What does autonomy mean?

Written in response to the following article:


When it comes to clinical-decision software, what does autonomy mean?

 

The current rage for building , selling, and using “bedside analytics” and Big Data technologies is all about financial gain for investors and corporations, it is not about the best interests of the public.
 
Whatever advances the Kaiser technology offers are all proprietary and hidden. Nothing is tested/vetted scientifically by other academic experts. I’ve written before about Mayo’s Bedside Analytics—it’s the exact same thing—all secret.
 
The privatization of the science of Medicine and the privatization of research in Medicine is an incredibly bad development for the people of the US. This is not the case in Europe or other Western nations. Only in the US does money trump science and the greater good.
 
In the past, US Medicine advanced via science: research data and results/conclusions were always openly shared, vetted, and tested by other researchers. Advances in knowledge were always shared for the greater good.
 
The practices of Medicine and Nursing in the US used to be “professions” with ethics that required physicians and nurses to put patients’ needs and interests first, ahead of their own personal interest. The underlying idea was that advances in Medicine belong in the public domain. Suppose Salk and Sabin had privatized their research and the resulting injected and oral polio vaccinations?  If profit had always been the motive of Medicine and Nursing, would these professions have ever gained the public’s trust?
 
Now the National Nurses United opposes the use of these technologies. BRAVO!!!!
 
Where is the comparable response from any medical professional organization? So far, there is none.
 
deb

 

FTC Calls for Data Broker Transparency

By Marianne Kolbasuk McGee | healthcareinfosecurity.com
May 29, 2014

The Federal Trade Commission is urging Congress to enact privacy legislation that would provide consumers with more transparency about the activities of data brokers that collect sensitive health and financial data.

Reacting to the FTC recommendation, two consumer advocates say the explosion of data broker activities in recent years, coupled with regulatory gaps, point to the need for some legislative reforms to protect consumer privacy.

A May 27 FTC report that examined nine companies describes data brokers as “companies whose primary business is collecting personal information about consumers from a variety of sources and aggregating, analyzing and sharing that information, or information derived from it, for purposes such as marketing products, verifying an individual’s identity, or detecting fraud.”

The FTC says data brokers raise privacy concerns for consumers because “significantly, data brokers typically collect, maintain, manipulate and share a wide variety of information about consumers without interacting directly with them.”

The report notes: “In light of these findings, the commission unanimously renews its call for Congress to consider enacting legislation that would enable consumers to learn of the existence and activities of data brokers and provide consumers with reasonable access to information about them held by these entities.”

Deborah Peel, M.D., founder of advocacy group Patient Privacy Rights, says federal legislators and regulators need to crack down on data brokers, especially those that deal with sensitive information, such as health data.

“This is clearly a case where the government must pass laws that require personal control over personally identifiable information to restore our rights to privacy, because we can’t possibly do it ourselves,” Peel says. “Worse, the FTC seems not to have a handle on the size of the health data broker industry. … “Personal information is the ‘oil’ of the digital age – and our personal information belongs to each of us. … If the data brokers want our data, they should just ask. If we think the benefits are worth it, we will say ‘yes’.”

To view the full article, please visit FTC Calls for Data Broker Transparency

 

Tech Groups Press Again On ECPA Reform : Support Email Privacy

Patients need and want to use secure, encrypted email to communicate with health professionals. Why should the government be able to look at our email without a warrant?

The 1986 Electronic Communications Privacy Act (ECPA) must be updated to stop the government from reading our email without approval from a judge.

From the letter to President Obama signed by 81 groups, including Patient Privacy Rights, that asked him to champion fixing the ECPA:

  • “We write today to urge you to support reform of the Electronic Communications Privacy Act (ECPA) to guarantee that every American has full constitutional and statutory protections for the emails, photos, text messages, and other documents that they send and share online.”

“A warrant based on the probable cause standard is required for searches of U.S. mail, searches of a home, or even electronic communications that are not stored with companies like Google or Yahoo.” The same protections are just as important for email between doctors and patients!

