Sizing Up De-Identification Guidance, Experts Analyze HIPAA Compliance Report (quotes PPR)

To view the full article by Marianne Kolbasuk McGee, please visit: Sizing Up De-Identification Guidance, Experts Analyze HIPAA Compliance Report.

The federal Office of Civil Rights (OCR), charged with protecting the privacy of nation’s health data, released a ‘guidance’ for “de-identifying” health data. Government agencies and corporations want to “de-identify”, release and sell health data for many uses. There are no penalties for not following the ‘guidance’.

Releasing large data bases with “de-identified” health data on thousands or millions of people could enable break-through research to improve health, lower costs, and improve quality of care—-IF “de-identification” actually protected our privacy, so no one knows it’s our personal data—-but it doesn’t.

The ‘guidance’ allows easy ‘re-identification’ of health data. Publically available data bases of other personal information can be quickly compared electronically with ‘de-identified’ health data bases, so can be names re-attached, creating valuable, identifiable health data sets.

The “de-identification” methods OCR proposed are:

  • -The HIPAA “Safe-Harbor” method:  if 18 specific identifiers are removed (such as name, address, age, etc, etc), data can be released without patient consent. But .04% of the data can still be ‘re-identified’
  • -Certification by a statistical  “expert” that the re-identification risk is “small” allows release of data bases without patient consent.

o   There are no requirements to be an “expert”

o   There is no definition of “small risk”

Inadequate “de-identification” of health data makes it a big target for re-identification. Health data is so valuable because it can be used for job and credit discrimination and for targeted product marketing of drugs and expensive treatment. The collection and sale of intimately detailed profiles of every person in the US is a major model for online businesses.

The OCR guidance ignores computer science, which has demonstrated ‘de-identification’ methods can’t prevent re-identification. No single method or approach can work because more and more ‘personally identifiable information’ is becoming publically available, making it easier and easier to re-identify health data.  See: the “Myths and Fallacies of “Personally Identifiable Information” by Narayanan and Shmatikov,  June 2010 at: http://www.cs.utexas.edu/~shmat/shmat_cacm10.pdf Key quotes from the article:

  • -“Powerful re-identification algorithms demonstrate not just a flaw in a specific anonymization technique(s), but the fundamental inadequacy of the entire privacy protection paradigm based on “de-identifying” the data.”
  • -“Any information that distinguishes one person from another can be used for re-identifying data.”
  • -“Privacy protection has to be built and reasoned about on a case-by-case basis.”

OCR should have recommended what Shmatikov and Narayanan proposed:  case-by-case ‘adversarial testing’ by comparing a “de-identified” health data base to multiple publically available data bases to determine which data fields must be removed to prevent re-identification. See PPR’s paper on “adversarial testing” at: http://patientprivacyrights.org/wp-content/uploads/2010/10/ABlumberg-anonymization-memo.pdf

Simplest, cheapest, and best of all would be to use the stimulus billions to build electronic systems so patients can electronically consent to data use for research and other uses they approve of.  Complex, expensive contracts and difficult ‘work-arounds’ (like ‘adversarial testing’) are needed to protect patient privacy because institutions, not patients, control who can use health data. This is not what the public expects and prevents us from exercising our individual rights to decide who can see and use personal health information.

Re: 2012: Time for Action on Health Privacy

Things in Washington DC must really be bad if Deven McGraw, Chair of the Privacy and Security Tiger Team and member of the national Health IT Policy Committee, is speaking out so clearly about the lack of privacy protections in federal policy. She states in the article “2012: Time for Action on Health Privacy” that it’s time for HHS/ONC to change their “pattern” of “too much talk and not enough action” to protect privacy. Is there a privacy crisis? PPR thinks it’s critical to build privacy and patient control over data in up front. Now is the time!

See full article

“Consumers and patients support the electronic sharing of health information and are eager to experience the benefits of widespread adoption and use of electronic health records. Yet a substantial majority continue to express significant concerns regarding the impact of e-health on the privacy and security of their health information. According to a recent survey by the Markle Foundation, the privacy of health information is a significant concern for the American public and doctors who serve them.

Building and maintaining public trust in health IT and health information sharing will be critical to leveraging their benefits to improve individual and population health. The rhetoric from the Office of the National Coordinator for Health IT and HHS has been consistently strong on the importance of respecting the confidentiality of health information; however, with a few exceptions, the pattern has been too much talk and not enough action.”

They got it wrong… AGAIN!

See article: ‘Meaningful Use’ criteria released

Can you believe it? Doctors and hospitals that purchase electronic health records (EHRs) ‘wired’ for ‘back-door’ data mining will be paid to steal and use our sensitive health records without our permission!

