Transparency: Brand Reputation and Patient Trust

Agreed: transparency is critical for patient trust. With so few HIT corporations putting patients in charge of personal health information (PHI), it is rare good news to see a companies like Jericho working on consent directives.

From the Article:

 
Keeping a solid brand in healthcare requires trust. Trust is important no matter the industry. However, in healthcare, trust is more personal. When it comes to patient care, much private, personal information is given by individuals and also received through physician engagement and various clinical tests. Patient information needs to be safeguarded, just as a patient intends it to be.

Recently, The University of Texas at Austin Health Information Technology Program, Jericho Systems Corporation, and Conemaugh Health System undertook a pilot to test if protected health information (PHI) can adhere to consent directives. The good news is they proved the integrity of a patient’s consent directive through the health information exchange. With this test, greater confidence in patient data security and privacy is gained. The work doesn’t stop here, as there are many practices necessary to support patient privacy and security as networks expand and exchanges broaden.

Equally important are practices to support data transparency in healthcare. Transparency should mean that patients know what data is being collected and who their data is being shared with.

The points are straightforward here, too.

  • Trustworthy brands in healthcare embrace transparency. Open communication about what information is being collected and shared rises to the same standard of protecting the privacy of designated PHI.
  • Brands build relationships, and relationships are built on trust. Transparency builds trust, as does consistently delivering on your promises made.

To read the full article, please visit: Transparency: Brand Reputation and Patient Trust

IMS Health Files for IPO – Is It Legal?

On January 2nd, IMS Health Holdings announced it will sell stock on the New York Stock Exchange. IMS joins other major NYSE-listed corporations that derive significant revenue from selling sensitive personal health data, including General Electric, IBM, United Health Group, CVS Caremark, Medco Health Solutions, Express Scripts, and Quest Diagnostics.

  • IMS buys and aggregates sensitive “prescription and promotional” records, “electronic medical records,” “claims data,” “social media” and more to create “comprehensive,” “longitudinal” health records on “400 million” patients.
  • All purchases and subsequent sales of personal health records are hidden from patients.  Patients are not asked for informed consent or given meaningful notice.
  • IMS Health Holdings sells health data to “5,000 clients,” including the US Government.
  • Despite claims that the data sold is “anonymous”, computer science has long established that re-identification is easy.
  • See brief 3-page paper by Narayanan and Shmatikov at: http://www.cs.utexas.edu/~shmat/shmat_cacm10.pdf)
  • See Prof. Sweeney’s paper on re-identifying patient data sold by states like WA at: http://thedatamap.org/risks.html
  • “Our solutions, which are designed to provide our clients access to our deep healthcare-specific subject matter expertise, take various forms, including information, tailored analytics, subscription software and expert services.” (from IMS Health Holding’s SEC filing)

 

Quotes from IMS Health Holding’s SEC filing:   “We have one of the largest and most comprehensive collections of healthcare information in the world, spanning sales, prescription and promotional data, medical claims, electronic medical records and social media. Our scaled and growing data set, containing over 10 petabytes of unique data, includes over 85% of the world’s prescriptions by sales revenue and approximately 400 million comprehensive, longitudinal, anonymous patient records.”   IMS buys “proprietary data sourced from over 100,000 data suppliers covering over 780,000 data feeds globally.”

How can this business model be legal?  How can companies decide that US citizens’ personal health data is “proprietary data,” a corporate asset, and sell it?  If personal health data ‘belongs’ to anyone, surely it belongs to the individual, not to any corporation that handles, stores, or transmits that information.

Americans’ strongest rights to control personal information are our rights to control personal health information. We have constitutional rights to health information privacy which are not trumped by the 2001 elimination of the right of consent from HIPAA (see: http://patientprivacyrights.org/truth-hipaa/ ). HIPAA is the “floor” for privacy rights, not the ceiling. Strong state and federal laws, and medical ethics require consent before patient data is used or disclosed. 10 state constitutions grant residents a right to privacy, and other states constitutions have been interpreted as giving residents a right to privacy (like TX).

Surely FTC would regard the statement filed with the SEC as evidence of unfair and deceptive trade practices. US patients’ health data is being unfairly and deceptively bought and sold.  Can the SEC deny IMS Health the opportunity to offer an IPO, since its business model is predicated on hidden purchase and sale of Americans’ personal health data?

If we can’t control the use and sale of our most sensitive personal information, data about our minds and bodies, isn’t our right to privacy worthless?

deb

To view the full article published in Modern Healthcare visit:  IMS Health Files for IPO

 

Security and Privacy of Patient Data Subject of Regulatory Hearing

Representatives of patients, providers, insurers and tech companies testify before federal panel yesterday at the HIT Policy Privacy & Security Tiger Team Virtual Hearing on Accounting for Disclosures.

“We believe it’s the patient’s right to have digital access that is real-time and online for accounting of disclosures,” said Dr. Deborah Peel, the head of Patient Privacy Rights, a group she founded in 2004. Patients “need and want the data for our own health. We need to have independent agents as advisors, independent decision-making tools, we need independence from the institutions and data holders that currently control our information. We need to have agents that represent us, not the interests of corporations,” she said.

“I think the day will come when people will understand that their health information is the most valuable personal information about them in the digital world and that it’s an asset that should be protected in the same way that they protect and control their financial information online,” Peel said.

