We want to hear from YOU! Tell us why you think health privacy is important.

Protecting health privacy isn’t just important for your own health and well-being, but what we do now affects future generations too. PPR cares deeply about protecting everyone’s privacy so that people are measured by who they are and what they are capable of, not their medical history.

Currently, there are no limits to the types of organizations that can gain access to sensitive information about you—employers, advertisers, insurers, you name it. It’s so important that we act now to preserve our right to privacy and regain control over our personal information. We believe it should always be up to you to decide what happens to your sensitive information—you should be able to know and control who sees it, where it goes, and why.

People say that privacy is a thing of the past in the Digital Age, but we disagree. In fact, we think people are starting to realize just how important privacy is and that it’s a right worth fighting for. That’s why we want to hear from you. Send us a video telling us why you think health privacy matters and join us in our efforts to protect it.*

Watch the video below to hear Dr. Peel talk about why health privacy is important to her (or click here to view it on YouTube).


*Please note that by sending a video, you are giving PPR permission to display the video on its website or social media pages. However, the video remains the sole property of the copyright holder. Any requests to remove or delete videos will be immediately honored.

Re: Poor Prognosis for Privacy

In response to The Wall Street Journal article by Melinda Beck: Poor Prognosis for Privacy

Most healthcare institutions and John Halamka ignore the fact that for over a decade technology has empowered millions of patients to control which parts of their electronic health records are disclosed for mental health and addiction treatment. The technology for ‘segmentation’ exists.

Congress, the courts, state and federal laws, and medical ethics require that patients control who can see and use sensitive personal health data, yet federal regulators who write the rules for industry have not required electronic health systems to use either ‘segmentation’ or other technologies like meta-data tagging that could also enable selective disclosures of health information.

When the public finds out they can’t control the use or disclosure of sensitive personal health data, many millions will refuse early diagnosis and treatment for cancer, depression, and STDs every year—and millions more will hide information, refuse tests, and act in ways that put their health at risk. These are bad outcomes.

Should the public be forced to use health technology systems that cause bad outcomes? Why not require technology that IMPROVES health outcomes?

Re: Federal Agencies Paint Regulatory Landscape with Broad Brushstrokes

The Genomics Law Report (GLR) posted an interesting blog about the emergence of mobile health (mHealth) and the role many believe it could play in improving the quality and delivery of health care. It discusses how the mHealth regulatory landscape is still in its early stages of formation and has many key players and components that will help guide its development. It then outlines many of the players, such as the FDA, FCC, FTC, and HHS, and the various ways in which each organization might help shape the future of mHealth.

The story also makes mention of the FTC’s “privacy by design” recommendation for mobile applications, which is undoubtedly a critical component to protecting patients’ privacy as more innovative technologies and apps hit the marketplace. However, aside from ensuring that strong privacy controls are built into the apps up front, it will also be important to make sure patients have other important privacy protections, like control over their sensitive health information, no matter the medium used to collect and share it.

To read the full blog from GLR, click here.

Health privacy issues can be resolved without obstructing care

See the full article at FierceHealthIT.com

“At times, it seems like concerns about the security and privacy of healthcare data have catapulted into overdrive: For instance, it recently was predicted that healthcare spending on security would hit $70 billion a year by 2015–enough to cover the majority of the uninsured. Sure, there are plenty of security breaches–some of them serious enough to attract public attention. But as a few recent cases show, universal encryption of data (some forms of which may soon be required under the latest HIPAA rules) could eliminate the biggest source of security breaches. Also, with the advent of virtual desktop infrastructure, there’s no reason to store any personal health information on end-user devices…

…Another challenge in the security arena is giving consumers the ability to control who sees their records. While most physicians now have their patients sign HIPAA forms so that they can share data with other providers, the advent of electronic health information exchange (HIE) has greatly increased access to a wide range of individually identifiable data from a variety of sources. And patients may not want everyone who treats them to know, for example, that they have seen a psychiatrist.

A study recently published in Health Affairs documents the extent to which five California healthcare organizations follow principles for protection of patient information that were developed by consumer groups and other stakeholders. Although the healthcare providers took privacy and security seriously, the report said, “none of the organizations did much to educate consumers about the data available about them or to enable them to control their data.”"

PPR impressed with HHS’ privacy approach

Secretary of Health and Human Services (HHS), the Director of the Office of Civil Rights (OCR), and the National Coordinator for HIT all made very strong, pro-privacy statements at the press conference today announcing the Notice of Proposed Rulemaking (NPRM) titled: 45 CFR Parts 160 and 164, RIN: 0991-AB57, Modifications to the HIPAA Privacy, Security, and Enforcement Rules under the Health Information Technology for Economic and Clinical Health Act.

Signaling a major shift in direction for the Administration and HHS’ Secretary Sebelius said “It’s important to understand this announcement of the NPRM…. is part of an Administration-wide commitment to make sure no one has access to your personal information unless you want them to.”

Patient Privacy Rights heartily congratulates the Administration and Sec. Sebelius for this new pro-privacy, patient-centered approach to personal health information (PHI).

We applaud Secretary Sebelius’ clear acknowledgment that health IT systems should empower patients to control PHI. Putting patients in control of PHI is the only route to prevent wasting billions in stimulus funds on HIT systems that destroy privacy and to stop the theft, misuse, and sale of PHI in today’s primitive HIT systems and data exchanges.

During her remarks, OCR Director Verdugo said, “the benefits of HIT will only be fully realized if health information is kept private and secure at all times.”

And finally Dr. Blumenthal stated, “we want to make sure it is possible for patients to have maximal control over PHI.” He also referred to the Consumer Choices Technology Hearing last week, which demonstrated consent tools that enable patients to control the use and disclosure of their health information from EHRs and for HIE.

Hopefully the NPRM actually gives Americans the control over access to personal information Secretary Sebelius said the Administration is committed to. We are analyzing the 234 page Notice of Proposed Rulemaking (NPRM), and will post our comments on the NPRM as soon as we can.

Below see the Press Conference announcing the Proposed Rule.

HHS pitches new patient privacy safeguards

A new rule proposed today would add substantial protections to the Health Insurance Portability and Accountability Act (HIPAA) for individuals who want to make sure their personal health information remains private and under their control, something that’s considered vital to the eventual success of electronic health record deployments.

Health and Human Services Secretary Kathleen Sebelius acknowledged as much in announcing the rule, saying that, while health IT will help to move the American health system forward, “the privacy and security of personal health data is at the core of all of our work.”

The proposed rule, which will be open to a 60-day comment period starting July 14, takes various routes to providing patient control…

…First reactions to the proposal were generally positive. Deborah Peel, founder and chair of the Patient Privacy Rights organization and an often fierce critic of the government’s record on privacy rights, said she was impressed with Sibelius’s remarks.

“We applaud her for recognizing that HHS should build what the public expects: health IT systems that empower patient control over personal health information,” she said.

HHS’ Health Privacy Site