Only 26 Percent of Americans Want Electronic Medical Records, Says Xerox Survey

Xerox kindly shared all three years of their annual Electronic Health Records (EHR) online surveys by Harris Interactive. The media, industry and government unrelentingly promote health technology as the latest, greatest best stuff.  But the public ain’t buying it.  They want smart phones, but they don’t  want EHRs.

Clearly the public is not very excited about EHRs; 74% don’t want them. They don’t want them because they understand the problems with EHRs so well.

To view the article, please visit Only 26 Percent of Americans Want Electronic Medical Records, Says Xerox survey

Not only do the surveys show a low percentage of Americans want electronic health records—but it’s remained low; this year at only 26%. Overall 85% of the public has “concerns” about EHRs this year. The surveys also asked about specific ‘concerns’. They found the public is concerned that health data security is poor, data can be lost or corrupted, records can be misused, and that outages or ‘computer problems’ can take records offline and compromise care.  See results below:

To the question do you want your medical records to be digital:

  • 26% said ‘yes’ in 2010
  • 28% said ‘yes’ in 2011
  • 26% said ‘yes’ in 2012

To the question do you have concerns about digital records:

  • 82% said ‘yes’ in 2010
  • 83% said ‘yes’ in 2011
  • 85% said ‘yes’ in 2012

To the question could your information be hacked:

  • 64%  said ‘yes’ in 2010
  • 65%  said ‘yes’ in 2011
  • 63%  said ‘yes’ in 2012

To the question could your digital medical records  be lost or corrupted:

  • 55% said ‘yes’ in 2010
  • 54% said ‘yes’ in 2011
  • 50% said ‘yes’ in 2012

To the question could your personal information be misused:

  • 57% said ‘yes’ in 2010
  • 52% said ‘yes’ in 2011
  • 51% said ‘yes’ in 2012

To the question could a power outage or computer problem prevent doctors from accessing my information:

  • 52% said ‘yes’ in 2010
  • 52% said ‘yes’ in 2011
  • 50% said ‘yes’ in 2012

Information Technology’s Failure to Disrupt Healthcare

Nicolas Terry wrote a very interesting and informative paper about the effects IT has had on healthcare today. It is available for download in its full text version here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2118653. Below is his abstract.

Abstract: Information Technology (IT) surrounds us every day. IT products and services from smart phones and search engines to online banking and stock trading have been transformative. However, IT has made only modest and less than disruptive inroads into healthcare. This article explores the economic and technological relationships between healthcare and healthcare information technologies (HIT), asks (leveraging the work of Clayton Christensen) whether current conceptions of HIT are disruptive or merely sustaining, and canvasses various explanations for HIT’s failure to disrupt healthcare. The conclusion is that contemporary HIT is only a sustaining rather than disruptive technology. Notwithstanding that we live in a world of disruption, healthcare is more akin to the stubborn television domain, where similarly complex relationships and market concentrations have impeded the forces of disruption. There are three potential exceptions to this pessimistic conclusion. First, because advanced HIT is not a good fit for episodic healthcare delivery, we may be experiencing a holding pattern while healthcare rights itself with the introduction of process-centric care models. Second, the 2010 PCAST report was correct, the healthcare data model is broken. If Stage 3 of the MU subsidy program or some other initiative can funda

Patient Safety and Health Information Technology: Learning from Our Mistakes

MUST READ article by Ross Koppel about why and how government and industry denial of serious design flaws in electronic health systems endanger patients’ lives and safety. He uses detailed examples, citations, and the historical record to support his case. Flawed technology causes serious patient safety issues in the same way flawed technology prevents patient control over who can see, use, or sell sensitive health information.

Yet technology could vastly improve patient safety and put patients back in control over the use of their health data. Why is poor technology design entrenched and systemic? Koppel states, “The essential question is: why has the promise of health IT—now 40 years old—not been achieved despite the hundreds of billions of dollars the US government and providers have spent on it?”

