Mostashari, policy committee take critical look at CommonWell

To view the full article, please visit: Mostashari, policy committee take critical look at CommonWell

The ONLY way patients/the public will trust health technology systems is if THEY control ‘interoperability’—-ie if THEY control their sensitive health data. Patients have strong rights to control exactly who can collect, use, and disclose their health data. This also happens to be what the public expects and wants MOST from HIT……The public has strong legal rights to control PHI, despite our flawed HIT systems.

The story below is about an attempt by large technology vendors and the government to maintain control over the nation’s sensitive health data. Institutional/government-sanctioned models like the CommonWell Alliance violate patients’ rights to control their medical records (from diagnoses to DNA to prescription records).  Patients should be able to:

  • -choose personal email addresses as their IDs, there is no need for Institutions to choose ID’s for us—email addresses on the Internet work very well as IDs
  • -download and store their health information from electronic records systems (EHRs)–required by HIPAA since 2001, but only now becoming reality via the Blue Button+ project
  • -email their doctors using Direct secure email

Today’s systems violate 2,400 years of ethics underlying the doctor-patient relationship and the practice of Medicine: ie Hippocrates’ discovery that patients would only be able to trust physicians with deeply personal information about their bodies and minds IF the doctors never shared that information without consent. That ‘ethic’—-ie, to guard the patient’s information and act as the patient’s agent and protector is codified in the Hippocratic Oath and embodied in American law and the AMA Code of Medical Ethics. Americans have strong rights to health information privacy which HIPAA has not wiped out (HIPAA is the FLOOR, not the CEILING for our privacy rights).

The public does NOT agree that their sensitive health data should be used without consent—they expect to control health information with rare legal exceptions. See: http://patientprivacyrights.or…. HUGE majorities believe that individuals alone should decide what data they want to share with whom—not one-size-fits-all law or policies.

Nor does the public agree to use of their personal health data for “research”—whether for clinical research about diseases or by industry for commercial use of the data via the ‘research and public health loopholes’ in HIPAA. Only 1% of the public agrees to unfettered use of personal health data for research. Read more about these survey results here.

The entire healthcare system depends TOTALLY on a two-person relationship, and whether there is trust between those two people. We must look at the fact that today’s HIT systems VIOLATE that personal relationship by making it ‘public’ via the choice of health technology systems designed for data mining and surveillance. Instead we need technology designed to ensure patient control over personal health information (with rare legal exceptions). When patients cannot trust their doctors, health professionals, or the flawed technology systems they use, the consequence is many millions of patients avoid or delay of treatment and hide information. Every year many millions of Americans take actions which CAUSE BAD OUTCOMES.

Current health technologies and data exchange systems cause millions of people annually to risk their health and lives, ie the technologies we are using now cause BAD OUTCOMES.

We have to face facts and design systems that can be trusted. Patient Privacy Rights’ Trust Framework details in 75 auditable criteria what it takes to be a trusted technology or systems. See:http://patientprivacyrights.or… or download the paper at:
http://ssrn.com/abstract=22316…

Groups develop privacy framework for health IT

To view the full article, please visit Groups develop privacy framework for health IT.

An article written at ModernHealthcare.com about our new Privacy Trust Framework explains how the framework came into being and what it’s major principles are.

Key quote from the article:

“‘This comes from what the American public wants and was devised by Microsoft and PricewaterhouseCoopers,’ Peel said. ‘Some of the bigger corporations see the future as the public controlling things. Microsoft wanted to distinguish itself from Google Health (its one-time rival as a developer of PHR platforms) and wanted HealthVault to be the privacy place and wanted to compete in that way.’ PricewaterhouseCoopers saw a future auditing opportunity, she said. ‘We’re now moving with the Blue Button where patients can access their information and control it. The ultimate consumer is the patient.’”

The Privacy Trust Framework can be found here.

Framework Outlines Key Principles for Protecting Privacy of Patient Data

To view the full article, please visit Framework Outlines Key Principles for Protecting Privacy of Patient Data.

iHealthBeat released an article about the Privacy Rights framework explaining its goals and principles.

