PPR at ICASM Symposium at Hofstra U.

The Ethical Use of Internet Cloud Based Apps and Social Media (ICASM) in Health Care
Tuesday, April 24, 2012

Deborah C. Peel, MD will be participating on a panel at Hofstra University for their ICASM Symposium

Panel Title: The Ethics of ICASM in Healthcare: Social Policy, Legal Responses, and Medical Strategy
Moderator: Corinne Kyriacou, Ph.D., Hofstra University School of Education, HHS
* Deborah Peel, M.D., Patient Privacy Rights
* Brian Mulligan, North Shore-LIJ Health System
* Michele Mathes, J.D., American College of Physicians
* Scott Gottlieb, M.D., New York University Medical Center

View the Symposium Agenda Here
Register Here

More details are below and on the Symposium Site

“Welcome to Hofstra University and The Ethical Use of Internet Cloud Based Apps and Social Media (ICASM) in Health Care conference. This conference is the first major event of the Hofstra Bioethics Center. The Center, sponsored by the University, the Maurice A. Deane School of Law at Hofstra and the Hofstra North Shore-LIJ School of Medicine, represents an interdisciplinary effort to advance the study of bioethics and to bring the fruits of that study to the worlds of healthcare and biomedical research.

Today we will explore the benefits and the risks of ICASM in healthcare and medical research. Reliance on cloud-based apps by health care professionals, scientists, lawyers, IT personnel, and health educators brings efficiency and promises better healthcare to patients. But this development comes with risks to security and privacy. Similarly, social media gives individual patients and patient groups a means of sharing healthcare information quickly and widely. Social media’s online communities can provide useful information to biomedical researchers, physicians and patients and can foster a productive sharing of information among these players. Yet, social media also comes with ethical risks.

Each of four conference panels will consider the benefits that ICASM offers to healthcase professionals, hospitals, other healthcare facilities, medical researchers and patients, and each of the panels will consider the ethical obligations such modes of instantaneous information sharing should impose on each stakeholder. To encourage wide participation, dialogue and cooperation, conference panels will be plenary, with adequate time provided for panel discussions and for question and answer sessions.”

View more and register at: http://www.hofstra.edu/Community/culctr/culctr_events_ICASM.html

PPR at Atlantic Health Care Forum

Today, April 19th, 2012, Deborah C. Peel, MD will speak on a panel at the Atlantic Healthcare Forum in Washington, DC.  See the agenda here.

View the Forum via a Live Streaming Webcast!

“Join industry experts, policymakers, and business leaders to discuss the latest innovations, trends, and concerns in an industry critical to our lives. The Forum will explore the future of wireless health, the potential of data innovation to improve care, and how to finance health care in the current economy through keynotes, panel discussions, and demonstrations.”

12:30 pm EST
Panel Discussion III. Health Care 2015: Can Big Data Be the Cure-All?
Moderator: Steve Clemons

* Robert Litan, Vice President for Research and Policy
* Ewing Marion Kauffman Foundation
* Susan Love, President, The Dr. Susan Love Research Foundation
* Deborah Peel, Founder, Patient Privacy Rights
* John Wilbanks, Founder, Consent to Research

See more at the Atlantic Healthcare Forum Site

Registration is officially closed, however you can view the full day via live streaming webcast.

Re: Genetic Bar Code Search – Finding People in Huge Gene Pools

In response to the PopSci.com article: Genetic Bar Code Search Can Use RNA to Pick Out Individuals From Huge Gene Pool

Quote from the principle investigator of the Mount Sinai study: “Rather than developing ways to further protect an individual’s privacy given the ability to collect mountains of information on him or her, we would be better served by a society that accepts the fact that new types of high-dimensional data reflect deeply on who we are,” he said. “We need to accept the reality that it is difficult—if not impossible—to shield personal information from others. It is akin to trying to protect privacy regarding appearances, for example, in a public place.”

Genetic privacy may be difficult to achieve, but it remains essential for people to trust physicians, researchers, health IT, and the government.

The public will not accept the idea that genetic information “is in the public domain” anytime soon. We never agreed to have our genetic information made public, and have fought for years to preserve genetic privacy at the state and federal levels. Those who built systems to take blood and tissue and do research without consent could have easily anticipated massive public concerns about such unethical research practices–and not built systems that violate Americans’ expectations and strong rights to health privacy.

