FTC Files Complaint Against LabMD for Failing to Protect Consumers’ Privacy

The public would be surprised how little thought or money healthcare businesses put into data security.  LabMD is probably just one of thousands of healthcare businesses that don’t encrypt patient data and whose employees who use file-sharing apps to download music, etc, exposing patient records online.

We need new laws that require businesses that hold health data to be audited to prove they protect it.

Shouldn’t businesses have to prove they use tough data security protections before they are allowed to handle sensitive health information?

To view the full article, please visit: http://www.ftc.gov/opa/2013/08/labmd.shtm

Privacy Advocates Set Their Sights on the Wrong G-Men

In the wake of NSA revelations, key privacy advocates make the point that private corporations and the government are working to ensure total surveillance of all digital information about all 300 million Americans and lock in billions in corporate revenue from the sale of personal data and detailed digital profiles of everyone in the US.

Corporate and government collection, use, and sale of the nation’s personal data is opaque.  The author of the story below trashes several  privacy advocates and misrepresents their key points about the hidden ‘government-industrial complex’.  And he claims that “Individuals can choose not to use a particular social network, search engine or website.”  But individuals have no meaningful choices online. See the documentary: “Terms and Conditions May Apply”.

The lack of trust online and in all holders of personal data is why President Obama proposed the Consumer Privacy Bill of Rights (CPBOR). Unfortunately the proposed data privacy protections in the CPBOR do not apply to the most sensitive data of all, health data.

Meanwhile,  the ‘government-industrial complex’ is destroying Americans’ most fundamental rights to privacy. The highest right of civilized man is the right to be ‘let alone’—which happens to be the foundation of Democracy.  Yet all we read about are the wonders of ‘big data’ and the need to collect and use personal data without meaningful informed consent. We can certainly use big data for innovation and benefits—but the public wants to be asked permission for all uses of data, especially for ‘research’ uses. Big data analytics is research.

  • See Westin’s research that shows only 1% of the public approves use of health data for research without consent. See more of his findings here.

Today US citizens have no control over their most sensitive personal information: health data from DNA to prescriptions records to diagnoses—-because privacy-destructive technologies and system architectures prevent us from exercising our rights to give meaningful informed consent before health data is collected, used, disclosed, or sold.

To view the full article, please visit: Privacy Advocates Set Their Sights on the Wrong G-Men

People Are Changing Their Internet Habits Now That They Know The NSA Is Watching

NSA leaks causing public to mistrust the entire  internet, not just cell phone providers. Quotes:

  • consumer concern about online privacy actually jumped from 48% to 57% between June and July
  • The %  of consumers who adjusted their browser settings and opted out of mobile tracking — jumped 12% and 7% respectively between the first quarter report and July.
  • > 60% of Internet users also reported they do not feel they have control over their personal information online, and 48% said they didn’t know how that information was being used

The lack of personal control over data online will also affect cloud service providers:

  • Cloud-computing industry experts have already estimated that because of the NSA’s surveillance of cloud providers–along with the government’s civil-liberties-trolling methods to get them to comply–more companies will move overseas.
  • ITIF has estimated that this will result in a loss of up to $35 billion for U.S. cloud providers over the next three years, while Forrester analyst James Staten puts the figure at $180 billion.

How will the public react when they find that US health data holders—-such as physicians, hospitals, labs, pharmacies, health data exchanges, insurers, mobile apps, etc, etc— use and sell sensitive personal health data?

To view the full article, please visit:

http://www.fastcoexist.com/3015860/people-are-changing-their-internet-habits-now-that-they-know-the-nsa-is-watching

Enabling the Health Care Locavore

Here’s a great article written by PPR’s Chief Technical Officer, Dr. Adrian Gropper about “why hip replacement surgery costs 5-10 times as much in the US as in Belgium even though it’s the same implant… JAMA publish[ing] research and a superb editorial on the Views of US Physicians About Controlling Health Care Costs and CMS put[ting] out a request for public comment on whether physicians’ Medicare pay should be made public.”

To view the full article, please visit Enabling the Health Care Locavore on The Health Care Blog.

Health data breaches usually aren’t accidents anymore

While the healthcare industry has made advancements in how they protect our most personal information, those trying to steal our electronic health records have become even more savvy as to how to access them.

Key Quotes from the Article:

“One of the biggest changes during the past decade is the data being targeted. Ten years ago, it was personal identifiable information. Now, said Rick Kam, president and co-founder of ID Experts in Portland, Ore., personal health information is being targeted, mainly because of the value it holds and the relative ease thieves have getting their hands on it.”

