Guest Article: The Causes of Digital Patient Privacy Loss in EHRs and Other Health IT Systems

Check out the latest from Shahid Shah, courtesy of The Healthcare IT Guy.

This past Friday I was invited by the Patient Privacy Rights (PPR) Foundation to lead a discussion about privacy and EHRs. The discussion, entitled “Fact vs. Fiction: Best Privacy Practices for EHRs in the Cloud,” addressed patient privacy concerns and potential solutions for doctors working with EHRs.

While we are all somewhat disturbed by the slow erosion of privacy in all aspects of our digital lives, the rather rapid loss of patient privacy around health data is especially unnerving because healthcare is so near and dear to us all. In order to make sure we provided some actionable intelligence during the PPR discussion, I started the talk off giving some of the reasons why we’re losing patient privacy in the hopes that it might foster innovators to think about ways of slowing down inevitable losses.

Here are some of the causes I mentioned on Friday, not in any particular order:

  • Most patients, even technically astute ones, don’t really understand the concept of digital privacy. Digital is a “cyber world” and not easy to picture so patients believe their data and privacy is protected when it may not be. I usually explain patient privacy in the digital world to non-techies using the analogy of curtains, doors, and windows. The digital health IT world of today is like walking into a patient’s room in a hospital in which it’s a large shared space with no curtains, no walls, no doors, etc. (even for bathrooms or showers!). In this imaginary world, every private conversation occurs so that others can hear it, all procedures are performed in front of others, etc. without the patient’s consent and their objections don’t even matter. If they can imagine that scenario, then patients will probably have a good idea about how digital privacy is conducted today — a big shared room where everyone sees and hears everything even over patients’ objections.
  • It’s faster and easier to create non-privacy-aware IT solutions than privacy-aware ones. Having built dozens of HIPAA-compliant and highly secure enterprise health IT systems for decades, my anecdotal experience is that when it comes to features and functions vs. privacy, features win. Product designers, architects, and engineers talk the talk but given the difficulties of creating viable systems in a coordinated, integrated digital ecosystem it’s really hard to walk the privacy walk  Because digital privacy is so hard to describe even in simple single enterprise systems, the difficulty of describing and defining it across multiple integrated systems is often the reason for poor privacy features in modern systems.
  • It’s less expensive to create non-privacy-aware IT solutions. Because designing privacy into the software from the beginning is hard and requires expensive security resources to do so, we often see developers wait until the end of the process to consider privacy. Privacy can no more be added on top of an existing system than security can — either it’s built into the functionality or it’s just going to be missing. Because it’s cheaper to leave it out, it’s often left out.
  • The government is incentivizing and certifying functionality over privacy and security. All the meaningful use certification and testing steps are focused too much on prescribed functionality and not enough on data-centric privacy capabilities such as notifications, disclosure tracking, and compartmentalization. If privacy was important in EHRs then the NIST test plans would cover that. Privacy is difficult to define and even more difficult to implement so the testing process doesn’t focus on it at this time.
  • Business models that favor privacy loss tend to be more profitable. Data aggregation and homogenization, resale, secondary use, and related business models tend to be quite profitable. The only way they will remain profitable is to have easy and unfettered (low friction) ways of sharing and aggregating data. Because enhanced privacy through opt-in processes, disclosures, and notifications would end up reducing data sharing and potentially reducing revenues and profit, we see that privacy loss is going to happen with inevitable rise of EHRs.
  • Patients don’t really demand privacy from their providers or IT solutions in the same way they demand other things. We like to think that all patients demand digital privacy for their data. However, it’s rare for patients to choose physicians, health systems, or other care providers based on their privacy views. Even when privacy violations are found and punished, it’s uncommon for patients to switch to other providers.
  • Regulations like HIPAA have made is easy for privacy loss to occur. HIPAA has probably done more to harm privacy over the past decade than any other government regulations. More on this in a later post.

The only way to improve privacy across the digital spectrum is to realize that health providers need to conduct business in a tricky intermediary-driven health system with sometimes conflicting business goals like reduction of medical errors or lower cost (which can only come with more data sharing, not less). Digital patient privacy is important but there are many valid reasons why privacy is either hard or impossible to achieve in today’s environment. Unless we intelligently and honestly understand why we lose patient privacy we can’t really create novel and unique solutions to help curb the loss.

What do you think? What other causes of digital patient privacy loss would you add to my list above?

Courtesy of The Healthcare IT Guy.

Should You Lose Your Gun Rights If You Visit a Shrink?

