HHS proposes stronger privacy protections under HIPAA

Proposed changes to the HIPAA privacy regulations would expand patients’ rights to access their information and restrict certain types of disclosures of protected health information to health plans, according to InformationWeek.

“We want to make sure it is possible for patients to have maximal control over PHI,” national health IT coordinator Dr. David Blumenthal said at an HHS press conference. The statement–and the proposal itself–thrilled healthcare privacy hawk Dr. Deborah Peel. Her organization, the Patient Privacy Rights Foundation, put out a statement strongly in favor of the changes, saying that the proposed rule “signaled a clear policy change in the Obama administration, strengthening consumer rights to health privacy.”

To learn more:
- read the proposed rule issued by HHS on July 8
- read this Computerworld article via Businessweek
- take a look at CMIO’s article
- read the InformationWeek story
- see this AHIMA press release
- check out this statement from the Patient Privacy Rights Foundation, which includes a video of the HHS press conference

PPR impressed with HHS’ privacy approach

Secretary of Health and Human Services (HHS), the Director of the Office of Civil Rights (OCR), and the National Coordinator for HIT all made very strong, pro-privacy statements at the press conference today announcing the Notice of Proposed Rulemaking (NPRM) titled: 45 CFR Parts 160 and 164, RIN: 0991-AB57, Modifications to the HIPAA Privacy, Security, and Enforcement Rules under the Health Information Technology for Economic and Clinical Health Act.

Signaling a major shift in direction for the Administration and HHS’ Secretary Sebelius said “It’s important to understand this announcement of the NPRM…. is part of an Administration-wide commitment to make sure no one has access to your personal information unless you want them to.”

Patient Privacy Rights heartily congratulates the Administration and Sec. Sebelius for this new pro-privacy, patient-centered approach to personal health information (PHI).

We applaud Secretary Sebelius’ clear acknowledgment that health IT systems should empower patients to control PHI. Putting patients in control of PHI is the only route to prevent wasting billions in stimulus funds on HIT systems that destroy privacy and to stop the theft, misuse, and sale of PHI in today’s primitive HIT systems and data exchanges.

During her remarks, OCR Director Verdugo said, “the benefits of HIT will only be fully realized if health information is kept private and secure at all times.”

And finally Dr. Blumenthal stated, “we want to make sure it is possible for patients to have maximal control over PHI.” He also referred to the Consumer Choices Technology Hearing last week, which demonstrated consent tools that enable patients to control the use and disclosure of their health information from EHRs and for HIE.

Hopefully the NPRM actually gives Americans the control over access to personal information Secretary Sebelius said the Administration is committed to. We are analyzing the 234 page Notice of Proposed Rulemaking (NPRM), and will post our comments on the NPRM as soon as we can.

Below see the Press Conference announcing the Proposed Rule.

HHS pitches new patient privacy safeguards

A new rule proposed today would add substantial protections to the Health Insurance Portability and Accountability Act (HIPAA) for individuals who want to make sure their personal health information remains private and under their control, something that’s considered vital to the eventual success of electronic health record deployments.

Health and Human Services Secretary Kathleen Sebelius acknowledged as much in announcing the rule, saying that, while health IT will help to move the American health system forward, “the privacy and security of personal health data is at the core of all of our work.”

The proposed rule, which will be open to a 60-day comment period starting July 14, takes various routes to providing patient control…

…First reactions to the proposal were generally positive. Deborah Peel, founder and chair of the Patient Privacy Rights organization and an often fierce critic of the government’s record on privacy rights, said she was impressed with Sibelius’s remarks.

“We applaud her for recognizing that HHS should build what the public expects: health IT systems that empower patient control over personal health information,” she said.

HHS’ Health Privacy Site

ONC IS MAKING HISTORY!

ATTEND THE FIRST EVER HEARING ON PRIVACY-ENHANCING TECHNOLOGIES IN THE NATION.

Register here.

The hearing, scheduled all day on June 29th, will showcase 7 innovative, existing privacy-enhancing Health IT products and systems, and future technologies. The technologies will be discussed by 4 experts and the Privacy and Security Tiger Team.

Early this year, Dr. Blumenthal met with the bipartisan Coalition for Patient Privacy. He told us our idea for this conference struck him as “very intriguing. Two principles should animate our policy development. Patients/consumers come first, and the process should be fair and open.” So he agreed to hold a hearing.

Register to attend the hearing at: http://www.blsmeetings.net/consumerchoicetechnologyhearing/
For agenda see: http://healthit.hhs.gov/portal/server.pt?open=512&mode=2&objID=2833&PageID=19423

This is the first hearing ONC has ever held that is focused solely on privacy rights and patients’ expectations to control sensitive health records, from prescriptions to DNA. It is VERY timely because billions in stimulus dollars are about to flow.

What kinds of systems do you want to get the stimulus billions??? Current HIT systems that facilitate the data mining, theft, and sale of personal health information or systems that put YOU in control of YOUR information?

Inside-the-beltway domination of policy and standards by major legacy health IT vendors, many major hospitals, the health data mining industries, and physicians’ organizations has made it very hard for consumer and privacy advocates to be heard, even though we represent the majority of the American public. The fear is if they have to ask first to see or use our health information, we might refuse. And we might. But it’s our right to do so.

