Sign the Petition for Patient-Controlled Exchange of Health Information

Sign the petition asking Congress to put you in control of exchanging your sensitive health data via Health Data Exchanges (HIEs)!

Sign the petition here.

By the end of the year, every state must have one or more Health Information Exchange (HIEs) so your health data can be transferred to other doctors, the state, the federal government, insurers, technology companies, researchers, commercial users, and many other institutions.

Today those institutions and organizations decide when and to whom to transfer your health data—not you.

KEY PRINCIPLES FOR DATA EXCHANGE USING HIEs:

• You should control whether or not your health information is exchanged.

• You should have full access to electronic copies of all your health information.

• You should know what information the HIE exchanges, stores or collects, with whom your data is shared, and the purpose for using it.

View and sign the petition asking Congress to strengthen the law so Americans can trust electronic health systems and data exchanges.

States’ Hospital Data for Sale Puts Privacy in Jeopardy

TODAY: watch Prof Sweeney and Jordan Robertson present their research on how easily patients could be re-identified patients from hospital data sold by the state of Washington —at the 3rd International Summit on the Future of Health Privacy in Washington, DC. Register to watch free at: www.healthprivacysummit.org.
Every state sells or gives away sensitive hospital data without regard to how easily it can be re-identified and sold, not just Washington. The buyers may want to sell you something or use your records for employment background checks. Health data is easily available for hidden discrimination.

The solution is all users of personal health data should have to ask first.

Leader of Hospital Identity Theft Ring Sentenced

It’s impossible to stop the tsunami of fraud, ID theft, and medical ID theft until we rebuild US health IT systems to prevent open access to millions of patient records by thousands of hospital and insurance company employees.
Systems should be re-built to allow ONLY those few people who are directly involved with a patient’s treatment to access their health records.

  • ·         ONLY those who carry out the orders of the patient’s physician should be able to access that patient’s electronic health records
  • ·         the other hundreds or thousands of hospital system employees and staff members should not be physically or technically able to access that patient’s records
  • ·         When a patient is admitted, one physician is in charge of diagnosis and treatment.
  • ·         All people the attending physician orders to treat the patient (nurses, consultants, respiratory therapists, etc, etc) work for that physician, the “captain of the ship”

Health data cannot possibly be protected when thousands of people have access to millions of patient records.  Employees of the hundreds of separate health technologies used by every hospital also have open access to millions of patient records.
The more people have access to sensitive personal health data, the easier it is to steal, sell, misuse it.

Re: Poor Prognosis for Privacy

In response to The Wall Street Journal article by Melinda Beck: Poor Prognosis for Privacy

Most healthcare institutions and John Halamka ignore the fact that for over a decade technology has empowered millions of patients to control which parts of their electronic health records are disclosed for mental health and addiction treatment. The technology for ‘segmentation’ exists.

Congress, the courts, state and federal laws, and medical ethics require that patients control who can see and use sensitive personal health data, yet federal regulators who write the rules for industry have not required electronic health systems to use either ‘segmentation’ or other technologies like meta-data tagging that could also enable selective disclosures of health information.

When the public finds out they can’t control the use or disclosure of sensitive personal health data, many millions will refuse early diagnosis and treatment for cancer, depression, and STDs every year—and millions more will hide information, refuse tests, and act in ways that put their health at risk. These are bad outcomes.

Should the public be forced to use health technology systems that cause bad outcomes? Why not require technology that IMPROVES health outcomes?

The Right to Obtain Restrictions Under the HIPAA/HITECH Rule: A Return to the Ethical Practice of Medicine

To view the full article, please visit: The Right to Obtain Restrictions Under the HIPAA/HITECH Rule: A Return to the Ethical Practice of Medicine.

Great explanation of how industry has fought to influence those in government that write the ‘rules’ for how federal law works in practice. The key industry tactic is to complain that complying with the law is too costly or impossible or would take too much time. For reasons we don’t understand, the government agency that writes the ‘rules’ takes the side of industry rather than defending patients.

GOP senators seek to ‘reboot’ federal health IT policy, unveil white paper

This article is by subscription only: GOP senators seek to ‘reboot’ federal health IT policy, unveil white paper

“Key GOP senators released a white paper Tuesday (April 16) raising concerns with federal policy on health information technology, and the lawmakers seek feedback from stakeholders — including the administration, hospitals and vendors – on how the program can be improved. The senators worry that the $35 billion allocated to health IT in the 2009 stimulus package is being spent inefficiently and suggest Congress, the administration and stakeholders work together to “reboot” the electronic health record incentive program so that it to accomplish its goals.”

