What do we think of the new recommendations?

The Tiger team continues to make policy recommendations that clearly violate the law and the Administration’s new privacy policies. See story on release by Modern Healthcare.

Apparently they did not hear Secretary Sebelius announce a new “Administration-wide commitment to make sure no one has access to your personal information unless you want them to” on July 8th (see here).

Or hear Dr. Blumenthal say “we want to make sure it is possible for patients to have maximal control over PHI.” See: http://patientprivacyrights.org/2010/07/ppr-impressed-with-hhs-privacy-approach/

At the Consumer Choices Technologies Hearing on June 29th, one of the ‘granular consent’ technologies demonstrated has been exchanging behavioral health records on 4 million patients for over 10 years, in 9 states and 22 jurisdictions. Newer, more robust consent technologies showcased that day are also in use. See: http://nmr.rampard.com/hit/20100629/default.html

The Tiger team calls these privacy-enhancing technologies “looming” because they are not widely used. If the HIT Policy Committee recommends against technologies for robust consent and segmentation, as they did for “meaningful use” EHRs, they ensure the limited use of privacy-enhancing technologies, which can therefore continue to be described as “looming”. It’s a neat trick to recommend policy that perpetuates the status quo and violates our rights to health privacy. To create wide use of these technologies, they must be required in policy as well as the law.

HITECH in fact does require patient consent before PHI can be sold and states that private-pay patients should be able to prevent their data from flowing to insurers for payment and health care operations. And it is also a legal and ethical requirement to obtain informed consent before disclosures of sensitive health information in all 50 states. Therefore, robust electronic consents and segmentation are required by law today. Policies should match the law.

Instead, the recommendations from the Tiger team guarantee that the theft and sale of patient data will grow exponentially and data will flow unchecked by patient consent or segmentation through HIEs and the NHIN to even more thieving vendors and corporations. Americans’ jobs, credit, and reputations are being destroyed to improve corporate revenues. This sick, greedy transformation of the health care system cannot be hidden and will destroy trust in HIT, HIE, and in legitimate clinical, academic, and public health and population research.

Most HIT products and systems were not designed to comply with patients’ rights to control personal health information. And vendors won’t ever willingly update them, because selling patient data can be a far greater source of revenue than selling software or caring for sick people.

Back to the crucial question: how can the Tiger team recommend policy that violates existing law? Why don’t the Tiger Team and the HIT Policy Committee recommend that HIT vendors , CEs, and BAs COMPLY with state and federal privacy laws and protections and meet patients’ expectations?

The Tiger Team and HIT Policy Committee are both dominated by CEOs, employees, and beneficiaries of vendors or corporate for–profit “research” industries that want all OUR data without consent. Their fiduciary duties to stockholders explain their decisions to recommend policies that violate our privacy rights.

Today the health data theft/sale industry and corporate for-profit research industry are in charge of federal policy-making.

Their flawed business models, based on misleading shareholders and the public about what they really do, are fraudulent and deceptive trade practices.

The SEC brought Goldman Sachs to heel for misleading shareholders and the public about what their business model really was. The data theft and data sales industries and the corporate for-profit ‘research’ industry do exactly the same thing.

The entire US health care and HIT system will end up tarred and feathered and lose the public’s trust unless the health care and HIT corporations that protect privacy rights, and genuine clinical and academic researchers stand with patients to demand that patients control PHI.

Sign the ‘Do Not Disclose’ petition at http://patientprivacyrights.org/do-not-disclose/ and demand your rights to health privacy be enforced.