From Michael E. Hammond in the Washington Times: Obama’s gun-control dictate on ‘mental health’ threatens veterans’ rights

 

In a preternatural example of tone-deafness, an administration under fire for snooping into Americans’ privacy is now proposing to waive federal privacy laws so psychiatrists can report their gun-owning patients to the government.

The Department of Health and Human Service’s “notice of proposed rule-making,” floated by the White House in a Friday media dump, would waive portions of the federal Health Insurance Portability and Accountability Act (HIPAA) to allow psychiatrists to report their patients to the FBI’s gun-ban blacklist (the NICS system) on the basis of confidential communications.

The 1968 Gun Control Act bans guns for anyone who is “adjudicated as a mental defective or … committed to a mental institution.”

Unfortunately, under 2008 NICS Improvement Act, drafted by Sen. Charles E. Schumer, New York Democrat, and its regulations, that “adjudication” can be made by any “other lawful authority.” This means a diagnosis by a single psychiatrist in connection with a government program.

To read the full article, please click here.

Company That Knows What Drugs Everyone Takes Going Public

Nearly every time you fill out a prescription, your pharmacy sells details of the transaction to outside companies which compile and analyze the information to resell to others. The data includes age and gender of the patient, the name, address and contact details of their doctor, and details about the prescription.

A 60-year-old company little known by the public, IMS Health, is leading the way in gathering this data. They say they have assembled “85% of the world’s prescriptions by sales revenue and approximately 400 million comprehensive, longitudinal, anonymous patient records.”

IMS Health sells data and reports to all the top 100 worldwide global pharmaceutical and biotechnology companies, as well as consulting firms, advertising agencies, government bodies and financial firms. In a January 2nd filing to the Security and Exchange Commission announcing an upcoming IPO, IMS said it processes data from more 45 billion healthcare transactions annually (more than six for each human on earth on average) and collects information from more than 780,000 different streams of data worldwide.

Deborah Peel, a Freudian psychoanalyst who founded Patient Privacy Rights in Austin, Texas, has long been concerned about corporate gathering of medical records.

“I’ve spent 35 years or more listening to how people have been harmed because their records went somewhere they didn’t expect,” she says. “It got to employers who either fired them or demoted them or used the information to destroy their reputation.”

“It’s just not right. I saw massive discrimination in the paper age. Exponential isn’t even a big enough word for how far and how much the data is going to be used in the information age,” she continued. “If personal health data ‘belongs’ to anyone, surely it belongs to the individual, not to any corporation that handles, stores, or transmits that information.”

To view the full article please visit: Company That Knows What Drugs Everyone Takes Going Public

IMS Health Files for IPO – Is It Legal?

On January 2nd, IMS Health Holdings announced it will sell stock on the New York Stock Exchange. IMS joins other major NYSE-listed corporations that derive significant revenue from selling sensitive personal health data, including General Electric, IBM, United Health Group, CVS Caremark, Medco Health Solutions, Express Scripts, and Quest Diagnostics.

  • IMS buys and aggregates sensitive “prescription and promotional” records, “electronic medical records,” “claims data,” “social media” and more to create “comprehensive,” “longitudinal” health records on “400 million” patients.
  • All purchases and subsequent sales of personal health records are hidden from patients.  Patients are not asked for informed consent or given meaningful notice.
  • IMS Health Holdings sells health data to “5,000 clients,” including the US Government.
  • Despite claims that the data sold is “anonymous”, computer science has long established that re-identification is easy.
  • See brief 3-page paper by Narayanan and Shmatikov at: http://www.cs.utexas.edu/~shmat/shmat_cacm10.pdf)
  • See Prof. Sweeney’s paper on re-identifying patient data sold by states like WA at: http://thedatamap.org/risks.html
  • “Our solutions, which are designed to provide our clients access to our deep healthcare-specific subject matter expertise, take various forms, including information, tailored analytics, subscription software and expert services.” (from IMS Health Holding’s SEC filing)

 

Quotes from IMS Health Holding’s SEC filing:   “We have one of the largest and most comprehensive collections of healthcare information in the world, spanning sales, prescription and promotional data, medical claims, electronic medical records and social media. Our scaled and growing data set, containing over 10 petabytes of unique data, includes over 85% of the world’s prescriptions by sales revenue and approximately 400 million comprehensive, longitudinal, anonymous patient records.”   IMS buys “proprietary data sourced from over 100,000 data suppliers covering over 780,000 data feeds globally.”