To view the full article click Security and Privacy of Patient Data Subject of Regulatory Hearing

To view a PDF of the hearing click HIT Policy Privacy & Security Tiger Team Virtual Hearing on Accounting for Disclosures

 

Dr. Peel at Authors’ Roundtable at HIMSS 2013

Dr. Deborah Peel, PPR Founder & Chair, will join her co-authors to talk about pressing privacy issues raised in HIMSS’s just released book, Information Privacy in the Evolving Healthcare Environment. As a co-author, Dr. Peel’s contributing chapter discusses patients’ rights to privacy and consent and outlines the auditable criteria of PPR’s Trust Framework, which includes 15 clear principles to ensure meaningful consent within all electronic systems.

Purchase the book here.

Restoring patient control over PHI will be a key topic discussed, with additional focus on the technologies and laws needed to address the gaps and flaws in the Omnibus Privacy Rule.

Date: Tuesday, March 5, 2013
Time: 11:00 AM CT
Where:
HIMSS 2013 Annual Conference and Exhibition
Room 213
New Orleans Ernest N. Morial Convention Center
900 Convention Center Boulevard
New Orleans, Louisiana

An advocate for patients’ rights to health privacy since 2004, when she formed PPR, Dr. Peel has led the charge for more stringent data privacy and security protections, as well as tough new enforcement and penalties for violations that were included in the January 2013 release of the Omnibus Privacy Rule.

Sizing Up De-Identification Guidance, Experts Analyze HIPAA Compliance Report (quotes PPR)

To view the full article by Marianne Kolbasuk McGee, please visit: Sizing Up De-Identification Guidance, Experts Analyze HIPAA Compliance Report.

The federal Office of Civil Rights (OCR), charged with protecting the privacy of nation’s health data, released a ‘guidance’ for “de-identifying” health data. Government agencies and corporations want to “de-identify”, release and sell health data for many uses. There are no penalties for not following the ‘guidance’.

Releasing large data bases with “de-identified” health data on thousands or millions of people could enable break-through research to improve health, lower costs, and improve quality of care—-IF “de-identification” actually protected our privacy, so no one knows it’s our personal data—-but it doesn’t.

The ‘guidance’ allows easy ‘re-identification’ of health data. Publically available data bases of other personal information can be quickly compared electronically with ‘de-identified’ health data bases, so can be names re-attached, creating valuable, identifiable health data sets.

The “de-identification” methods OCR proposed are:

  • -The HIPAA “Safe-Harbor” method:  if 18 specific identifiers are removed (such as name, address, age, etc, etc), data can be released without patient consent. But .04% of the data can still be ‘re-identified’
  • -Certification by a statistical  “expert” that the re-identification risk is “small” allows release of data bases without patient consent.

o   There are no requirements to be an “expert”

o   There is no definition of “small risk”

Inadequate “de-identification” of health data makes it a big target for re-identification. Health data is so valuable because it can be used for job and credit discrimination and for targeted product marketing of drugs and expensive treatment. The collection and sale of intimately detailed profiles of every person in the US is a major model for online businesses.

The OCR guidance ignores computer science, which has demonstrated ‘de-identification’ methods can’t prevent re-identification. No single method or approach can work because more and more ‘personally identifiable information’ is becoming publically available, making it easier and easier to re-identify health data.  See: the “Myths and Fallacies of “Personally Identifiable Information” by Narayanan and Shmatikov,  June 2010 at: http://www.cs.utexas.edu/~shmat/shmat_cacm10.pdf Key quotes from the article:

  • -“Powerful re-identification algorithms demonstrate not just a flaw in a specific anonymization technique(s), but the fundamental inadequacy of the entire privacy protection paradigm based on “de-identifying” the data.”
  • -“Any information that distinguishes one person from another can be used for re-identifying data.”
  • -“Privacy protection has to be built and reasoned about on a case-by-case basis.”

OCR should have recommended what Shmatikov and Narayanan proposed:  case-by-case ‘adversarial testing’ by comparing a “de-identified” health data base to multiple publically available data bases to determine which data fields must be removed to prevent re-identification. See PPR’s paper on “adversarial testing” at: http://patientprivacyrights.org/wp-content/uploads/2010/10/ABlumberg-anonymization-memo.pdf

Simplest, cheapest, and best of all would be to use the stimulus billions to build electronic systems so patients can electronically consent to data use for research and other uses they approve of.  Complex, expensive contracts and difficult ‘work-arounds’ (like ‘adversarial testing’) are needed to protect patient privacy because institutions, not patients, control who can use health data. This is not what the public expects and prevents us from exercising our individual rights to decide who can see and use personal health information.

Health privacy issues can be resolved without obstructing care

See the full article at FierceHealthIT.com

“At times, it seems like concerns about the security and privacy of healthcare data have catapulted into overdrive: For instance, it recently was predicted that healthcare spending on security would hit $70 billion a year by 2015–enough to cover the majority of the uninsured. Sure, there are plenty of security breaches–some of them serious enough to attract public attention. But as a few recent cases show, universal encryption of data (some forms of which may soon be required under the latest HIPAA rules) could eliminate the biggest source of security breaches. Also, with the advent of virtual desktop infrastructure, there’s no reason to store any personal health information on end-user devices…

…Another challenge in the security arena is giving consumers the ability to control who sees their records. While most physicians now have their patients sign HIPAA forms so that they can share data with other providers, the advent of electronic health information exchange (HIE) has greatly increased access to a wide range of individually identifiable data from a variety of sources. And patients may not want everyone who treats them to know, for example, that they have seen a psychiatrist.

A study recently published in Health Affairs documents the extent to which five California healthcare organizations follow principles for protection of patient information that were developed by consumer groups and other stakeholders. Although the healthcare providers took privacy and security seriously, the report said, “none of the organizations did much to educate consumers about the data available about them or to enable them to control their data.”"