Stanford medical records posted on public website, now removed

Below is part of the story published by MercuryNews.com, quoting Dr. Deborah Peel, founder of Patient Privacy Rights.

“The electronic medical records of 20,000 Stanford Hospital emergency room patients, including names and diagnostic codes, were posted on a commercial website, the hospital disclosed Thursday.

Personal information about patients seen between March 1 and Aug. 31, 2009, has been removed from the website and an investigation is under way, according to Stanford Hospital spokesman Gary Migdol.

But the startling breach — caused by a vendor’s subcontractor, who has assumed responsibility — raises questions about the privacy of medical information as it passes through many hands.

In one instance, it revealed a psychiatric diagnosis of a Santa Clara patient.

The released information also included medical record numbers, hospital account numbers, billing charges and emergency room admission and discharge dates. Credit card and Social Security numbers were not included…

…Americans expect doctors and hospitals to use their records only with consent, said Dr. Deborah C. Peel, founder of the watchdog group Patient Privacy Rights, “not to give them to legions of contractors and strangers. Existing regulations are just not strong enough to protect Americans’ sensitive health information. Today’s electronic health systems are not safe or trustworthy.””

Stanford Hospital investigating how patient data ended up on homework help website

A key conclusion from the audience of experts at the first summit on the future of health privacy was HIPAA has not been effective at protecting patient privacy. Jaikumar Vijayan quoted Deborah C. Peel, MD, founder and chair of Patient Privacy Rights, on the problems with HIPAA and the need to restore patient control over health information in this story. See videos of the summit at: www.healthprivacysummit.org

“Stanford University Hospital in Palo Alto, Calif. is investigating how a spreadsheet containing personal medical data on 20,000 patients that was being handled by one of its billing contractors ended up publicly available for nearly one year on a homework help site for students.

The spreadsheet first became available on the site last September as an attachment to a question supposedly posed by a student on Student of Fortune, a website that lets students solicit help with their homework for a fee. The question sought help on how the medical data in the attachment could be presented as a bar graph, The New York Times reported on Thursday.

A Stanford Hospital & Clinics representative told Computerworld in a statement that the hospital discovered the file on August 22, and took action to see it was removed within 24 hours.

“A full investigation was launched, and Stanford Hospital & Clinics has been working very aggressively with the vendor to determine how this occurred, in violation of strong contract commitments to safeguard the privacy and security of patient information,” the statement said…

The breach shows yet again how ineffective HIPAA has been in getting organizations that handle healthcare data, to take better care of it, said Deborah Peel founder and chairman of the Patient Privacy Rights Foundation .

Much of the problems stem from the indiscriminate sharing of sensitive personal information among “legions of secondary users”, she said. The average hospital has between 200 and 300 outside vendors and partners with access to patient data, Peel said.

“We do not have an effective federal health privacy law. HIPAA was gutted in 2002 when control over who can see and use patient data for all routine uses was eliminated,” she said.

The only way to really get a grip on the problem is to allow patients to exert more control over who has access to their data. “Data should be used for a single purpose after the patient gives consent such as consent to use the data to pay a claim or send to a consultant.”

“Consent should be obtained for any secondary or new uses of data,” she said. All organizations that handle health data, including third parties should be certified to adhere to the highest standards of data security, Peel said.

Open-Source Health Care Software

It’s a great read and critical viewpoint. To view the full article, please visit Open-Source Healthcare Software.

Key Quotes:

  • -“Unlike devices and services, most medical software is not regulated, placing the burden of safe and effective use on the physician.”
  • -“Despite the obvious benefits, open-source software is still rare in medical practice because, as with music and other information-based products, it is easy to copy.”
  • -“As medical software begins to offer decision support, risk management, performance rating, and analytic features, physicians should not accept black boxes and secret formulas that constrain sharing and intimately affect patient care and remuneration.”
  • -“Software creators will not switch to producing open-source products voluntarily because they stand to lose money by doing so. Only physicians can drive this change, and this paper describes the reasons why doing so is important to our profession and our patients.”
  • -“The Direct Project hosted by the Department of Health and Human Services is open-source software for secure e-mail to replace the fax as the primary means of communication between practices and even with patients. Direct Project has many unique features as a result of its noncommercial open-source design, including universal addressing that is not tied to a particular vendor or institution. Universal addressing, like modern e-mail, does not restrict communications to members of a particular exchange.”
  • -“Open-source software offers the same benefits in medicine as it does in other fields. These include ethical advantages, access, innovation, cost, interoperability, integration, and safety.”
  • -“As physician income becomes increasingly tied to patient outcomes and dependent on coordination of care, lack of interoperability, integration, and standardization has begun to impact clinical practice. It is hardly surprising that interoperability and integration costs related to proprietary health care software are extremely high and that the true value of health care services is difficult to measure and compare.”
  • -“The broad ability of users to adopt and improve software creates diverse, global communities on the Internet with significant incentive to help each other.”
  • -“Proprietary software puts the physician at the mercy of the vendor, who is often more interested in acquiring new customers than serving locked-in customers”

The road to electronic health records is lined with data thieves

The following is a guest post by Reuters contributor Constance Gustke. The opinions expressed are her own. See the full article at http://blogs.reuters.com/reuters-money/2011/08/05/the-road-to-electronic-health-records-is-lined-with-data-thieves/

“The future of your personal health information involves gigantic Internet-driven databases that connect you to doctors, health information and services no matter where you are and what time it is.

