Re: “Web’s Hot New Commodity: Privacy”

In response to the WSJ article: Web’s Hot New Commodity: Privacy

Finally the market for digital privacy is being built! This reflects GROWING public awareness of data theft and misuse.

Yes, PPR will continue to call it “theft”. Data mining corporations are like squatters who sneak onto property and then claim it because the owners didn’t know what they were doing. Data miners are thieves because they know VERY well how hard it is for people to discover what they are doing, and further, they know that there is no way anyone can stop them from stealing personal information. Watch — as ways to protect personal data are developed and laws are proposed to prohibit what they do, they will try to make sure their illegal and unethical practices are “grandfathered in.” These practices must be outlawed in the Digital Age if Americans are to retain the most precious right in a Democracy: the right of law-abiding citizens to be “let alone.”

We must fight back and press Congress to outlaw all data theft and corporate contracts that require giving up control of personal information. We must press Congress to ENFORCE the ban on the sale of health data without consent.

It is now clear to entrepreneurs that people are starting to view personal information as an EXTREMELY valuable asset that many want to have treated as personal property. The fact that the nation’s prescription records were being sold without consent is why Congress banned the sale of protected health information (PHI)—-OUR sensitive electronic health information—without consent in the stimulus bill.

There are many who fear that patients cannot meaningfully give consent to sell their health data; that they will easily sell it for next to nothing and not realize the consequences—such as job loss and generations of job and credit discrimination.

But the current situation is far worse and must be addressed: the huge health data mining industry operates in the shadows. AND we have NO WAY of identifying or preventing data mining corporations from stealing and selling our most sensitive data—from prescriptions to DNA. This secret industry is a behemoth, generating tens to hundreds of billions of dollars in annual revenue.

Letting secret, shadowy corporations continue to make billions/year selling the sensitive personal health data of every person in the U.S. is NOT a fair or sustainable solution to corporate and government data hunger. Why allow any industry built on theft? I can’t think of another legal industry built on theft.

Individuals should control PHI; morally and practically it is the only solution. But we need clear laws and boundaries in addition to individual control (consent), so that there are boundaries around exactly what data can be sold or used.

In Europe most uses of health data are flatly prohibited; in Germany there is no consent, but instead only a handful of uses of health data are permitted—the uses are tightly bounded. This is a very different approach than the US.

We ALSO need a framework of tightly bounded privacy protections for health data (in addition to informed electronic consents) that provides interactive education about consent decisions and sets defaults at the most privacy-protective level.

PPR Comments on the PCAST HIT Report

The President’s Council of Advisors on Science and Technology (PCAST) weighed in on the key problems with how the Administration is building health IT systems and data exchanges. They recommend that patients be able to meta-tag data to protect privacy, that interoperability requires adoption of a common “language”, and that the goal should be a “data-centric” system for research on all health records without consent. The report recommends that HHS and CMS decide when patient data can be used for “secondary” purposes without consent.

See the full PCAST report: http://www.whitehouse.gov/blog/2010/12/08/pcast-releases-health-it-report

Patient Privacy Rights letter of comments to HHS emphasized:

  • Privacy is essential to build in up front.
  • We should not rush to deploy systems and spend billions on electronic systems and data exchanges until we know the privacy technologies PCAST recommends are adequate.
  • The recommendations for de-identifying health data were insufficient. Extensive work needs to be done to ensure that standards for de-identification actually work.

See PPR’s full comments here: http://patientprivacyrights.org/wp-content/uploads/2011/01/PCAST-comments-PPR-Final.pdf

See PPR’s written testimony here: http://patientprivacyrights.org/wp-content/uploads/2011/05/Patient-Privacy-Rights-Testimony-PCAST-WG-Feb-15-2011.pdf

Experts Forecast Top Seven Trends in Healthcare Information Privacy for 2011

A panel of healthcare experts representing privacy, trends, technology, regulatory, data breach, and governance were asked to weigh in with their forecasts for 2011. These experts suggest that as health information exchanges take form, millions of patient records—soon to be available as digital files—will lead to potential unauthorized access, violation of new data breach laws and, more importantly, exposure to the threat of medical and financial identity theft.

These predictions are supported by the recent Ponemon Institute’s Benchmark Study on Patient Privacy and Data Security, published November 2010, which found that data breaches of patient information cost the healthcare industry $6 billion annually; protecting patient data is a low priority for hospitals; and the healthcare industry lags behind the recently enacted HITECH laws…

Industry-Wide Experts Share Their Opinions and Insight…

Dr. Deborah Peel, M.D., practicing physician and founder of Patient Privacy Rights; the nation’s health privacy watchdog

“2011 will be the year that Americans recognize they can’t control personal health information in health IT systems and data exchanges. Will 2011 be the year that data security and privacy are the top of the nation’s agenda? I hope so. The right to privacy is the essential right of individuals in vibrant Democracies. If we don’t do it right in healthcare, we won’t have any privacy in the Digital Age.”…

Experts name top 7 trends in health information privacy for 2011

A panel of healthcare experts representing privacy, trends, technology, regulatory, data breach and governance have identified the top seven trends in healthcare information privacy for 2011.