Key quote from the article:

“The framework aims to help health care organizations measure how well their IT systems and research projects meet certain best practices for protecting patient privacy.

Patient Privacy Rights eventually intends to develop a system to license organizations based on their privacy policies and practices.”

The full Privacy Trust Framework can be viewed here.

Re: PNAS study on predicting human behavior using digital records

Picture a box with 2,000 or 10,000 puzzle pieces inside—any one puzzle piece reveals nothing about the picture. But when all the pieces are assembled, an incredibly detailed picture FULL of information is created.

The data mining industry—including Google, Facebook, Acxiom and thousands more unknown corporations and foreign businesses—assembles the puzzle of who we are from thousands of bits of data we leave online. They know FAR MORE than anyone on Earth knows about each of us—more than what our partners, our moms and dads, our best friends, our psychoanalysts, or our children know about us.

The UK study shows how easy it is for hidden data mining companies to intimately know us (and sell) WHO WE ARE.

Most Americans are not aware of the ‘surveillance economy’ or that data miners can easily collect intimate psychological and physical/health profiles of everyone from online data.

The study:

  • “demonstrates the degree to which relatively basic digital records of human behavior can be used to automatically and accurately estimate a wide range of personal attributes that people would typically assume to be private”
  • “is based on Facebook Likes, a mechanism used by Facebook users to express their positive association with (or “Like”) online content, such as photos, friends’ status updates, Facebook pages of products, sports, musicians, books, restaurants, or popular Web sites”
  • correctly discriminates between:
    • homosexual and heterosexual men in 88% of cases
    • African Americans and Caucasian Americans in 95% of cases
    • between Democrat and Republican in 85% of cases
    • For the personality trait “Openness,” prediction accuracy is close to the test–retest accuracy of a standard personality test

The “surveillance economy” is why the US needs FAR STRONGER LAWS at the very least to prevent the hidden collection, use, and sale of health data, including everything about our minds and bodies, unless we give meaningful informed consent.

This urgent topic, ie whether the US should adopt strong data privacy and security protections like the EU—will be debated at the 3rd International Summit on the Future of Health Privacy June 5-6 in DC (it’s free to attend and will also be live-streamed). Register at: www.healthprivacysummit.org

Putting Health IT on the Path to Success

“The promise of health information technology (HIT) is comprehensive electronic patient records when and where needed, leading to improved quality of care at reduced cost. However, physician experience and other available evidence suggest that this promise is largely unfulfilled.

Comprehensive records require more than having every physician and hospital use an electronic health record (EHR) system. There must also be an effective, efficient, and trustworthy mechanism for health information exchange (HIE) to aggregate each patient’s scattered records into a complete whole when needed. This mechanism must also be accurate and reliable, protect patient privacy, and ensure that medical record access is transparent and accountable to patients.”

*Subscription needed to see full article.

Privacy Piracy Interview with PPR Founder

PRIVACY PIRACY HOST, MARI FRANK, ESQ. INTERVIEWS
DEBORAH PEEL, MARCH 11TH, 2013

On Monday, March 11th, 2013 Deborah C. Peel, MD, founder & chair of Patient Privacy Rights, was interviewed on Privacy Piracy with Mari Frank.

Among the topics of discussion were:

  1. The current state of Health Privacy
  2. How can individuals help to save and strengthen health privacy rights?
  3. What is the focus of the third International Summit on the Future of Health Privacy?

UPMC, Oracle to help with ID management

To view the article, please visit UPMC, Oracle to help with ID management.

UPMC revealed plans on Thursday to collaborate with Oracle in the development of cloud-based identity management technology to be utilized by small to mid-sized healthcare providers.

According to the article, “CloudConnect Health IT will enable healthcare users to easily manage computer accounts, including adding, modifying and terminating a user’s computer access, officials say. They’ll also help providers manage access based on the user’s job responsibility and provide self-service tools for retrieving forgotten passwords and unlocking accounts, as well as offer comprehensive management reporting.”

