What do we think of the new recommendations?

The Tiger team continues to make policy recommendations that clearly violate the law and the Administration’s new privacy policies. See story on release by Modern Healthcare.

Apparently they did not hear Secretary Sebelius announce a new “Administration-wide commitment to make sure no one has access to your personal information unless you want them to” on July 8th (see here).

Or hear Dr. Blumenthal say “we want to make sure it is possible for patients to have maximal control over PHI.” See: http://patientprivacyrights.org/2010/07/ppr-impressed-with-hhs-privacy-approach/

At the Consumer Choices Technologies Hearing on June 29th, one of the ‘granular consent’ technologies demonstrated has been exchanging behavioral health records on 4 million patients for over 10 years, in 9 states and 22 jurisdictions. Newer, more robust consent technologies showcased that day are also in use. See: http://nmr.rampard.com/hit/20100629/default.html

The Tiger team calls these privacy-enhancing technologies “looming” because they are not widely used. If the HIT Policy Committee recommends against technologies for robust consent and segmentation, as they did for “meaningful use” EHRs, they ensure the limited use of privacy-enhancing technologies, which can therefore continue to be described as “looming”. It’s a neat trick to recommend policy that perpetuates the status quo and violates our rights to health privacy. To create wide use of these technologies, they must be required in policy as well as the law.

HITECH in fact does require patient consent before PHI can be sold and states that private-pay patients should be able to prevent their data from flowing to insurers for payment and health care operations. And it is also a legal and ethical requirement to obtain informed consent before disclosures of sensitive health information in all 50 states. Therefore, robust electronic consents and segmentation are required by law today. Policies should match the law.

Instead, the recommendations from the Tiger team guarantee that the theft and sale of patient data will grow exponentially and data will flow unchecked by patient consent or segmentation through HIEs and the NHIN to even more thieving vendors and corporations. Americans’ jobs, credit, and reputations are being destroyed to improve corporate revenues. This sick, greedy transformation of the health care system cannot be hidden and will destroy trust in HIT, HIE, and in legitimate clinical, academic, and public health and population research.

Most HIT products and systems were not designed to comply with patients’ rights to control personal health information. And vendors won’t ever willingly update them, because selling patient data can be a far greater source of revenue than selling software or caring for sick people.

Back to the crucial question: how can the Tiger team recommend policy that violates existing law? Why don’t the Tiger Team and the HIT Policy Committee recommend that HIT vendors , CEs, and BAs COMPLY with state and federal privacy laws and protections and meet patients’ expectations?

The Tiger Team and HIT Policy Committee are both dominated by CEOs, employees, and beneficiaries of vendors or corporate for–profit “research” industries that want all OUR data without consent. Their fiduciary duties to stockholders explain their decisions to recommend policies that violate our privacy rights.

Today the health data theft/sale industry and corporate for-profit research industry are in charge of federal policy-making.

Their flawed business models, based on misleading shareholders and the public about what they really do, are fraudulent and deceptive trade practices.

The SEC brought Goldman Sachs to heel for misleading shareholders and the public about what their business model really was. The data theft and data sales industries and the corporate for-profit ‘research’ industry do exactly the same thing.

The entire US health care and HIT system will end up tarred and feathered and lose the public’s trust unless the health care and HIT corporations that protect privacy rights, and genuine clinical and academic researchers stand with patients to demand that patients control PHI.

Sign the ‘Do Not Disclose’ petition at http://patientprivacyrights.org/do-not-disclose/ and demand your rights to health privacy be enforced.

HHS proposes stronger privacy protections under HIPAA

Proposed changes to the HIPAA privacy regulations would expand patients’ rights to access their information and restrict certain types of disclosures of protected health information to health plans, according to InformationWeek.

“We want to make sure it is possible for patients to have maximal control over PHI,” national health IT coordinator Dr. David Blumenthal said at an HHS press conference. The statement–and the proposal itself–thrilled healthcare privacy hawk Dr. Deborah Peel. Her organization, the Patient Privacy Rights Foundation, put out a statement strongly in favor of the changes, saying that the proposed rule “signaled a clear policy change in the Obama administration, strengthening consumer rights to health privacy.”