Today’s HIT systems put our jobs and our kids’ futures at risk by exposing everything from our prescription records to our DNA to sale and theft. Once our health data is exposed, like Paris Hilton’s sex video, we can never make it private again.

Showcasing technology that empowers patients to actively share data for treatment, personal benefit, and for research, while empowering patients to protect personal information to prevent harms is critical—especially now as HHS prepares to spend billions on EHRs and models for data exchange that do not require meaningful and comprehensive privacy controls.

The video of the hearing will be a critical online resource for the public, the media, states, and the world. There is no other way to learn about robust privacy-enhancing technologies that meet patients’ expectations and rights to control use of PHI while enabling compliance with strong state and federal laws, medical ethics, and our Constitutional rights to privacy.

Latanya Sweeney’s testimony and slides show the need to choose the right HIT technologies and systems up front, rather than letting “100 weeds fester.” See her testimony at: http://patientprivacyrights.org/wp-content/uploads/2010/04/Sweeney-CongressTestimony-4-22-10.pdf
See her slides at: http://patientprivacyrights.org/wp-content/uploads/2010/06/Sweeney-TrustworthyNHINDesigns.pdf

If you cannot attend in person, PLEASE listen in and comment at the end during the comment period or submit comments online. The video link of the hearing will be posted the following day.

TAKE PART: Tell ONC to build privacy-enhancing health IT systems you can trust. Tell ONC to build privacy-enhancing EHRs and systems for data exchange, don’t blow the stimulus billions on systems that will never be trusted.

If we don’t fight for our rights to control sensitive personal health information, we will never GAIN the right to control the rest of our personal information online and in the Digital World.

Thanks for helping to save privacy!

Health IT coordinator attacks rumors that spy agencies would tap into patient information network

Dr. David Blumenthal, national coordinator for health information technology, has strongly denied any plans to develop a national network that would transmit patients’ medical information to the Justice and Homeland Security departments…

…Rather than defusing concerns, privacy advocates said Blumenthal’s remarks only heightened questions about what role NIEM standards, and the law enforcement agencies that developed them, will play in a national health information network.

Dr. Deborah Peel, founder of the Patient Privacy Rights Foundation, said she believes Blumenthal is well-intentioned in his aim to ensure patient information is not transmitted to law enforcement or intelligence agencies. But promises do not have the force of law, she noted.

Privacy concerns surface over ONC data project

There’s an old warning, “Just because you’re paranoid doesn’t mean they’re not after you.”

Last week, David Blumenthal, head of the Office of the National Coordinator for Health Information Technology at HHS, tried to tamp down some blogosphere-based insinuations that work by his office might be contributing to a national surveillance state.

PR Firm Behind Propaganda Videos Wins Stimulus Contract

President Obama’s push for electronic medical records has faced resistance from those who question whether health information technology systems can protect patient privacy…

…Consumer advocates warned that the PR contract will only heighten skepticism about the security of online health records. A poll conducted last year by NPR, the Kaiser Family Foundation and the Harvard School of Public Health found that roughly six in 10 Americans lack confidence in the privacy of online health records.

“The public has always been very suspicious over whether electronic health information will be safe,” said Dr. Deborah C. Peel, a physician and founder of the Coalition for Patient Privacy, which includes consumer, privacy and health groups. Peel called Ketchum a “very, very troubling choice because the last thing the public needs are more tricks being pulled on them.”

NHIN won’t funnel information to CIA: Blumenthal

David Blumenthal, head of HHS’ Office of the National Coordinator for Health Information Technology, has denied allegations that a framework for selecting data transmission standards for the proposed national health information network would configure the system to afford federal control over patient data and funnel that information to federal agencies, including the CIA, Justice Department and National Security Agency.

Blumenthal’s remarks came more than three hours into the March 25 meeting of the Health IT Standards Committee. The committee is a federal panel created under the American Recovery and Reinvestment Act of 2009, also known as the stimulus law, to advise the ONC on matters concerning health IT standards.

They got it wrong… AGAIN!

See article: ‘Meaningful Use’ criteria released

Can you believe it? Doctors and hospitals that purchase electronic health records (EHRs) ‘wired’ for ‘back-door’ data mining will be paid to steal and use our sensitive health records without our permission!

The government and the massive health data mining industry won. Industry and the government’s plan to continue illegal and unethical data mining trumped Americans’ rights to health privacy.

The rules guarantee that employers, insurers, banks, and government will be able to use our sensitive health information—from prescriptions to DNA— to discriminate against us in jobs, credit, and insurance.

Instead, the new interim rules for EHRs should reward the purchase and use of ‘smart’ EHRs with consent technologies so patients control who can see and use their health records.

The stimulus billions will be wasted because doctors and hospitals will be rewarded for using obsolete, unethical EHR ‘clunkers’. Like the UK, the US will be forced to spend billions to correct a disastrously flawed national electronic health system that prevents patients from controlling their health records.

To understand the “meaningful use” criteria that SHOULD be required in EHRs, see the comments submitted to the Administration by the bipartisan Coalition for Patient Privacy, representing millions of Americans: http://www.localhost:8888/pprold/media/Coalition_to_HIT_PC_Meaningful_Use.pdf

When will the Administration and corporations get it? Privacy protections have to be tough and comprehensive if we want a national HIT system that consumers will trust and use.

To act, join www.localhost:8888/pprold to get e-alerts. Stop corporations and the government from using your sensitive health information for uses you would never agree to.