Organics industry and privacy industry face similar labeling issues

See the full article in the New York Times at Has ‘Organic’ Been Oversized?

Like the food industry’s label for “organic” foods, the health technology industry wants to label or brand its products, like electronic records systems, data exchanges, health “apps”, and etc as “privacy-protective”.  Regardless of how far from reality that designation is.

This story shows that the federal law setting up an “organic” certification panel for food requires a FAR greater number of consumer and academic seats on the panel than are on the two National Health IT Policy and Standards Committees.  The organic certification panel requires the appointment of “four farmers, three conservationists, three consumer representatives”, for a total of 15 seats for non-industry representatives. But the federal government appointed industry people to those seats anyway. The federal govt. also appointed people who do not represent consumers or consumer organizations to the few consumer seats on the National Health IT Policy and Standards Committees.

But people who want health privacy are a huge percentage of the public: polls show between 75-95% of the public. This is a far greater percentage of the public than buy “organic” food.  Health privacy is not an ‘elitist’ product, as “organic” foods are perceived to be. Everyone is affected  by the lack of control over their health data and everyone cares about it.

A few key quotes from the story:

-The fact is, organic food has become a wildly lucrative business for Big Food and a premium-price-means-premium-profit section of the grocery store. The industry’s image — contented cows grazing on the green hills of family-owned farms — is mostly pure fantasy. Or rather, pure marketing. Big Food, it turns out, has spawned what might be called Big Organic.

-“The board is stacked,” Mr. Potter says. “Either they don’t have a clue, or their interest in making money is more important than their interest in maintaining the integrity of organics.”  He calls the certified-organic label a fraud and refuses to put it on Eden’s products.

-BIG FOOD has also assumed a powerful role in setting the standards for organic foods. Major corporations have come to dominate the board that sets these standards.

-As corporate membership on the board has increased, so, too, has the number of nonorganic materials approved for organic foods on what is called the National List.Today, more than 250 nonorganic substances are on the list, up from 77 in 2002.

-This sounds like the way the National Health IT Policy And Standards Committees operate:

o   The organic certification board has 15 members, and a two-thirds majority is required to add a substance to the list. More and more, votes on adding substances break down along corporate-independent lines, with one swing vote.

o   Six board members, for instance, voted in favor of adding ammonium nonanoate, a herbicide, to the accepted organic list in December. Those votes came from General Mills, Campbell’s Soup, Organic Valley, Whole Foods Market and Earthbound Farms, which had two votes at the time.

-CORPORATE APPOINTEES FILL CONSUMER SEATS, just like on the Health IT Policy And Standards Committees:

o   The Organic Foods Act calls for a board consisting of four farmers, three conservationists, three consumer representatives, a scientist, a retailer, a certification agent and two “handlers,” or representatives of companies that process organic food.

o   Cornucopia has challenged the appointment of Ms. Beck, the national organic program manager at Driscoll’s, to a seat that is, by law, supposed to be occupied by a farmer. Officially, “farmer” means someone who “owns or operates an organic farm.”   But Ms. Beck does not own or operate a farm.

§  Driscoll’s nominated Ms. Beck for one of the handler seats — but Tom Vilsack, the agriculture secretary, appointed her to one of the seats reserved for farmers.

§  In contrast, Dominic Marchese, who produces organic beef in Ohio, has tried and failed three times to win a board appointment as a farmer.

o   Similarly, the three consumer seats have never been filled by anyone from a traditional consumer advocacy group like the Organic Consumers Association orthe Consumers Union. Instead, those seats have largely gone to academics with agricultural expertise and to corporate executives.

o   Katrina Heinze, a General Mills executive, was appointed to serve as a consumer representative on the board in December 2005 by Mike Johanns, the agriculture secretary at the time. The outcry over her appointment by advocates and independent organic consumers was so intense that she resigned inFebruary 2006 — but rejoined the board late that year after Mr. Johanns appointed her to the seat designated by law for an expert in toxicology, ecology or biochemistry.

To learn more about preventing health privacy issues and protecting your privacy, please visit our Health Privacy Summit website.

Targeted attacks cost companies an average of $200k

See the full article at SC Magazine: Targeted attacks cost companies an average of $200k

It always costs more to repair than to prevent. The curious thing is that federal law mandated basic security protections in HIPAA, but industry never bothered because the law was never enforced.

