Health IT coordinator attacks rumors that spy agencies would tap into patient information network

Dr. David Blumenthal, national coordinator for health information technology, has strongly denied any plans to develop a national network that would transmit patients’ medical information to the Justice and Homeland Security departments…

…Rather than defusing concerns, privacy advocates said Blumenthal’s remarks only heightened questions about what role NIEM standards, and the law enforcement agencies that developed them, will play in a national health information network.

Dr. Deborah Peel, founder of the Patient Privacy Rights Foundation, said she believes Blumenthal is well-intentioned in his aim to ensure patient information is not transmitted to law enforcement or intelligence agencies. But promises do not have the force of law, she noted.

NHIN won’t funnel information to CIA: Blumenthal

David Blumenthal, head of HHS’ Office of the National Coordinator for Health Information Technology, has denied allegations that a framework for selecting data transmission standards for the proposed national health information network would configure the system to afford federal control over patient data and funnel that information to federal agencies, including the CIA, Justice Department and National Security Agency.

Blumenthal’s remarks came more than three hours into the March 25 meeting of the Health IT Standards Committee. The committee is a federal panel created under the American Recovery and Reinvestment Act of 2009, also known as the stimulus law, to advise the ONC on matters concerning health IT standards.

How to reconcile Kaiser’s statements about who can access patient data

Two reports of how Kaiser Permanente approaches security left this blogger scratching her head last week as the reports might seem to contradict each other. And because the VA Watchdog had the same questions I have, I decided to follow-up.

On February 28, and as reported by Health Data Management, Eric Liederman, M.D, director of medical informatics at Kaiser Permanente’s Northern California division, described the security approach this way during the Physicians Symposium at the HIMSS 2010 Conference & Exhibition in Atlanta:

‘Healthcare is slow to change’ to cloud environment (Part II)

Cloud computing is not just on the healthcare horizon. Partial and pure-play cloud computing architectures are already serving healthcare information technology needs in the U.S.

…When it passed the stimulus act, Congress included several more stringent privacy provisions, including several taking direct aim at vendors of PHR systems, cloud-based on not. The new law sought to place PHR vendors under the same privacy and security rules as hospitals and office-based physicians and other so-called “covered entities” pursuant to the Health Insurance Portability and Accountability Act of 1996. Google and Microsoft Corp. have expressed varying degrees of reluctance toward acknowledging their PHR operations have HIPAA obligations…

Privacy advocate Deborah Peel said renting servers and storing healthcare information in large “ultra-secure facilities,” typical of cloud computing operations, “has always made sense to me. Servers in closets are going to go the way of dinosaurs. They just have to.”

But to allow a company to move healthcare data around a cloud “anywhere in the world is going to be a nightmare,” said Peel, a psychiatrist and the founder of the Austin, Texas-based Patient Privacy Rights Foundation.

“Where are the servers? If data is moved among various facilities, who certifies security among them? You get into the weakest link problem,” which, she said, might also include legal issues if the data is stored in a country with weaker privacy standards than the U.S. Not that the U.S. is a global paragon for privacy rights, according to Peel. “It’s kind of ironic to say they ought to be in the U.S., because the U.S. may not be the best place in the world, but it has to start somewhere,” she said.

New Epidemic Fears: Hackers

The government is committing billions of dollars for technology systems that help healthcare providers share information. But making patient data more accessible has the unpleasant side effect of it potentially falling into the wrong hands.

Under the Obama administration’s stimulus bill and other proposals, portions of a $29 billion fund are available to reimburse hospitals and doctors’ offices that invest in electronic records systems and other software that might improve care and lower health-care costs. The government has stressed the need for increased security as part of this digitization initiative, but hasn’t yet proposed mechanisms for how the data will be protected.

Now, many privacy advocates are concerned the administration’s effort could end up making health information less secure. “If there isn’t a concerted effort to acknowledge that the security risks are very real and very serious then we could end up doing it wrong,” says Avi Rubin, technical director of the Information Security Institute at Johns Hopkins University.

Grab for patient records

MEDICAL market research firm AsteRx plans a grab for doctors’ prescribing records with an offer of powerful business intelligence software free to GPs who sign up.

AsteRx managing director Jon Marshall says de-identified patient data provides valuable insight into healthcare trends — including the spread of infectious diseases — for which drug companies, pharmacists and others are prepared to pay.

“We essentially want to build a large network of GPs so that we can provide data that can be called on in times of need,” he said. “If we were extracting data from every GP in Australia, we would be able to track the swine flu, for instance.

“From the data we already collect I can tell you whether there has been an increase in immunisations, or increased incidences of flu, right up to yesterday’s figures.”

Consumer Watchdog Calls on Google to Cease Lobbying Effort to Allow Sale of Patient Medical Records

Urges Congress to Adopt Privacy Protections in Economic Stimulus Bill. The non-partisan Consumer Watchdog called on Google today to cease a rumored lobbying effort aimed at allowing the sale of electronic medical records in the current version of the Economic Stimulus legislation.

Consumer Watchdog called on Congress to remove loopholes in the ban on the sale of medical records and include other privacy protections absent from the current bill such as giving patients the right to an audit detailing who had accessed their medical records and how the records were used.

Reportedly Google is pushing for the provisions so it may sell patient medical information to its advertising clients on the new “Google Health” database:

Group launches online ZIP code atlas of population health

A public health organization will launch an online database this fall that could help forecast the demand for health care services in specific locations for chronic conditions including diabetes, obesity, and HIV.

The National Minority Quality Forum has created the “ZIP Code Analysis Project” to collect data on disease activity among both general and minority populations by postal code.

The project already has a diabetes atlas online. The database shows differences in the prevalence of diabetes across a map of the U.S., as well as noticeable annual changes. This fall atlases will be available for cardiovascular disease, obesity, HIV and chronic kidney disease.

Cloud computing puts your health data at risk

The advent of “in the cloud” medical records services, such as Microsoft HealthVault and Google Health, promises an explosion in the storage of personal health-care information online.
But these services pose sticky privacy questions — unless you know how to protect your personal medical records.
A promise of safer personal health data
Your private health information is migrating wholesale onto the public network with the advent of online health-care records stored in massive data centers around the world.
While the services aim to make it easier for consumers to access and manage their personal health information, the ready availability of this data also makes it much easier and less expensive for insurers to put your medical history under the microscope…
…Take, for example, prescription records.
“All 51,000 pharmacies in the U.S. are wired for data mining. Selling prescription records is a multibillion-dollar-a-year industry,” states an FAQ published by Patient Privacy Rights, a major consumer-health and privacy-rights organization.
This data mining of prescription records can cost consumers big-time…

Prescription Data Used To Assess Consumers’ Health “Scores”

Yesterday, The Washington Post featured an article describing what the authors called “a powerful new tool for evaluating whether to cover individual consumers: a health ‘credit report’ which is drawn from databases containing prescription drug records on more than 200 million Americans.” Pharmaceutical industry blog Pharmalot broke the story online, but as you might imagine, that did not represent the patient perspective of this practice.
Two of the biggest providers of this type of data are Ingenix, a Minnesota-based health information services company that had $1.3 billion in sales last year, and a Wisconsin-based rival named Milliman IntelliScript.