To learn more:
- read the proposed rule issued by HHS on July 8
- read this Computerworld article via Businessweek
- take a look at CMIO’s article
- read the InformationWeek story
- see this AHIMA press release
- check out this statement from the Patient Privacy Rights Foundation, which includes a video of the HHS press conference

PPR impressed with HHS’ privacy approach

Secretary of Health and Human Services (HHS), the Director of the Office of Civil Rights (OCR), and the National Coordinator for HIT all made very strong, pro-privacy statements at the press conference today announcing the Notice of Proposed Rulemaking (NPRM) titled: 45 CFR Parts 160 and 164, RIN: 0991-AB57, Modifications to the HIPAA Privacy, Security, and Enforcement Rules under the Health Information Technology for Economic and Clinical Health Act.

Signaling a major shift in direction for the Administration and HHS’ Secretary Sebelius said “It’s important to understand this announcement of the NPRM…. is part of an Administration-wide commitment to make sure no one has access to your personal information unless you want them to.”

Patient Privacy Rights heartily congratulates the Administration and Sec. Sebelius for this new pro-privacy, patient-centered approach to personal health information (PHI).

We applaud Secretary Sebelius’ clear acknowledgment that health IT systems should empower patients to control PHI. Putting patients in control of PHI is the only route to prevent wasting billions in stimulus funds on HIT systems that destroy privacy and to stop the theft, misuse, and sale of PHI in today’s primitive HIT systems and data exchanges.

During her remarks, OCR Director Verdugo said, “the benefits of HIT will only be fully realized if health information is kept private and secure at all times.”

And finally Dr. Blumenthal stated, “we want to make sure it is possible for patients to have maximal control over PHI.” He also referred to the Consumer Choices Technology Hearing last week, which demonstrated consent tools that enable patients to control the use and disclosure of their health information from EHRs and for HIE.

Hopefully the NPRM actually gives Americans the control over access to personal information Secretary Sebelius said the Administration is committed to. We are analyzing the 234 page Notice of Proposed Rulemaking (NPRM), and will post our comments on the NPRM as soon as we can.

Below see the Press Conference announcing the Proposed Rule.

HHS pitches new patient privacy safeguards

A new rule proposed today would add substantial protections to the Health Insurance Portability and Accountability Act (HIPAA) for individuals who want to make sure their personal health information remains private and under their control, something that’s considered vital to the eventual success of electronic health record deployments.

Health and Human Services Secretary Kathleen Sebelius acknowledged as much in announcing the rule, saying that, while health IT will help to move the American health system forward, “the privacy and security of personal health data is at the core of all of our work.”

The proposed rule, which will be open to a 60-day comment period starting July 14, takes various routes to providing patient control…

…First reactions to the proposal were generally positive. Deborah Peel, founder and chair of the Patient Privacy Rights organization and an often fierce critic of the government’s record on privacy rights, said she was impressed with Sibelius’s remarks.

“We applaud her for recognizing that HHS should build what the public expects: health IT systems that empower patient control over personal health information,” she said.

HHS’ Health Privacy Site

ONC IS MAKING HISTORY!

ATTEND THE FIRST EVER HEARING ON PRIVACY-ENHANCING TECHNOLOGIES IN THE NATION.

Register here.

The hearing, scheduled all day on June 29th, will showcase 7 innovative, existing privacy-enhancing Health IT products and systems, and future technologies. The technologies will be discussed by 4 experts and the Privacy and Security Tiger Team.

Early this year, Dr. Blumenthal met with the bipartisan Coalition for Patient Privacy. He told us our idea for this conference struck him as “very intriguing. Two principles should animate our policy development. Patients/consumers come first, and the process should be fair and open.” So he agreed to hold a hearing.