Support for “email privacy” is bipartisan, see:  #ECPAReform http://bit.ly/1rAW7MY

Join us in telling the President to pursue #ECPAReform www.NotWithoutaWarrant.com http://bit.ly/1rAW7MY

URL for POLITICO article:  http://www.politico.com/morningtech/0414/morningtech13755.html

POLITICO Morning Tech:  FIRST LOOK: TECH GROUPS PRESS AGAIN ON ECPA REFORM — A gaggle of tech advocacy and industry groups are again imploring the White House to put their weight behind email privacy reform, and this time making clear that any loopholes for civil agencies would be a nonstarter. The groups, led chiefly by the Digital 4th and Digital Due Process coalitions, have been ramping up their ECPA reform push in the hopes of convincing Washington to tackle an issue that they see as low-hanging fruit. In a letter to President Obama today, they want the White House to know that they won’t support any warrant requirement carve-out for federal agencies like the Securities and Exchange Commission. “Seemingly, the only major impediment to passage is an objection by administrative agencies like the Securities and Exchange Commission, which would like to gut the legislation as a way to expand their investigative authorities,” write the groups, which include TechNet, Reddit, the Electronic Frontier Foundation and the ACLU. “Such an agency carve out would be a major blow to reform efforts, allowing increased government access to our communications during the many civil investigations conducted by federal and state agencies.” Full letter here: http://bit.ly/1kfKrfX

 

deb

 

NHS England patient data ‘uploaded to Google servers’, full disclosure demanded

The UK government has been debating illegal disclosures of patient health data: “The issue of which organisations have acquired medical records has been at the centre of political debate in the past few weeks, following reports that actuaries, pharmaceutical firms, government departments and private health providers had either attempted or obtained patient data.”

The article closes with quotes from Phil Booth of medConfidential:

  • “Every day another instance of whole population level data being sold emerges which had been previously denied”.
  • “There is no way for the public to tell that this data has left the HSCIC. The government and NHS England must now come completely clean. Anything less than full disclosure would be a complete betrayal of trust.”

Far worse privacy violations are the norm in the US, yet our government won’t acknowledge that US health IT systems enable hidden sales and sharing of patients’ health data.  US patients are prevented from controlling who sees their health records and can’t obtain real-time lists of who has seen and used personal health data.

Learn how the data broker industry violates Americans’ strong rights to control the use of personal health information in IMS Health Holdings’ SEC filing for an IPO:

  • IMS buys and aggregates sensitive “prescription and promotional” records, “electronic medical records,” “claims data,” “social media” and more to create “comprehensive,” “longitudinal” health records on “400 million” patients.
  • All purchases and subsequent sales of personal health records are hidden from patients.  Patients are not asked for informed consent or given meaningful notice.
  • IMS Health Holdings sells health data to “5,000 clients,” including the US Government.
  • IMS buys “proprietary data sourced from over 100,000 data suppliers covering over 780,000 data feeds globally.”

Data brokers claim they don’t violate our rights to health information privacy because our data are “de-identified” or “anonymized”—-but computer scientists have proven it’s easy to re-identify aggregated, longitudinal data sets:

deb

This blog was written in response to the following article: NHS England patient data ‘uploaded to Google servers’, Tory MP says

NHS legally barred from selling patient data for commercial use. When will the US wake up?

When will US bar sale of patient data for commercial use?

1st: Public has to wake up.

2nd: The LIE of sale of patient data for research must be exposed.

US law permits any corporation to buy/sell/sell/share patient data for commerce (i.e. BIG DATA analytics and proprietary products without patient consent or knowledge). This is a fact.

deb

This blog was written in response to the following article: NHS legally barred from selling patient data for commercial use

3 Reasons Your Medical Records Are at Risk

When hospitals find themselves in the middle of a breach, they usually prioritize improving their security to prevent further security breach incidents.

In addition to defending themselves against data breaches, health systems also need to find the right balance to adequately protect their patients’ privacy.

Since medical information is stored digitally, patients may not be fully aware how crucial it is to protect their data from being seen by unauthorized persons. Some privacy breaches may be avoidable, and learning from these mistakes is essential for health systems to maintain security of sensitive patient information. Here are three reasons why patient security may be lacking at health organizations.

Privacy Is on the Back Burner

When health IT systems are built, ensuring patient privacy is usually not on the forefront of designers’ and engineers’ minds. These IT experts usually put system functions ahead of privacy, which could result in poor privacy protection down the road. Some developers may also leave out privacy features altogether, which could put patient information at risk for being compromised.

