Todd Park: Patient engagement will ‘vastly’ improve healthcare

Addressing a packed room at the Health Privacy Summit in Washington, D.C., this week, U.S. Chief Technology Officer Todd Park emphasized the importance of federal efforts to engage patients in their own healthcare.

“We’re in the middle of a huge cultural shift to get patients access to their records,” Park said. “Patient engagement–to quote Leonard Kish–may be the blockbuster drug of the 21st Century. This will vastly improve our healthcare system.”

Park, who previously served as CTO for the U.S. Department of Health & Human Services, spoke at length about the evolution of the Blue Button, which gives patients easy access to their medical records. He said that more than 88 million Americans now have access to their data via Blue Button, a number that is expected to grow to 115 million by the end of the year. More than one million people, to date have downloaded their data via Blue Button, he said.

Privacy experts: Health data security efforts too reactive

Privacy experts spoke about their data breach experiences Thursday at the Healthcare Privacy Summit in Washington, D.C., agreeing that what they’ve experienced likely is just the beginning for what’s possible in security fissures at healthcare organizations.

Omar Khawaja, a global project manager for Verizon, noted that 61 percent of breaches his group finds are for payment card information, and pointed out that the reactive system presently in place for combating such breaches is problematic.

“What does 911 look like in cyberspace? Who do you call when you have a breach?” Khawaja asked. “It takes months just to contain the breach.”

Bill Turner, Chief Privacy and Security Officer of Brookfield, Wis.-based Allium Healthcare, a technology consulting and staffing firm, said that most of the privacy errors he sees stem from human error. Turner recalled a story about a hospital having in its records that he had passed away, when it was really a man listed above him in the hospital’s logs.

Panel: Big data’s role in healthcare remains unclear

Big data is an enigma when it comes to healthcare, as described by a panel on Wednesday at the third annual Health Privacy Summit in Washington, D.C., hosted by Patient Privacy Rights. On one hand, according to Deloitte principal Deborah Golden, there are infinite positive possibilities for big data use, such as improving patient safety via openly available medication information.

On the other hand, according to Harvard professor Latanya Sweeney, big data also represents big privacy issues.

“A lot of our problems come from giving data away,” Sweeney said.

Much of the conversation focused on those problems, particularly as they related to data being used without patient consent–or knowledge that they gave consent.

“In the U.S., we tend to take a sector-specific approach to privacy regulation,” David Jacobs, an attorney with the Electronic Privacy Information Center, said. “We’re nowhere near where we should be as far as consumer access to their own medical information to find out where it does and to exercise control over it.”

Sign the Petition for Patient-Controlled Exchange of Health Information

Sign the petition asking Congress to put you in control of exchanging your sensitive health data via Health Data Exchanges (HIEs)!

Sign the petition here.

By the end of the year, every state must have one or more Health Information Exchange (HIEs) so your health data can be transferred to other doctors, the state, the federal government, insurers, technology companies, researchers, commercial users, and many other institutions.

Today those institutions and organizations decide when and to whom to transfer your health data—not you.

KEY PRINCIPLES FOR DATA EXCHANGE USING HIEs:

• You should control whether or not your health information is exchanged.

• You should have full access to electronic copies of all your health information.

• You should know what information the HIE exchanges, stores or collects, with whom your data is shared, and the purpose for using it.

View and sign the petition asking Congress to strengthen the law so Americans can trust electronic health systems and data exchanges.

States’ Hospital Data for Sale Puts Privacy in Jeopardy

TODAY: watch Prof Sweeney and Jordan Robertson present their research on how easily patients could be re-identified patients from hospital data sold by the state of Washington —at the 3rd International Summit on the Future of Health Privacy in Washington, DC. Register to watch free at: www.healthprivacysummit.org.
Every state sells or gives away sensitive hospital data without regard to how easily it can be re-identified and sold, not just Washington. The buyers may want to sell you something or use your records for employment background checks. Health data is easily available for hidden discrimination.

The solution is all users of personal health data should have to ask first.

States’ Hospital Data for Sale Puts Privacy in Jeopardy

Before speaking at the 3rd Annual Summit on the Future of Health Privacy, Jordan Robertson did extensive research with Latanya Sweeney, PhD and theDataMap.org team to expose a nationwide privacy problem. MANY states are selling de-identified hospital records, which can be easily re-identified by using your local newspaper. Using other publicly available information makes re-identification even easier.

From Jordan Robertson’s article in Bloomberg News: States’ Hospital Data for Sale Puts Privacy in Jeopardy

Hospitals in the U.S. pledge to keep a patient’s health background confidential. Yet states from Washington to New York are putting privacy at risk by selling records that can be used to link a person’s identity to medical conditions using public information.

Consider Ray Boylston, who went into diabetic shock while riding his motorcycle in rural Washington in 2011. He careened off the road and was thrown into the woods, an accident that was covered only briefly, in the local newspaper. Boylston disclosed his medical condition and history to a handful of loved ones and the hospital that treated him.

