Guest Article: The Causes of Digital Patient Privacy Loss in EHRs and Other Health IT Systems

Check out the latest from Shahid Shah, courtesy of The Healthcare IT Guy.

This past Friday I was invited by the Patient Privacy Rights (PPR) Foundation to lead a discussion about privacy and EHRs. The discussion, entitled “Fact vs. Fiction: Best Privacy Practices for EHRs in the Cloud,” addressed patient privacy concerns and potential solutions for doctors working with EHRs.

While we are all somewhat disturbed by the slow erosion of privacy in all aspects of our digital lives, the rather rapid loss of patient privacy around health data is especially unnerving because healthcare is so near and dear to us all. In order to make sure we provided some actionable intelligence during the PPR discussion, I started the talk off giving some of the reasons why we’re losing patient privacy in the hopes that it might foster innovators to think about ways of slowing down inevitable losses.

Here are some of the causes I mentioned on Friday, not in any particular order:

  • Most patients, even technically astute ones, don’t really understand the concept of digital privacy. Digital is a “cyber world” and not easy to picture so patients believe their data and privacy is protected when it may not be. I usually explain patient privacy in the digital world to non-techies using the analogy of curtains, doors, and windows. The digital health IT world of today is like walking into a patient’s room in a hospital in which it’s a large shared space with no curtains, no walls, no doors, etc. (even for bathrooms or showers!). In this imaginary world, every private conversation occurs so that others can hear it, all procedures are performed in front of others, etc. without the patient’s consent and their objections don’t even matter. If they can imagine that scenario, then patients will probably have a good idea about how digital privacy is conducted today — a big shared room where everyone sees and hears everything even over patients’ objections.
  • It’s faster and easier to create non-privacy-aware IT solutions than privacy-aware ones. Having built dozens of HIPAA-compliant and highly secure enterprise health IT systems for decades, my anecdotal experience is that when it comes to features and functions vs. privacy, features win. Product designers, architects, and engineers talk the talk but given the difficulties of creating viable systems in a coordinated, integrated digital ecosystem it’s really hard to walk the privacy walk  Because digital privacy is so hard to describe even in simple single enterprise systems, the difficulty of describing and defining it across multiple integrated systems is often the reason for poor privacy features in modern systems.
  • It’s less expensive to create non-privacy-aware IT solutions. Because designing privacy into the software from the beginning is hard and requires expensive security resources to do so, we often see developers wait until the end of the process to consider privacy. Privacy can no more be added on top of an existing system than security can — either it’s built into the functionality or it’s just going to be missing. Because it’s cheaper to leave it out, it’s often left out.
  • The government is incentivizing and certifying functionality over privacy and security. All the meaningful use certification and testing steps are focused too much on prescribed functionality and not enough on data-centric privacy capabilities such as notifications, disclosure tracking, and compartmentalization. If privacy was important in EHRs then the NIST test plans would cover that. Privacy is difficult to define and even more difficult to implement so the testing process doesn’t focus on it at this time.
  • Business models that favor privacy loss tend to be more profitable. Data aggregation and homogenization, resale, secondary use, and related business models tend to be quite profitable. The only way they will remain profitable is to have easy and unfettered (low friction) ways of sharing and aggregating data. Because enhanced privacy through opt-in processes, disclosures, and notifications would end up reducing data sharing and potentially reducing revenues and profit, we see that privacy loss is going to happen with inevitable rise of EHRs.
  • Patients don’t really demand privacy from their providers or IT solutions in the same way they demand other things. We like to think that all patients demand digital privacy for their data. However, it’s rare for patients to choose physicians, health systems, or other care providers based on their privacy views. Even when privacy violations are found and punished, it’s uncommon for patients to switch to other providers.
  • Regulations like HIPAA have made is easy for privacy loss to occur. HIPAA has probably done more to harm privacy over the past decade than any other government regulations. More on this in a later post.

The only way to improve privacy across the digital spectrum is to realize that health providers need to conduct business in a tricky intermediary-driven health system with sometimes conflicting business goals like reduction of medical errors or lower cost (which can only come with more data sharing, not less). Digital patient privacy is important but there are many valid reasons why privacy is either hard or impossible to achieve in today’s environment. Unless we intelligently and honestly understand why we lose patient privacy we can’t really create novel and unique solutions to help curb the loss.

