Groups develop privacy framework for health IT

To view the full article, please visit Groups develop privacy framework for health IT.

An article written at ModernHealthcare.com about our new Privacy Trust Framework explains how the framework came into being and what it’s major principles are.

Key quote from the article:

“‘This comes from what the American public wants and was devised by Microsoft and PricewaterhouseCoopers,’ Peel said. ‘Some of the bigger corporations see the future as the public controlling things. Microsoft wanted to distinguish itself from Google Health (its one-time rival as a developer of PHR platforms) and wanted HealthVault to be the privacy place and wanted to compete in that way.’ PricewaterhouseCoopers saw a future auditing opportunity, she said. ‘We’re now moving with the Blue Button where patients can access their information and control it. The ultimate consumer is the patient.’”

The Privacy Trust Framework can be found here.

New Framework Details 15 Core Health Privacy Principles

To view the full article, please visit New Framework Details 15 Core Health Privacy Principles.

HealthDataManagement.com recently posted this article about Patient Privacy Rights’ Privacy Trust Framework. The article tells HealthDataManagement readers “The Framework is designed to help measure and test whether health information systems and research projects comply with best privacy practices in such areas as whether patients have control over their protected health information, an organization obtains meaningful consent before disclosing data and obtains new consent before secondary data use occurs, patients have the ability to selectively share data, and the organization uses servers housed in the United States, among other factors.”

The key principles for our Privacy Trust Framework:

*Patients can easily find, review and understand the privacy policy.

* The privacy policy fully discloses how personal health information will and will not be used by the organization. Patients’ information is never shared or sold without patients’ explicit permission.

* Patients decide if they want to participate.

* Patients are clearly warned before any outside organization that does not fully comply with the privacy policy can access their information.

* Patients decide and actively indicate if they want to be profiled, tracked or targeted.

* Patients decide how and if their sensitive information is shared.

* Patients are able to change any information that they input themselves.

* Patients decide who can access their information.

* Patients with disabilities are able to manage their information while maintaining privacy.

* Patients can easily find out who has accessed or used their information.

* Patients are notified promptly if their information is lost, stolen or improperly accessed.

* Patients can easily report concerns and get answers.

* Patients can expect the organization to punish any employee or contractor that misuses patient information.

* Patients can expect their data to be secure.

* Patients can expect to receive a copy of all disclosures of their information.

The full framework can be viewed at Privacy Rights Framework.

An American Quilt of Privacy Laws, Incomplete

The MOST “incomplete” US privacy law is HIPAA, which eliminated Americans’ rights to control the collection, use, disclosure and sale of their health data in 2001.

The new Omnibus Privacy Rule did not fix this disaster. It made things worse by explicitly permitting health data sales for virtually any purpose without patients’ consent or knowledge. These new regulations violate Congress’ intent to ban the sale of health data in the 2009 stimulus bill.

In addition to not being able to control personal health information Americans have no ‘chain of custody’ for their health data, so there is no way to know who is using or selling our health data.

We need a data map to track all the hidden users and sellers of our personal health information, from our DNA, to our diagnoses, to our prescription records:

  • -Watch Professor Sweeney describe the Harvard Data Privacy Lab/Patient Privacy Rights research project to track hidden users of our health data at: http://patientprivacyrights.org/thedatamap/
  • -WE NEED A DATA MAP TO SHOW THE GOVERNMENT IT’S TIME TO FIX THIS PRIVACY DISASTER!

Attend or watch the next health privacy summit June 5-6 in Washington, DC to learn about these urgent health data problems and potential solutions:

A new CVS wellness program raises privacy concerns

From the Thomson Reuters News & Insight article by Anna Louie Sussman, “A new CVS wellness program raises privacy concerns

(Reuters) – When nationwide pharmacy chain CVS Caremark Corp announced last week that its employees must submit to a medical exam or pay a $600 annual fine, some critics raised privacy concerns…

Under the CVS exam, which is free, tests will measure an employee’s weight, body fat, blood pressure, glucose levels and other health indicators. Workers who smoke must enroll in an addiction program by next year.

