Groups develop privacy framework for health IT

To view the full article, please visit Groups develop privacy framework for health IT.

An article written at ModernHealthcare.com about our new Privacy Trust Framework explains how the framework came into being and what it’s major principles are.

Key quote from the article:

“‘This comes from what the American public wants and was devised by Microsoft and PricewaterhouseCoopers,’ Peel said. ‘Some of the bigger corporations see the future as the public controlling things. Microsoft wanted to distinguish itself from Google Health (its one-time rival as a developer of PHR platforms) and wanted HealthVault to be the privacy place and wanted to compete in that way.’ PricewaterhouseCoopers saw a future auditing opportunity, she said. ‘We’re now moving with the Blue Button where patients can access their information and control it. The ultimate consumer is the patient.’”

The Privacy Trust Framework can be found here.

Framework Outlines Key Principles for Protecting Privacy of Patient Data

To view the full article, please visit Framework Outlines Key Principles for Protecting Privacy of Patient Data.

iHealthBeat released an article about the Privacy Rights framework explaining its goals and principles.

Key quote from the article:

“The framework aims to help health care organizations measure how well their IT systems and research projects meet certain best practices for protecting patient privacy.

Patient Privacy Rights eventually intends to develop a system to license organizations based on their privacy policies and practices.”

The full Privacy Trust Framework can be viewed here.

New Framework Details 15 Core Health Privacy Principles

To view the full article, please visit New Framework Details 15 Core Health Privacy Principles.

HealthDataManagement.com recently posted this article about Patient Privacy Rights’ Privacy Trust Framework. The article tells HealthDataManagement readers “The Framework is designed to help measure and test whether health information systems and research projects comply with best privacy practices in such areas as whether patients have control over their protected health information, an organization obtains meaningful consent before disclosing data and obtains new consent before secondary data use occurs, patients have the ability to selectively share data, and the organization uses servers housed in the United States, among other factors.”

The key principles for our Privacy Trust Framework:

*Patients can easily find, review and understand the privacy policy.

* The privacy policy fully discloses how personal health information will and will not be used by the organization. Patients’ information is never shared or sold without patients’ explicit permission.

* Patients decide if they want to participate.

* Patients are clearly warned before any outside organization that does not fully comply with the privacy policy can access their information.

* Patients decide and actively indicate if they want to be profiled, tracked or targeted.

* Patients decide how and if their sensitive information is shared.

* Patients are able to change any information that they input themselves.

* Patients decide who can access their information.

* Patients with disabilities are able to manage their information while maintaining privacy.

* Patients can easily find out who has accessed or used their information.

* Patients are notified promptly if their information is lost, stolen or improperly accessed.

* Patients can easily report concerns and get answers.

* Patients can expect the organization to punish any employee or contractor that misuses patient information.

* Patients can expect their data to be secure.

* Patients can expect to receive a copy of all disclosures of their information.

The full framework can be viewed at Privacy Rights Framework.

An American Quilt of Privacy Laws, Incomplete

The MOST “incomplete” US privacy law is HIPAA, which eliminated Americans’ rights to control the collection, use, disclosure and sale of their health data in 2001.

The new Omnibus Privacy Rule did not fix this disaster. It made things worse by explicitly permitting health data sales for virtually any purpose without patients’ consent or knowledge. These new regulations violate Congress’ intent to ban the sale of health data in the 2009 stimulus bill.

In addition to not being able to control personal health information Americans have no ‘chain of custody’ for their health data, so there is no way to know who is using or selling our health data.

We need a data map to track all the hidden users and sellers of our personal health information, from our DNA, to our diagnoses, to our prescription records:

  • -Watch Professor Sweeney describe the Harvard Data Privacy Lab/Patient Privacy Rights research project to track hidden users of our health data at: http://patientprivacyrights.org/thedatamap/
  • -WE NEED A DATA MAP TO SHOW THE GOVERNMENT IT’S TIME TO FIX THIS PRIVACY DISASTER!

Attend or watch the next health privacy summit June 5-6 in Washington, DC to learn about these urgent health data problems and potential solutions:

HIStalk News 3/22/13 – Quotes Dr. Deborah Peel on new CVS policy

To view the full article, please visit HIStalk News 3/22/13.

