multiple hospitals have implemented the access requirements inconsistently across their medical centers, meaning some may be in compliance while others are not.

All of this is evident on the websites of covered entities, in their pages that outline the policies and procedures for patients to obtain their protected health information (PHI) — so officials from the Office for Civil Rights (OCR) can readily see it also. An OCR spokeswoman tells RPP “we can and we have” brought enforcement actions against CEs who violate the access requirements.

Patient advocates, medical records providers, privacy experts and others also tell RPP of a multitude of likely unlawful hoops imposed by CEs that people are jumping through to try to get their records.
“Unless you are behind the curtain like I am or unless you start finding the right stones to turn over, you don’t ever get to see the horror show that really exists in various degrees across the country,” says Chris Carpenter, director of operations for Diversified Medical Record Services, Inc. (DMRS), a business associate that processes records requests for hospitals and physicians offices nationwide.

To view the full article, please visit Risking OCR and Patient Ire, Many CEs Don’t Comply With Patient Access Rules

ONC unveils 10-year plan for healthcare interoperability

Dan Bowman | FierceHealthIT | June 5, 2014

By 2024, the national health IT infrastructure and data standards will evolve to support robust information sharing and aggregation, creating a “continuous learning” environment for care, according to an ONC paper published today.

The Office of the National Coordinator for Health IT outlined a 10-year plan to develop an interoperable health IT ecosystem that can simultaneously improve population health, boost patient engagement and lower costs.

The agency shared a set of five “critical building blocks” for achieving its goals, while also revealing its expectations for three, six and 10 years down the road.

National Coordinator for Health IT Karen DeSalvo, at the Patient Privacy Rights Summit in the District of Columbia on June 4, talked about the importance of getting feedback from multiple stakeholders for the paper, published in the wake of ONC’s recently announced realignment, which aims to streamline processes as federal funding dries up.

“Though at ONC we have set interoperability to connect care and information on behalf of patients and consumers as a high priority … I want to make sure that it’s clear to folks that we didn’t do that in our box at Humphrey,” DeSalvo said. “We spent the first few months doing quite a bit of informal … and formal environmental scans, looking for what kinds of writings, letters, comments we were receiving from our stakeholders of all walks.”

While the current health system has the capability to capture data at rest and in silos, DeSalvo said, to really make it powerful, it needs to be able to move safely and securely for the benefit of people.

“Interoperability … is so complex,” she said. “It requires all of us to have some shared responsibility thinking through how we’re going to get there in a way that meets everyone’s needs and expectations.”

To view the full article, please visit ONC unveils 10-year plan for healthcare interoperability

Apple and Epic: A privacy disaster? — DeSalvo introduces interoperability roadmap — We stand amended

ASHLEY GOLD | POLITICO’s Morning eHealth | 06/05/14 10:01 AM EDT

APPLE + EPIC ARE PAIRING UP TO TAKE YOUR HEALTH DATA: eHealth’s David Pittman takes a look at the Apple HealthKit announcement and what it means for patient privacy in an article coming out later today. Pretty perfect timing-we’re at the Health Privacy Summit this week, where the topic of who owns patient data and how to protect it is present in everyone’s mind. “Patient privacy watchdogs raised questions regarding privacy and data collection with health apps in Apple’s new operating system, worrying it could usher in a new era of trampled privacy rights…Privacy laws that govern what doctors and hospitals can and cannot do with patient information don’t apply to mobile health apps, meaning they are largely free to sell and disseminate the information collected.” Stay tuned for the full story coming this morning for Pros.

DOES DESALVO KNOW THE WAY…TO INTEROPERABILITY? The Office of the National Coordinator for Health IT is preparing a vision paper on how it hopes to achieve the interoperability of electronic health records, the office’s head, Karen DeSalvo, said Wednesday at the Health Privacy Summit. In addition to outlining ONC’s thoughts, the paper “will be an invitation to folks to come to the table to talk through how we can get there,” DeSalvo said. An ONC spokeswoman said ONC hopes to release the paper later this week.

THIS MORNING, I’m headed to Georgetown Law Center to catch some more of the Health Privacy Summit, which @David_Pittman checked out Wednesday. I’m interested in the privacy debate “That Individuals Should Maintain Their Own Health Data” between the chief privacy officer of IMS Health and a senior associate at Consumer Action. Are people too disengaged or lazy to own their own health data? We shall see.

