Should the U.S. Adopt European-Style Data-Privacy Protections?

View the full article at Should the U.S. Adopt European-Style Data-Privacy Protections?

This urgent issue will be debated at the 3rd International Summit on the Future of Health Privacy in Washington, DC on June 5-6, 2013 at Georgetown Law Center.

The opening keynote will be Peter Hustinx, the EU Data Protection Supervisor. He will speak on “A health check on data privacy?”

Register to attend at . Later we will post a link to watch via live-streaming video.

Re: Big Changes Coming in EU Privacy Law

Regarding the article in the Genomics Law Report: Big Changes Coming in EU Privacy Law

The new EU standards for data privacy apply to health data and require the level of personal control over health data and informed consent that Americans expect from electronic health systems, but don’t have. US companies doing business in the EU will have to comply with these tough new privacy protections in a year or face penalties. If companies can build privacy-protective systems there, why not here?


  • Companies doing business in the EU must prove “every subject has given consent for the processing of their data for specified purposes. Consent is defined as “any freely given specific, informed and explicit [emphasis added] indication of will,” and can be withdrawn at any time. The subject will also have a controversial “right to be forgotten and to erasure.” This means that when the subject withdraws consent or “the data are no longer necessary” for the purposes for which they were collected, the company must render the data inaccessible, including on the Internet.”

Americans feel the exact same way the European public feels; they too want ethics-based systems that comply with longstanding rights to health privacy.

Since US companies will have to comply with strong patient privacy rights in the EU, they could obviously do the same in the US. Unless the US builds in the same strong patient protections, research comparing electronic health records in the US and EU will be impossible.

The Administration should use the EU example to move forward and require US electronic systems and data exchanges be built to comply with Americans’ longstanding rights to control the use of personal health information.

Re: Study shows privacy of medical records is weaker in the U.S.

A study of US and EU health data protections in the Journal of Science & Technology Law concluded Americans “have no real control over the collection of sensitive medical information if they want to be treated.”

Wow! It’s great to see legal scholars second the message that Americans’ rights to health privacy were eliminated.

You can see the article on the study in The Epoch Times here, written by Mary Silver.

For years, Patient Privacy Rights and the bipartisan Coalition for Patient Privacy were the lone voices carrying this message to Congress and the public.

Public and expert support to restore control over sensitive health data will only build. Soon, no one will buy the argument that privacy is an obstacle to electronic health systems.

Here are some other key quotes from the story:

  • “EU countries have adopted electronic health records and systems, or EHRs, and legally protected privacy at the same time.”
  • “The 1950 Council of Europe Convention identified individual privacy as a fundamental value”
  • “the good aspects of EHRs can be undermined by the bad consequences of poor privacy practices and the ugly effects of inadequate security”
  • “patient privacy is much better protected in Europe”
  • “European patients are able to encapsulate particularly sensitive medical information, and an individual has far greater access to and control over his records in Europe than in America.”

So, again why is the US government rushing to spend $29 billion on health IT systems that offer neither privacy nor security?

PPR responds to NHS sending patient information to India

In response to article: NHS sends confidential patients’ records to India despite pledges it would not

In the US, the use of “cloud computing” for sensitive electronic health information creates EXACTLY the same dangers that British health records are exposed to in India: hundreds or thousands of staff can access and sell health records.

  • “Indian data entry staff will have access to the names, addresses and NHS numbers of patients – along with private information about medical appointments.”
  • “The risks of transferring data overseas were highlighted last year when undercover reporters for a TV programme were able to buy health records from a private London hospital, which had been processed in India. The sellers said they had access to thousands of British medical records.”

It is impossible to ensure ironclad security for health data in far-away nations –actually we don’t yet have a way to be sure that health data in America has ironclad security protections in place either. And it’s impossible to hold cloud servers in other countries liable for the theft, sale, or breach of privacy of your health data—which they probably NOT report to us anyway. Which nation’s cloud servers would you trust with your sensitive health records?

NHS sends confidential patients’ records to India despite pledges it would not

The NHS is sending millions of patient records to India for processing, it emerged yesterday.

In the latest privacy scandal to hit the Health Service, Indian data entry staff will have access to the names, addresses and NHS numbers of patients – along with private information about medical appointments.

Managers have given the green light to the scheme despite concerns over poor security at some Indian companies.