He makes the case that key problems arise from industry domination over the public interest. “Marketing overdrive” has caused:
· Denial and magical thinking: we see the “systematic refusal to acknowledge health IT’s problems, and, most important, to learn from them”

· Prevention of “meaningful regulations since 1997″: ”This belief that health IT, by itself, improves care and reduces costs has not only diminished government responsibility to set data format standards, it has also caused us to set aside concerns of usability, interoperability, patient safety, and data integrity (keeping data accountable and reliable).”

· Destructive “lock-in” to flawed technology systems: A full software package from a top firm for a large hospital costs over $180 million, and can cost five times that figure for implementation, training, configuration, cross-covering of staff, and so on.(11,12) Because illness, accidents, and pregnancies cannot be scheduled around health IT training and implementation needs, the hospital must continue to operate while its core information systems are developed and installed. This investment of time and money means the hospital is committed for a decade or more. It also reduces incentives for health IT vendors to be responsive to the needs of current customers.(13,14)

We have been to this rodeo before. Koppel points out these same phenomena occur over and over in many other industries:
“we had dozens of railroad gauges, hundreds of time zones, and even areas with both left- and right-hand driving rules. In all cases, the federal government established standards, and the people, the economy, and especially the resistant industries flourished. Industry claims that such standards would restrict innovation were turned on their heads.”

The health technology industry has failed to reform itself for 40 years. Effective federal laws and regulation are the only path to ensuring innovation and interoperability, to make health IT systems safe for patients and useful to doctors, and to restore individual control over who sees the most sensitive personal information on Earth.

See the full article at Web M&M: Patient Safety and Health Information Technology: Learning from Our Mistakes

The Changing Landscape – The Impact to Patients’ Privacy

Both President Bush and President Obama agree that every American should have an electronic health record by 2014. Congress agrees too and has poured $27 billion into digitizing the healthcare system.  Using data instead of paper records, technology tools can analyze mountains of health information to understand what treatments work best for each of us, improve quality, facilitate research, and lower costs. Strong support for electronic health records systems and health data exchanges is bipartisan.

But the systems being funded have major, potentially fatal design flaws which are NOT being addressed by either party:

-Patients have no control over who sees or sells sensitive personal health information.

-Comprehensive, effective data security measures are not in use; 80% of health data is not even encrypted.

-Health data is held in hundreds or thousands of places we have never heard of because of hidden data flows.

-Hundreds of thousands of employees of corporations, third parties inside and outside the healthcare system, researchers, and government agencies can easily obtain and use our personal health information, from prescription records to DNA to diagnoses.

-There is no “chain of custody” for our electronic health data.

The consequences of the lack of meaningful and comprehensive privacy and security protections for sensitive health data are alarming. Over 20 million patients have been victims of health data breaches – these numbers will only increase. Millions of patients each year are victims of medical ID theft, which is much harder to discover and much more costly than ID theft. Such easy access to health data by thousands of third parties is causing an explosion of healthcare fraud (see FBI press release on $100M Armenian-American Fraud ring: http://www.fbi.gov/newyork/press-releases/2010/nyfo101310.htm). Equally alarming, this lack of privacy can cause bad health outcomes, millions of people every year avoid treatment because they know their health data is not private:

-HHS estimated that 586,000 Americans did not seek earlier cancer treatment due to privacy concerns. 65 Fed. Reg. at 82,779

-HHS estimated that 2,000,000 Americans did not seek treatment for mental illness due to privacy concerns. 65 Fed. Reg. at 82,777

-Millions of young Americans suffering from sexually transmitted diseases do not seek treatment due to privacy concerns. 65 Fed. Reg. at 82,778

-The Rand Corporation found that 150,000 soldiers suffering from PTSD do not seek treatment because of privacy concerns. “Invisible Wounds of War”, The RAND Corp., p.436 (2008). Lack of privacy contributes to the highest rate of suicide among active duty soldiers in 30 years.

Public distrust in electronic health systems and the government will only deepen unless these major design flaws are addressed.

The President’s Consumer Privacy Bill of Rights shows he knows that trust in the Internet and electronic systems must be assured. The same principles that will ensure online trust must also be built into the healthcare system — starting with Principle #1:

“Consumers have a right to exercise control over what personal data companies collect from them and how they use it.”

