The Individual’s Right to Restrict Disclosure of Health Information

This article gives a great explanation of how industry has fought to influence those in government that write the ‘rules’ for how federal law works in practice. The key industry tactic is to complain that complying with the law is too costly, or impossible, or would take too much time. For reasons we don’t understand, the government agency that writes the ‘rules’ takes the side of industry rather than defending patients.

From ABA Health eSource, Jim Pyles, “The Right to Obtain Restrictions Under the HIPAA/HITECH Rule:
A Return to the Ethical Practice of Medicine
.

The Individual’s Right to Restrict Disclosure of Health Information
AuthorThe HIPAA/HITECH Final Omnibus Rule issued on January 25, 2013 restores the right for Americans to retain some control over the disclosure of their health information as part of the “floor” of federal privacy protections afforded by HIPAA.(1) Under the new rule, individuals have a right to obtain restrictions on the disclosure of health information in electronic or any other form to a health plan for payment or healthcare operations with respect to specific items and services for which the individual has paid the covered entity out of pocket in full.(2) Such requests for restrictions must be granted by the covered entity unless disclosure is required by law. Covered entities must also include this right in their notices of privacy practices.(3) The guidance in the preamble states that only healthcare providers are required to include such a statement in their notices of privacy practices; however, the language of the statute and the regulation itself states that the notice requirement applies to covered entities.(4) The new rule became effective March 26, and covered entities must be in compliance by no later than September 23, 2013.(5)

————-

1 78 Fed. Reg. at 5628 (January 25, 2013).
2 45 C.F.R. § 164. 522(a)(1)(vi).
3 45 C.F.R. § 164.520(b)(1)(iv).
4 HITECH Act, section 13405(a); 45 C.F.R. § 164.522(a)(1)(vi) (as amended).
5 78 Fed. Reg. at 5566.

Re: Web site helps people profit from information collected about them

See the new story in the Washington Post by Thomas Heath: Web site helps people profit from information collected about them

A new technology called “Personal” allows people to control some their personal information and monetize it themselves.   A technology like “Personal” could give us control over our personal health data, which is constantly being “monetized” today without our consent and sold for uses that have nothing to do with improving our health.

“Personal” is betting that data we enter about ourselves and our product preferences will be very attractive to corporations that want to know us and/or sell to us. Today corporations use and sell whatever information they can scavenge about us online.

Similarly, sensitive health data that we control and release will be FAR more valuable to our doctors, researchers, and marketers because we have checked it for accuracy and completeness.  No one has quite the same motivation to ensure the accuracy and completeness of our health data as we do: it’s literally a matter of life and death.

Here is the business model “Personal” uses:

  • “if you mon­etize your data (Personal doesn’t like the word “sell”) through commercial activities with companies that want to buy it. Personal wants to be your “agent,” collecting a 10 percent fee on the compensation you receive each time you monetize your data.
  • EXAMPLE:  “So if I were a user of Personal, I could fill in the data fields in my “gem” on travel preferences for my trip to Stockholm this summer. I would release the information to Stockholm hotels, which could compete for my business based on my preferences for a clubby hotel bar, delicious breakfasts, a king-size bed and access to running trails. If a hotel gave me a discount or cash payment, Personal would collect a 10 percent fee.”

JUST LIKE in today’s electronic healthcare systems where we are powerless to stop the theft and sale of health data, “Personal can’t stop companies and others from scavenging data by tracking your online activities. It does, however, “give you the tools to monetize your data, but only if you want to,” Green said.”

“Personal’s” model of individual control over personal data could work very well with sensitive health data—–giving us choices, like NOT selling anything at all. But, Granny could sell some of her health information to afford her medications.  Or Dad could sell some of his data for research to afford treatment.

At a time when healthcare is not affordable for so many people, why should hospitals, pharmacies, doctors, labs, health IT and HIE vendors, prescription data mining corporations, insurers, transcription companies, data warehouses, states like Texas, digital devices, cell phone corporations and innumerable others be able to sell and “monetize” health data, instead of patients?

Many are concerned that if patients can monetize their data, poor and vulnerable people will give up privacy for money and the rich won’t need to. But how moral is the current system where corporations secretly profit from health information about the poor and rich alike?

To date, federal and state laws designed to prevent the sale of our protected health information have not been implemented or enforced. Congress and the states intended to stop the sales of health data without consent, but industry lobbies have effectively prevented the laws from working.

When was the last time your pharmacy asked if they could sell your prescription details? All US pharmacies sell everyone’s prescription records every night. See: http://patientprivacyrights.org/consumers/campaign-for-perscription-privacy/