Your Doctor Knows You’re Killing Yourself. The Data Brokers Told Her.

Shannon Pettypiece and Jordan Robertson | Bloomberg News | Jun 26, 2014 11:35 AM CT

You may soon get a call from your doctor if you’ve let your gym membership lapse, made a habit of picking up candy bars at the check-out counter or begin shopping at plus-sized stores.

That’s because some hospitals are starting to use detailed consumer data to create profiles on current and potential patients to identify those most likely to get sick, so the hospitals can intervene before they do.

Information compiled by data brokers from public records and credit card transactions can reveal where a person shops, the food they buy, and whether they smoke. The largest hospital chain in the Carolinas is plugging data for 2 million people into algorithms designed to identify high-risk patients, while Pennsylvania’s biggest system uses household and demographic data. Patients and their advocates, meanwhile, say they’re concerned that big data’s expansion into medical care will hurt the doctor-patient relationship and threaten privacy.

Related:

“It is one thing to have a number I can call if I have a problem or question, it is another thing to get unsolicited phone calls. I don’t like that,” said Jorjanne Murry, an accountant in Charlotte, North Carolina, who has Type 1 diabetes. “I think it is intrusive.”

Acxiom Corp. (ACXM) and LexisNexis are two of the largest data brokers who collect such information on individuals. Acxiom says their data is supposed to be used only for marketing, not for medical purposes or to be included in medical records. LexisNexis said it doesn’t sell consumer information to health insurers for the purposes of identifying patients at risk.

To view the full article, please visit Your Doctor Knows You’re Killing Yourself. The Data Brokers Told Her.

The Biggest Data Myths of 2013

The biggest myth about “Big Data” users of the entire nation’s health information is that personal health data was acquired legally and ethically.

Just ask anyone you know if they ever agreed to the hidden use and sale of sensitive personal information about their minds and bodies by corporations or “research” businesses for analytics, sales, research or any other use. The answer is “no.”

Americans have very strong individual rights to health information privacy, i.e., to control the use of their most sensitive personal information. If US citizens have any “right to privacy,” that right has always applied to sensitive personal health information. This was very clear for our paper medical records and is embodied in the Hippocratic Oath as the requirement to obtain informed consent before disclosing patient information (with rare exceptions).

The IPO filing by IMS Health Holdings at the SEC exposed the vast number of hidden health data sellers and buyers. Buying, aggregating, and selling the nation’s health data is an “unfair and deceptive” trade practice. (Read more of Dr. Peel’s comments on the IMS filing here.)

Does the public know or expect that IMS (and the 100’s of thousands of other hidden health data mining companies) buys and aggregates sensitive “prescription and promotional” records, “electronic medical records,” “claims data,” and “social media” to create “comprehensive,” “longitudinal” health records on “400 million” patients? Or that IMS buys “proprietary data sourced from over 100,000 data suppliers covering over 780,000 data feeds globally”? Again, the answer is “no.”

Given the massive hidden theft, sale, and misuse of the nation’s health information how can any physician, hospital, or health data holder represent that our personal health data is private, secure, or confidential?

deb

Don’t Let EHR Vendors Own Your Data

“In a recent blog posting, John Moore and Rob Tholemeier of Chilmark Research ask the question: ‘Who’s Data is it Anyway?’ Your electronic health records data is not the property of your vendor and there are things you can do about it, they contend.”

To view the full article, please visit: Don’t Let EHR Vendors Own Your Data

Myth: The Benefits of Electronic Health Records Outweigh the Privacy Risks

Myth: The Benefits of Electronic Health Records Outweigh the Privacy Risks

Fact: It’s impossible to weigh the ‘benefits’ of EHRs vs. the ‘risks’ when we have no way of knowing what all the ‘risks’ are. Current health IT systems and data exchanges enable unlimited hidden use and sale of personal health data.

There is no map that tracks hidden disclosures of health data to secondary, tertiary, quaternary, etc, etc users. It’s crazy, but we have no ‘chain of custody’ for our most sensitive personal information, health data.

How can we make informed decisions about using EHRs when there is no map to track the 100s-1000s-1,000,000s of places our personal health information, from prescriptions to DNA to diagnoses, ends up?

Take a look at this website: http://www.theDataMap.org

·        Harvard Professor Latanya Sweeney leads this project to map the hidden flows of health data.

·        Patient Privacy Rights is a sponsor.

·        Not only is it impossible for individuals to make an informed decision about the risks and benefits of EHRs, but it’s ALSO impossible for Congress to create sane health reform and healthcare laws, formulate appropriate health and privacy policies that provide ironclad data privacy and security protections when we have no idea where PHI goes, who uses and sells it, or what it’s used for.

·        One example of not knowing where/how our personal health data ends up: Identifiable diabetic patient records are sold online for $14-$25 each. See: http://abcnews.go.com/Health/medical-records-private-abc-news-investigation/story?id=17228986&singlePage=true#.UFKTXVHUF-Y

If you think about privacy-destructive health IT,  it is the exact opposite of what patients expect. And it violates patients’ strong existing rights to health information privacy and control over personal health data:

·        One example: Patients give pharmacies a prescription for only one purpose: to fill their prescription. They don’t expect all 55,000 US pharmacies to sell every prescription, every night. The prescription data mining industry sells our easily identifiable prescription records collects 10s-100s of billions in revenue every year.

·        Another example: Patients expect physicians to keep their records private. They don’t expect physicians or EHRs to sell their sensitive data, treating patient data as another way to make money. But selling patient data is the business model of almost all EHRs, including Practice Fusion, Greenway, Cerner, Athena, GE Centricity, etc, etc. Patients give doctors information for one purpose only: to treat them. They don’t expect it to be used and sold by Business Associates, subcontractors, and subcontractors of the subcontractors for other purposes. Again, in the US patients have had a very long history of rights to health information privacy in law and ethics (the Hippocratic Oath).