To view the full article, please visit Apple and Epic: A privacy disaster? — DeSalvo introduces interoperability roadmap — We stand amended

Anita Allen receives Lifetime Achievement Award from privacy advocacy group EPIC

May 29, 2014
Anita Allen, the Vice Provost for Faculty at Penn and the Law School’s Henry R. Silverman Professor of Law and Professor of Philosophy, will receive the Electronic Privacy Information Center’s (EPIC) Lifetime Achievement Award at a ceremony in Washington, D.C. June 2.
Allen, described by EPIC as “the nation’s leading privacy scholar,” has written and lectured widely on privacy law and ethics; her books on the subject include Unpopular Privacy:  What Must We Hide(Oxford, 2011); Privacy Law and Society (West 2011); and Why Privacy Isn’t Everything: Feminist Reflections on Personal Accountability (2003). Her book Uneasy Access: Privacy for Women in a Free Society (1988) was the first by an American philosopher devoted to how we define and value privacy. Allen is also the author The New Ethics: A Guide to the 21st Century Moral Landscape (2004).
EPIC is an independent non-profit research center based in Washington, D.C. focusing on privacy, freedom of expression, democratic values, and pursues a wide range of program activities including public education, litigation, and advocacy concerning the future of the Internet, according to the group’s website. The organization regularly files amicus briefs in federal courts, champions open government and consumer privacy, and lobbies Congress about privacy and civil liberties issues.  
Since 2010, Allen has served as a Commissioner on President Barack Obama’s Presidential Commission for the Study of Bioethical Issues. She holds a Ph.D. in Philosophy from the University of Michigan and a law degree from Harvard, and has published more than 100 scholarly articles and essays on topics that include health privacy, women privacy, children’s privacy, LGBT-related privacy rights, and electronic data protection. Allen has lectured on privacy throughout North America and Europe, and Taiwan, Japan and Israel. 
Allen has served on the boards of local and national non-profits including the Bazelon Center for Mental Health Law, the Maternity Care Coalition, the Hastings Center, the West Philadelphia Alliance for Children, and Planned Parenthood of Metropolitan Washington. A former board member of EPIC, she has played a leading role in the modern understanding of the right to privacy.

 

FTC Calls for Data Broker Transparency

By Marianne Kolbasuk McGee | healthcareinfosecurity.com
May 29, 2014

The Federal Trade Commission is urging Congress to enact privacy legislation that would provide consumers with more transparency about the activities of data brokers that collect sensitive health and financial data.

Reacting to the FTC recommendation, two consumer advocates say the explosion of data broker activities in recent years, coupled with regulatory gaps, point to the need for some legislative reforms to protect consumer privacy.

A May 27 FTC report that examined nine companies describes data brokers as “companies whose primary business is collecting personal information about consumers from a variety of sources and aggregating, analyzing and sharing that information, or information derived from it, for purposes such as marketing products, verifying an individual’s identity, or detecting fraud.”

The FTC says data brokers raise privacy concerns for consumers because “significantly, data brokers typically collect, maintain, manipulate and share a wide variety of information about consumers without interacting directly with them.”

The report notes: “In light of these findings, the commission unanimously renews its call for Congress to consider enacting legislation that would enable consumers to learn of the existence and activities of data brokers and provide consumers with reasonable access to information about them held by these entities.”

Deborah Peel, M.D., founder of advocacy group Patient Privacy Rights, says federal legislators and regulators need to crack down on data brokers, especially those that deal with sensitive information, such as health data.

“This is clearly a case where the government must pass laws that require personal control over personally identifiable information to restore our rights to privacy, because we can’t possibly do it ourselves,” Peel says. “Worse, the FTC seems not to have a handle on the size of the health data broker industry. … “Personal information is the ‘oil’ of the digital age – and our personal information belongs to each of us. … If the data brokers want our data, they should just ask. If we think the benefits are worth it, we will say ‘yes’.”

To view the full article, please visit FTC Calls for Data Broker Transparency

 

Healthcare security stuck in Stone Age

April 22, 2014 Erin McCann | Healthcare IT News

Healthcare has a few things to do differently in the privacy and security arena — one of them being: Start taking it seriously. This according to Verizon’s annual breach report released today.

The new 2014 Verizon Data Breach Investigations Report highlights a concerning carelessness regarding privacy and security, specific to the healthcare industry.

“They seem to be somewhat behind the curve as far as implementing the kinds of controls we see other industries already implemented,” said Suzanne Widup, senior analyst on the Verizon RISK team, in an interview with Healthcare IT News discussing report findings.

The industry’s biggest misstep? Encryption, encryption, encryption.

To view the full story, please visit Healthcare security stuck in Stone Age