With a big push from President Obama, who wants secure electronic health records for every American by 2014, many health insurance companies, hospitals, private practices and pharmacies are already delivering some patient portals using these records as a backbone.

It’s the future of medicine, says Dr. Raymond Casciari, chief medical officer at St. Joseph Hospital in Orange, California, but for now, he adds, “We’re still in the dark ages.”

The portal approach is intended to be beneficial, letting you share key medical data instantly with your family and consult with specialists on another continent. It’s supposed to lower healthcare costs and provide better services. But the data being stored is sensitive and so far it isn’t very secure, say experts. So it’s important to know how your medical information is being shared and managed, especially as access explodes.

Dr. Deborah Peel, a psychiatrist and founder of Patient Privacy Rights, is dubious about patient medical privacy on portals. She believes that data breaches can have harmful effects, including medical discrimination. “Today, we can’t see who uses our electronic records,” she warns. “And they can be back-door mined.”…”

Re:Epsilon breach used four-month-old attack

In response to the article in ITnews.com by Brett Winterford: Epsilon breach used four-month-old attack

Epsilon, the world’s largest email service provider, did not respond to 4 month-old warnings that their systems were vulnerable to hackers trying to access email deployment systems. Victims reported not only email addresses, but phone numbers were stolen. Some got hundreds of phone calls.

Everyone should expect very sophisticated “spear-phishing” attacks via email, where someone gets you to open an email by pretending to know you by using details from social media, etc.

2500 global companies like Citibank trusted Epsilon with sensitive details about millions of us, their customers.

Hospitals, insurers, pharmacies, and many unknown third parties/corporations/government agencies hold also data bases with millions of Americans’ sensitive financial and health records. Reports of health data breaches are soaring because securing data is very difficult and expensive.

Shouldn’t we demand that Congress and the federal government require and validate that all businesses holding health data have ironclad data security protections in place, BEFORE REQUIRING ever more data exchange, when we already know that healthcare systems are extremely vulnerable?

Shouldn’t health IT systems have ironclad security and require patient consent first? Shouldn’t the horse go before the cart?

Check out the latest proposed Federal Strategic Health IT Plan:
• it requires vast amounts of data-sharing NOW for a myriad of “meaningful uses” and other reporting without patient consent
• we still can’t see who accessed or used our health data because we can’t get audit trails of all disclosures yet, even though federal law (HITECH, 2009) requires that data holders give us a 3-year accounting of all disclosures if requested. This new consumer right and protection has not been implemented in regulations by HHS.
• See: ONC Announces open public comment period on the Federal Health IT Strategic Plan: 2011-2015

PPR will circulate comments for the Coalition for Patient Privacy to sign.

Steady Bleed: State of HealthCare Data Breaches — Comments

Comments on Information Week Article: Steady Bleed: State of HealthCare Data Breaches

This is a very ominous story. As every state rushes to connect offices and hospitals with weak security and privacy together to exchange data, the federal government is giving doctors and hospitals tens-to-hundreds of thousands of dollars to install electronic health records that also lack ironclad security and also prevent patients from controlling their records. Hooking systems of ‘weak links’ to thousands of new systems that are also ‘weak links’ is a prescription for disaster.

Like the author, Patient Privacy Rights has been pointing out the abysmal state of health data security for years. What the author does not know is Congress LISTENED TO PATIENTS. Senator Snowe deserves credit for these consumer protections because she refused to allow the meaningful breach protections she crafted to be weakened. Powerful support by the bipartisan Coalition for Patient Privacy (see our letter to Congress) helped convince Congress to put Senator Snowe’s tough breach reporting and tough penalties into the stimulus bill. Perhaps now those who hold our sensitive health data will start to take security seriously.

What is really new in this story are FairWarning’s report about the very high monthly frequency of breaches in doctor’s offices and major hospitals in the US and across the world. The statistics from FairWarning show clearly that the number of breaches officially reported to HHS are just the tip of the iceberg. See quotes:

  • 200-bed hospital with a few small clinics, Rurally based: 24 confirmed incidents [breaches] per month.
  • U.S. based physician practice with 20 clinics metro and rurally dispersed: 29 confirmed incidents [breaches] per month.
  • UK based teaching hospital in major metropolitan area as well as rurally based facilities: 130 confirmed incidents [breaches] per month
  • Top 50 U.S. Health System with multiple affiliated hospitals and clinics – Based in a major metropolitan area: 125 confirmed incidents [breaches] per month.

You can see reported breaches to HHS affecting 500 or more here: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

The Case for Informed Consent

Austin, TX — Patient Privacy Rights (PPR), the nation’s leading health privacy watchdog released a white paper entitled, “The Case for Consent: Why it is Critical to Honor What Patients Expect: for Health Care, Health IT and Privacy.” The paper is designed to be a primer on health privacy and argues that the primary stakeholder in health care, the patient, must retain control over their personal health information. The white paper is available online at http://patientprivacyrights.org/wp-content/uploads/2010/08/The-Case-for-Informed-Consent.pdf.