Clearly it’s time for Congress to pass a federal law restoring personal ownership and control over blood and tissue that leaves our bodies, and restore the right of informed consent before any research can be done using our blood, tissue, or health information.

Featured Participants in 2012 DC Health Privacy Summit Announced

March 21, 2012


Deborah C. Peel, MD

Featured Participants for 2012 Health Privacy
Summit at Georgetown University Announced
Rep. Joe Barton, R-Texas, to Receive Honor;
Farzad Mostashari, MD, ScM, to Deliver Opening Keynote;
Ross Anderson, PhD, FRS, Delivers Evening Keynote

Austin, TX – March 20, 2012 – Organizers today announced a noted honoreeand two outstanding keynote speakers to be featured at the Second International Summit on the Future of Health Privacy, planned for June6th-7th, 2012, at the Georgetown University Law Center in Washington,D.C.

U.S. Congressman Joe Barton will be honored as a “Privacy Hero” during the 2012 Summit’s “Celebration of Privacy” on the evening of June 6. The award recognizes Rep. Barton’s critical role as a top Congressional privacy advocate beginning with co-founding the Congressional Bipartisan Privacy Caucus with Rep. Edward Markey in 2000. His leadership ensured House support for the historic new consumer privacy and security protections in the Health Information Technology for Economic and Clinical Health (HITECH) Act.

The opening keynote will be presented by Farzad Mostashari, MD, ScM, the National Coordinator for Health Information Technology at the U.S. Department of Health and Human Services. In addition, Ross Anderson, PhD, FRS, of the University of Cambridge, U.K., will deliver the evening keynote speech.

The 2012 Summit is hosted by Patient Privacy Rights and Georgetown University’s O’Neill Institute on Global and Health Law to provide an international venue for serious discussion by experts and thought leaders on timely privacy issues. Participants will consider how patients’ privacy and civil rights are impacted by current law and regulations, health technologies and architectures (including mHealth and ‘clouds’), data exchange, secondary uses of health data, and social media platforms. The theme addressed at this year’s Summit will be: Is There an American Health Privacy Crisis?

Summit sessions will also explore health privacy through the lens of U.S. and international policies about health information privacy, such as the recent Consumer Bill of Privacy Rights and the EU Draft Regulation on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data.

More About U.S. Representative Joe Barton, R-Texas
Rep. Joe Barton, a 28-year veteran member of the U.S. Congress and Chairman Emeritus of the U.S. House of Representatives’ Energy and Commerce Committee, will receive a “Privacy Hero” award at the 2012 Summit.

The award recognizes Rep. Barton’s critical role as a top Congressional privacy advocate beginning with co-founding the Congressional Bipartisan Privacy Caucus with Rep. Edward Markey in 2000. His award is for his leadership in 2009, which ensured House support for the historic new consumer privacy and security protections in the Health Information Technology for Economic and Clinical Health (HITECH) Act.

More About Farzad Mostashari, MD, ScM
As National Coordinator for Health Information Technology at the U.S. Department of Health and Human Services, Farzad Mostashari, MD, ScM, is charged with promoting the development of a secure and interoperable nationwide health information technology infrastructure.

Dr. Mostashari’s position was mandated through the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 and is focused on improving healthcare and clinical research, reducing its cost, and protecting patient health information. Previously, Dr. Mostashari held leadership positions at the New York City Department of Health, including establishing their Bureau of Epidemiology Services, and helped pioneer real-time electronic disease surveillance systems.

More About Ross Anderson PhD, FRS
Ross Anderson PhD, FRS, is a professor of security engineering at the University of Cambridge Computer Laboratory in the United Kingdom. Dr. Anderson is a researcher, writer, industry consultant, and expert in “building systems to remain dependable in the face of malice, error or mischance.”

More About the 2012 Summit Partners
Organizations partnering with Patient Privacy Rights to present the 2012 Health Privacy Summit include:

Registration for the 2012 Summit is free, but space is limited. Register now at http://www.healthprivacysummit.org. Last year’s First International Summit on the Future of Health Privacy successfully established a global public forum on the future of health privacy. Panel members included health privacy experts from academia, industry, technology, consumer advocacy, top government officials, and international experts. Learn more about the 2011 Summit here. Videos are available.


O’Neill Institute for National and Global Health Law
The O’Neill Institute for National and Global Health Law at Georgetown University was established in 2007 to respond to the need for innovative solutions to the most pressing national and international health concerns. For more information, visit http://www.law.georgetown.edu/oneillinstitute/about/index.html.

