3 reasons for the demise of patient privacy

By Dan Bowman from FierceHealthIT

Several factors have contributed to the demise of patient privacy in recent years, according to software analyst and healthcare blogger Shahid Shah (a.k.a., The Health IT Guy).

For example, Shah said at a recent discussion hosted by the Patient Privacy Rights Foundation on the best privacy practices for electronic health records in the cloud, patients tend to not “demand” privacy as the cost of doing business with providers.

“It’s rare for patients to choose physicians, health systems or other care providers based on their privacy views,” Shah said in a blog post summarizing thoughts he shared at the event. “Even when privacy violations are found and punished, it’s uncommon for patients to switch to other providers.”

To view the full article visit 3 reasons for the demise of patient privacy

 

Report: State mental hospitals dealing with privacy breaches as patient records removed

AUSTIN, Texas — There have been five incidents in the last six months where patients’ health records have made their way out of some of Texas’ 10 public psychiatric facilities, according to a review of state records by a newspaper.

In one incident, an employee at Big Spring State Hospital in West Texas was fired after officials alleged she walked out of the facility with 50 patients’ protected health records, the Austin American-Statesman reported (http://bit.ly/1i0pZ2H ) Sunday.

In the other cases, which involved a total of about a dozen patients, officials determined that the breaches were caused by mistakes.

“This can’t happen,” said Christine Mann, spokeswoman for the Texas Department of State Health Services, which oversees the hospitals. “Our patients deserve privacy and expect that their information is kept confidential. We’re doing everything we can to figure out what happened and how to address it.”

Dr. Deborah Peel, the Austin founder of Patient Privacy Rights, a national watchdog group focused on the protection of medical records, said the multiple incidents at the Texas hospitals indicate a pattern of problems that raise questions about the hospital system’s ability to keep patient records safe.

“Incidents like this broadcast loud and clear that the place I go for help might not keep my information safe,” Peel said.

To view the full article, visit Report: State mental hospitals dealing with privacy breaches as patient records removed

Should You Lose Your Gun Rights If You Visit a Shrink?

From Michael E. Hammond in the Washington Times: Obama’s gun-control dictate on ‘mental health’ threatens veterans’ rights

 

In a preternatural example of tone-deafness, an administration under fire for snooping into Americans’ privacy is now proposing to waive federal privacy laws so psychiatrists can report their gun-owning patients to the government.

The Department of Health and Human Service’s “notice of proposed rule-making,” floated by the White House in a Friday media dump, would waive portions of the federal Health Insurance Portability and Accountability Act (HIPAA) to allow psychiatrists to report their patients to the FBI’s gun-ban blacklist (the NICS system) on the basis of confidential communications.

The 1968 Gun Control Act bans guns for anyone who is “adjudicated as a mental defective or … committed to a mental institution.”

Unfortunately, under 2008 NICS Improvement Act, drafted by Sen. Charles E. Schumer, New York Democrat, and its regulations, that “adjudication” can be made by any “other lawful authority.” This means a diagnosis by a single psychiatrist in connection with a government program.

To read the full article, please click here.

Transparency: Brand Reputation and Patient Trust

Agreed: transparency is critical for patient trust. With so few HIT corporations putting patients in charge of personal health information (PHI), it is rare good news to see a companies like Jericho working on consent directives.

From the Article:

 
Keeping a solid brand in healthcare requires trust. Trust is important no matter the industry. However, in healthcare, trust is more personal. When it comes to patient care, much private, personal information is given by individuals and also received through physician engagement and various clinical tests. Patient information needs to be safeguarded, just as a patient intends it to be.

Recently, The University of Texas at Austin Health Information Technology Program, Jericho Systems Corporation, and Conemaugh Health System undertook a pilot to test if protected health information (PHI) can adhere to consent directives. The good news is they proved the integrity of a patient’s consent directive through the health information exchange. With this test, greater confidence in patient data security and privacy is gained. The work doesn’t stop here, as there are many practices necessary to support patient privacy and security as networks expand and exchanges broaden.

Equally important are practices to support data transparency in healthcare. Transparency should mean that patients know what data is being collected and who their data is being shared with.

The points are straightforward here, too.

  • Trustworthy brands in healthcare embrace transparency. Open communication about what information is being collected and shared rises to the same standard of protecting the privacy of designated PHI.
  • Brands build relationships, and relationships are built on trust. Transparency builds trust, as does consistently delivering on your promises made.

To read the full article, please visit: Transparency: Brand Reputation and Patient Trust

Here’s Scary: Your Social Security Number Is Just a Click Away

From Nancy Smith of the Sunshine State News:

Snafus involving the mandated switch from paper to electronic medical records have been happening for the last few years as the Affordable Care Act geared up. Horror stories — like the one about a California orthopedic surgeon whose medical-records software provider sold his patients’ records to anybody who wanted them — are more common than most people realize. Read the incredible story.

“This is a nightmare. It’s nothing we’ve ever seen before in medicine,” said patient privacy-rights advocate Dr. Deborah Peel.

Peel said many patients and doctors don’t know the federal government quietly eliminated patients’ privacy rights for electronic records. “It’s a free-for-all,” she said. “It’s the Wild West. Today there are over 4 million different kinds of organizations and companies that can see and use our medical records without our knowledge, without our permission and we can’t refuse.”

