The Verizon order, the NSA, and what call records might reveal about psychiatric patients

The NSA knows we are sick because we phone doctors’ offices.

As a mental health professional, Dissent Doe explains in her blog (below) how revealing phone call metadata is:

“Because my phone is used mainly for calls to and from patients and clients, can the NSA figure out who my patients are?  And could they, with just a query or bit of analysis, figure out when my patients were going into crisis or periods of symptom worsening?  I suspect that they can. And because I am nationally and internationally known as an expert on a particular disorder, could the government also deduce the diagnosis or diagnoses of my patients or their family members? Probably.”

There is a huge national media response to the NSA spying on Americans’ cell phone calls, but the media does NOT report on the far worse systemic corporate and government spying on the nation’s electronic health records.

The US healthcare system is engineered for hidden corporate and government surveillance of personal data about the minds and bodies of all 300 million Americans –from prescriptions to diagnoses to DNA—it’s all collected and sold.

The US media simply repeats industry and government talking points about the benefits of electronic health systems without reporting on the massive harms:

  • -Millions of patients/year avoid early diagnosis and treatment of cancer, depression, and sexually transmitted diseases because they know that information will not be private (see citations and statistics in:http://patientprivacyrights.org/wp-content/uploads/2010/08/The-Case-for-Informed-Consent.pdf)
  • -1/8 people hide health information because they know that information will not be private
  • -Should we use technology that causes millions to suffer bad outcomes?

2013 is a critical year: every state will share your health data with hundreds-thousands more hidden users via Health Information Exchanges (HIEs).

  • -Many states to not allow you to ‘opt-out’ of HIEs that exchange your health data.
  • -Most states do not allow you to prevent your most sensitive health information from being exchanged.
  • -So far, not one state gives patients control over data exchange.

SIGN PPR’s petition and say “no” to data exchange without your consent at: http://patientprivacyrights.org/2013/06/sign-the-petition-for-patient-controlled-exchange-of-health-information/

We need trustworthy technologies that put patients back in control of the use, disclosure, and sale of their sensitive health data.

  • -Patients have always controlled who could see and use paper medical records.
  • -Now institutions (corporations and government) control who can see and use the nation’s electronic health records.

Great existing technologies can fix badly designed electronic health systems, but we need new laws that require privacy-protective technologies are built into all electronic systems that handle health data.

Panel: Cloud’s role in healthcare still up in the air

As hospitals and healthcare facilities continue to adopt electronic tools to store and share patient data, some are turning to cloud-based tools to meet their needs. What that means for privacy and protection still is up for debate, as evidenced in the tone of a discussion panel at last week’s Health Privacy Summit in Washington, D.C.

“When data is managed or stored in-house [by a provider], there’s a very clear responsibility of one company” to protect that data, Adrian Gropper, chief technology officer for Patient Privacy Rights, the non-porofit organization that hoted the event, said. “The cloud blurs that distinction–sometimes intentionally.”

Why privacy should be among the first considerations of a health care app developer

Given all the complexities app developers need to worry about already–user experience, piquing doctors’ and patients’ interest, performance, accommodation of multiple devices–do they have time to worry about patient privacy too? The Health Privacy Summit on June 5 and 6 in Washington, DC explained why they should–in fact, that a respect for privacy may do more to promote an app than any other feature.

The headlines over the past week should be enough to persuade you that you don’t want to be seen as one of the creeps. It’s takes more time and digging around, though, to learn what patients really want and how to write an app that fulfills their expectations.

Certainly, Fair Information Practices and proper security are a place to start, and below I’ll list a few things developers need to keep in mind. But overriding all these technical details are questions of business model. Can you make money without treating patients as so many assets to sell?

What Do Patients Really Think?

Health reform activists and privacy mavens have been at loggerheads for years. Those touting health reform complain that an oversensitivity to privacy risks would hold back progress in treatments. Running in parallel but in the opposite direction, the privacy side argues that current policies are endangering patients and that the current rush to electronic records and health information exchange can make things worse.

It’s time to get past these arguments and find a common ground on which to institute policies that benefit patients. Luckily, the moment is here where we can do so. The common concern these two camps have for giving patients power and control can drive technological and policy solutions.

Deborah Peel, a psychiatrist who founded Patient Privacy Rights, has been excoriated by data use advocates for ill-considered claims and statements in the past. But her engagement with technology experts has grown over the years, and given the appointment of a Chief Technology Officer, Adrian Gropper, who is a leading blogger on this site, PPR is making real contributions to the discussion of appropriate technologies.

PPR has also held three Health Privacy Summits in Washington, DC, at the Georgetown Law Center, just a few blocks from the Capitol building. Although Congressional aides haven’t found their way to these conferences as we hoped (I am on the conference’s planning committee), they do draw a wide range of state and federal administrators along with technologists, lawyers, academics, patient advocates, and health care industry analysts. The most recent summit, held on June 5 and 6, found some ways to move forward on the data sharing vs. privacy stand-off in such areas as patient repositories, consent, anonymization, and data segmentation. It also highlighted how difficult these tasks are.