Here we are 12 years after the HIPAA Privacy Rule was implemented:

· the Coalition for Patient Privacy got MUCH tougher security rules and enforcement into HITECH

· breaches are rampant

· 80% of hospitals still don’t encrypt data

What’s wrong with this picture? Register for the 2nd International Summit on the Future of Health Privacy June 6-7 in Washington, DC–attending or watching via live streamingvideo is free: http://tiny.cc/p4fqew Security technologies are critical for privacy—see top US computer scientists discuss “ideal” technologies for health data privacy and security.

Re: Data-Mining in Doctor’s Office Helps Solve Medical Mysteries

The story concludes that “the benefits (of research) outweigh the (privacy) concerns”. But that statement was made by a hospital administrator, not by the patients whose data were used without consent. They weren’t asked or notified.

There are several problems with the idea that the benefits of doing research without consent outweigh the risks:

·       the lack of privacy and control over health information causes bad outcomes: when people realize that they cannot control health records, millions refuse diagnosis and treatment for cancer, depression, and sexually-transmitted diseases

·       there is no need to choose between respecting patients’ rights to privacy and doing research—it’s a false choice, consent technologies can enable people to easily choose and give automatic consents for research projects they support, or be contacted case-by-case for permission

·       there was no public debate about whether every American’s electronic health information should be used for research without consent

·       current electronic systems do not allow patients to control any uses of their health data—-why continue to use such badly-designed systems?

·       there are no “dangers of over notification” with today’s systems—in fact, patients get no notice at all when personal data is used for research

Americans have not agreed to a healthcare system that turns them into electronic guinea pigs.

Why not build patient-centered systems so we can make important decisions about ourselves, instead of hospital administrators and researchers choosing for us?  “Nothing about me without me.”

Crunch Two Data Sets, Call Me in the Morning

See full article in Bloomberg Businessweek Article

As hospitals are acquiring more and more digital patient data, they are quickly turning to “Big Data” tech companies with expertise in data-mining, which “has already led to some measurable improvements in patient care” according to hospital administration. However, patients are rarely notified when their records are being used in this way because the data is exempt from federal privacy protection due to their necessity for “quality improvement”. “People do not like to have researchers of any stripe using their electronic health records”, says Deborah Peel, MD of Patient Privacy Rights. “As a matter of respect and autonomy and patient-centeredness, patients want to be asked. When they are asked, by and large, they support this. It’s the not-being-asked stuff that’s really bad”. A breakdown in patient-physician trust about data privacy can cause huge problems with patient care arising from patients refusing to share all necessary information with physicians as a means to avoid exposure.

Texas Error Exposed Over 13 Million Voters’ Social Security Numbers

See the full article in DataBreaches.net: Texas Error Exposed over 13 Million Voters’ SSNs

This story shows it’s easy to disclose the social security numbers of 13 million people at once. The data came from Texas’ voter registration data base, which was attached to a court report, BUT security breaches of the personal health information of millions of patients is also very common (see recent Utah and BCBS of TN breaches). Today’s electronic systems enable many new ways to breach data security and expose personal information.

The story below is about a government employee who attached over 13 million SSNs to a report and sent it to a 3rd party without anyone else reviewing his/her actions before the data was disclosed.  Where should the bar be set for disclosing personally identifiable information in any report?  At 1 million records? At 100 million records?

Most of the US health care system lacks effective protocols and procedures to protect data security and to prevent inappropriate data release and data breaches. Health data privacy and security require comprehensive and meaningful protections. We have a long way to go. Vastly expanding health IT systems before these problems are solved is a prescription for more data

PPR at Atlantic Health Care Forum

Today, April 19th, 2012, Deborah C. Peel, MD will speak on a panel at the Atlantic Healthcare Forum in Washington, DC.  See the agenda here.

View the Forum via a Live Streaming Webcast!

“Join industry experts, policymakers, and business leaders to discuss the latest innovations, trends, and concerns in an industry critical to our lives. The Forum will explore the future of wireless health, the potential of data innovation to improve care, and how to finance health care in the current economy through keynotes, panel discussions, and demonstrations.”

12:30 pm EST
Panel Discussion III. Health Care 2015: Can Big Data Be the Cure-All?
Moderator: Steve Clemons

Panelists:
* Robert Litan, Vice President for Research and Policy
* Ewing Marion Kauffman Foundation
* Susan Love, President, The Dr. Susan Love Research Foundation
* Deborah Peel, Founder, Patient Privacy Rights
* John Wilbanks, Founder, Consent to Research

See more at the Atlantic Healthcare Forum Site

Registration is officially closed, however you can view the full day via live streaming webcast.

