The FBI’s New Wiretapping Plan Is Great News for Criminals

To view the full article, please visit: The FBI’s New Wiretapping Plan Is Great News for Criminals

US technology is designed for ‘exceptions’ and ‘outliers’, i.e., ‘worst-case’ scenarios like terrorists and unconscious patients.

Bruce Schneier concludes  his May 29th  essay:

“Finally there’s a general principle at work that’s worth explicitly stating. All tools can be used by the good guys and the bad guys. Cars have enormous societal value, even though bank robbers can use them as getaway cars. Cash is no different. Both good guys and bad guys send e-mails, use Skype, and eat at all-night restaurants. But because society consists overwhelmingly of good guys, the good uses of these dual-use technologies greatly outweigh the bad uses. Strong Internet security makes us all safer, even though it helps the bad guys as well. And it makes no sense to harm all of us in an attempt to harm a small subset of us.”

Fear-driven technology harms Democracy and health:

  • Example #1: FBI

Bruce Schneier’s essay (below) tells how US-created security flaws help the wrong people (criminals and terrorists) and harm the rest of us (law-abiding citizens).

  • Giving the government access (via back doors, brute force decryption, etc) to everyone’s data to find terrorists is the ‘worst-case’ scenario used to justify destroying strong data security protections.
  • But law-abiding people, businesses, and government really NEED strong data security protections to function everyday online.
  • Criminals and terrorists can exploit the security flaws created to catch them to steal information and harm governments, individuals, and corporations; but ordinary citizens and businesses can’t build or afford security technology to protect their own data.
  • WORST CONSEQUENCES: people will not trust technology and governments, and cyber-wars can destroy people, governments, and corporations.

 

  • Example #2: US health technology systems

The US eliminated data privacy in health technology systems, helping the wrong people (government and corporations) and harming patients.

  • Government and corporations control the use of the nation’s health data. Medical emergencies are the ‘worst-case’ scenario used to justify this technology: if you are unconscious in an emergency room (a one-in-a-million), you can’t give consent to share your data.
  • But the 299,999, 700 million US patients who are awake expect to control use of personal health data in order to trust doctors and technology.
  • Government and industry control use of the nation’s data for various purposes without the knowledge of the public, there is no ‘chain of custody’ for health data and no data map to track uses. Some hidden uses may be beneficial and some may harm patients.  Patients can’t buy or use privacy technology to protect health data.
  • WORST CONSEQUENCES: 40-50 million people/year avoid or delay treatment, or hide information to protect the privacy of health information, risking their lives and health.  Technology causes tens of millions of people who need treatment to suffer bad health outcomes.

 

In a Democracy, judges should approve spying on suspected criminals or terrorists. In a Democracy patients should be asked for consent to use personal health data. Advance directives or break-the-glass technology can permit access to health data when patients are unconscious.

 

In a Democracy, shouldn’t technology support ‘best-case’ scenarios , i.e., citizens’ freedoms and human and civil rights to privacy and health?

Privacy groups ask FTC to stop Facebook policy changes

“Half a dozen privacy groups have asked the Federal Trade Commission to stop Facebook from enacting changes to two of its governing documents… In addition to EPIC, CDD and Consumer Watchdog, representatives from Patient Privacy Rights, U.S. Public Interest Research Group and the Privacy Rights Clearinghouse also signed the letter.”

To view the full article, please visit: Privacy groups ask FTC to stop Facebook policy changes

Enabling the Health Care Locavore

Here’s a great article written by PPR’s Chief Technical Officer, Dr. Adrian Gropper about “why hip replacement surgery costs 5-10 times as much in the US as in Belgium even though it’s the same implant… JAMA publish[ing] research and a superb editorial on the Views of US Physicians About Controlling Health Care Costs and CMS put[ting] out a request for public comment on whether physicians’ Medicare pay should be made public.”

To view the full article, please visit Enabling the Health Care Locavore on The Health Care Blog.

Health data breaches usually aren’t accidents anymore

While the healthcare industry has made advancements in how they protect our most personal information, those trying to steal our electronic health records have become even more savvy as to how to access them.

Key Quotes from the Article:

“One of the biggest changes during the past decade is the data being targeted. Ten years ago, it was personal identifiable information. Now, said Rick Kam, president and co-founder of ID Experts in Portland, Ore., personal health information is being targeted, mainly because of the value it holds and the relative ease thieves have getting their hands on it.”

“94% of health care organizations have had at least one breach in the previous two years.Because data can now reside in multiple locations, including unsecured smartphones, laptops and tablets, and can be transported to an infinite number of locations, thieves, whether they be outside hackers, device stealers or people who try to use staff to share sensitive information, have more areas to target.”

Hackers Sell Health Insurance Credentials, Bank Accounts, SSNs and Counterfeit Documents, for over $1,000 Per Dossier

The value of personal health information is very high inside and outside of the US healthcare system. At the same time, the US healthcare industry as a whole does a terrible job of protecting health data security. Most health data holders (hospitals and insurers) put health data security protection dead last on the list for tech upgrades.
Besides the lack of effective, comprehensive data security protections, thousands of low-level employees can snoop in millions of people’s health records in every US hospital using electronic records.

The public expects that only their doctors and staff who are part of their treatment team can access their sensitive health records, but that’s wrong. Any staff members of a hospital or employees of a health IT company who are your neighbors, relatives, or stalkers/abusers can easily snoop in your records.
In Austin, TX the two major city hospital chains each allow thousands of doctors and nurses access to millions of patient records.
All this will get much worse when every state requires our health data to be “exchanged” with thousands more strangers. The new state health information exchanges (HIEs) will make data theft, sale,  and exposure exponentially worse.
Tell every law maker you know: all HIEs should be REQUIRED by law to ask you to agree or OPT-IN before your health data can be shared or disclosed.

