Medical Info for Sale Online

In this article the News4 I-Team discovered how anyone with internet access and who is willing to pay just a few hundred dollars can easily have access to and purchase private medical records online.  This contributes to between “one and two million Americans being affected by medical identity theft each year”.

Read more in this article here and learn where stolen medical information goes, who is selling the information, and where they are getting it from in the first place.  Are YOU at risk?

 

Five More Organizations Join Lawsuit Against NSA Surveillance

To view the full article, please visit: Five More Organizations Join Lawsuit Against NSA Surveillance

“The five entities joining the First Unitarian Church of Los Angeles v. NSA lawsuit before the U.S. District Court for the Northern District of California are: Acorn Active Media, the Charity and Security Network, the National Lawyers Guild, Patient Privacy Rights and The Shalom Center. They join an already diverse coalition of groups representing interests including gun rights, environmentalism, drug-policy reform, human rights, open-source technology, media reform and religious freedom.”

Consumer Watchdog and Other Privacy Groups Urge FTC to Block Pending Facebook Privacy Changes

“A coalition of six consumer privacy groups is calling on the Federal Trade Commission to enforce an earlier consent order with Facebook and block proposed changes in the social network’s Statement of Rights and Responsibilities and its Data Use Policy because the proposed changes violate the 2011 settlement with the Commission.”

“The changes will allow Facebook to routinely use the images and names of Facebook users for commercial advertising without consent,” the groups said. “The changes violate Facebook’s current policies and the 2011 Facebook settlement with the FTC. The Commission must act to enforce its order.”

Signing the letter were Consumer Watchdog, the Electronic Privacy Information (EPIC), the Center for Digital Democracy, Patient Privacy Rights, U.S. PIRG, and Privacy Rights Clearing House. Read a copy of the letter here: http://www.consumerwatchdog.org/resources/ltrfacebookftc090413.pdf

“Facebook has long played fast and loose with users’ data and relied on complex privacy settings to confuse its users, but these proposed changes go well beyond that,” said John M. Simpson, Consumer Watchdog’s Privacy director. “Facebook’s overreach violates the FTC Consent Order that was put in place after the last major privacy violation; if the Commission is to retain any of its credibility, it must act immediately to enforce that order.”

To view the full article, please visit: http://www.marketwatch.com/story/consumer-watchdog-and-other-privacy-groups-urge-ftc-to-block-pending-facebook-privacy-changes-2013-09-05

Privacy Advocates Set Their Sights on the Wrong G-Men

In the wake of NSA revelations, key privacy advocates make the point that private corporations and the government are working to ensure total surveillance of all digital information about all 300 million Americans and lock in billions in corporate revenue from the sale of personal data and detailed digital profiles of everyone in the US.

Corporate and government collection, use, and sale of the nation’s personal data is opaque.  The author of the story below trashes several  privacy advocates and misrepresents their key points about the hidden ‘government-industrial complex’.  And he claims that “Individuals can choose not to use a particular social network, search engine or website.”  But individuals have no meaningful choices online. See the documentary: “Terms and Conditions May Apply”.

The lack of trust online and in all holders of personal data is why President Obama proposed the Consumer Privacy Bill of Rights (CPBOR). Unfortunately the proposed data privacy protections in the CPBOR do not apply to the most sensitive data of all, health data.

Meanwhile,  the ‘government-industrial complex’ is destroying Americans’ most fundamental rights to privacy. The highest right of civilized man is the right to be ‘let alone’—which happens to be the foundation of Democracy.  Yet all we read about are the wonders of ‘big data’ and the need to collect and use personal data without meaningful informed consent. We can certainly use big data for innovation and benefits—but the public wants to be asked permission for all uses of data, especially for ‘research’ uses. Big data analytics is research.

  • See Westin’s research that shows only 1% of the public approves use of health data for research without consent. See more of his findings here.

Today US citizens have no control over their most sensitive personal information: health data from DNA to prescriptions records to diagnoses—-because privacy-destructive technologies and system architectures prevent us from exercising our rights to give meaningful informed consent before health data is collected, used, disclosed, or sold.