What do you think? What other causes of digital patient privacy loss would you add to my list above?

Courtesy of The Healthcare IT Guy.

3 reasons for the demise of patient privacy

By Dan Bowman from FierceHealthIT

Several factors have contributed to the demise of patient privacy in recent years, according to software analyst and healthcare blogger Shahid Shah (a.k.a., The Health IT Guy).

For example, Shah said at a recent discussion hosted by the Patient Privacy Rights Foundation on the best privacy practices for electronic health records in the cloud, patients tend to not “demand” privacy as the cost of doing business with providers.

“It’s rare for patients to choose physicians, health systems or other care providers based on their privacy views,” Shah said in a blog post summarizing thoughts he shared at the event. “Even when privacy violations are found and punished, it’s uncommon for patients to switch to other providers.”

To view the full article visit 3 reasons for the demise of patient privacy

 

Here’s Scary: Your Social Security Number Is Just a Click Away

From Nancy Smith of the Sunshine State News:

Snafus involving the mandated switch from paper to electronic medical records have been happening for the last few years as the Affordable Care Act geared up. Horror stories — like the one about a California orthopedic surgeon whose medical-records software provider sold his patients’ records to anybody who wanted them — are more common than most people realize. Read the incredible story.

“This is a nightmare. It’s nothing we’ve ever seen before in medicine,” said patient privacy-rights advocate Dr. Deborah Peel.

Peel said many patients and doctors don’t know the federal government quietly eliminated patients’ privacy rights for electronic records. “It’s a free-for-all,” she said. “It’s the Wild West. Today there are over 4 million different kinds of organizations and companies that can see and use our medical records without our knowledge, without our permission and we can’t refuse.”

Peel said we can actually thank Healthcare.gov, the Obamacare sign-up website, for waking us up and making us think about what happens to our personal health information on a big bureaucratic website.

All of a sudden, Americans get it, she said — and the Obama administration isn’t pleased at having to deal with another strain of negativity in the rollout of its health plan. The government, remember, spent some $2 billion just to encourage the adoption of electronic health records.

Peel, a physician and probably the most renowned national speaker on health privacy, believes Healthcare.gov will amount to government surveillance of all health information unless some mobile “app” is developed so patients can access and control the dispersal of their own data, with Social Security numbers at the top of the list.

“Health information is the most valuable personal data about you, bar none,” Peel said. “We (at Patientprivacyrights.org) tremendously support technology, but technology that’s smart, that serves you and does what you expect — that doesn’t serve hidden industries that steal data or (is subject to) government surveillance. Government technology could put us in much better control of our information.

“We need to develop a mobile ‘app’ that would let you find out what happens to your information We need new technology and privacy protections to be put in place.” See Peel’s remarks on Patientprivacyrights.org.

Please click here to read the full article.

Providers NOT Required To Keep EHR Audit Systems Turned On

“If healthcare providers are using their electronic health records to falsify medical billing or cover their tracks after mistakes, there’s an easy way for investigators to find out: Check the audit trail.”

“Unfortunately, federal rules don’t require healthcare providers to keep their automated audit systems turned on. A study out this week from HHS’ watchdog office (PDF) finds that many healthcare providers can simply disable their logs or alter them after the fact—and experts say the problem may be far worse than what the study found.”

“HHS’ inspector general’s office this week reported the results of a voluntary survey of all 900 hospitals that had received federal subsidies to buy electronic health record systems as of March 2012. The survey, which had a 95% response rate, found that 44% of the hospitals reported having the ability to delete their EHR audit logs. Another 33% could disable the audit logs, while 11% could edit the records at will.”

To view the full article please visit: Providers Not Required To Keep EHR Audit Systems Turned On

A Family Consents to a Medical Gift, 62 Years Later

Should researchers control the use of everyone’s genomes?

It’s time for a national debate about when and how our genetic information should be used.  The healthcare industry and government are planning that our genomes will soon be part of our electronic health records, so that sensitive data can be used without patient consent. The cost of sequencing a genome will soon drop below $1,000.

But the debate about who should control the use of this unique, personal information must be informed by knowing/tracking the hidden flows of genetic data.

The next phase of theDataMap should track the use, sale, and disclosure of genetic information: from hospitals, labs, and genomic sequencing companies to private biobanks, etc, etc.

We cannot weigh risks vs. benefits of open access to genetic data when the risks are unknown.