How Medical Identity Theft Can Give You a Decade of Headaches

See the full article at How Medical Identity Theft Can Give You a Decade of Headaches.

This article tells us a cautionary tale about how Arnold Salinas had his identity stolen by someone who took out medical care in his name. Now, any time he gets medical treatment, he has to be extremely careful that his records are actually his own or face the possibility that he will get the WRONG treatment.

“Medical identity theft affected an estimated 1.5 million people in the U.S. at a cost of $41.3 billion last year, according to the Ponemon Institute, a research center focused on privacy and data security. The crime has grown as health care costs have swelled and job cuts have left people without employer-subsidized insurance. Making matters worse: The complexity of the medical system has made it difficult for victims to clear their name.”

It is so important that patients control and are kept abreast of their medical records, but the current system does not make this easy. According to the article, medical identity theft cases are some of the most difficult to solve and can take years. What makes it so difficult is that “‘…you have to go provider by provider, hospital by hospital, office by office and correct each record,” said Sam Imandoust, a legal analyst with the Identity Theft Resource Center. ‘The frustrating part is while you’re going through and trying to clean up the records, the identity thief can continue to go around and get medical services in the victim’s name. Really there’s no way to effectively shut it down.’” Another problem is even finding out your identity has been stolen. According to Pam Dixon, founder of World Privacy Forum, “the fractured nature of the health care system makes medical identity theft hard to detect. Victims often don’t find out until two years after the crime, and cases can commonly stretch out a decade or longer”. Banks and other institutions are used to dealing with identity theft, but the medical industry isn’t equipped to handle this kind of infringement.

A Future Perspective: Have We Seen The End Of Consumer Privacy In Health Care?

PPR Founder & Chair, Deborah C. Peel, MD, presents on a panel at the 8th Annual Open Minds Technology & Informatics Institute. View her presentation slides here.

In an era of Facebook, reality television, and the internet, it seems that as a society, we don’t view privacy in the same way that we did in the past – that is, except when it comes to health care. Yet the reality is that even that may be changing; in today’s environment, data is more easily shared with electronic health records and consumers have increased access to their own records, and therefore the ability to share information as they choose. But are consumers truly ready to give up privacy? And if they aren’t ready, is there anything we can do to protect patient privacy in our increasingly digital world? In this unique session, our panel of experts will discuss how our definition of privacy has changed over the years and answer the question – Is privacy dead in health care?

Faculty:
Deborah C. Peel, M.D., Founder & Chair, Patient Privacy Rights Foundation
Tim Timmons, CCEP, CHPC, CHP, CHSS, Corporate Integrity Officer, Greater Oregon Behavioral Health, Inc.
Julie Caliwan, Senior Associate, OPEN MINDS

Institute Overview

We know the future of health care will be shaped by technology.
Everything from the way we communicate with consumers, to how we deliver services, to the way we interact with other health care providers is under the influence of technological innovation. The relationship between consumers and provider organizations is already shifting as these innovations change our system in ways that would have been unfathomable just a decade ago – from robots and remote monitoring systems, to neurotechnology and smartphone apps.

Organizations with the best technology strategy will have the competitive edge.
The 2012 OPEN MINDS Technology & Informatics Institute is designed to provide an inside look at the ground-breaking technologies that will influence the health care market in the years to come. By gathering together the industry’s greatest technological innovators, a team of expert faculty, and the country’s top health and human service executives, this institute will not only provide you with a glimpse at the future, but also a strategic roadmap for success along the way.

Benefits of Online Medical Records Outweigh the Risks- Includes Opposing Quotes from Dr. Deborah Peel

An article written by Larry Magid in the Huffington Post quotes PPR when speaking about the issues surrounding electronic health records. You can view the full article here: Benefits of Online Medical Records Outweigh the Risks.

“There are also privacy concerns. In a 2010 Wall Street Journal op-ed, psychiatrist Deborah Peel, founder of Patient Privacy Rights, complained that ‘lab test results are disclosed to insurance companies before we even know the results.’ She added that data is being released to ‘insurers, drug companies, employers and others willing to pay for the information to use in making decisions about you, your job or your treatments, or for research.’ Her group is calling for tighter controls and recognition that “that patients own their health data.’”

Onward and upward: ONC to automate Blue Button

See the full article in HealthcareITNews: Onward and upward: ONC to automate Blue Button

Why “Blue Button” matters: It is the critical first step to restore your control over personal health data.