Peel said we can actually thank Healthcare.gov, the Obamacare sign-up website, for waking us up and making us think about what happens to our personal health information on a big bureaucratic website.

All of a sudden, Americans get it, she said — and the Obama administration isn’t pleased at having to deal with another strain of negativity in the rollout of its health plan. The government, remember, spent some $2 billion just to encourage the adoption of electronic health records.

Peel, a physician and probably the most renowned national speaker on health privacy, believes Healthcare.gov will amount to government surveillance of all health information unless some mobile “app” is developed so patients can access and control the dispersal of their own data, with Social Security numbers at the top of the list.

“Health information is the most valuable personal data about you, bar none,” Peel said. “We (at Patientprivacyrights.org) tremendously support technology, but technology that’s smart, that serves you and does what you expect — that doesn’t serve hidden industries that steal data or (is subject to) government surveillance. Government technology could put us in much better control of our information.

“We need to develop a mobile ‘app’ that would let you find out what happens to your information We need new technology and privacy protections to be put in place.” See Peel’s remarks on Patientprivacyrights.org.

Please click here to read the full article.

Company That Knows What Drugs Everyone Takes Going Public

Nearly every time you fill out a prescription, your pharmacy sells details of the transaction to outside companies which compile and analyze the information to resell to others. The data includes age and gender of the patient, the name, address and contact details of their doctor, and details about the prescription.

A 60-year-old company little known by the public, IMS Health, is leading the way in gathering this data. They say they have assembled “85% of the world’s prescriptions by sales revenue and approximately 400 million comprehensive, longitudinal, anonymous patient records.”

IMS Health sells data and reports to all the top 100 worldwide global pharmaceutical and biotechnology companies, as well as consulting firms, advertising agencies, government bodies and financial firms. In a January 2nd filing to the Security and Exchange Commission announcing an upcoming IPO, IMS said it processes data from more 45 billion healthcare transactions annually (more than six for each human on earth on average) and collects information from more than 780,000 different streams of data worldwide.

Deborah Peel, a Freudian psychoanalyst who founded Patient Privacy Rights in Austin, Texas, has long been concerned about corporate gathering of medical records.

“I’ve spent 35 years or more listening to how people have been harmed because their records went somewhere they didn’t expect,” she says. “It got to employers who either fired them or demoted them or used the information to destroy their reputation.”

“It’s just not right. I saw massive discrimination in the paper age. Exponential isn’t even a big enough word for how far and how much the data is going to be used in the information age,” she continued. “If personal health data ‘belongs’ to anyone, surely it belongs to the individual, not to any corporation that handles, stores, or transmits that information.”

To view the full article please visit: Company That Knows What Drugs Everyone Takes Going Public

Providers NOT Required To Keep EHR Audit Systems Turned On

“If healthcare providers are using their electronic health records to falsify medical billing or cover their tracks after mistakes, there’s an easy way for investigators to find out: Check the audit trail.”

“Unfortunately, federal rules don’t require healthcare providers to keep their automated audit systems turned on. A study out this week from HHS’ watchdog office (PDF) finds that many healthcare providers can simply disable their logs or alter them after the fact—and experts say the problem may be far worse than what the study found.”

“HHS’ inspector general’s office this week reported the results of a voluntary survey of all 900 hospitals that had received federal subsidies to buy electronic health record systems as of March 2012. The survey, which had a 95% response rate, found that 44% of the hospitals reported having the ability to delete their EHR audit logs. Another 33% could disable the audit logs, while 11% could edit the records at will.”

To view the full article please visit: Providers Not Required To Keep EHR Audit Systems Turned On

Data Mining to Recruit Sick People

Companies Use Information From Data Brokers, Pharmacies, Social Networks

Some health-care companies are pulling back the curtain on medical privacy without ever accessing personal medical records, by probing readily available information from data brokers, pharmacies and social networks that offer indirect clues to an individual’s health.

Companies specializing in patient recruitment for clinical trials use hundreds of data points—from age and race to shopping habits—to identify the sick and target them with telemarketing calls and direct-mail pitches to participate in research.

“I think patients would be shocked to find out how little privacy protection they have outside of traditional health care,” says Nicolas P. Terry, professor and co-director at the Center for Law and Health at Indiana University’s law school. He adds, “Big Data essentially can operate in a HIPAA-free zone.”

FTC Commissioner Julie Brill says she is worried that the use of nonprotected consumer data can be used to deny employment or inadvertently reveal illnesses that people want kept secret. “As Big Data algorithms become more accurate and powerful, consumers need to know a lot more about the ways in which their data is used,” Ms. Brill says.

To view the full article, please visit: Data Mining to Recruit Sick People (article published December 17, 2013)

 

 

Privacy Group Comments on ONC’s Patient Data Matching Report

December 23, 2013 – “At an Office of the National Coordinator for Health IT meeting last week, advocacy group Patient Privacy Rights said that initial findings from an ONC report on how to match patients with their health data addressed problems with current health IT systems and data exchanges but missed an opportunity to create and leverage patient engagement in controlling their own health data, Health Data Management reports (Goedert, Health Data Management, 12/20).”

To view PPR’s comments and a copy of the full article, please visit: Privacy Group Comments on ONC’s Patient Data Matching Report