To view the full article, please visit: Privacy Advocates Set Their Sights on the Wrong G-Men

Health data breaches usually aren’t accidents anymore

While the healthcare industry has made advancements in how they protect our most personal information, those trying to steal our electronic health records have become even more savvy as to how to access them.

Key Quotes from the Article:

“One of the biggest changes during the past decade is the data being targeted. Ten years ago, it was personal identifiable information. Now, said Rick Kam, president and co-founder of ID Experts in Portland, Ore., personal health information is being targeted, mainly because of the value it holds and the relative ease thieves have getting their hands on it.”

“94% of health care organizations have had at least one breach in the previous two years.Because data can now reside in multiple locations, including unsecured smartphones, laptops and tablets, and can be transported to an infinite number of locations, thieves, whether they be outside hackers, device stealers or people who try to use staff to share sensitive information, have more areas to target.”

Hackers Sell Health Insurance Credentials, Bank Accounts, SSNs and Counterfeit Documents, for over $1,000 Per Dossier

The value of personal health information is very high inside and outside of the US healthcare system. At the same time, the US healthcare industry as a whole does a terrible job of protecting health data security. Most health data holders (hospitals and insurers) put health data security protection dead last on the list for tech upgrades.
Besides the lack of effective, comprehensive data security protections, thousands of low-level employees can snoop in millions of people’s health records in every US hospital using electronic records.

The public expects that only their doctors and staff who are part of their treatment team can access their sensitive health records, but that’s wrong. Any staff members of a hospital or employees of a health IT company who are your neighbors, relatives, or stalkers/abusers can easily snoop in your records.
In Austin, TX the two major city hospital chains each allow thousands of doctors and nurses access to millions of patient records.
All this will get much worse when every state requires our health data to be “exchanged” with thousands more strangers. The new state health information exchanges (HIEs) will make data theft, sale,  and exposure exponentially worse.
Tell every law maker you know: all HIEs should be REQUIRED by law to ask you to agree or OPT-IN before your health data can be shared or disclosed.

Today:

  • -many states do not allow you to ‘opt-out’ of HIE data sharing
  • -most states do not allow you to prevent even very sensitive health data (like psychiatric records) from being exchanged

There is no way to trust electronic health systems or HIEs unless our rights to control who can see and use our electronic health data are restored.

Privacy Hawk: Put Patients at Center of Health Information Exchange (Quotes Dr. Peel)

“If healthcare organizations truly want to protect patient privacy and earn public trust regarding electronic health records (EHRs), they need to let go of the notion that institutions control individual data and look for technology that lets patients take charge of information flow…”

Key quotes from the article:

  • -”Many commercial EHRs started as systems to improve the operational side of healthcare and increase reimbursement, not to improve clinical care”
  • -”‘We’re stuck with these frankly primitive and privacy-disruptive systems that need to be fixed,’ Peel said at WTN Media’s 11th annual Digital Health Conference.”
  • -To Peel, last week’s revelations that the National Security Agency has been tracking phone calls and e-mails of virtually every American for at least six years shined a light on an issue that long has been prevalent in the healthcare industry.
  • -”‘In healthcare we actually have a total surveillance economy, too,’ said Peel, an Austin, Texas, psychiatrist.”
  • “‘We don’t actually know where our health data goes. We have no chain of custody, much less control over our health information,’ she said. Having personal information get out could lead to ‘health discrimination’ in employment or insurance coverage for patients with mental health disorders, sexually transmitted diseases or cancer, Peel added, and the threat of a breach often leads to care avoidance.”

The Verizon order, the NSA, and what call records might reveal about psychiatric patients

The NSA knows we are sick because we phone doctors’ offices.

As a mental health professional, Dissent Doe explains in her blog (below) how revealing phone call metadata is:

“Because my phone is used mainly for calls to and from patients and clients, can the NSA figure out who my patients are?  And could they, with just a query or bit of analysis, figure out when my patients were going into crisis or periods of symptom worsening?  I suspect that they can. And because I am nationally and internationally known as an expert on a particular disorder, could the government also deduce the diagnosis or diagnoses of my patients or their family members? Probably.”

There is a huge national media response to the NSA spying on Americans’ cell phone calls, but the media does NOT report on the far worse systemic corporate and government spying on the nation’s electronic health records.

