Switch To Digital Medical Records Raises Concerns

Watch the Video of these interviews and read the full story HERE.

OAKLAND, Calif. — At his high-rise medical office in Oakland, orthopedic surgeon David Chang recently switched from those familiar but cumbersome paper medical files to digital records, making the change ahead of a federal requirement that goes into effect for all medical providers in 2014.

Chang now has a private company store his patients’ records electronically.

“Not only was it free – which was fantastic – but it saved me time,” said Chang.

That company is Practice Fusion in San Francisco. It’s part of a booming industry in electronic medical records software. Its service is free to some 30,000 doctors. KTVU discovered the reason the service is free is because the company legally sells the patient medical information it collects. Buyers include drug companies, medical insurers and others. They can get it if they say it’s for research…

…Some were opposed to such wholesale distribution of patient information.

“This is a nightmare. This is a nightmare. It’s nothing we’ve ever seen before in medicine,” said patient privacy rights advocate Dr. Deborah Peel.

Peel she said many patients and doctors don’t know the federal government quietly eliminated patients’ privacy rights for electronic records.

“It’s a free-for-all. It’s the wild west,” said Peel…

…Dr. Peel said new technology, for as little as five dollars a year, could protect your privacy and allow you to opt out of research databases. Privacy advocates said concerned patients need to lobby their lawmakers now.

De-identified? Yeah, right.

See these articles:
Netflix Contest Seen As Posing Privacy Risk
Netflix is about to commit a privacy Valdez with its customers’ viewing data
AOL, Netflix and the end of open access to research data

Once again Netflix plans to violate the privacy of those who rate the movies they rent. Two University of Texas computer scientists demonstrated that the Netflix database of 500,000 with movie ratings could be re-identified, revealing sensitive political and sexual preferences of the actual people who rated movies. Netflix did not get the consent of renters to expose their ratings to the public or ot researchers.

Yet Netflix is moving ahead to release even MORE personal data for its next million-dollar contest. The major media (NYT’s STeve Lohr for example) has NOT reported at all on how Netflix is violating movie renters’ privacy, but instead trumpets the prizes paid to those who develop more accurate ways to predict which movies you will want to watch next.

The problem of re-identification is VERY serious for the healthcare system because health data is impossible to de-identify. It is so rich in detail that de-identification is almost impossible.

Today, the treasure trove of all Americans’ sensitive health data is being endlessly used and disclosed without informed consent to millions of “covered entities” and “business associates” (and their millions of employees)–subjecting EVERY American to the theft, sale, and misuse of the most sensitive personal information that exists.

Who will hire you knowing all about your prescriptions, illnesses and genes?

Genomes: Behold or Beware

Patients whose physicians “collaborate” with genetic testing corporations should beware. Today, Navigenics and all genetic testing businesses can legally sell genomic data. There is no way to know which ones sell or use data without informed consent and which don’t. Americans’ personal health information is extremely valuable to corporate America. Genomic data requires extreme privacy protection because it can be used to harm not only an individual but all his/her relatives.

According to Navigenics, the personal data shared is “aggregated” and “de-linked” from “your account information”, but Navigenics offers no proof that it cannot be re-identified.

As we learned from the NIH experience, it is very difficult to “de-identify” or “anonymize” genetic data. The NIH closed a public research data base of “de-identified” genetic data after researchers proved the data could be re-identified See: . Corporations that share “de-identified” or “anonymized” health data should be required to publish the algorithms that were used and prove the data cannot be re-identified.

Questions abound:
• How can anyone be sure that Navigenics protects the privacy of genomic tests without trusted external audits of their privacy practices and policies?

• Does Navigenics pay MDVIP’s doctors a “kickback” for “collaborating” each time a patient gets genomic tests? Does MDVIP inform patients that it has a contract with Navigenics and what each doctor is paid?

• Who is being paid for “collaboration”? What exactly are the financial and contractual terms of “collaboration” between MDVIP and Navigenics?

• Do MDVIP’s patients really understand the risks of using Navigenics to do the testing or the risks of letting Navigenics share their genomic data with unknown researchers and research organizations—-that can put their data into public data respositories and publish it in studies? Or the security risks that a particular public respository can be hacked?

• Are MDVIP’s patients coreced into taking Navigenics tests by their doctors? Most patients want to do what their doctors recommend. What is the consent process?

• Did MDVIP contractually sell or give their patients’ genomic data or to Navigenics to own or sell? Should the public trust Navigenics, a for-profit corporation, when personal genomic data is a very valuable commodity?

• Should any for-profit collaboration “define the standards in which preventive genomic medicine will be integrated into patient care for decades to come”? No consumer health privacy expertise, assessment, or input was sought.

• There is not yet an operational, trusted, consumer-led privacy certification organization to audit genomic testing corporations to certify they don’t sell genomic data and that consumers control sensitive personal genomic data in their data bases. In the absence of a trusted privacy certification organization, the privacy principles developed in 2007 by the bipartisan Coalition for Patient Privacy or the Code of Fair Information Practices could be used as guides for building a genomic testing and preventive healthcare system that consumers will trust and be willing to use.

• Would MDVIP’s patients still feel “the experience (was) positive”, “empowered rather than anxious”, and “desire to change their lifestyles and more productively work with their physicians” if they knew their doctors were paid by Navigenics and their data was sold and/or put in public data repositories with unknown security and privacy protections?

This blog is in response to the article: Physician network to use genomic-based preventive healthcare