  • -If we can’t get our data (via a “Blue Button”), we can’t use or control it—-much less check for errors.
  • -Few of us expect or know that today our sensitive health data flows to hidden businesses and users that have nothing to do with our health or treatment—which is why we need a map of health data flows:
    • -See Prof Sweeney explain this project in a brief video: http://tiny.cc/f466kw
    • -Today’s electronic health system allows millions of people who work for doctors, hospitals, insurers, health technology companies, and health data clearinghouses, etc, to use, disclose and sell our health data without consent.
  • -The current health technology system guarantees harms: like use of personal health data by employers and banks, ID theft and medical ID theft, and health data sales (see ABC World News story that shows the sale of diabetic patient data at: http://tiny.cc/un96kw ).

In 2001, the HIPAA Privacy Rule stated that patients should be able to download electronic copies of personal health data. Finally the federal government, through the Office of the National Coordinator for Health Information Technology (ONC), will actually require all electronic health records systems to let us do that.

  • -FYI—The box to click and download personal health information is known as a “Blue Button”. Some places already let patients do this (the VA system and MD Anderson for example).

When personal control over health data is restored, we can send our records to all the right places (for treatment and research) and NOT send records to hidden users and corporations that use it now to discriminate against us for jobs or credit, for ID theft, to impersonate us and use our health insurance to obtain treatment (medical ID theft), or for insurance, Medicare, and Medicaid fraud.

Survey uncovers lax attitudes toward BYOD security

To view the full article by Eric Wicklund in mHIMSS, please visit Survey uncovers lax attitudes toward BYOD security.

Ask your doctor about his/her smart phone or iPad: does he/she use it for work, is your data encrypted, can the data on the device be wiped if its lost or stolen?

The number of people who work in healthcare using personal devices like smart phones and Apple products is exploding—but many mobile devices lack the strong data security protections required for health data-like encryption. So if the device is lost or stolen, so is the sensitive information about your mind and body.

Key quotes from the story:

* 51% say their companies don’t have the capability of remotely wiping data from a device if it is stolen or lost

* Less than half had (data security) controls in place for mobile devices

* 84%  of individuals stated they use the same smartphone for personal and work issues.

* 47% reported they have no passcode on their mobile phone.

Senator Al Franken is pressing Congress and the Department of Health and Human Services (HHS) to specifically require health data to be protected on portable media. The government is pouring billions into build an electronic healthcare system but failing to require or enforce effective rules to protect our sensitive health information, from prescription records to DNA to diagnoses. Electronic health records are far easier to steal, sell, or lose than paper records because hundreds or thousands of people who work at hospitals and health plans can access our health data.

It’s crazy that health data is not protected by ironclad security protections at all times, no matter where its being used. You’d think even without government regulations for data protection that anyone handling our most sensitive personal information would protect it, but many don’t.

Patients must have control of their medical records

An interesting article written by Mohammad Al-Ubaydli, founder and chief executive of Patients Know Best in which he explains the benefits of using Personal Health Records over electronic ones. To view the full article, please visit Patients must have control of their medical records.

Quotes:

  • -an electronic health record is designed for employees of an institution to work together. It is logistically, technically, and legally difficult to connect such records.
  • -an electronic health record is designed for employees of an institution to work together. It is logistically, technically, and legally difficult to connect such records. The number of connections in a network necessary for integrated care goes up exponentially if the connections are institution to institution, but only linearly if they go through the patient (a hub). In other words, only the latter approach can cope with the networks of care of modern medicine.
  • -There are also formidable legal difficulties with institutions sharing data about patients. Patients, by contrast, can quickly and usefully consent for data sharing if they are in control.
  • -it is hard to see how care can truly be patient centred when patients’ records are scattered and not under their control.

Jailed Man Narrowly Escapes Fatal Error in EHR

To view the full article, please visit Nextgov.com: Jailed Man Narrowly Escapes Fatal Error in EHR

Problems with EHRs don’t happen only in jails—and many hospitals and clinics that  use EHR are prohibited from criticizing the products in public; ie many health technology vendors have ‘gag’ clauses in their contracts with users.  EHRs like this one can endanger patients’ lives and/or can be very difficult to use (many are NOT designed by clinicians who actually need to use them, can be very time consuming to use, make it hard to find needed information, etc, etc).