Georgetown Law Hosts Health Privacy Summit

In 2007, an American woman who had once participated in a study sponsored by the National Institutes of Health stumbled upon her name, address, birth date, medical procedures and diagnosis stored on a German Internet site for video game enthusiasts.

“I expected complete privacy,” said the patient, who told her story via live video feed during a two-day Health Privacy Summit at Georgetown Law on June 5 and 6, co-hosted by the Law Center’s O’Neill Institute for National and Global Health Law and the Patient Privacy Rights coalition. “I expected the same kind of privacy that we all expect [when] we see our physicians and medical providers.”

Ways to put the patient first when collecting health data

The timing was superb for last week’s Health Privacy Summit, held on June 5 and 6 in Washington, DC. First, it immediately followed the 2000-strong Health Data Forum (Health Datapalooza), where concern for patients rights came up repeatedly. Secondly, scandals about US government spying were breaking out and providing a good backdrop for talking about protection our most sensitive personal information–our health data.

The health privacy summit, now in its third year, provides a crucial spotlight on the worries patients and their doctors have about their data. Did you know that two out of three doctors (and probably more–this statistic cites just the ones who admit to it on a survey) have left data out of a patient’s record upon the patient’s request? I have found that the summit reveals the most sophisticated and realistic assessment of data protection in health care available, which is why I look forward to it each year. (I’m also on the planning committee for the summit.) For instance, it took a harder look than most observers at how health care would be affected by patient access to data, and the practice of sharing selected subsets of data, called segmentation.

Park: Better Patient Engagement Will Boost Overall Health System

During an address at the Health Privacy Summit in Washington, D.C., last week, U.S. Chief Technology Officer Todd Park emphasized the importance of patients’ engagement in their own health care, FierceHealthIT reports.

Details of Park’s Comments

Park said, “Patient engagement — to quote Leonard Kish — might be the blockbuster drug of the 21st century,” adding, “This will vastly improve our health care system.”

He said, “From the very top of government, we’re incredibly serious about making sure patients can get a copy of their own records.”

Park noted that more than 88 million Americans to date have used the online Blue Button tool, which allows patients to download their own health records. That number is expected to reach 115 million by the end of the year, he said.

The importance of health IT adoption–from a parent’s perspective

Patient access and engagement have been on my brain of late. Sure, that has a lot to do with the fact I attended both Health Datapalooza and the Health Privacy Summit last week in Washington, D.C.–but it’s also due to a recent personal experience.

It took place a few weeks ago when I brought my child into the pediatrician for an on-again, off-again rash. After conversing with the doctor about the best plan of attack, I was told to take pictures the next time the rash appeared, to better help with diagnosis.

When I asked if the office had any sort of HIPAA compliant tools that would allow me to send such pictures electronically to the practice without having to set up another appointment, I was told it did not. When I asked about a patient portal for viewing records, the answer was the same.

I was disappointed, to say the least.

Health leaders: Increase data use to improve patient care

Day 2 of the 2013 Health Privacy Summit Thursday felt timely as news broke of the National Security Administration using a program called PRISM to extract user data from major tech companies like Google and Facebook. Healthcare technology has its own extensive security problems while the industry starts to understand the value of big data, and an expert panel offered their views at Georgetown Law Center in Washington, D.C.

In the day’s first panel discussion, “The Value of Health Data Inside Healthcare,” David Chao, Chief Technology Officer at the Washington, D.C.-based Advisory Board, said that the status quo in healthcare delivery today is not acceptable.”It’s obvious to everyone,” Chao said. “We need to improve outcomes.”

Anil Jain, Chief Medical Information Officer of Explorys, a secure software platform that allows healthcare systems to aggregate and manage big data, called the “transformation gap” in healthcare real. Data, Jain said, happens to be the way doctors and CIOs get transparency on what’s really happening.

Todd Park: Patient engagement will ‘vastly’ improve healthcare

Addressing a packed room at the Health Privacy Summit in Washington, D.C., this week, U.S. Chief Technology Officer Todd Park emphasized the importance of federal efforts to engage patients in their own healthcare.

“We’re in the middle of a huge cultural shift to get patients access to their records,” Park said. “Patient engagement–to quote Leonard Kish–may be the blockbuster drug of the 21st Century. This will vastly improve our healthcare system.”

Park, who previously served as CTO for the U.S. Department of Health & Human Services, spoke at length about the evolution of the Blue Button, which gives patients easy access to their medical records. He said that more than 88 million Americans now have access to their data via Blue Button, a number that is expected to grow to 115 million by the end of the year. More than one million people, to date have downloaded their data via Blue Button, he said.