WPF Report — Paying out of Pocket to Protect Health Privacy: A New but Complicated HIPAA Option; A Report on the HIPAA Right to Restrict Disclosure

San Diego & Washington, D.C. — The World Privacy Forum published a new report today that helps patients understand and use the new HIPAA right to restrict disclosure of their medical information to health plans when treatment is paid for out of pocket in full. The report contains practical advice and tips for patients about how to navigate the new right, which went into effect last year. Paying Out of Pocket to Protect Health Privacy: A New But complicated HIPAA Option; A Report on the HIPAA Right to Restrict Disclosure is one of the first reports on this topic written for patients.

“The new HIPAA right that lets patients restrict disclosures of their health information is actually not well known yet, and that needs to change,” said Pam Dixon, Executive Director of the World Privacy Forum. “This report has specific, concrete tips and information that will help patients use this important new right.” The report, written by Bob Gellman and Pam Dixon is available free of charge at www.worldprivacyforum.org.

Key points:

  • A patient has the right to prevent a health care provider from reporting information to a health insurer if the patient pays in full.
  • In order to prevent disclosure of information to a health plan, patients must make a Request to Restrict Disclosure.
  • Under the new changes to HIPAA, a patient has the firm right to demand, not just request, that a provider not disclose PHI to a health plan when certain conditions are met.
  • The conditions to be met can be complex, and work best with some advance planning.

Additional tips are in the report.

The bipartisan Coalition for Patient Privacy worked to get this key consumer protection into HITECH.

Bob Gellman and Pam Dixon are available to discuss tips and advice for patients on how to use the new HIPAA right.

Links:

The report Paying Out of Pocket to Protect Health Privacy: A New But complicated HIPAA Option; A Report on the HIPAA Right to Restrict Disclosure is available in PDF or in text.

Permalink: http://www.worldprivacyforum.org/2014/01/wpf-report-paying-out-of-pocket-to-protect-health-privacy/

Contact:

Bob Gellman 202-543-7023

Pam Dixon 760-712-4281

info@worldprivacyforum.org

Will Texans Own Their DNA?

Will Texans Own Their DNA?

Greg Abbott, candidate for Governor, thinks they should

 

On November 12th, Abbott released his “We the People Plan” for Texas. Clearly he’s heard from Texans who want tough new health data privacy protections.

 

Topping his list are four terrific privacy recommendations for health and genetic data:

  • “Recognize a property right in one’s own DNA.”
  • “Make state agencies, before selling database information, acquire the consent of any individual whose data is to be released.”
  • “Prohibit data resale and anonymous purchasing by third parties.”
  • “Prohibit the use of cross referencing techniques to identify individuals whose data is used as a larger set of information in an online data base.”

 

The Omnibus Privacy Rule operationalized the technology section of the stimulus bill. It also clarified that states can pass data privacy laws that are stronger than HIPAA (which is a very weak floor for data protections).

 

Texans would overwhelmingly support the new state data protection laws Abbott recommends . If elected, hopefully Abbott would also include strong penalties for violations. Contracts don’t enforce themselves. External auditing and proof of trustworthy practices should be required.

 

Is this the beginning of a national trend?  I think so.

 

The more the public learns about today’s health IT systems, the more they will reject health surveillance technologies that steal and sell sensitive personal health data.

The Reports of the Death of Privacy Were Exaggerated: California Breathes New Life into the Privacy Rights of its Residents

Vast NSA troves of phone and email data and the huge focus on HealthCare.gov’s website provoked intense public concern about hidden uses and sales of personal data…..especially personal health data.

But there is great news from California:  tough new laws to protect data privacy were enacted in September.  See: “The Reports of the Death of Privacy Were Exaggerated: California Breathes New Life into the Privacy Rights of its Residents”, Tuesday, November 19, 2013, by Sharon R. Klein and Odia Kagan

States like CA and TX (HB 300) passed new laws because state residents are demanding stronger data privacy protections, and Congress and federal agencies have failed to act.

Key new data privacy protections in CA:

“Business(es) offering software or hardware to consumers… designed to maintain medical information or to assist in the diagnosis and treatment of individuals” must:

Press your state lawmakers to pass strong new data protection laws like California’s.  People want technology that protects privacy. They won’t trust companies and government that eliminate privacy and use personal data without consent.

Court of Appeals hearing case on potential Privacy Rights Suit

New York’s Highest Court is hearing arguments Tuesday on whether or not a patient can sue a Steuben County Clinic for a violation of his privacy rights.

To view the full article, please visit Court of Appeals hearing case on potential Privacy Rights Suit.

A Fraying of the Public/Private Surveillance Partnership

To view the full article, please visit: A Fraying of the Public/Private Surveillance Partnership

The lack of data security and privacy on the ‘HealthCare.gov’ triggered national outrage.For the first time patient privacy is a national issue.