Patient Privacy Rights
Patient Privacy Rights is the nation’s leading bipartisan health privacy organization and leading consumer voice for building ethical, trustworthy healthcare IT systems. For more information, visit http://patientprivacyrights.org.

PPR Founder Interviewed – America in the Balance

03/14/2012: U.S. citizens are concerned about “ObamaCare”- style health care reform and the escalating loss of personal health information and privacy rights. Today’s guest is Dr. Deborah C. Peel, founder of Patient Privacy Rights. PPR was started in 2004 to speak and advocate for the patient’s right to health privacy. Peel has been chosen one of Modern Healthcare’s “100 Most Influential in Healthcare” 4 times in the last 5 years, and is the leading voice for patient control over the use of sensitive health information. Join us as we discuss HIPPA, mHealth, and the upcoming 2nd Annual International Summit on the Future of Health Privacy to be held in June 2012 in D.C.

You can listen to the article by following this link and scrolling down to the 3/14/12 show.

Re: BCBS Breach in Tennessee

The Office of Civil Rights in the Dept of Health and Human Services (OCR) slapped the wrist of BCBS of Tennessee.

One million people’s protected health information was breached because Blue Cross Blue Shield (BCBS) of Tennessee violated data security laws. The settlement cost BCBS a little more than $1.00 per person—hardly a deterrent to other corporations or adequate punishment. However, that amount happens to be the same as the highest possible fine permitted by law (HITECH).

Still it appears that criminal charges could have been filed for “willful disregard” rather than OCR accepting a settlement. OCR’s finding that legally-required “adequate administrative and physical safeguards” were lacking is evidence of “willful neglect”.

Worst of all, the one million victims received NO protection against future ID theft or medical ID theft. OCR could have also required BCBS to mitigate future patient harms, but didn’t. New technologies can protect against medical ID theft by enabling patients to review all new claims, so they can detect and prevent fraudulent claims and erroneous data from being entered into their records.

Why didn’t OCR propose that BCBS adopt remedies to protect the patients whose records were breached from further misuse and theft?  Shouldn’t OCR help protect victims?

Re: Offense must be the new defense, RSA chief says

In response to the Government Security News (GSN.com) article: Offense must be the new defense, RSA chief says

From a major cybersecurity conference, “IT systems already are or will be compromised and security efforts must shift to detecting and mitigating compromises and protecting data in compromised systems.”

FLASH: Health data systems are just as compromised as those in every other sector of the economy and government, but it’s rarely mentioned. With the HIT and healthcare industries in denial, who will secure and protect the nation’s electronic health information?

At the same conference a solution was proposed, “the future of security and privacy in a world in which vulnerabilities and exploits are inevitable lies in protecting data through the use of metadata associated with policies that will let creators and owners control data.”

FYI: last year meta-tagging health data to protect privacy was proposed by the President’s Council of Advisors on Science and Technology (PCAST). PPR testified at the HIT Policy Committee in favor of meta-tagging health data. But the HIT and Healthcare lobbies killed it.

It’s back to business as usual: selling and using abysmal health IT systems and data exchanges without effective privacy or security protections — so healthcare corporations, hospitals, health plans, doctors, HIT companies, labs, pharmacies, etc can all use or sell our personal health data for discrimination and other purposes we would never agree to.

It’s time for Congress to support the Administration’s new Consumer Bill of Privacy Rights and put people in control of personal data online and in data systems by requiring robust, existing privacy and consent technologies or meta-tagging. Americans’ longstanding legal and ethical rights to health privacy must be restored so people are willing to participate in electronic health systems.

Without remedies now, “trust in our digital world is at risk.”

PPR in the Wall Street Journal

The Journal Report of The Wall Street Journal featured Patient Privacy Rights’ founder in a debate about Unique Patient Identifiers (UPIs). Deborah C. Peel, MD, founder & chair of Patient Privacy Rights, opposes UPIs, pointing out there are better electronic records systems that allow patients to control data exchanges for treatment and other approved uses.

You can read both sides of the debate at this link: “Should Every Patient Have a Unique ID Number for All Medical Records?”

While voting remains open, the scores have remained fairly static over the past month showing a clear victory. Deborah Peel, MD has won the debate for Patient Privacy Rights, exposing the dangers of UPIs in electronic health record systems. If you have not already, you can still vote “No” to UPIs, and help protect patients, privacy, and progress toward patient-controlled electronic health records. If you are in the main article, voting takes place on the left side of the screen below the picture of Michael Collins. You can also use this direct link to vote after reviewing the full debate.