EHRs and Patient Privacy- An Oxymoron? Psychiatric Times Cover Story

A recent article in the Psychiatric Times based on the 2nd International Summit on the Future of Health Privacy describes the major problems with EHRs and the consequences of the misuse of this technology. The article quotes both Dr. Peel and Dr. Scott Monteith as well as “Julie” when describing the flaws of EHRs and HIEs. The article is available by subscription only through Psychiatric Times, but here are some highlights and quotes from the article:

“The escalating use of electronic health records (EHRs) and health information exchanges (HIEs) is fraught with unintended and sometimes dire consequences—including medical coding errors and breaches of psychiatric patients’ privacy and confidentiality, according to [Dr. Peel and Dr. Monteith] who scrutinize the field”

“At the recent Second Annual International Summit on the Future of Health Privacy, psychiatrist Scott Monteith, MD, Clinical Assistant Professor in the Departments of Psychiatry and Family Medicine at Michigan State University and a medical informaticist, relayed the experience of a patient who discovered that her EHR erroneously reported a history of inhalant abuse. In reality, she had a history of  “caffeine intoxication.” After much investigation, the problem was identified. The DSM-IV-TR code (305.90) is used for 4 different diagnoses, including caffeine(Drug information on caffeine) intoxication and inhalant abuse, but the EHR’s printout only made the inhalant abuse diagnosis visible. Although the error was reported to the EHR vendor, the problem persists after almost 2 years.

“‘It is impossible for consumers to weigh the risks and benefits of using health IT and data exchanges when they have no idea where their data flows, who is using it or the purpose of its use,’ wrote Peel, a psychiatrist and psychoanalyst.”

“…Peel emphasized the importance of patients being able to control access to sensitive personal health information. The open source consent technologies, she explained, have been used for more than 12 years by many state mental health departments to exchange sensitive mental health and substance abuse data on some 4 million people in more than 8 states.”

“…’Millions of patients/year refuse to seek treatment when they know they cannot control where their data flows,” she wrote. “Any HIE or EHR that cannot selectively share data with the patient’s meaningful consent, withhold data without consent, AND withhold erroneous data is a failed system or technology. The refusal of certain health IT companies to build technologies that comply with the law and what patients expect shows very poor judgment.’”

If you wish to view the full article by Arline Kaplan and are a subscriber of Psychiatric Times, it can be found at Electronic Health Records and Patient Privacy- An Oxymoron?

Re: “You for Sale, A Data Giant is mapping, and Sharing, the Consumer Genome”

Below comment in response to the New York Times article “You for Sale, A Data Giant is Mapping, and Sharing, the Consumer Genome.”

Acxiom is the poster-child for why tough new laws are needed to protect personal information on the Internet, in electronic systems, and on cell phones ASAP. No data should be collected about Americans without prior meaningful, informed consent.

Natasha Singer’s story is a must read to understand how the use of personal data threaten people’s jobs, reputations, and future opportunities. The information is analyzed and sold to those who want detailed real-time profiles of who we are, including the health of our minds and bodies. Data analytics enable Acxiom to create and sell far more intimate, detailed personality and behavioral portraits than our own mothers or analysts might know about us (and would never share).

Most people have never heard of Acxiom or other hidden data users. Today, most Americans have no idea that personal data is used by thousands of corporations and government agencies to make decisions about whether they will receive jobs or benefits.

Even though the hidden data mining industry began by using personal information to improve marketing and advertising, Acxiom proves that the kind and amounts amount of identifiable data being collected are simply unacceptable. As for the collection of health information, the data mining industry is clearly violating Americans’ very strong legal, Constitutional, and ethical rights to control and keep personal health data private. To the public, this is theft of personal health information.

On June 6th at the 2nd International Summit on the Future of Health Privacy, Professor Latanya Sweeney of the Harvard Data Privacy Lab along with Patient Privacy Rights introduced theDataMap.org. This project will enable citizens and whistleblowers to help create a detailed picture/map of where sensitive personal health information flows, from prescription records, to DNA, to diagnoses. Without a ‘chain of custody’ for our identifiable health data, it’s impossible to know who uses our data or why. A ‘chain of custody’ for personal health data could show us whether potential employers or banks had bought or received our health data, learn about the many ways the federal government uses health data as described in the Federal Health Information Technology Strategic Plans, and see the names of for-profit and public research and public health institutions that use personal health data.

Health data has long been used to discriminate against people for jobs, insurance, and credit. This fact is so well known that every year tens of millions of us refuse to get early diagnoses and treatment for cancer, depression, and sexually transmitted diseases. Hidden data flow causes bad health outcomes; treatment delays can be deadly. We need the same kind of control/consent over the use of electronic health data that we have always had for paper medical records.

US Internet and electronic systems have made us the most intimately surveilled people in the Free World. In Europe, strong laws and privacy-enhancing technologies prevent hidden data collection and data flow, so everyone benefits from technology and harms are avoided.

European standards for the collection of personal data were created after WW II, when data were used to decide who would die. Europeans consequently passed the world’s toughest data privacy laws, preventing personal data from being collected or used without consent.