The government and the massive health data mining industry won. Industry and the government’s plan to continue illegal and unethical data mining trumped Americans’ rights to health privacy.

The rules guarantee that employers, insurers, banks, and government will be able to use our sensitive health information—from prescriptions to DNA— to discriminate against us in jobs, credit, and insurance.

Instead, the new interim rules for EHRs should reward the purchase and use of ‘smart’ EHRs with consent technologies so patients control who can see and use their health records.

The stimulus billions will be wasted because doctors and hospitals will be rewarded for using obsolete, unethical EHR ‘clunkers’. Like the UK, the US will be forced to spend billions to correct a disastrously flawed national electronic health system that prevents patients from controlling their health records.

To understand the “meaningful use” criteria that SHOULD be required in EHRs, see the comments submitted to the Administration by the bipartisan Coalition for Patient Privacy, representing millions of Americans: http://www.localhost:8888/pprold/media/Coalition_to_HIT_PC_Meaningful_Use.pdf

When will the Administration and corporations get it? Privacy protections have to be tough and comprehensive if we want a national HIT system that consumers will trust and use.

To act, join www.localhost:8888/pprold to get e-alerts. Stop corporations and the government from using your sensitive health information for uses you would never agree to.

But privacy is ALREADY gone!

Refer to Wall Street Journal article: Is Government Health Care Constitutional?

The authors fear that Americans’ health privacy rights will be eliminated by health reform if a proposed “public plan” evolves into “single payer”.

They are too late, there is no privacy (the right to control personal information) in the US electronic health system —EXCEPT for the strong new rights Congress added to the stimulus bill: the ban on sales of PHI, the right to segment sensitive records, and the right to limit disclosure of PHI to health plans for payment or HCO if treatment is paid for out-of-pocket.

Our strong existing ethical and legal privacy rights (a powerful national consensus arrived at over 200+ years) are being totally ignored by federal and state government and industry.

The authors clearly don’t know that we have no health privacy today or that privacy advocates in the bipartisan Coalition for Patient Privacy (representing 10 million Americans) work to restore those rights.

In 2002, amendments to the HIPAA regulations granted new rights to corporations and government to use ALL health data without informed consent for purposes no one would ever agree to AND eliminated Americans’ rights to give consent before our data is used. See:HIPAA_Intent_Vs_Reality . In 1999, the HIPAA statute granted law enforcement unfettered access to all electronic health records without informed consent or any judicial process.

Both Democratic and Republican Administrations and Congress have contributed to eliminating patients’ rights to control personal health information. The ONC-Coordinated Federal Health IT Strategic Plan: 2008-2012, requires all EHRs to be “wired” for data mining and requires every citizen to have an EHR by 2014.
See:HITStrategicPlan08.pdf

The Federal Strategic Plan grants “back door” access to the nation’s electronic records to government agencies; to the for-profit research industry for P4P, QI, population health, genetic research (personalized medicine), etc; and to the insurance industry to detect fraud (this is one of the most offensive and discriminatory measures planned–the last people patients want to have MORE access to sensitive health records are insurers and employers).

Key Quotes:

• The Supreme Court created the right to privacy in the 1960s

• the justices posited a constitutionally mandated zone of personal privacy that must remain free of government regulation, except in the most exceptional circumstances.

• Taking key decisions away from patient and physician, or otherwise limiting their available choices, will render any new system constitutionally vulnerable.

• if over time, as many critics fear, a “public option” health insurance plan turns into what amounts to a single-payer system, the constitutional issues regarding treatment and reimbursement decisions will be manifold. The same will be true of a quasi-private system where the government claims a large role in defining acceptable health-insurance coverage and treatments. There will be all sorts of “undue burdens” on the rights of patients to receive the care they may want. Then the litigation will begin.

• In crafting the law, however, its White House and congressional sponsors must keep privacy — that near absolute right to personal autonomy they have so often praised and promoted — squarely before them. The only thing that is certain today is that the courts, and not Congress, will have the last word.

The authors tilt at the wrong windmill –not realizing they are too late: the privacy for health data in electronic systems is already GONE. We hope they will join us and work to RESTORE Americans’ longstanding ethical and legal rights to health privacy–regardless of a “public plan” or whether it turns into “single payer”.

A Start to Securing PHI?

Sometimes press releases for new products tell us far more about the risk of identity theft in electronic health systems than the mainstream press or trade journals.

Check out this zinger quote: “Most organizations don’t even know where their PHI is.” Why doesn’t the mainstream press tell the public that the health care organizations (like hospitals) have no idea where all their sensitive personal health data resides?