The US healthcare system is engineered for hidden corporate and government surveillance of personal data about the minds and bodies of all 300 million Americans –from prescriptions to diagnoses to DNA—it’s all collected and sold.

The US media simply repeats industry and government talking points about the benefits of electronic health systems without reporting on the massive harms:

  • -Millions of patients/year avoid early diagnosis and treatment of cancer, depression, and sexually transmitted diseases because they know that information will not be private (see citations and statistics in:http://patientprivacyrights.org/wp-content/uploads/2010/08/The-Case-for-Informed-Consent.pdf)
  • -1/8 people hide health information because they know that information will not be private
  • -Should we use technology that causes millions to suffer bad outcomes?

2013 is a critical year: every state will share your health data with hundreds-thousands more hidden users via Health Information Exchanges (HIEs).

  • -Many states to not allow you to ‘opt-out’ of HIEs that exchange your health data.
  • -Most states do not allow you to prevent your most sensitive health information from being exchanged.
  • -So far, not one state gives patients control over data exchange.

SIGN PPR’s petition and say “no” to data exchange without your consent at: http://patientprivacyrights.org/2013/06/sign-the-petition-for-patient-controlled-exchange-of-health-information/

We need trustworthy technologies that put patients back in control of the use, disclosure, and sale of their sensitive health data.

  • -Patients have always controlled who could see and use paper medical records.
  • -Now institutions (corporations and government) control who can see and use the nation’s electronic health records.

Great existing technologies can fix badly designed electronic health systems, but we need new laws that require privacy-protective technologies are built into all electronic systems that handle health data.

Leader of Hospital Identity Theft Ring Sentenced

It’s impossible to stop the tsunami of fraud, ID theft, and medical ID theft until we rebuild US health IT systems to prevent open access to millions of patient records by thousands of hospital and insurance company employees.
Systems should be re-built to allow ONLY those few people who are directly involved with a patient’s treatment to access their health records.

  • ·         ONLY those who carry out the orders of the patient’s physician should be able to access that patient’s electronic health records
  • ·         the other hundreds or thousands of hospital system employees and staff members should not be physically or technically able to access that patient’s records
  • ·         When a patient is admitted, one physician is in charge of diagnosis and treatment.
  • ·         All people the attending physician orders to treat the patient (nurses, consultants, respiratory therapists, etc, etc) work for that physician, the “captain of the ship”

Health data cannot possibly be protected when thousands of people have access to millions of patient records.  Employees of the hundreds of separate health technologies used by every hospital also have open access to millions of patient records.
The more people have access to sensitive personal health data, the easier it is to steal, sell, misuse it.

Re: Your Online Attention, Bought in an Instant

Natasha Singer unearths more about the instantaneous selling of intimately detailed profiles about Americans in her article in The New York Times: Your Online Attention, Bought in an Instant

Best case: We get more ‘targeted’ ads. We supposedly want personalized ads so badly that we willingly give up deeply intimate portraits about who we are to the hidden data mining industry forever. Really? When did we ever have ANY meaningful choice about who collects and sells our most intimate personal information? See Duhigg’s NYTimes story.

Worst case: Hidden, technology enabled discrimination prevents us from getting jobs and destroys our reputations before anyone will meet with us. Companies like Rubicon literally know more about us than our partners, our mothers or fathers, our best friends, our children or our psychoanalysts. This information is used to harm us—-read Prof Sweeney’s paper on how ads like “YOUR NAME, arrested?” pop up next to the names of African-Americans but NOT next to Anglo-sounding names. What happens when future employers see ads like that when searching for information about you online? Read her paper here.

HELP FIX THIS PRIVACY DISASTER
HELP BUILD a map that tracks all hidden users and sellers of our sensitive health information.
DONATE to the Harvard/Patient Privacy Rights’ research project at: https://org2.democracyinaction.org/o/6402/donate_page/donate-to-thedatamap

European citizens have far stronger protections for their sensitive health and personal data than US citizens.
Learn why and learn about solutions to strengthen US data protections. Register for free to attend the 3rd International Summit on the Future of Health Privacy June 5-6 in DC: www.healthprivacysummit.org