How can this business model be legal?  How can companies decide that US citizens’ personal health data is “proprietary data,” a corporate asset, and sell it?  If personal health data ‘belongs’ to anyone, surely it belongs to the individual, not to any corporation that handles, stores, or transmits that information.

Americans’ strongest rights to control personal information are our rights to control personal health information. We have constitutional rights to health information privacy which are not trumped by the 2001 elimination of the right of consent from HIPAA (see: http://patientprivacyrights.org/truth-hipaa/ ). HIPAA is the “floor” for privacy rights, not the ceiling. Strong state and federal laws, and medical ethics require consent before patient data is used or disclosed. 10 state constitutions grant residents a right to privacy, and other states constitutions have been interpreted as giving residents a right to privacy (like TX).

Surely FTC would regard the statement filed with the SEC as evidence of unfair and deceptive trade practices. US patients’ health data is being unfairly and deceptively bought and sold.  Can the SEC deny IMS Health the opportunity to offer an IPO, since its business model is predicated on hidden purchase and sale of Americans’ personal health data?

If we can’t control the use and sale of our most sensitive personal information, data about our minds and bodies, isn’t our right to privacy worthless?

deb

To view the full article published in Modern Healthcare visit:  IMS Health Files for IPO

 

Data Mining to Recruit Sick People

Companies Use Information From Data Brokers, Pharmacies, Social Networks

Some health-care companies are pulling back the curtain on medical privacy without ever accessing personal medical records, by probing readily available information from data brokers, pharmacies and social networks that offer indirect clues to an individual’s health.

Companies specializing in patient recruitment for clinical trials use hundreds of data points—from age and race to shopping habits—to identify the sick and target them with telemarketing calls and direct-mail pitches to participate in research.

“I think patients would be shocked to find out how little privacy protection they have outside of traditional health care,” says Nicolas P. Terry, professor and co-director at the Center for Law and Health at Indiana University’s law school. He adds, “Big Data essentially can operate in a HIPAA-free zone.”

FTC Commissioner Julie Brill says she is worried that the use of nonprotected consumer data can be used to deny employment or inadvertently reveal illnesses that people want kept secret. “As Big Data algorithms become more accurate and powerful, consumers need to know a lot more about the ways in which their data is used,” Ms. Brill says.

To view the full article, please visit: Data Mining to Recruit Sick People (article published December 17, 2013)

 

 

The Truth About HIPAA – It Hasn’t Changed

Everyone thinks HIPAA protects personal health data. It doesn’t.

The most valuable data collected and sold by US “data brokers” is sensitive personal health information.

US “data brokers” capture sensitive health information by tracking our searches, social media, phone apps and GPS data. The majority of US healthcare institutions, health-related state and federal government agencies, and health technology vendors are also “data brokers”.

HIPAA gave millions of hidden institutions, healthcare providers, and technology vendors the right to control, use, and sell our medical records, prescriptions, lab tests, claims data, and more. HIPAA gave them the right to be “data brokers”.

If the President’s Consumer Privacy Bill of Rights (CPBOR) was the law of the land AND also was applied to the healthcare system, patients could control who collects and uses health data—not “data brokers”.

The CPBOR’s strong new rights to control the use of personal data could end the use of data for discrimination in every area of life, including  jobs, credit, mortgages, and opportunities.

The EU got it right:  no government agency or corporation in the EU can collect, use, or sell personal data without permission.

deb

This blog was written in response to the following article: Senators call for consumer privacy protections

 

Testimony of Deborah C. Peel, MD at the ONC’s Patient Matching Stakeholder Meeting

WASHINGTON, DC (December 16, 2013) – Patient Privacy Rights’ (PPR) founder and chair, Deborah C. Peel, MD, submitted written testimony to the U.S. Department of Health and Human Services’ Office of the National Coordinator (ONC) at today’s Patient Matching Stakeholder Meeting. The meeting discussed the initial findings from the ONC’s dedicated initiative to assess which aspects of patient identification matching are working well, where there are gaps, and where improvements are needed.

 

In her prepared testimony, Dr. Peel said that “the Initial Findings address the problems caused by current institutional health information technology (health IT) systems and data exchanges.” However, she also stated that the findings may not adequately address future needs, nor do they foresee how the meaningful use requirements for the Health Information Technology for Clinical Health (HITECH) Act can resolve many of the current problems with patient identity and patient matching.