The experts suggest that as health information exchanges take form, millions of patient records – soon to be available as digital files – will lead to potential unauthorized access, violation of new data breach laws and exposure to the threat of medical and financial identity theft.

“Endemic failure to keep pace with best practices and advancing technology has resulted in antiquated data security, governance, policy plaguing in the healthcare industry,” said Larry Ponemon, chairman and founder, Ponemon Institute.

“Millions of patients are at risk for medical and financial identity fraud due to inadequate information security,” he said. “Information security in the healthcare industry is at the fulcrum of economic, technological, and regulatory influence and, to date, it has not demonstrated an ability to adapt to meet the resulting challenges – but it must. The reputation and well-being of those organizations upon which we rely to practice the healing arts depends on it,” he said…

New Patient Privacy Poll

Should anyone other than you control your personal health information in electronic health systems? Across the board, Americans resoundingly say “NO.”

Patient Privacy Rights worked with Zogby International to conduct an online survey of over 2000 adults to identify their views on privacy, access to health information, and health information technology (health IT). The results were overwhelmingly in favor of individual choice and control over personal health information.

View the Privacy Poll Results
View the Press Release
Listen to the Press Teleconference here

News Coverage
Healthcare IT News: Poll: Huge majorities want control over health info
Forbes: Americans Want to Control Their Health Information
Fierce Health IT: Majority of Americans want personal control of health information
Modern Healthcare: Privacy desires ignored

Americans are not just concerned about corporations snooping in their medicine cabinets, but also about researchers, nosy employees, and people with malicious intent, such as an ex-spouse or abusive partner.

Over ninety percent of Americans want to be able to decide which individual people can see and use their health information. This reflects a strong desire for very specific, detailed control.

Note: A sampling of Zogby International’s online panel, which is representative of the adult population of the US, was invited to participate. Slight weights were added to region, party, age, race, religion, gender,
education to more accurately reflect the population. The margin of error is +/- 2.2 percentage points.

Insurers: Records weren’t lost at health fair

See Story: Insurers: Records weren’t lost at health fair

This story just gets worse, highlighting the poor judgment of the insurance companies. Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan never even considered how sensitive patients are about the privacy of personal health information, from their prescription records to DNA.

Now Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan claim that taking the health records of 285,691 people to community health fairs is a way to “save lives”. That particular argument is often used to make people believe that a decision was made for important and worthwhile, even essential reasons. So let’s take a look and see if the decision to take health records to community health fairs is a good decision or makes sense.

The insurers want their employees to check people’s medical records and decide if a test is needed, like a mammogram, and schedule it—at a health fair. But as a matter of law, ONLY physicians can order tests like mammograms—not insurance company employees. Their employees cannot schedule doctor’s appointments, much less medical tests. Besides, most people are very uncomfortable with strangers, who are not health professionals that treat them, looking at their medical records.

Most people would never want their sensitive health records taken to health fairs in the first place. Obviously, Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan did not ask those enrolled for consent to take their records to health fairs, or anywhere outside of their offices where personal records are supposed to be used to ONLY to pay claims.

Most people strongly object to health insurers even having, keeping, or using their sensitive health records. Patients want insurers to have the bare minimum information about them to pay claims. Patients typically do not turn to insurers for advice about their health, about treatment, or to recommend tests.

And the insurers say conflicting things about what kinds of information and how much was on the flash drive. If only recent screenings were on a flash drive, a woman’s last mammogram might not be there. No physician would order a test like a mammogram without knowing the exact date of the last one and the details of her history, like what risks she has for breast cancer. Unnecessary mammograms expose women to radiation.

It appears that this example of helping women at health fairs to get needed mammograms doesn’t make any sense, because the employees of insurance companies cannot order or schedule mammograms—or doctor’s appointments.

The example of saving women from breast cancer at community health fairs is so far-fetched that it may have been fabricated to try and make it seem that the insurers had good reasons to take sensitive health records out of their offices. But it’s hard to judge their reasons and intentions without full disclosure, so we are left with the few things they said and did. They exposed 285,691 people’s sensitive demographic and health information to loss, sale, identity theft, and medical identity theft for reasons that don’t make sense.

Is it responsible to allow insurance employees access to people’s sensitive health records at health fairs and risk the loss or theft of that sensitive data?

If the insurers actually put complete or very detailed health information on enrolled patients on a flash drive that would enable a health professional to know enough to order certain tests, and the stated goal is to increase screening for needed tests, and there are far more effective and privacy-protective ways to do that. They do not have health professional staffing their booths at health fairs. Insurers could contact patients directly by mail or email or phone IF the patient had opted in to receiving advice or reminders from them. Or insurers could contact doctors if they think a test is needed, so doctors can evaluate full records and decide whether tests should be ordered.