Key quote from the article:

“Patient Privacy Rights Founder Deborah Peel, MD calls a new CVS employee policy that charges employees who decline obesity checks $50 per month “incredibly coercive and invasive.” CVS covers the cost of an assessment of height, weight, body fat, blood pressure, and serum glucose and lipid levels, but also reserves the right to send the results to a health management firm even though CVS management won’t have access to the results directly. Peel says a lack of chain of custody requirements means that CVS could review the information and use it to make personnel decisions.”

CVS requiring employees to undergo weight, health assessment

To view the full article, please visit CVS requiring employees to undergo weight, health assessment.

Key quotes from the article:

“This is an incredibly coercive and invasive thing to ask employees to do,” Patient Privacy Rights founder Deborah Peel told the Boston Herald, noting that such policies are becoming more prevalent as health costs increase.

“Rising health care costs are killing the economy, and businesses are terrified,” she continued to the Herald. “Now, we’re all in this terrible situation where employers are desperate to get rid of workers who have costly health conditions, like obesity and diabetes.”

“While patient-privacy activists have cried foul, Michael DeAngelis, a CVS spokesman, explained that the goal is health.”

To learn more about the issue, please visit our Health Privacy Summit Website and register for the 3rd International Summit on the Future of Health Privacy.

CVS imposes health penalty if workers’ body weight is not reported or they don’t quit smoking

To view the full article, please visit CVS imposes health penalty if workers’ body weight is not reported or they don’t quit smoking.

CVS has instated a very invasive new policy of charging workers a hefty $600 dollar a year fine if they do not disclose sensitive health information to the company’s benefits firm. According to the article, “Under the new policy, nearly 200,000 CVS employees who obtain health insurance through the company will have to report their weight, blood sugar, blood pressure and cholesterol to WebMD Health Services Group, which provides benefits support to CVS.” However, if employees refuse, they will be charged an extra $50 a month in health insurance costs.

Patient Privacy Rights’ Dr. Deborah Peel tells the public, “‘This is an incredibly coercive and invasive thing to ask employees to do,’…’Rising healthcare costs are killing the economy, and businesses are terrified, Now, we’re all in this terrible situation where employers are desperate to get rid of workers who have costly health conditions, like obesity and diabetes.’”

To learn more about this issue, please visit our Health Privacy Summit Website and register for the 3rd International Summit on the Future of Health Privacy.

Putting Health IT on the Path to Success

“The promise of health information technology (HIT) is comprehensive electronic patient records when and where needed, leading to improved quality of care at reduced cost. However, physician experience and other available evidence suggest that this promise is largely unfulfilled.

Comprehensive records require more than having every physician and hospital use an electronic health record (EHR) system. There must also be an effective, efficient, and trustworthy mechanism for health information exchange (HIE) to aggregate each patient’s scattered records into a complete whole when needed. This mechanism must also be accurate and reliable, protect patient privacy, and ensure that medical record access is transparent and accountable to patients.”

*Subscription needed to see full article.

Privacy Piracy Interview with PPR Founder

PRIVACY PIRACY HOST, MARI FRANK, ESQ. INTERVIEWS
DEBORAH PEEL, MARCH 11TH, 2013

On Monday, March 11th, 2013 Deborah C. Peel, MD, founder & chair of Patient Privacy Rights, was interviewed on Privacy Piracy with Mari Frank.

Among the topics of discussion were:

  1. The current state of Health Privacy
  2. How can individuals help to save and strengthen health privacy rights?
  3. What is the focus of the third International Summit on the Future of Health Privacy?

Should the U.S. Adopt European-Style Data-Privacy Protections?

View the full article at Should the U.S. Adopt European-Style Data-Privacy Protections?

This urgent issue will be debated at the 3rd International Summit on the Future of Health Privacy in Washington, DC on June 5-6, 2013 at Georgetown Law Center.

The opening keynote will be Peter Hustinx, the EU Data Protection Supervisor. He will speak on “A health check on data privacy?”

Register to attend at www.healthprivacysummit.org . Later we will post a link to watch via live-streaming video.