Materials of interest:

More articles discussing this action:

Employees’ unhealthy habits have growing effect on their insurance premiums

The story below concludes that “Employees now contribute 42 percent more for health care than they did five years ago.”   Just because employees are stuck paying higher healthcare bills doesn’t necessarily mean they are causing costs to increase.

If employees were driving up healthcare costs, then using financial penalties to force them to undergo intrusive health screenings and join wellness programs might make sense.

But employees aren’t causing the high costs of healthcare in the US.  Time magazine concluded that healthcare corporations, such as hospitals and the pharmaceutical industry, outpatient procedures, and lobbying costs are the main culprits.

Time magazine’s issue titled “Bitter Pill, why medical bills are killing us” identified several factors in high US healthcare costs:

The article below quotes the National Business Group on Health (NBGH), a lobbying group with assests of $18,772,047 in 2011. The NBGH blames employees for rising healthcare costs, instead of its many healthcare corporation members.

  • -URL for NBGH members: https://www.businessgrouphealth.org/join/members.cfm
  • -Blaming employees allows the NBGH to defend using coercive, intrusive wellness programs even for employees with complex, hard-to-manage illnesses, that wellness programs don’t help:
    • -See “Wellness Incentives In The Workplace: Cost Savings Through Cost Shifting To Unhealthy Workers” By Jill R. Horwitz, Brenna D. Kelly, and John E. DiNardo. Health Affairs, 32, no.3 (2013):468-476; doi: 10.1377/hlthaff.2012.0683; http://content.healthaffairs.org/content/32/3/468.full.html

Meanwhile screening companies, labs, and wellness programs collect sensitive employee health information and control its use, disclosure, and sale.

  • -There is no ‘chain of custody’ for health data so employees have no way to know who sees their health information.
  • -The US has NO data map to track the thousands of hidden companies that collect, use, or sell Americans’ personal health information.
  • -Corporations that collect employees’ health information treat it as a corporate asset, not as sensitive personal information that patients have strong rights to control.
  • -So it’s impossible to verify whether the NBGH lobbyist’s statement that “few employers would risk intentionally misusing such information” is true or false.

Blaming people who are sick for the high costs of their medical care instead of the corporations that overcharge is a really neat trick. It also provides a rationale for coercing employees to enter wellness programs and violating their rights to health privacy.

Unfortunately, simply “blaming the victims” won’t solve escalating healthcare costs.  We have to look broadly at individuals, the entire healthcare system, the food-chain, and larger cultural factors to identify and deal with all the real causes.

athenahealth and Mashery team up for health developer-friendly API initiative

To view the full article, please visit athenahealth and Mashery team up for health developer-friendly API initiative.

Electronic health records (EHRs) companies allow access to patients sensitive health data and sensitive information about physicians’  practices so technology companies can develop applications.

Applications have the potential to be useful to physicians and patients but at what cost to privacy? Will EHR “apps” secretly collect and sell people’s information the way Smartphone apps collect and sell contact, GPS data and more?  We now know the business model for many technologies is selling intimate personal data.

Quotes:

  • ·athenahealth will open “access to doctors’ appointment data, patient’s medical history (anonymized) , billing information and more”,
  • ·“the company hopes developers will be able to create an ecosystem of apps on top of athenahealth’s EMR service”
  • ·“Other EMR providers, including Allscripts and Greenway, have also opened up their APIs to developers and created app marketplaces.”

The press release on this athenahealth project stated, We’re providing the data and knowledge from our cloud-based network, a captive audience for developers to innovate for, and an online sandbox to do it all in.”

  • ·Who are the “captives”? athenahealth’s 40,000 physicians and their 100’s of thousands of patients

QUESTIONS:

  • ·When were the “captive” patients asked for consent for strangers who want to use and monetize their health records?
  • ·When were “captive” physicians asked consent for strangers to use information about their practices, what they charge, who they treat, how they treat patients, how they are paid by whom, and much more?
  • ·Why does athenahealth claim that patient data is “anonymized”—-when its impossible to prevent “anonymized” patient records from easy re-identification?

Many electronic health record (EHR) companies allow access/or sell sensitive patient data to technology developers and other companies.