How about this: “The software (Identity Finder) automatically finds PHI such as social security numbers, medical record numbers, dates of birth, driver licenses, personal addresses, and other private data within files, e-mails, databases, websites, and system areas. Once found, the software makes it simple for users or administrators to permanently shred, scrub, or secure the information.” Emails? Who sends drivers license numbers, SS#s, and Dates of Birth in emails? Clearly lots of healthcare organizations do.

We can only hope products like this sell.

See full article at:

http://news.prnewswire.com/DisplayReleaseContent.aspx?ACCT=104&STORY=/www/story/05-05-2009/0005019328&EDATE

Reducing Cost or Care? Orszag on HIT

Fascinating ‘insider’ article on the budget process and the Orzag/Obama plan to reduce healthcare costs by building a health IT system ‘wired’ for data mining:
“At the core of both the stimulus bill and the Obama budget is Orszag’s belief that a government empowered with research on the most effective medical treatments can, using the proper incentives, persuade doctors to become more efficient health-care providers, thus saving billions of dollars. Obama is in effect betting his Presidency on Orszag’s thesis.” (See Article)

“Orszag seems more right than wrong about how to bring down health-care costs, but the truth is that, while there is obviously a great deal of waste in the American medical system, nobody knows for certain whether Orszag’s plan—which is now Obama’s plan—will work.”

The plan relies on building HIT infrastructure to obtain the data for “comparative effectiveness” research. Republicans question whether this research approach can reign in healthcare spending enough and also fear it will lead to “vast government intrusion into the doctor-patient relationship”. And the plan relies on building an HIT system to data mine ALL data without informed consent.

Our problems with the plan:

1) Orzag/Obama want ALL health data without informed consent for research, which is unethical, illegal, and destroys patient trust in doctors.
2) Orzag/Obama do not seem to realize that compelling the use of all health data will INCREASE the number of Americans who avoid treatment altogether (already in the millions). Many Americans know that avoiding care is the only way to keep health data private.
3) Millions avoiding treatment means millions delay care or never get care, increasing bad outcomes, deaths, and costs.
4) But worst of all for proponents of research: they won’t get the data needed to learn what works best unless they restore privacy and patient control over data. Researchers cannot get the results all of us want with missing and inaccurate data!
5) To find out what the most effective treatments are for many costly conditions we have to actually have all the data in our systems. Today millions of people with Depression and Addiction have NO data in the system because they pay for private care or attend AA or NA so NO data is ever generated.
6) It will be a tragedy never to find out what treatments are most effective—and a HUGE waste of the billions of stimulus dollars to build an HIT system without privacy.

Key Quotes from the article:

