The Truth About HIPAA – It Hasn’t Changed

Everyone thinks HIPAA protects personal health data. It doesn’t.

The most valuable data collected and sold by US “data brokers” is sensitive personal health information.

US “data brokers” capture sensitive health information by tracking our searches, social media, phone apps and GPS data. The majority of US healthcare institutions, health-related state and federal government agencies, and health technology vendors are also “data brokers”.

HIPAA gave millions of hidden institutions, healthcare providers, and technology vendors the right to control, use, and sell our medical records, prescriptions, lab tests, claims data, and more. HIPAA gave them the right to be “data brokers”.

If the President’s Consumer Privacy Bill of Rights (CPBOR) was the law of the land AND also was applied to the healthcare system, patients could control who collects and uses health data—not “data brokers”.

The CPBOR’s strong new rights to control the use of personal data could end the use of data for discrimination in every area of life, including  jobs, credit, mortgages, and opportunities.

The EU got it right:  no government agency or corporation in the EU can collect, use, or sell personal data without permission.

deb

This blog was written in response to the following article: Senators call for consumer privacy protections

 

Don’t bet on knowing your records’ whereabouts

Joseph Conn with ModernHealthcare.com wrote about the Health Privacy Summit in the IT Everything blog. You can read the full article here: Don’t bet on knowing your records’ whereabouts

“Do you know where your electronic health information is tonight?

Here’s a reader challenge: I’ll pay $10 to the first adult who has had at least five encounters with the private-sector healthcare system in the past 10 years to come up with a complete map of where all his or her electronic health records have traveled, who has seen them and where they are now.

I feel my money is safe in my pocket, and here’s why:

First, I’ve been covering health IT for nearly 11 years, and there is no system I know in this country that can completely track the whereabouts of someone’s electronic health information.

Second, there are no laws or incentives to induce complete tracking of a patient’s records.

And yet, patients ought to have access to just such a record map, according to health IT and privacy experts participating in the first Health Privacy Summit Monday in Washington. The daylong conference was put together by Patient Privacy Rights and the Lyndon B. Johnson School of Public Affairs at the University of Texas, Austin…”

Re: Google Defends Way It Gets Phone Data

Mobile devices will be the future of healthcare and health IT. Today in parts of the world too poor to afford enterprise systems, “mHealth” is now the way healthcare is delivered.

Please see the recent article in the Wall Street Journal: Google Defends Way It Gets Phone Data

This story should serve as a warning to patients: If your doctor uses an iPad, iPhone, or Android to access your electronic health information, Google and Apple may be collecting, using, or selling it.

  • QUOTE: “Amid rising scrutiny of their practices, Google Inc. defended the way it collects location data from Android phones, while Apple Inc. remained silent for a third day. The companies’ smartphones regularly transmit locations back to Google and Apple servers, respectively, according to data and documents analyzed by The Wall Street Journal. Research by a security analyst this week found that an Android phone collected location data every few seconds and sent it to Google several times an hour. Apple disclosed in a letter to Congress last year that its phones “intermittently” collect location data, and the company receives it twice a day.”

Do Androids, iPhones and iPads send health records back to Google and Apple every few seconds the same way they send GPS data? Right now, health data on mobile devices typically isn’t even encrypted.

Do Google and Apple collect and store health data for months, like they do with location data?

Do Google and Apple “anonymize” health data the same way they “anonymize” your cell phone: by assigning a unique number that is directly traceable back to you?

The point is, whatever Apple and Google can do with GPS data, they can do with health data on mobile devices.

PPR Comments on FTC Consumer Privacy Protection Report

We applaud the FTC for creating a report focused on protecting consumer privacy. The proposed framework
upholds many of the practices we believe in: informed consumer consent, privacy protection and data security,
and greater transparency.

View the FTC Staff Report: Protecting Consumer Privacy in an Era of Rapid Change

View PPR’s full comments