“94% of health care organizations have had at least one breach in the previous two years.Because data can now reside in multiple locations, including unsecured smartphones, laptops and tablets, and can be transported to an infinite number of locations, thieves, whether they be outside hackers, device stealers or people who try to use staff to share sensitive information, have more areas to target.”

States Review Rules After Patients Identified via Health Records

To view the full article, please visit States Review Rules After Patients Identified via Health Records.

Key Quotes from the Article:

  • -”Some U.S. states are reviewing their policies around the collection and sale of health information to ensure that some patients can’t be identified in publicly available databases of hospital records.”
  • -Bloomberg News, working with Harvard University professor Latanya Sweeney, reported on June 4 that some patients of Washington hospitals could be identified by name and have their conditions and procedures exposed when a database sold by the state for $50 is combined with news articles and other public information.
  • -The state probes are focused on whether privacy standards for health information should be tightened as data-mining technologies get more sophisticated and U.S. President Barack Obama’s health-care overhaul drives rapid growth in the amount of patient data being generated and shared.
  • -Sweeney’s goal of identifying patients is to show that threats to privacy exist in datasets that are widely distributed and fall outside HIPAA’s regulations.

Usability Failures Heat Up EHR Replacement Market, Black Book Rankings Survey

“According to a recent Black Book Market Research user surveys, the demands of EHR usability can no longer be ignored. 100% of nearly 2,900 practices engaged in the poll report they are employing much stricter selectivity in the replacement market wave and driving more informed decisions as they prepare to swap out original EHR systems.”

To view the full release: Usability Failures Heat Up EHR Replacement Market, Black Book Rankings Survey

Hackers Sell Health Insurance Credentials, Bank Accounts, SSNs and Counterfeit Documents, for over $1,000 Per Dossier

The value of personal health information is very high inside and outside of the US healthcare system. At the same time, the US healthcare industry as a whole does a terrible job of protecting health data security. Most health data holders (hospitals and insurers) put health data security protection dead last on the list for tech upgrades.
Besides the lack of effective, comprehensive data security protections, thousands of low-level employees can snoop in millions of people’s health records in every US hospital using electronic records.

The public expects that only their doctors and staff who are part of their treatment team can access their sensitive health records, but that’s wrong. Any staff members of a hospital or employees of a health IT company who are your neighbors, relatives, or stalkers/abusers can easily snoop in your records.
In Austin, TX the two major city hospital chains each allow thousands of doctors and nurses access to millions of patient records.
All this will get much worse when every state requires our health data to be “exchanged” with thousands more strangers. The new state health information exchanges (HIEs) will make data theft, sale,  and exposure exponentially worse.
Tell every law maker you know: all HIEs should be REQUIRED by law to ask you to agree or OPT-IN before your health data can be shared or disclosed.

Today:

  • -many states do not allow you to ‘opt-out’ of HIE data sharing
  • -most states do not allow you to prevent even very sensitive health data (like psychiatric records) from being exchanged

There is no way to trust electronic health systems or HIEs unless our rights to control who can see and use our electronic health data are restored.

Jonah Goldberg: Civil Libertarians’ Hypocrisy

This insightful piece highlights the drastic violations of our current healthcare system in relation to the recent NSA breach.

Key quote from the article:

“What I have a hard time understanding, however, is how one can get worked up into a near panic about an overreaching national security apparatus while also celebrating other government expansions into our lives, chief among them the hydrahead leviathan of the Affordable Care Act (aka ObamaCare). The 2009 stimulus created a health database that will store all your health records. The Federal Data Services Hub will record everything bureaucrats deem useful, from your incarceration record and immigration status to whether or not you had an abortion or were treated for depression or erectile dysfunction.”

What is Snowden’s Impact on Health IT?

To view the full article, please visit What is Snowden’s Impact on Health IT?

This is a highly interesting article about the effect of Edward Snowden’s actions on health IT. In the interview with PPR’s own Dr. Deborah Peel, the issues of privacy that our government is currently facing can also be applied to the healthcare industry. As Dr. Peel aptly states, “The Department of Health and Human Services claims its actions are justified to lower healthcare costs. These are obviously very different agencies collecting different kinds of very sensitive personal information, but both set up hidden, extremely intrusive surveillance systems that violate privacy rights and destroy trust in government.”

A key argument that Dr. Peel makes is “The benefits of technology can be reaped in all sectors of our economy without the harms if we restore/update our laws to assure privacy of personally identifiable information in electronic systems. Our ethics, principles, and fundamental rights should be applied to the uses of technology.”