This poses a problem because, as Adrian Gropper, MD, points out “Proprietary identity systems risk being coercive of the patient to the extent that they allow aggregation of a patient’s records across multiple institutions without informed patient consent. Voluntary ID systems can be created that are not coercive while still offering the value of global uniqueness.”

HIPAA Omnibus: Gaps In Privacy? — Interview with Deborah C. Peel, MD

Although the HIPAA Omnibus Rule is a step in the right direction for protecting health information, the regulation still leaves large privacy gaps, says patient advocate Deborah Peel, M.D.

HIPAA Omnibus finally affirmed that states can pass laws that are tougher than HIPAA, and that’s really good news because HIPAA is so full of flaws and defects that we are concerned that what is being built and funded will not be trusted by the pubic,” Peel says in an interview with HealthcareInfoSecurity during the 2013 HIMSS Conference.

Listen to this interview and read the full article here.

CommonWell Is a Shame and a Missed Opportunity

This is a story about how major data holders are moving to consolidate THEIR control over the collection and use of our personal health information.

Instead of building electronic health systems that enable us to decide who can see and use our health data, we are locked out and have no way to know who is using our data or what it’s used for.

-Deborah Peel

From The Health Care Blog article: CommonWell Is a Shame and a Missed Opportunity

“The big news at HIMSS13 was the unveiling of CommonWell (Cerner, McKesson, Allscripts, athenahealth, Greenway and RelayHealth) to “get the ball rolling” on data exchange across disparate technologies. The shame is that another program with opaque governance by the largest incumbents in health IT is being passed off as progress. The missed opportunity is to answer the call for patient engagement and the frustrations of physicians with EHRs and reverse the institutional control over the physician-patient relationship. Physicians take an oath to put their patient’s interest above all others while in reality we are manipulated to participate in massive amounts of unwarranted care.

There’s a link between healthcare costs and health IT. The past months have seen frustration with this manipulation by industry hit the public media like never before. Early this year, National Coordinator for Health Information Technology Farzad Mostashari, MD, called for “moral and right” action on the part of some EHR vendors, particularly when it comes to data lock-in and pricing transparency. On February 19, a front page article in the New York Times exposed the tactics of some of the founding members of CommonWell in grabbing much of the $19 Billion of health IT incentives while consolidating the industry and locking out startups and innovators. That same week, Time magazine’s cover story is a special report on health care costs and analyzes how the US wastes $750 Billion a year and what that means to patients. To round things out, the March issue of Health Affairs, published a survey showing that “the average physician would lose $43,743 over five years” as a result of EHR adoption while the financial benefits go to the vendors and the larger institutions…”

Re: Car X.O. cares about health

In response to the Healthcare IT News article: Car X.O. cares about health

This sounds like a bad joke: your new Ford car’s “SYNC” technology monitors your stress, blood sugars, blood pressure, gives you allergy alerts while tracking your behavior behind the wheel and how distracted you are. But it’s no joke, it’s in 5 million cars.
According to Ford:

  • “There’s a strong business case to explore health options”
  • “consumers are on the road more than ever”
  • “Drivers could manage their health while in motion, said Strumolo, or more likely while at a red light.”
  • “Ford has forged partnerships with Healthrageous Microsoft, Medtronic, IMS, WellDoc and others.”

What business case? How does tracking your health give Ford and health-monitoring technologies a way to make money?

Answer: selling your health data, most likely to auto insurers, health insurers, life insurers, and employers like trucking companies and those who employ drivers.

It would be great for us to have this kind of information about our bodies and minds so we can act to improve our health or share it with our doctors: instead, it’s sold to discriminate against us.

Surveillance and collection of the nation’s health data is a growth industry worth hundreds of billions in annual revenue to corporate America—-but what value do we get from that?

But state lawmakers can fix the broken HIPAA Privacy Rule and require meaningful, informed consent before EVERY use or collection of our health information—-we don’t have to wait for Congress. We can fix this in our home states.