After Boylston’s discharge, Washington collected the paperwork of his week-long stay from Providence Sacred Heart Medical Center in Spokane and added it to a database of 650,000 hospitalizations for 2011 available for sale to researchers, companies and other members of the public. The data was supposed to remain anonymous. Yet because of state exemption from federal regulations governing discharge information, Boylston could be identified and his medical background exposed using only publicly available information.

UofL professor wins health information privacy award

Patient Privacy Rights, a leading health privacy advocacy organization, will award one of its two annual Louis D. Brandeis Privacy Awards to University of Louisville professor Mark A. Rothstein on June 5 in conjunction with the Third International Summit on the Future of Health Privacy at the Georgetown University Law Center in Washington.

Established in 2012, the award is given with the approval of the Brandeis family and recognizes significant intellectual, cultural, legal, scholarly, and technical contributions to the field of health information privacy.

Rothstein holds the Herbert F. Boehl Chair of Law and Medicine at the UofL School of Medicine, and he also teaches at UofL’s Brandeis School of Law. The award’s ties to Brandeis make it especially meaningful to him, he said.

CVS requiring employees to undergo weight, health assessment

To view the full article, please visit CVS requiring employees to undergo weight, health assessment.

Key quotes from the article:

“This is an incredibly coercive and invasive thing to ask employees to do,” Patient Privacy Rights founder Deborah Peel told the Boston Herald, noting that such policies are becoming more prevalent as health costs increase.

“Rising health care costs are killing the economy, and businesses are terrified,” she continued to the Herald. “Now, we’re all in this terrible situation where employers are desperate to get rid of workers who have costly health conditions, like obesity and diabetes.”

“While patient-privacy activists have cried foul, Michael DeAngelis, a CVS spokesman, explained that the goal is health.”

To learn more about the issue, please visit our Health Privacy Summit Website and register for the 3rd International Summit on the Future of Health Privacy.

CVS imposes health penalty if workers’ body weight is not reported or they don’t quit smoking

To view the full article, please visit CVS imposes health penalty if workers’ body weight is not reported or they don’t quit smoking.

CVS has instated a very invasive new policy of charging workers a hefty $600 dollar a year fine if they do not disclose sensitive health information to the company’s benefits firm. According to the article, “Under the new policy, nearly 200,000 CVS employees who obtain health insurance through the company will have to report their weight, blood sugar, blood pressure and cholesterol to WebMD Health Services Group, which provides benefits support to CVS.” However, if employees refuse, they will be charged an extra $50 a month in health insurance costs.

Patient Privacy Rights’ Dr. Deborah Peel tells the public, “‘This is an incredibly coercive and invasive thing to ask employees to do,’…’Rising healthcare costs are killing the economy, and businesses are terrified, Now, we’re all in this terrible situation where employers are desperate to get rid of workers who have costly health conditions, like obesity and diabetes.'”

To learn more about this issue, please visit our Health Privacy Summit Website and register for the 3rd International Summit on the Future of Health Privacy.

Re: The Internet is a surveillance state

In response to the CNN article by Bruce Schneier: The Internet is a surveillance state

Bruce Schneier is wrong. Privacy is not over — the public is just now learning how invasive Internet technology, tech corporations, and government really are, and that they ACT to protect and maintain the US surveillance economy. When enough citizens tell Congress and the President to stop, this privacy disaster will stop.

The public is just beginning to WAKE UP. Today is the start of privacy in the Digital Age in the US, not the end.

It’s a lie that people happily give up privacy for “targeted ads” — tech giants like Google, Facebook, etc. have PREVENTED us from having apps and tools that enable privacy (ie, our right TO control personal information online). We have NO choices because government and the data mining industry have prevented us from having meaningful choices.

Signs of intelligent life in the Universe:

  • Attend or watch the 3rd International Summit on the Future of Health Privacy (its free). The EU Data Protection Supervisor will keynote and so will the US Chief Technology Officer—-the stark differences between US and EU data protections will be discussed—register at: http://www.healthprivacysummit.org/d/vcq3vz/4W
  • SnapChat—millions of free downloads of an app that shows people want technology that gives THEM control over their data: single use of info (a picture in this case) and the ability to delete info. See: http://patientprivacyrights.org/2013/02/snapchat-and-the-erasable-future-of-social-media/
  • A recent Pew Research Center study found smartphone users are taking action to protect their privacy:
  • The default for Microsoft’s Windows 8 browser is ‘Do Not Track’
    • Microsoft’s Chief Privacy Officer Brendon Lynch said a recent company study of computer users in the United States and Europe concluded that 75 percent wanted Microsoft to turn on the Do Not Track mechanism. “Consumers want and expect strong privacy protection to be built into Microsoft products and services.”
    • See more in the New York Times article: Do Not Track? Advertisers Say ‘Don’t Tread on Us’

DONATE to help Latanya Sweeney and Patient Privacy Rights build a health data map—-we MUST prove that thousands of hidden data users are stealing, using , and selling our personal health data: http://patientprivacyrights.org/donate/

SEE Latanya describe thedataMap at: http://patientprivacyrights.org/thedatamap/
This is the beginning of privacy, the war has just begun.