The white paper tackles the arguments made that patient control is too technically difficult, is too expensive, or is too complex, among others. In fact, robust privacy-enhancing technologies are in use now that ensure both progress and privacy. Technology can enable control over personal health information today and likely simplify our systems and lower costs.

“Patients know what they want,” says Patient Privacy Rights’ founder, Deborah Peel, MD. “It is a mistake to design health IT in a paternalistic manner — assuming a corporation, vendor, provider or government agency knows what is best for each individual patient.”

View the white paper: The Case for Informed Consent

Privacy Risk Calculator

Is your sensitive health information at risk of being exposed and sold?

Take the following quick quiz to see if your health privacy is at risk.

Please Note:
Keep track of the total points earned by each answer
to calculate your health information’s privacy risk.

BEGIN THE PRIVACY QUIZ RISK CALCULATOR

WSJ Exposes Web Tracking Truths

This story should prompt a flood of investigative reporting about the secret, highly lucrative data theft and mining industries. And health information is THE most valuable personal information of all.

“Consumer tracking is the foundation of an online advertising economy that racked up $23 billion in ad spending last year.”

The story shows that the data theft and data mining industries are selling real-time access to specific people—a FAR more intrusive practice than buying a location on a webpage:

“These profiles of individuals, constantly refreshed, are bought and sold on stock-market-like exchanges that have sprung up in the past 18 months.”

“Advertisers once primarily bought ads on specific Web pages—a car ad on a car site. Now, advertisers are paying a premium to follow people around the Internet, wherever they go, with highly specific marketing messages.”

And, of course, sensitive health information is being stolen too:

“On Encyclopaedia Britannica Inc.’s dictionary website Merriam-Webster.com, one tracking file from Healthline Networks Inc., an ad network, scans the page a user is viewing and targets ads related to what it sees there. So, for example, a person looking up depression-related words could see Healthline ads for depression treatments on that page—and on subsequent pages viewed on other sites.”

“Healthline says it doesn’t let advertisers track users around the Internet who have viewed sensitive topics such as HIV/AIDS, sexually transmitted diseases, eating disorders and impotence. The company does let advertisers track people with bipolar disorder, overactive bladder and anxiety, according to its marketing materials.”

Ubiquitous surveillance and data theft is used to track and discriminate against every American in real time. Ads are NOT innocuous and helpful:

“We’re driving people down different lanes of the highway,” Mr. Cheyney says.

“Some financial companies are starting to use this formula to show entirely different pages to visitors, based on assumptions about their income and education levels.”

“Life-insurance site AccuquoteLife.com, a unit of Byron Udell & Associates Inc., last month tested a system showing visitors it determined to be suburban, college-educated baby-boomers a default policy of $2 million to $3 million, says Accuquote executive Sean Cheyney. A rural, working-class senior citizen might see a default policy for $250,000, he says.”

Only exposure and public outrage over the deeply invasive secret data theft and data mining industries will shut them down. And it’s important to know that the government is one of the biggest customers of these stolen data profiles.

See the Wall Street Journal Article: The Web’s New Gold Mine: Your Secrets

State agency swaps babies’ blood for supplies

When a California company asked Texas for blood samples from newborns in 2008, the state charged $1,600 for 400 blood spots. A North Carolina company swapped 16 HIV testing kits for 5,400 blood spots from the Department of State Health Services in 2006 and 2007. And another company has a five-year contract to get 3,800 blood spots a month in exchange for $456,000 worth of lab supplies.

Blood taken from Texas newborns in a state-mandated program to screen for defects and potentially deadly disorders has proved to be a valuable commodity — not just for researchers who might discover causes and treatments for diseases, but for companies developing, manufacturing and selling lab tests around the world. The blood samples — which were stored indefinitely starting in July 2002 without parents’ knowledge until recently — help companies evaluate and bring disease screening tests to market. In exchange, the health department gets needed supplies to conduct lab tests on newborns and other patients…

…In March 2009, the Texas Civil Rights Project sued the state over the storage program, claiming the state was violating constitutional protections against unlawful searches and seizures as well as state privacy laws. It wanted the state to stop storing blood without parental consent — state law doesn’t require consent — and asked that samples be destroyed unless consent was obtained.

The issue struck a chord nationally as parents learned other states had similar programs and feared the potential for misusing private genetic information.

“Newborn screening programs are under attack nationally, and they hope this will just go away, but it won’t,” said Dr. Deborah Peel, founder and chairwoman of Patient Privacy Rights, a national organization that advocates for patient privacy. “The public is terrified of the state owning their DNA.”

The Texas suit was settled in December when the state agreed to destroy 5.3 million blood spots stored since 2002, despite last-minute efforts led by Peel and others to try to save the spots by creating an informed consent process. New state laws passed last year put controls on the samples, and now the department must inform parents of possible uses and allow them to opt out of having their baby’s blood stored for up to 25 years.