 

Arguing that the findings present a tremendous opportunity to create and leverage genuine patient engagement, Dr. Peel said that “patients have more interest and stake in data integrity and safety than any other stakeholder.” Describing PPR’s vision of the future, Dr. Peel outlined how meaningful patient engagement will eliminate many of the complex problems caused by current patient identity systems, matching technologies, and algorithms. She also said that meaningful patient engagement means that patients can access, control, or delegate how their personal information is used and disclosed, as well as monitor all exchanges of their health data in real time.

 

Additionally, Dr. Peel discussed key elements for meaningful patient engagement based on Fair Information Practices (FIPs) and federal law. She said that all data holders and all health data aggregators should operate as HIPAA covered entities and should be known to patients. In order to provide accountability and transparency, she said that each data aggregator should provide Notice of Privacy Practices (NPPs), voluntary patient-controlled IDs, patient and physician portals, Direct Secure email between patients and physicians Blue Button Plus (BB+), and real time accounting of disclosures.

 

In her concluding remarks, Dr. Peel stated that polices and best practices should consider how future health IT systems and data exchanges will operate, and should “anticipate meaningful patient and physician engagement, lowering costs, improving data quality, integrity and patient safety.” She urged the ONC to require, promote, and incentivize the rapid adoption of technologies that meaningfully engage patients as described in her testimony.
The complete text of this testimony is here.

What a Small Moment in the Obamacare Debate Says About Ideological Media

Politics aside, a huge majority of the public agrees that ALL personal information should be protected online, not just when they apply for Obamacare, use electronic health systems, or search online about health.  The right to control the use of personal health data is strongly supported by 95% of Americans.

But like the public, the author doesn’t know that government and corporations already have access to every citizen’s personal health information. See: http://patientprivacyrights.org/truth-hipaa/  HIPAA has not protected our rights to health ‘privacy’ since 2002.

Key conclusions:

  • “The Bush and Obama Administrations both showed with perfect clarity that they don’t give a damn about the privacy rights of Americans; federal bureaucrats serving in both eras have broken the law to hoover up our private information; and every trend points to a federal government intent on expanding its ability to collect information on Americans and share it among agencies. The U.S. has also shown an inability to protect data it stores from being hacked or stolen. Given all that, it isn’t paranoid to imagine that any health information handed over to the federal government won’t remain private for long. A betting man would be wise to conclude that somehow or other, it will at least be seen more widely than Obama Administration officials are promising—especially if additional steps aren’t taken to make the information better protected.”
  • “Outsmarting the most hackish Republicans isn’t enough to fix the flaws in legislation that you championed and passed, substantial warts and all.”

Congress must pass a strong new law soon to giving patients a clear, strong right to control personal health information.  We should decide who can see and use our most sensitive personal information. The nation’s trust in government will only worsen if we cannot protect even our MOST sensitive personal data, from prescription records, to DNA to diagnoses.

deb

This blog was written in response to the following article: What a Small Moment in the Obamacare Debate Says About Ideological Media

Security and Privacy of Patient Data Subject of Regulatory Hearing

Representatives of patients, providers, insurers and tech companies testify before federal panel yesterday at the HIT Policy Privacy & Security Tiger Team Virtual Hearing on Accounting for Disclosures.

“We believe it’s the patient’s right to have digital access that is real-time and online for accounting of disclosures,” said Dr. Deborah Peel, the head of Patient Privacy Rights, a group she founded in 2004. Patients “need and want the data for our own health. We need to have independent agents as advisors, independent decision-making tools, we need independence from the institutions and data holders that currently control our information. We need to have agents that represent us, not the interests of corporations,” she said.

“I think the day will come when people will understand that their health information is the most valuable personal information about them in the digital world and that it’s an asset that should be protected in the same way that they protect and control their financial information online,” Peel said.

To view the full article click Security and Privacy of Patient Data Subject of Regulatory Hearing

To view a PDF of the hearing click HIT Policy Privacy & Security Tiger Team Virtual Hearing on Accounting for Disclosures

 

Pairing patient privacy with health big data analytics

“Health privacy and security are often mentioned in tandem, but Deborah Peel, Founder and Chair of Patient Privacy Rights and Adrian Gropper, Chief Technology Officer of Patient Privacy Rights, took a different view in a recent Institute for Health Technology Transformation (iHT2) webcast.”

“The presentation, titled “Competing for Patient Trust and Data Privacy in the Age of Big Data” detailed a few of the nuances between patient data privacy and security and why privacy is so significant as healthcare organizations pull together huge data sets for health information exchange (HIE) and accountable care.”

To view the full article, please visit: Pairing patient privacy with health big data analytics

The webcast can be viewed at: Competing for Patient Trust and Data Privacy in the Age of Big Data Webinar