The Rising Risk of Electronic Medical Records

See the full story at SmartPlanet: The Rising Risk of Electronic Medical Records

This story quotes Lee Tien, Bob Gellman, and me about health information technology, which prevents us from controlling who can see, use, or sell our electronic health data by design—-placing everyone in the nation at risk of job and credit discrimination based on health data.  Current technologies make hidden data flow easy, with no way for patients to opt-out or prevent personal data from flowing to an unlimited number of hidden corporate, government, for-profit research and data analytics users.

“Criminals can buy social security numbers online for about $5 each, but medical profiles can fetch $50 or more because they give identity thieves a much more nuanced look into a victim’s life, said Dr. Deborah Peel, founder of the advocacy group Patient Privacy Rights, which researches data breaches and works for tighter security on people’s personal health records.”

Discrimination causes millions to avoid medical treatment every year. It’s a fact of life with paper medical records too. But electronic health systems enable thousands of strangers to simultaneously access the records of millions of patients, so the theft, sale, and misuse of health data for discrimination, fraud, ID theft, and medical ID theft has skyrocketed. In paper records systems, patient files are kept in locked rooms or filing cabinets, making it hard to use or steal more than a few at a time. Anti-discrimination laws alone aren’t effective—we also need to know who has copies of our health data and be able to control who gets them.

““If the information leaked to an employer, it would have affected their jobs or reputations. All the time I’ve been practicing, it’s been a very important and delicate issue,” Peel said. “There are prejudices associated with psychiatric diagnoses. People have powerful reactions to the names of these things.” … Once genetic profiles are routinely added to the mix, access to electronic health data may predetermine who can get jobs or serve in public office, Peel warned… “If the world looked like that,” Peel said, “Lou Gehrig would never get a contract to be a ball player if the team knew he had a disease that would degenerate his muscles, or Ronald Reagan would never get elected president if they knew dementia ran in his family.””

Strong new laws are needed to prevent our health data from being used or sold without consent.  We should also have a complete ‘chain of custody’, naming every person and organization that has seen or copied our health information. Without these new legal rights, it’s impossible to decide whether the benefits of using health IT outweigh the risks to our future jobs and opportunities, to our kids’ future jobs and opportunities, and to our grandkids’ and relatives’ future jobs and opportunities.

FYI—HIPAA has NOT protected health data privacy since 2002, it is really a ‘Disclosure’ Rule, not a ‘Privacy’ Rule. See how consent, the right to control who can see and use your health information, was eliminated: http://patientprivacyrights.org/media/The_Elimination_of_Consent.pdf

BOTTOM line: existing technology solutions that enable us to control who sees our records are not required. Instead, the stimulus billions are being used to buy ‘Model T Fords’ that prevent patient control over personal data. Government and corporations (inside and outside healthcare) don’t want to ‘ask first’ before taking our most sensitive personal information.

Help build a map to show where health data flows:  Sign up to be a data detective and contribute to mapping the hidden flows of Americans’ health data at: theDataMap.org. A map of health data flow will prove Congress should act NOW to restore personal control over health data.

Office of the National Coordinator of Health IT, HHS, Announces PPR Summit

To learn more visit Health Privacy Summit and HealthIT.

The Second International Health Privacy Summit is quickly approaching (June 6-7). Our keynote speaker, Farzad Mostashari, MD, ScM is the National Coordinator for Health IT and will be giving a wonderful presentation on “Creating a Culture of Privacy and Security Awareness.” The Office of the National Coordinator for Health IT has given great support to this event and will be participating as well. Here’s what they have to say about the Health Privacy Summit:

June 6-7
2nd International Summit on the Future of Health Privacy

Over 40 leading health-privacy experts from around the globe will gather in Washington, DC for the 2nd International Summit on the Future of Health Privacy to discuss privacy and security issues raised by emerging health technologies. Experts from the U.S. government, the private sector and academia will explore new laws and regulations, data exchanges, secondary uses of health data and social media platforms and how they relate to the privacy and security of patient health information.