Human Error

In a recent report, psychiatric facilities in Texas suffered a string of data breaches, but the majority of them were caused by human error, The Republic reported.

Deborah Peel, the Austin founder of watchdog group Patient Privacy Rights, said repeated data breach incidents could lead patients to question whether their information is secure, which could cultivate distrust among patients. “Our patients deserve privacy and expect that their information is kept confidential,” said Christine Mann, spokeswoman for the Texas Department of State Health Services.

To view the full article please visit: 3 Reasons Your Medical Records Are at Risk

Judge Rules Patients Have a Reasonable Expectation of Privacy in Rx Records

The ACLU recently challenged the Drug Enforcement Administration’s practice of obtaining Oregon patients’ confidential prescription records without a warrant. PPR’s Dr. Deborah Peel submitted a declaration in support of the ACLU’s position, which you can read here.

 

Good news: It’s a win for privacy! In an opinion issued today, the judge ruled that patients have a reasonable expectation of privacy in their prescription records under the Fourth Amendment, and that the DEA needs a warrant to obtain records from the Oregon Prescription Drug Management Program (PDMP).

 

To read the judge’s opinion, click here.

 

To read more from Nathan Wessler, an ACLU attorney working on the case, click here.

 

Did Tim Armstrong’s ‘Distressed Babies’ Comment Violate HIPAA Privacy Laws?

US citizens have a fundamental Constitutional right to health information privacy—but can’t easily sue. Only federal employees can sue under the Privacy Act of 1974, as vets did when a laptop with millions of health records was stolen. Even with strong state health privacy laws and state constitutional rights to privacy in place, it’s very hard to sue because most courts demand proof of monetary harm. This new digital disaster: exposing and/or selling sensitive personal health data–can’t be stopped without stronger, clearer federal laws. OR if US citizens boycott the corporations that violate their rights to health privacy.

-Deb

This blog written in response to the following article:

Did Tim Armstrong’s ‘Distressed Babies’ Comment Violate HIPAA Privacy Laws?
By Abby Ohlheiser
The Wire, February 10, 2014

New CLIA rule talks the talk, but it doesn’t walk the walk

Deborah Peel, MD, Founder and Chair of Patient Privacy Rights

The federal government released an update to the CLIA rule this week that will require all labs to send test results directly to patients. But the regulations fail to achieve the stated intent to help patients. The rule allows labs to delay patient access to test results up to 30 days, and the process for directly obtaining personal test results from labs is not automated.

The new rule also fails to help patients in significant ways:

  • Real-time, online test results are not required. The federal government should have required all labs to use technology that benefits patients by enabling easy, automatic access to test results via the Internet in real-time. Unless we can obtain real-time access to test results, we can’t get a timely second opinion or verify the appropriate tests were ordered at the right time for our symptoms and diseases.
  • Labs are allowed to charge fees for providing test results to patients.  If labs can charge fees, they will not automate the process for patients to obtain results. Labs that automate patient access to test results online would incur a one-time cost.  After labs automate the process, human ‘work’ or time is no longer needed to provide patients their test results, so the labs would have no ongoing costs to recoup from patients.
  • Labs should be banned from selling, sharing, or disclosing patient test results without meaningful informed consent to anyone, except the physician who ordered the tests. This unfair and deceptive trade practice should be stopped. No patient expects labs to sell or share their test results with any other person or company except the physician who ordered the test(s).

This rule raises a question: why do so many federal rules for improving the healthcare system fail to require technologies that benefit patients?

Technology could provide enormous benefits to patients, but the US government caters to the healthcare and technology industries, instead of protecting patients.

Current US health IT systems actually facilitate the exploitation of patients’ records via technology. When HHS eliminated patient control over personal health data from HIPAA in 2002, it created a massive hidden US data broker industry that sells, shares , aggregates and discloses longitudinal patient profiles (for an example, see IMS’ SEC filing with details about selling 400M longitudinal patient profiles to 5K clients, including the U.S. government.

Meanwhile, even the most mundane, annoying, repetitive tasks patients must perform today–like filling out new paper forms with personal information every time we visit a doctor–are not automated for our convenience or to improve data quality and accuracy.

Shouldn’t IT improve patients’ experiences, treatment, and restore personal control over sensitive health information?

deb

You can also view a copy of this blog post here