Healthcare.gov’s serious technology flaws sparked huge privacy fears even though ONLY one piece of health data is collected, “Do you smoke?”.

The public now fears that the US government and the health IT industry don’t protect sensitive personal health data. Rightly so. See:

 

But current US health IT systems also enable hidden armies of corporations and government agencies to use sensitive personal health data without patient consent.

If our health data was actually private, how could it be sold on the Internet? Three short videos:

 

We have no map of all the hidden flows of our health data. See examples mapping the hidden flows of US health data:

o   states sell health data: http://thedatamap.org/states.html

o   top buyers of health data: http://thedatamap.org/buyers.html

o   data breaches reveal who purchased health data: http://thedatamap.org/history.html

o   health data is easy to re-identify: http://thedatamap.org/risks.html

The consequences of the lack of patient privacy (control over personal health data) are millions people act to keep health data private:

  • Today 40-50 million people/year act to try to keep health data private:

o   37.5 million people every year hide information to try to keep it private

§  November, 2005. National Consumer Health Privacy Survey, California Healthcare Foundation:http://www.chcf.org/publications/2005/11/national-consumer-health-privacy-survey-2005

o   Over 5 million every year avoid or delay early diagnosis for cancer, mental illness, or sexually-transmitted diseases

§  65 Fed. Reg. at 82,779, 65 Fed. Reg. at 82,777, 65 Fed. Reg. at 82,778

§  Or see page 7: http://patientprivacyrights.org/wp-content/uploads/2010/08/The-Case-for-Informed-Consent.pdf

Technology can ensure all the benefits and prevent harms. The idea that we must surrender privacy forever to ‘wire’ the healthcare system is false.

Technology should “do no harm” to patients. The cure is to use tough privacy-enhancing technologies.

Healthcare.gov sends user information to third parties, violating its own privacy policy

You might be interested in this story “Healthcare.gov sends user information to third parties, violating its own privacy policy.” 

The site sends user information to third parties like Pingdom and DoubleClick that are hidden data collectors.  Here you can find a screenshot in which Ghostery is used to show 7 hidden trackers: Healthcare.gov trackers

 

Prescription drug database bill stalls in Pa. House

To view the full article, please visit: Prescription drug database bill stalls in Pa. House

“A bill that would create a prescription drug database intended to help law enforcement nab doctor-shoppers and pill mills hit a hurdle Wednesday in the state House.”

Medical Info for Sale Online

In this article the News4 I-Team discovered how anyone with internet access and who is willing to pay just a few hundred dollars can easily have access to and purchase private medical records online.  This contributes to between “one and two million Americans being affected by medical identity theft each year”.

Read more in this article here and learn where stolen medical information goes, who is selling the information, and where they are getting it from in the first place.  Are YOU at risk?

 

Patient privacy evangelist, analytics officer spar over data rights

To view the full article, please visit: Patient privacy evangelist, analytics officer spar over data rights

“…At the HIMSS Media/Healthcare IT News Privacy and Security Forum in Boston, patient privacy advocate Deborah Peel, MD, of Patient Privacy Rights, and UPMC Insurance Services Division Chief AnalyticsOfficer Pamela Peele took the stage to debate the highly-contested issue of whether patients should have full consent over how and with whom their personal health information records are shared.”

Key quotes from Dr. Peel:

“Forty to 50 million people a year do one of three things: avoid or delay diagnosis for critical conditions like cancer, depression and sexually transmitted diseases, or they hide information,” said Peel. “There’s the economic impact of having a system that people don’t trust.”

“He found that only a whopping 1 percent of the public would ever agree to unfettered research use of their data. Even with de-identified data, only 19 percent would agree to the use of their data for research without consent,” said Peel. “On the other hand, when people are asked if they want to participate or have their data used with consent, the public is very altruistic, so we get something very different fuller information, more complete information when the public knows what you’re doing with it and they support the project.”

 

Pairing patient privacy with health big data analytics

“Health privacy and security are often mentioned in tandem, but Deborah Peel, Founder and Chair of Patient Privacy Rights and Adrian Gropper, Chief Technology Officer of Patient Privacy Rights, took a different view in a recent Institute for Health Technology Transformation (iHT2) webcast.”

“The presentation, titled “Competing for Patient Trust and Data Privacy in the Age of Big Data” detailed a few of the nuances between patient data privacy and security and why privacy is so significant as healthcare organizations pull together huge data sets for health information exchange (HIE) and accountable care.”

To view the full article, please visit: Pairing patient privacy with health big data analytics

The webcast can be viewed at: Competing for Patient Trust and Data Privacy in the Age of Big Data Webinar