Risking the privacy of 285,691 people at a health fair to improve screening for breast cancer or other unnamed conditions is a bad decision—whether they encrypt the data or not. Encrypting the data would have lowered the risk of loss, theft, or sale of the information, but would not solve the problem of using patients’ sensitive health information in ways that they would never want or agree to.

Unsafe data in Texas

Last month, a Texas online news site, the Austin Bulldog, published a lengthy investigative report on the sale and gifting of patient-level hospital data by the Texas Department of State Health Services.

Reporter Suzanne Batchelor’s remarkable story found that if you’re a Texan, your healthcare data can be given away or sold without your consent. And the Health Insurance Portability and Accountability Act, the main federal health information privacy law, won’t—or can’t—protect you.

In Texas, the health services department gathers claims data from hospitals by law—providers can be fined as much as $10,000 if they don’t hand it over. But the department isn’t a so-called “covered entity” as defined by HIPAA. So, the state isn’t covered under the HIPAA privacy rule if it does anything that would be a violation if performed by a data-providing hospital…

…The state knows the public-use data file is vulnerable. A user’s manual (PDF) contains this caveat: “It may be possible in rare instances, through complex analysis and with outside information, to ascertain from the PUDF the identity of individual patients. Considerable harm could result if this were done.”

And TX isn’t the only state selling your information…

Texas is not the only state in the US selling or giving away sensitive hospital records to anyone who wants them; this is a devastating privacy problem every state must face.

See the Investigative Report done in Texas.

$39 billion dollars in stimulus funds will be used to build a nationwide health IT superhighway system, exponentially expanding the theft, sale, and use of the health information of all 300 million Americans. Texas will get $38 million to exchange Texans’ health data.

How much money will your state get? BEWARE the form of consent used for Health Information Exchange (HIE) in your state.

  • Each state sets up its own consent rules for HIE and industry is pressuring states to use the worst kind of consent: “opt-out”.
  • The state of NY is going to share EVERYONE’S health data unless they “opt-out”.
  • In AZ, the use of “opt-out” for health data exchange failed.
  • TX has yet to decide what kind of consent it will use for data exchange.

Its critical to insist that your state empowers you to SELECTIVELY disclose PARTS of your sensitive health data–NOT ALL OR NONE. No one should be forced to give up privacy to benefit from data exchange.

Great consent and segmentation technologies exist and should be required for all data exchange so we can exchange ONLY the information we want to disclose. (See video of the Consumer Choices Technology Hearing in DC where 7 consent and segmentation technologies were demonstrated LIVE: http://nmr.rampard.com/hit/20100629/default.html. See transcript of the Hearing and written testimony about the 7 privacy-enhancing technologies at: http://healthit.hhs.gov/portal/server.pt?open=512&mode=2&objID=2833&PageID=19477#062910

Do you know whether YOUR state is selling or giving hospital data away? (SEE story here). Quotes from the story:

Buyers may order one of two versions of the hospital-patient files:

  • Research version — contains complete personal information including date of birth, age in years, and start and end dates of hospital care. To purchase data in the research file, applicants must describe their “research project,” identify themselves as one of 10 organization types (including university; managed care insurer; governmental entity, pharmaceutical, biotechnology or medical product firm; trade group or lobby; and research organization consultant), and select each data field they want. Each application is reviewed by a DSHS committee, which must approve it before the applicant can obtain the data.
  • De-identified version — For this version DSHS has removed some but not all personal information…DSHS removes the patient’s dates of admission and discharge from the hospital, but leaves in diagnoses, surgeries, and payment information. The patient’s gender and full zip code appear in most cases.
    A five-year age range is substituted for the patient’s exact age (some children’s ages appear in shorter ranges, such as “1-4,” “15-17″) and the street address is removed. Patient county, state, race and ethnicity are listed.

Texas officials imagine that simply taking names, parts of addresses, etc off our health data means that our records cannot be traced back to us. WRONG!

It is extremely easy it is to re-identify what they call “de-identified” information. Making health data IMPOSSIBLE to re-identify is extremely difficult; solutions which make it impossible to re-identify data have not been proposed.

Unless we build consumer control over personal health information into state and national health IT systems, we will destroy everyone’s privacy and ensure generations of discrimination.

This kind of wholesale giveaway of Americans’ sensitive health information is an extremely serious problem. States and the federal government must address this BEFORE expanding today’s privacy-destructive health IT systems and data exchanges. Once sensitive health and demographic data is exposed, it’s too late. It can never be made private again.

Federal funds for HIE should be used to buy MODERN, privacy-protective technologies in every state. Unless we act NOW, the stimulus money IN YOUR STATE will be used to exponentially facilitate health information exchange, and facilitate the systemic collection, theft, sale, and misuse of sensitive health information.