BROADER QUESTIONS

  • ·When did the public learn about, debate, or agree to the use of their sensitive patient data by technology companies to build products?
  • ·Why do technology companies claim that “anonymization” and “de-identification” of health data works, when computer science has clearly proved them wrong?
  • ·How is the identifiable health data of hundreds of thousands of patients protected from any OTHER uses the technology developers decide to use it for?
  • ·How can the public weigh the risks and harms vs. benefits of using EHRs when there is no ‘chain of custody’ for our health data and no data map that tracks the thousands of HIDDEN users of our personal health information?
  • See Harvard Prof Latanya Sweeney explain the need for a data map at: http://tiny.cc/5pjqvw
    • -Attend or watch via live-streaming video the 2103 International Summit on the Future of Health Privacy in Washington DC June 5-6 to see the first data map Prof Sweeney’s team has built. Registration to attend or watch is free at: www.healthprivacytsummit.org

Privacy Framework: A Practical Tool?

An interesting article about our Privacy Framework- to view the full article please visit Privacy Framework: A Practical Tool?

Some key quotes:

“The PPR Trust Framework is … designed to help organizations ensure that technology and IT systems align with the privacy requirements of critical importance to patients and reflect their legal and ethical rights to health information privacy,” Peel says.

“The framework was developed by a group within Patient Privacy Rights – the bipartisan Coalition for Patient Privacy – along with Microsoft and the consulting firm PricewaterhouseCoopers, Peel says. It was developed, tested and validated on Microsoft’s HealthVault personal health record platform.”

“Ensuring the privacy of patient data is a key concern for any healthcare IT vendor,” says Sean Nolan, distinguished engineer, Microsoft HealthVault. “Microsoft as a company advocates for a more standardized federal approach to the privacy of data, and this is especially true for the HealthVault team. We believe that it takes a deep corporate commitment to the privacy of patient data in order to support initiatives such as the PPR Trust Framework.”

Mostashari, policy committee take critical look at CommonWell

To view the full article, please visit: Mostashari, policy committee take critical look at CommonWell

The ONLY way patients/the public will trust health technology systems is if THEY control ‘interoperability’—-ie if THEY control their sensitive health data. Patients have strong rights to control exactly who can collect, use, and disclose their health data. This also happens to be what the public expects and wants MOST from HIT……The public has strong legal rights to control PHI, despite our flawed HIT systems.

The story below is about an attempt by large technology vendors and the government to maintain control over the nation’s sensitive health data. Institutional/government-sanctioned models like the CommonWell Alliance violate patients’ rights to control their medical records (from diagnoses to DNA to prescription records).  Patients should be able to:

  • -choose personal email addresses as their IDs, there is no need for Institutions to choose ID’s for us—email addresses on the Internet work very well as IDs
  • -download and store their health information from electronic records systems (EHRs)–required by HIPAA since 2001, but only now becoming reality via the Blue Button+ project
  • -email their doctors using Direct secure email

Today’s systems violate 2,400 years of ethics underlying the doctor-patient relationship and the practice of Medicine: ie Hippocrates’ discovery that patients would only be able to trust physicians with deeply personal information about their bodies and minds IF the doctors never shared that information without consent. That ‘ethic’—-ie, to guard the patient’s information and act as the patient’s agent and protector is codified in the Hippocratic Oath and embodied in American law and the AMA Code of Medical Ethics. Americans have strong rights to health information privacy which HIPAA has not wiped out (HIPAA is the FLOOR, not the CEILING for our privacy rights).

The public does NOT agree that their sensitive health data should be used without consent—they expect to control health information with rare legal exceptions. See: http://patientprivacyrights.or…. HUGE majorities believe that individuals alone should decide what data they want to share with whom—not one-size-fits-all law or policies.

Nor does the public agree to use of their personal health data for “research”—whether for clinical research about diseases or by industry for commercial use of the data via the ‘research and public health loopholes’ in HIPAA. Only 1% of the public agrees to unfettered use of personal health data for research. Read more about these survey results here.

The entire healthcare system depends TOTALLY on a two-person relationship, and whether there is trust between those two people. We must look at the fact that today’s HIT systems VIOLATE that personal relationship by making it ‘public’ via the choice of health technology systems designed for data mining and surveillance. Instead we need technology designed to ensure patient control over personal health information (with rare legal exceptions). When patients cannot trust their doctors, health professionals, or the flawed technology systems they use, the consequence is many millions of patients avoid or delay of treatment and hide information. Every year many millions of Americans take actions which CAUSE BAD OUTCOMES.

Current health technologies and data exchange systems cause millions of people annually to risk their health and lives, ie the technologies we are using now cause BAD OUTCOMES.

We have to face facts and design systems that can be trusted. Patient Privacy Rights’ Trust Framework details in 75 auditable criteria what it takes to be a trusted technology or systems. See:http://patientprivacyrights.or… or download the paper at:
http://ssrn.com/abstract=22316…