Today:

  • -many states do not allow you to ‘opt-out’ of HIE data sharing
  • -most states do not allow you to prevent even very sensitive health data (like psychiatric records) from being exchanged

There is no way to trust electronic health systems or HIEs unless our rights to control who can see and use our electronic health data are restored.

The Office Nurse Now Treats Diabetes, Not Headaches

In response to the escalating costs of healthcare many employers are adding on-site medical clinics to help their employees become healthier—and don’t use employees’ personal health data to penalize them or discriminate against them.

But other large employers, such as CVS, use high costs to justify replacing employees’ health insurance with health savings accounts, imposing involuntary health screenings and wellness programs, and penalizing workers who don’t respond to these simplistic solutions.

Two studies in Health Affairs show that wellness programs don’t work:

  • -“Wellness Incentives In The Workplace: Cost Savings Through Cost Shifting To Unhealthy Workers” See: http://content.healthaffairs.org/content/32/3/468.abstract
  • -“A Hospital System’s Wellness Program Linked To Health Plan Enrollment Cut Hospitalizations But Not Overall Costs”  See: http://content.healthaffairs.org/content/32/3/477.abstract
  • -Rising US healthcare costs are NOT caused by sick people who seek treatment, but by industries that decide what to charge for treatment—including the health insurance industry, the hospital industry, the drug industry, the outpatient surgical center industry, and the lobbying industry.  Industry charges have no real constraints because healthcare is not optional, sick people, employers, and/or government must pay.

Learn about why the US pays sky-high healthcare costs in Time magazine’s March 2013 issue, “Bitter Pill: Why Medical Bills Are Killing Us”

To view the full article, please visit The Office Nurse Now Treats Diabetes, Not Headaches.

Jonah Goldberg: Civil Libertarians’ Hypocrisy

This insightful piece highlights the drastic violations of our current healthcare system in relation to the recent NSA breach.

Key quote from the article:

“What I have a hard time understanding, however, is how one can get worked up into a near panic about an overreaching national security apparatus while also celebrating other government expansions into our lives, chief among them the hydrahead leviathan of the Affordable Care Act (aka ObamaCare). The 2009 stimulus created a health database that will store all your health records. The Federal Data Services Hub will record everything bureaucrats deem useful, from your incarceration record and immigration status to whether or not you had an abortion or were treated for depression or erectile dysfunction.”

My Routine – Mark Rothstein, Law Professor

To view the full article, please visit My Routine – Mark Rothstein, Law Professor.

This is a very interesting article about Mark Rothstein’s opinion of current governmental actions involving privacy law. Rothstein asserts, “We live in an age in which consent should not be mistaken for choice. We click through consent on software without even reading it. Even if we technically consented, I doubt very much whether the average person would say, ‘Oh sure, it’s OK for my phone company to accumulate all this data about me.'”

In the interview, Rothstein also comments on the views of Louis D. Brandeis, saying “He felt that the government set the tone for society. If the government doesn’t value privacy and invades people’s privacy, then everybody will do that. He also thought it was very important that government activities be subject to review by the political process and the people.”

What is Snowden’s Impact on Health IT?

To view the full article, please visit What is Snowden’s Impact on Health IT?

This is a highly interesting article about the effect of Edward Snowden’s actions on health IT. In the interview with PPR’s own Dr. Deborah Peel, the issues of privacy that our government is currently facing can also be applied to the healthcare industry. As Dr. Peel aptly states, “The Department of Health and Human Services claims its actions are justified to lower healthcare costs. These are obviously very different agencies collecting different kinds of very sensitive personal information, but both set up hidden, extremely intrusive surveillance systems that violate privacy rights and destroy trust in government.”

A key argument that Dr. Peel makes is “The benefits of technology can be reaped in all sectors of our economy without the harms if we restore/update our laws to assure privacy of personally identifiable information in electronic systems. Our ethics, principles, and fundamental rights should be applied to the uses of technology.”

What is Snowden’s Impact on Health IT?

This article expounds upon the implications of Edward Snowden’s actions for the Health IT industry.

Key quotes:

Deborah Peel, MD, founder of Patient Privacy Rights, says there are many parallels between the Snowden controversy and the U.S. healthcare system.

According to Peel, the NSA has one million people with top security clearance to 300 million people’s data. The U.S. healthcare system has hundreds of millions of people — none with top security clearances, and the majority with inadequate basic training in security or privacy — who can access millions of patients’ most sensitive health records. Further, we don’t know how many millions of employees of BAs, subcontractors, vendors and government agencies have access to the nation’s health data, she added.

“Corporations and their employees that steal or sell Americans’ health data for ‘research’ or ‘public health’ uses or for ‘data analytics’ without patients’ consent or knowledge are rewarded with millions in profits; they don’t have to flee the country to avoid jail or charges of espionage,” she said.

“The NSA justifies its actions using the war on terror,” Peel added. “The Department of Health and Human Services claims its actions are justified to lower healthcare costs. These are obviously very different agencies collecting different kinds of very sensitive personal information, but both set up hidden, extremely intrusive surveillance systems that violate privacy rights and destroy trust in government.”

“The benefits of technology can be reaped in all sectors of our economy without the harms if we restore/update our laws to assure privacy of personally identifiable information in electronic systems. Our ethics, principles, and fundamental rights should be applied to the uses of technology,” Peel says.