National Coordinator for Health Information Technology – Farzad Mostashari, MD, ScM – will kick off this year’s event with a keynote presentation on “Creating a Culture of Privacy and Security Awareness.”

See the full list of speakers at http://www.healthprivacysummit.org/d/3cq92g/6K .

* Agenda: http://www.healthprivacysummit.org/d/3cq92g/6X
* Registration: http://www.healthprivacysummit.org/d/3cq92g/4W FREE to attend or watch live online!

Targeted attacks cost companies an average of $200k

See the full article at SC Magazine: Targeted attacks cost companies an average of $200k

It always costs more to repair than to prevent. The curious thing is that federal law mandated basic security protections in HIPAA, but industry never bothered because the law was never enforced.

Here we are 12 years after the HIPAA Privacy Rule was implemented:

· the Coalition for Patient Privacy got MUCH tougher security rules and enforcement into HITECH

· breaches are rampant

· 80% of hospitals still don’t encrypt data

What’s wrong with this picture? Register for the 2nd International Summit on the Future of Health Privacy June 6-7 in Washington, DC–attending or watching via live streamingvideo is free: http://tiny.cc/p4fqew Security technologies are critical for privacy—see top US computer scientists discuss “ideal” technologies for health data privacy and security.

Re: Data-Mining in Doctor’s Office Helps Solve Medical Mysteries

The story concludes that “the benefits (of research) outweigh the (privacy) concerns”. But that statement was made by a hospital administrator, not by the patients whose data were used without consent. They weren’t asked or notified.

There are several problems with the idea that the benefits of doing research without consent outweigh the risks:

·       the lack of privacy and control over health information causes bad outcomes: when people realize that they cannot control health records, millions refuse diagnosis and treatment for cancer, depression, and sexually-transmitted diseases

·       there is no need to choose between respecting patients’ rights to privacy and doing research—it’s a false choice, consent technologies can enable people to easily choose and give automatic consents for research projects they support, or be contacted case-by-case for permission

·       there was no public debate about whether every American’s electronic health information should be used for research without consent

·       current electronic systems do not allow patients to control any uses of their health data—-why continue to use such badly-designed systems?

·       there are no “dangers of over notification” with today’s systems—in fact, patients get no notice at all when personal data is used for research

Americans have not agreed to a healthcare system that turns them into electronic guinea pigs.

Why not build patient-centered systems so we can make important decisions about ourselves, instead of hospital administrators and researchers choosing for us?  “Nothing about me without me.”

Crunch Two Data Sets, Call Me in the Morning

See full article in Bloomberg Businessweek Article

As hospitals are acquiring more and more digital patient data, they are quickly turning to “Big Data” tech companies with expertise in data-mining, which “has already led to some measurable improvements in patient care” according to hospital administration. However, patients are rarely notified when their records are being used in this way because the data is exempt from federal privacy protection due to their necessity for “quality improvement”. “People do not like to have researchers of any stripe using their electronic health records”, says Deborah Peel, MD of Patient Privacy Rights. “As a matter of respect and autonomy and patient-centeredness, patients want to be asked. When they are asked, by and large, they support this. It’s the not-being-asked stuff that’s really bad”. A breakdown in patient-physician trust about data privacy can cause huge problems with patient care arising from patients refusing to share all necessary information with physicians as a means to avoid exposure.

Hospitals enlist vendors for data analytics help

See full article in FierceHealthIT:  Hospitals enlist vendors for data analytics help

“Providers are increasingly turning to big tech companies to help their data mining efforts, according to an article at Bloomberg Businessweek.

Vendors such as Microsoft, SAS, IBM and Oracle are giving mounds of data the once-over in an analytics industry that generated more than $30 billion last year, according to research firm IDC. That figure is expected to grow to $33.6 billion in 2012–and healthcare is a leading customer.

The practice of data-mining, however, raises concerns. Hospitals have been criticized for mining patient data as a means to market to the most lucrative patients, for example. And data mining only exacerbates the concerns of patient advocates such as Deborah Peel, founder of Patient Privacy Rights, who recently told Forbes that people will avoid seeing doctors if they feel their information isn’t secure.”