• The deficit spectre has loomed over every major debate. The most contentious issue has been health care.
• Orszag came to the debate with a third option, which combined Summers’s concern about deficits and Daschle’s insistence that Obama tackle health care this year. He argued that health-care reform is deficit reduction.
• At the core of both the stimulus bill and the Obama budget is Orszag’s belief that a government empowered with research on the most effective medical treatments can, using the proper incentives, persuade doctors to become more efficient health-care providers, thus saving billions of dollars. Obama is in effect betting his Presidency on Orszag’s thesis.
• Orszag, despite his image as a number-crunching technocrat, considers himself an activist.
• At Princeton, he wrote his senior thesis on the relationship between the Federal Reserve and Congress. One of his conclusions was that “it is clear that Congress suffers from a lack of understanding of even the most rudimentary economics.” Orszag’s paper won an award for the best thesis that year in international economics or politics.
• At the Congressional Budget Office, Orszag hired specialists in health-care economics and turned the institution into a clearinghouse of information about rising health-care costs. When I asked him whether he was an advocate for policies at a place that was supposed to be nonpartisan, he replied, “I would say I was activist.”
• Kent Conrad, the chairman of the Senate Budget Committee, has made eradicating the federal budget deficit his life’s work. He told me that he picked Orszag to run the C.B.O. in 2007, and repeatedly asked him to testify before his committee, because they shared a concern about long-term spending trends.
• If there was one aspect of the President’s budget that demonstrated Obama’s European sympathies, Ryan said, it was health care. More specifically, it was Orszag’s approach to curbing health-care costs. “He believes you need to set up this über-bureaucracy—the institute of comparative effectiveness—which we’ll put smart people in, and they will design the metrics and the processes on how medicine is to be practiced,” Ryan said. “And then the federal government will impose and enforce those processes. . . . It is precisely what they employ in England. It’s precisely what they employ in Canada.” Rather than celebrate Orszag’s attempt to rein in health-care spending, Ryan seemed horrified by it.
• Obama will spend the rest of this year fighting a war on two fronts. On one are Democrats protecting old-line economic interests: oil, gas, and coal companies; agribusiness; student-loan companies; and pharmaceutical companies and medical providers who fear that Orszag’s ideas for cutting health-care costs will hit them hard. On the other are institutional interests. Obama will be battling committee chairmen who oppose his Pell-grant reforms, and placating senators who resent his willingness to use a feature of the budget process known as “reconciliation,” which limits debate and prevents the use of a filibuster, to pass his health-care plan.
• Orszag’s job is to defend Obama’s budget on all fronts, but he will be most deeply engaged in health care. I asked him how he could be so sure that his ideas about how to reduce health-care costs would work, mentioning that I had been surprised to learn that Paul Ryan and other Republicans had seized on health-care cost controls as the issue they believed would bring down Obama’s health-care plan and, with it, they surely hoped, his Presidency. Specifically, they believed that Orszag’s obsession with “comparative effectiveness,” research about which treatment options work best for a given ailment, will lead to vast government intrusion into the doctor-patient relationship. The research, which received major funding in the stimulus legislation and which was also included in Obama’s budget, had assumed a sinister meaning on the right.
• Orszag dismissed the criticism as a caricature. “I don’t see how it interferes with the doctor-patient relationship to suggest that it would be better if your doctor had more information about what would work for you,” he said. “The best way of putting it is that your doctor shouldn’t have disincentives to give you the higher-quality care, which often happens now.” Far from a huge government bureaucracy, he proposes a simple adjustment of incentives: “You get paid more if the treatment has been shown to be effective and a little less if not.”
• Orszag seems more right than wrong about how to bring down health-care costs, but the truth is that, while there is obviously a great deal of waste in the American medical system, nobody knows for certain whether Orszag’s plan—which is now Obama’s plan—will work.
• As Orszag explained his ideas, I couldn’t help remembering an encounter I had with him one day in the hallway at O.M.B. I told him that I had read his Princeton undergraduate thesis. He looked at me and smiled a little sheepishly. He said that at some point after his arrival at graduate school, in London, he had had a sudden realization: that he had made a mistake, and the crucial formula that he had used in his thesis, the one that had won him the prize, was incorrect. “It was so innovative,” he said, “that it was wrong.”

The true problems in HIT

The experts quoted are correct that cost, interoperability, difficulty of use, work-flow disruption, and lack of proof of safety/effectivenss are good reasons not to spend $20 billion in HIT stimulus money on bad products (the equivalent of buying SUVs instead of hybrids and electric cars).

But Kibbe and Klepper should look beyond their own perspectives to consider the wider context and the real make-or-break issue: what must EHR systems have to ensure the public’s trust and willingness to use them?

Of course, doctors must be able to afford, easily use, and know that EHR systems actually work and are effective, but systemic failure is inevitable unless patients trust electronic systems. Today’s health IT systems and products are not even close to meeting the public’s expectations for control over personal data and and ironclad security.

From the consumer perspective, the worst defects in today’s EHR systems are:

1) Patients have no control over the use or disclosure of their personal health information in these systems.

2) Doctors, hospitals, labs, pharmacies, PBMs, insurers, data miners, data aggregators, etc, etc, and software vendors control the disclosure, use, and sale of the nation’s personal health information.

3) Most of today’s EHR technology is extremely primitive (20-30 years old) and does not comply with patients’ longstanding legal and ethical privacy rights:
•most EHRs do not have the functional capacity to segment sensitive records
•human-readable audit trails of disclosures are not required, so patients have no way to know who snooped in their records or where their personal health information has been sent or sold
•the security measures are abysmal. CIO magazine story from 2006 reported that all 850 EHR systems examined could easily be hacked: http://searchcio.techtarget.com/originalContent/0,289142,sid182_gci1273006,00.html

The most important reason not to buy $20 billion dollars worth of dinosaur EHR technology is that consumers will NEVER trust electronic health systems unless they control sensitive personal data and unless the systems have state-of-the-art security to prevent the frequent breaches, losses, and thefts of millions health records.

Until the American public has PROOF electronic systems can be trusted, failure is inevitable. Why not build EHRs and the electronic health system right from the start, rather than spending billions later to rebuild?

Must we repeat the mistakes made in the UK? The NHS system was built without patient control over data. Billions of dollars and many years were wasted before the government realized that forcing patients into an electronic health system that shares data without consent doesn’t work.

View the full story referenced