Europe also established regional Data Privacy Commissioners to defend citizens’ rights to control the collection and use of personal information and ensure data accuracy. The US needs them too.

Unless we know where trillions of bytes of our personal data flow, who uses it and why, we cannot weigh the benefits and risks of using the Internet, electronic systems, or cell phones. It’s time for Congress to end the massive hidden flows of personal data.

Top Experts Discuss Privacy Risks at 2nd International Summit on the Future of Health Privacy

Patient Privacy Rights and Georgetown University Law Center’s O’Neill Institute for National and Global Health Law Host Event

Psychiatry Patient’s Story Highlights Growing Threat to Privacy

WASHINGTON–(BUSINESS WIRE)– When a lawyer named “Julie” sought psychiatric treatment in Boston, she never imagined that the notes of sessions with her therapist would be digitized and made available to thousands of doctors and nurses—even dermatologists and podiatrists with no conceivable need for such private records. But that is precisely what happened. “Personal details that took me years to disclose during therapy are being shared throughout my medical network, against my will,” Julie says. “It’s destroyed my trust with my doctors.”

Julie will tell her story for the first time at the 2nd International Summit on the Future of Health Privacy, to be held in Washington, DC, on June 6-7. Sponsored by Patient Privacy Rights, the nation’s leading health privacy watchdog, and Georgetown University Law Center’s O’Neill Institute for National and Global Health Law, the Summit will explore the often-alarming privacy implications of the nation’s race to digitize patient medical records.

“Every state requires patient permission before sensitive mental health records can be shared with other doctors. But Julie found that hundreds of pages of intimate records, some detailing her abuse as a child, were open to the entire staff of her Boston-based healthcare system,” says Dr. Deborah Peel, founder of Patient Privacy Rights. “Julie is an example of how major electronic health records systems can actually strip patients of their privacy rights. Her tragic story highlights the need for the Privacy Summit—to shine light on these abuses and find solutions to protect patient privacy.”

40 Health-Privacy Experts Drive Debate:

More than 40 health-privacy experts from around the globe will gather for the Summit, including top U.S. government officials and leading CEOs, physicians and academics, along with several hundred live and virtual attendees. Speakers will discuss new policies including a Health Privacy Bill of Rights, data exchanges, secondary uses of health data and social media platforms that threaten patient privacy. In addition, the founder of Harvard’s Data Privacy Lab will announce the launch of a yearlong project, the first of its kind, to map the hundreds of secret organizations and agencies where private medical data is sold and shared in the United States.

Summit organizers also will announce the “The Best Privacy Technologies of 2012,” and companies will demonstrate new products that enhance patient control of personal health data.

Louis D. Brandeis Privacy Award:

To kick off the Summit, Patient Privacy Rights will honor the first-ever recipients of the Louis D. Brandeis Privacy Award. The privacy watchdog group will recognize Congressman Joe Barton (R-TX) and Congressman Ed Markey (D-MA) for their roles as leading congressional privacy advocates. And Alan Westin, Columbia University’s Emeritus Professor of Public Law and Government, and Ross Anderson, the University of Cambridge’s Professor in Security Engineering, will be honored for their groundbreaking work on consumer data privacy and security.

WHAT: The 2nd International Summit on the Future of Health Privacy
WHEN: June 6-7th, 2012
WHERE: Georgetown University Law Center
600 New Jersey Avenue, NW. Hart Auditorium, McDonough Hall
Washington, DC 20001

REGISTRATION: http://www.healthprivacysummit.org/d/3cq92g/4W

AGENDA: http://www.healthprivacysummit.org/d/3cq92g/6X

SPEAKERS: http://www.healthprivacysummit.org/d/3cq92g/6K

FOLLOW US ON TWITTER: @PrivacySummit

SPONSORS/PARTNERS: Accenture, CA Technologies, Dell, e-MDs, FairWarning®, Harvard Data Privacy Lab, IDExperts, Jericho Systems, Microsoft, PwC, RTI International, Telemedicine and Advanced Technology Research Center (TATRC), The O’Neill Institute at Georgetown Law Center, The University of Cambridge Computer Laboratory, The University of Texas School of Information

ABOUT PATIENT PRIVACY RIGHTS: Patient Privacy Rights is the nation’s leading bipartisan health privacy organization and leading consumer voice for building ethical, trustworthy healthcare IT systems. For more information, visit http://patientprivacyrights.org

Contact:
Keith Blackman, 202-730-5753
keith@blackmanmediasolutions.com
or
Jim Popkin, 202-686-6699
jim.popkin@sevenoaksmedia.com