 

Fact: the public will only trust health technology if they control their health data and can have real-time lists of those who use their health data. Hidden use of personal health data must stop. Users should ask our consent first. We need control, accountability and transparency to trust health technology.

Abbott’s Privacy Rights Proposals Draw Attention

“Attorney General Greg Abbott‘s support for more stringent privacy laws is getting some notice, as privacy rights activists say his proposals would lead to more protections for Texans. But concerns tied to the enforcement of the proposed policies are also being raised.”

To view the full article, please visit: Abbott’s Privacy Rights Proposals Draw Attention

Don’t Let EHR Vendors Own Your Data

“In a recent blog posting, John Moore and Rob Tholemeier of Chilmark Researchask the question: “Who’s Data is it Anyway?” Your electronic health records data is not the property of your vendor and there are things you can do about it, they contend.”

If you have a subscription to HealthData Management and would like the view the full article, please visit: Don’t Let EHR Vendors Own Your Data

Information Asymmetry – The Politics of Health IT Policy

Let’s recognize Healthcare.gov as the dawn of mass patient engagement – and applaud it. Before this website, patients were along for the ride. Employers choose most of the insurance benefits, hospital web portals are an afterthought, and getting anything done with an insurance company, for both doctors and patients, means a phone call and paper. Can you imagine going online to find out the actual cost and buy anything? All that changed with Healthcare.gov.

Information is valuable and not evenly distributed. The haves are immensely valuable corporations. The have nots are patients and doctors. Welcome to the world of health IT politics where the rich get richer ($20 Billion of “incentives” have caused massive health IT consolidation and a hidden health surveillance state) and the poor get frustrated (talk to an independent physician about their EHR or to a patient trying to access her own health records).

Information asymmetry drives $1 Trillion waste of our $2.7 Trillion health care cost. That waste is about $3,000 per year per citizen.

The politics of health IT policy are not left vs. right but institution vs. individual. Politicians and regulators alike are now scrambling to understand the role of health IT policy in that $3,000 annual waste per citizen.

The asymmetry that drives health IT policy is easy to understand when you consider that health IT is sold to corporations. As physicians and patients, we do not prescribe or buy information technology and we are paying the price through a total lack of price and quality transparency.

Incumbent “stakeholders” and multi-$Billion not-for-profit “delivery networks” stand to lose half their revenue if our cost structure aligned with the rest of the developed world. Information asymmetry drives our health IT policy as we implement the Affordable Care Act and the HITECH information technology mandates. From the earliest days, the strategy of costly health IT “certification” seems designed to drive small vendors and open source software out of the market. In the middle ages of post ACA health IT policy, circa 2012, our federal health architecture EHR procurement (the VA and Department of Defense, among others) began wild gyrations that have muted one of the few potential sources of rational, citizen-funded open source health information technology. We are now in the predictive analytics era, as our healthcare “providers” figure out how to manage the physician-patient relationship to their economic advantage. They call it Population Health Management.

Population Health Management doesn’t have to increase information asymmetry. Patient engagement and Fair Information Practice principles are not controversial. Combined with patient-directed automation via Blue Button Plus and NSTIC-style voluntary identities, we can have Big Data analytics to drive health reform policy and population health management. All it takes is democratizing access to our own information and reasserting the primacy of the physician-patient relationship. To get there, our federal and state policymakers will need to use the reduction of information asymmetry as a guiding principle.

The opportunities for policymakers to reduce information asymmetry and engage patients abound:

  • Confirm the patient’s right to access all information using Blue Button Plus so we can delegate that access to the physicians and analytics services we trust.

  • Confirm the patient’s right to specify a voluntary identity for patient matching when we participate in health information exchange.

  • Confirm the patient’s right to a real-time online Accounting of Disclosures so that we can know who is getting our information and see what they’re getting.

  • Confirm the physician’s right to communicate with anyone using Direct secure messages without interference from their employer or a state health information bureaucracy.

We already have these rights under existing law. What we don’t have is regulators and public procurement processes that put consumer protection ahead of politics. It’s time for them to step up. Start by fixing Healthcare.gov with privacy-preserving, voluntary sign-in credentials that we can use with Blue Button Plus to access our hospitals, insurers and state databases without risk of identity theft. There’s $3,000 in it for each of us.

Adrian Gropper, MD is Chief Technical Officer of Patient Privacy Rights and participates in Blue Button+, Direct secure messaging governance efforts and the evolution of patient-directed health information exchange.

Check out the Latest from Dr. Gropper, courtesy of The Healthcare Blog.

Healthcare.gov sends user information to third parties, violating its own privacy policy

You might be interested in this story “Healthcare.gov sends user information to third parties, violating its own privacy policy.” 

The site sends user information to third parties like Pingdom and DoubleClick that are hidden data collectors.  Here you can find a screenshot in which Ghostery is used to show 7 hidden trackers: Healthcare.gov trackers

 

Google’s $8.5M Privacy Pact Going To Inapt Orgs, Groups Say

“A coalition of privacy groups [including Patient Privacy Rights] stepped up its opposition to the proposed $8.5 million settlement of a California class action alleging Google Inc. illegally divulged search information, saying Wednesday that counsel has failed to show how the seven organizations chosen to receive cy pres funds are appropriate.”

To view the full article (only available by subscription), please visit Google’s $8.5M Privacy Pact Going To Inapt Orgs, Groups Say.