“They draw blood, that’s data collection. You have to go through a screening, that’s data collection. You have to call WebMD’s center, that’s data collection. People’s sensitive health data is being used for commercial purposes,” said Dr. Deborah Peel, founder of the advocacy organization Patient Privacy Rights.

Dr. Peel on America Weekend with Paul Harris

PPR Founder and Chair, Dr. Deborah Peel, was featured on yet another radio station discussing the CVS Caremark wellness program which violates their employees right to privacy.

To listen to the full podcast, visit Paul Harris Online.

You can view more about the CVS program here.

The Immortal Life of Henrietta Lacks, the Sequel

This is an amazing article written by Rebekah Skloot, author of ‘The Immortal Life of Henrietta Lacks’, demanding consent and trust.

Rebecca is right—-the only way Americans will trust researchers is when they are treated with respect and their rights of consent for use of genomes and genetic information is restored.

The public does not yet realize that they have no control over ALL sensitive health information in electronic systems. We have NO idea how many hundreds of data mining and research corporations are collecting and using our blood and body parts. We ALSO have no control over our sensitive health information in electronic systems violating hundreds of years of privacy rights.

This week the many stories about CVS showed employers can force employees to take blood tests, health screenings, and be forced into “wellness” programs–all of which REQUIRE collection of sensitive health information—which employees cannot control.

We have NO map of who collects and uses personal health data—Henrietta Lacks family was NEVER asked for consent to use her genome.

Contribute to build a map to track the thousands of hidden users of health data at: www.localhost:8888/pprold

Attend or watch the 3rd International summit on the Future of Health Privacy (free). Register at: www.healthprivacysummit.org

HIStalk News 3/22/13 – Quotes Dr. Deborah Peel on new CVS policy

To view the full article, please visit HIStalk News 3/22/13.

Key quote from the article:

“Patient Privacy Rights Founder Deborah Peel, MD calls a new CVS employee policy that charges employees who decline obesity checks $50 per month “incredibly coercive and invasive.” CVS covers the cost of an assessment of height, weight, body fat, blood pressure, and serum glucose and lipid levels, but also reserves the right to send the results to a health management firm even though CVS management won’t have access to the results directly. Peel says a lack of chain of custody requirements means that CVS could review the information and use it to make personnel decisions.”

Dr. Peel on the Willis Report

Dr. Peel appeared on the Willis Report with Tracy Byrnes on March 21, 2013. Once again, she was discussing some of the major privacy concerns associated with CVS’s new health care coverage plan and Wellness Programs in general.

Watch the interview below. If you’re unable to view it here, you can visit the Willis Report on FoxBusiness.com for the story.


Dr. Peel on Nightly Business Report

On Thursday’s episode of Nightly Business Report, Hampton Pearson reported on the CVS policy that penalizes employees who refuse to undergo yearly health screenings and submit their personal information to their insurer. Following the story, Dr. Peel and fellow guest, Tracy Burns, joined Tyler Mathisen and Susie Gharib to discuss the new policy.

Watch the video below, starting at the 13:56 min. mark (uses iFrame). If you’re unable to view it below, you can watch the segment here on YouTube.

CVS requiring employees to undergo weight, health assessment

To view the full article, please visit CVS requiring employees to undergo weight, health assessment.

Key quotes from the article:

“This is an incredibly coercive and invasive thing to ask employees to do,” Patient Privacy Rights founder Deborah Peel told the Boston Herald, noting that such policies are becoming more prevalent as health costs increase.

“Rising health care costs are killing the economy, and businesses are terrified,” she continued to the Herald. “Now, we’re all in this terrible situation where employers are desperate to get rid of workers who have costly health conditions, like obesity and diabetes.”

“While patient-privacy activists have cried foul, Michael DeAngelis, a CVS spokesman, explained that the goal is health.”

To learn more about the issue, please visit our Health Privacy Summit Website and register for the 3rd International Summit on the Future of Health Privacy.