Harvard’s Data Privacy Lab launching health record bank

Read the full article at: http://www.nhinwatch.com/perspective/harvard’s-data-privacy-lab-launching-health-record-bank

Some key points from the story:

“In a major new development in the world of health IT, the Data Privacy Lab in the Institute of Quantitative Social Science at Harvard University will soon unveil a health record bank (HRB) that allows anyone to own and manage a complete, secure, digital copy of their health records and wellness information with a free account. This is the first time that a prominent academic institution is hosting an HRB for use by the general public and communities nationwide.”

“This launch is important for health IT because an HRB can provide and sustain all the capabilities of a fully functional health information infrastructure (HII):
1. It allows access to comprehensive individual electronic patient records, aggregation of population information for public health and medical research, and record searching to facilitate patient-specific notifications;
2. Privacy is protected since each patient determines who can access which portions of their own health records;
3. Collecting patient information is assured – since patients request their records, all providers must supply them (under HIPAA and for Stage 2 Meaningful Use);
4. It is inexpensive to operate since it obviates the need for the complex and costly real-time record locator services necessary when each patient’s records from all sources are not centrally stored;
5. Patient consent enables innovative applications linked to HRB accounts, providing compelling value to consumers and other stakeholders (e.g., reminders and alerts), thereby ensuring more than enough revenue for financial sustainability. HRBs could even fund permanent, ongoing EHR incentives to office-based providers to help further promote widespread adoption and standards compliance. The HRB at Harvard therefore represents a feasible and readily achievable HII paradigm that can be utilized by individuals and communities nationwide.”

Re: Offense must be the new defense, RSA chief says

In response to the Government Security News (GSN.com) article: Offense must be the new defense, RSA chief says

From a major cybersecurity conference, “IT systems already are or will be compromised and security efforts must shift to detecting and mitigating compromises and protecting data in compromised systems.”

FLASH: Health data systems are just as compromised as those in every other sector of the economy and government, but it’s rarely mentioned. With the HIT and healthcare industries in denial, who will secure and protect the nation’s electronic health information?

At the same conference a solution was proposed, “the future of security and privacy in a world in which vulnerabilities and exploits are inevitable lies in protecting data through the use of metadata associated with policies that will let creators and owners control data.”

FYI: last year meta-tagging health data to protect privacy was proposed by the President’s Council of Advisors on Science and Technology (PCAST). PPR testified at the HIT Policy Committee in favor of meta-tagging health data. But the HIT and Healthcare lobbies killed it.

It’s back to business as usual: selling and using abysmal health IT systems and data exchanges without effective privacy or security protections — so healthcare corporations, hospitals, health plans, doctors, HIT companies, labs, pharmacies, etc can all use or sell our personal health data for discrimination and other purposes we would never agree to.

It’s time for Congress to support the Administration’s new Consumer Bill of Privacy Rights and put people in control of personal data online and in data systems by requiring robust, existing privacy and consent technologies or meta-tagging. Americans’ longstanding legal and ethical rights to health privacy must be restored so people are willing to participate in electronic health systems.

Without remedies now, “trust in our digital world is at risk.”

WH Initiative: Consumer Privacy Bill Of Rights

In a press release from the White House, February 22nd, 2012:

“The Obama Administration unveiled a “Consumer Privacy Bill of Rights” as part of a comprehensive blueprint to protect individual privacy rights and give users more control over how their information is handled. This initiative seeks to protect all Americans from having their information misused by giving users new legal and technical tools to safeguard their privacy. The blueprint will guide efforts to protect privacy and assure continued innovation in the Internet economy by providing flexible implementation mechanisms to ensure privacy rules keep up with ever-changing technologies. As a world leader in the Internet marketplace, the Administration believes the United States has a special responsibility to develop privacy practices that meet global standards and establish effective online consumer protection. ”

To read more about the proposed bill here are some additional resources:

Read Fact Sheet

Read Full Proposal

Additional White House Press Release

View the Press Conference on CNN’s Video Library

National experts to meet at HIMSS to promote health record banks

See the full article at: http://www.nhinwatch.com/perspective/national-experts-meet-himss-promote-health-record-banks

Experts are planning to meet at HIMSS to discuss “strategies to promote and accelerate development and adoption of HRBs – community-based personally controlled repositories of electronic health records.”

Some key points:

  • -”HRBs can provide effective and efficient health information infrastructure (HII) in communities by simultaneously addressing the interdependent requirements of privacy, stakeholder participation and financial sustainability.”
  • -”HRB allows patients to readily and conveniently manage their access permissions in one place. In addition to being an effective approach to privacy, patient control also ensures that stakeholders make information available.”

The article goes on to list the cost and efficiency revenue advantages of HRBs as well as the privacy implications.