Register to attend the hearing at: http://www.blsmeetings.net/consumerchoicetechnologyhearing/
For agenda see: http://healthit.hhs.gov/portal/server.pt?open=512&mode=2&objID=2833&PageID=19423

This is the first hearing ONC has ever held that is focused solely on privacy rights and patients’ expectations to control sensitive health records, from prescriptions to DNA. It is VERY timely because billions in stimulus dollars are about to flow.

What kinds of systems do you want to get the stimulus billions??? Current HIT systems that facilitate the data mining, theft, and sale of personal health information or systems that put YOU in control of YOUR information?

Inside-the-beltway domination of policy and standards by major legacy health IT vendors, many major hospitals, the health data mining industries, and physicians’ organizations has made it very hard for consumer and privacy advocates to be heard, even though we represent the majority of the American public. The fear is if they have to ask first to see or use our health information, we might refuse. And we might. But it’s our right to do so.

Today’s HIT systems put our jobs and our kids’ futures at risk by exposing everything from our prescription records to our DNA to sale and theft. Once our health data is exposed, like Paris Hilton’s sex video, we can never make it private again.

Showcasing technology that empowers patients to actively share data for treatment, personal benefit, and for research, while empowering patients to protect personal information to prevent harms is critical—especially now as HHS prepares to spend billions on EHRs and models for data exchange that do not require meaningful and comprehensive privacy controls.

The video of the hearing will be a critical online resource for the public, the media, states, and the world. There is no other way to learn about robust privacy-enhancing technologies that meet patients’ expectations and rights to control use of PHI while enabling compliance with strong state and federal laws, medical ethics, and our Constitutional rights to privacy.

Latanya Sweeney’s testimony and slides show the need to choose the right HIT technologies and systems up front, rather than letting “100 weeds fester.” See her testimony at: http://patientprivacyrights.org/wp-content/uploads/2010/04/Sweeney-CongressTestimony-4-22-10.pdf
See her slides at: http://patientprivacyrights.org/wp-content/uploads/2010/06/Sweeney-TrustworthyNHINDesigns.pdf

If you cannot attend in person, PLEASE listen in and comment at the end during the comment period or submit comments online. The video link of the hearing will be posted the following day.

TAKE PART: Tell ONC to build privacy-enhancing health IT systems you can trust. Tell ONC to build privacy-enhancing EHRs and systems for data exchange, don’t blow the stimulus billions on systems that will never be trusted.

If we don’t fight for our rights to control sensitive personal health information, we will never GAIN the right to control the rest of our personal information online and in the Digital World.

Thanks for helping to save privacy!

Health IT coordinator attacks rumors that spy agencies would tap into patient information network

Dr. David Blumenthal, national coordinator for health information technology, has strongly denied any plans to develop a national network that would transmit patients’ medical information to the Justice and Homeland Security departments…

…Rather than defusing concerns, privacy advocates said Blumenthal’s remarks only heightened questions about what role NIEM standards, and the law enforcement agencies that developed them, will play in a national health information network.

Dr. Deborah Peel, founder of the Patient Privacy Rights Foundation, said she believes Blumenthal is well-intentioned in his aim to ensure patient information is not transmitted to law enforcement or intelligence agencies. But promises do not have the force of law, she noted.

Privacy concerns surface over ONC data project

There’s an old warning, “Just because you’re paranoid doesn’t mean they’re not after you.”

Last week, David Blumenthal, head of the Office of the National Coordinator for Health Information Technology at HHS, tried to tamp down some blogosphere-based insinuations that work by his office might be contributing to a national surveillance state.

NHIN won’t funnel information to CIA: Blumenthal

David Blumenthal, head of HHS’ Office of the National Coordinator for Health Information Technology, has denied allegations that a framework for selecting data transmission standards for the proposed national health information network would configure the system to afford federal control over patient data and funnel that information to federal agencies, including the CIA, Justice Department and National Security Agency.

Blumenthal’s remarks came more than three hours into the March 25 meeting of the Health IT Standards Committee. The committee is a federal panel created under the American Recovery and Reinvestment Act of 2009, also known as the stimulus law, to advise the ONC on matters concerning health IT standards.