To dispel the myths of UPIs:

  • Trying to separate UPIs from financial records would be like trying to separate SSNs from everything they have been linked to, including medical records!
  • UPIs will give government, industry, data miners, and others greater ability to collect all health information on individuals. Imagine giving everyone a unique financial identifier that they would use for all credit cards, banks, retailers, and other financial institutions. Would you feel your money was secure?
  • A surprising amount of patients already do not trust a paper-based system, and fear for their privacy even more with expanding Health IT. Having a UPI takes away the idea of patient control and consent, creating one very easy and obvious way for anyone with the means necessary to look up a patient’s full health record. Patients will only accept a system they can control.

We do our work to improve health care by protecting patient privacy. We encourage you to protect your own privacy rights by voting now.

Re: Sizing Up the Family Gene Pool

In response to the New York Times article: Sizing Up the Family Gene Pool

This story is about the fact that genetic testing companies sell people’s test results, compromising families’ and descendants’ future jobs and opportunities. “The NYTimes Ethicist” confirmed a questioner’s fears:

“As for the privacy issue, your concern is well founded. Many of these companies do use customers’ data for medical research or commercial applications, or they sell it to third parties whose interests you might never know. Legally they can’t do that without your consent, but the fine print on those consent forms goes by so quickly that it can be hard to follow.”

Americans’ lack of control over sensitive personal health information in electronic systems is a true national disaster. Not everyone knows this yet, but President Obama does.

On Feb 22, the he introduced historic new privacy principles to guide the use of personal data in the global digital economy. He recognized the lack of privacy in current networked technologies and systems has severe economic consequences. See story on the White House Initiative: http://patientprivacyrights.org/2012/02/wh-initiative-consumer-privacy-bill-of-rights/

President Obama’s new principles address the causes of the privacy violation in the story:

  • Current federal law does not protect the right to health information privacy or the right of consent to use health data
  • neither HIPAA nor Genetic Information Non-Discrimination Act (GINA) prevent the systemic corporate business practice of selling Americans’ highly sensitive personal health information (like genetic test results)

He laid out an historic, tough new Consumer Privacy Bill of Rights to stop the data mining and data theft industries. The first principle is that of individual control: “Consumers have a right to exercise control over what personal data companies collect from them and how they use it.”

Key quotes from the Administration’s new “Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy”:

  • “Strong consumer data privacy protections are essential to maintaining consumers’ trust in the tech­nologies and companies that drive the digital economy.”
  • The President concluded, “It [privacy] has been at the heart of our democracy from its inception, and we need it now more than ever.”

The only way we can trust the Internet and have a vibrant global digital economy is if individuals control personal information online and in electronic systems. The right of informed consent before personal information is collected or used must be restored.

When will the health IT industry, Congress, and lawmakers across the US act to restore the right to privacy and control over personal information?

911 Broadcasts: A Privacy Invasion?

See the full article on GovInfoSecurity.com: 911 Broadcasts: A Privacy Invasion?

The extensive news media coverage of a 911 emergency call about actress Demi Moore is calling attention to an important issue: The need to protect privacy…

…Daniel Solove, professor at the George Washington University Law School, wrote in a blog that the release of 911 calls violates the constitutional right to privacy. He also argues that although 911 call centers are not HIPAA-regulated, like a hospital or a physician, they often provide healthcare advice.

Solove writes: “If the call from Demi Moore’s home had been to a hospital or a doctor or any other type of healthcare provider, public disclosure of the call would be forbidden. Why isn’t a 911 call seen in the same light?” And that, indeed, is a good question.

Deborah Peel M.D. of Patient Privacy Rights argues that release of a 911 tape or transcript should be considered a HIPAA violation because the 911 operators “are in effect working on behalf of hospitals and emergency centers as part of the patient’s treatment team.”

Peel highlights another risk involved in publicizing 911 calls: “If the public realizes that 911 calls can be made public, then anyone with a medical emergency they don’t want the information to be seen by the local media or read by everyone in the city or state will stop calling and risk their lives.”

A HIPAA Violation?

So why are audio tapes of 911 calls broadcast so commonly on TV? Well, technically, 911 services aren’t covered entities under HIPAA because they don’t directly deliver or bill for healthcare, says attorney Robert Belfort of Manatt, Phelps & Phillips LLP.