Privacy Piracy Interview with PPR Founder

PRIVACY PIRACY HOST, MARI FRANK, ESQ. INTERVIEWS
DEBORAH PEEL, MARCH 11TH, 2013

On Monday, March 11th, 2013 Deborah C. Peel, MD, founder & chair of Patient Privacy Rights, was interviewed on Privacy Piracy with Mari Frank.

Among the topics of discussion were:

  1. The current state of Health Privacy
  2. How can individuals help to save and strengthen health privacy rights?
  3. What is the focus of the third International Summit on the Future of Health Privacy?

HIPAA Omnibus: Gaps In Privacy? — Interview with Deborah C. Peel, MD

Although the HIPAA Omnibus Rule is a step in the right direction for protecting health information, the regulation still leaves large privacy gaps, says patient advocate Deborah Peel, M.D.

HIPAA Omnibus finally affirmed that states can pass laws that are tougher than HIPAA, and that’s really good news because HIPAA is so full of flaws and defects that we are concerned that what is being built and funded will not be trusted by the pubic,” Peel says in an interview with HealthcareInfoSecurity during the 2013 HIMSS Conference.

Listen to this interview and read the full article here.

CommonWell Is a Shame and a Missed Opportunity

This is a story about how major data holders are moving to consolidate THEIR control over the collection and use of our personal health information.

Instead of building electronic health systems that enable us to decide who can see and use our health data, we are locked out and have no way to know who is using our data or what it’s used for.

-Deborah Peel

From The Health Care Blog article: CommonWell Is a Shame and a Missed Opportunity

“The big news at HIMSS13 was the unveiling of CommonWell (Cerner, McKesson, Allscripts, athenahealth, Greenway and RelayHealth) to “get the ball rolling” on data exchange across disparate technologies. The shame is that another program with opaque governance by the largest incumbents in health IT is being passed off as progress. The missed opportunity is to answer the call for patient engagement and the frustrations of physicians with EHRs and reverse the institutional control over the physician-patient relationship. Physicians take an oath to put their patient’s interest above all others while in reality we are manipulated to participate in massive amounts of unwarranted care.

There’s a link between healthcare costs and health IT. The past months have seen frustration with this manipulation by industry hit the public media like never before. Early this year, National Coordinator for Health Information Technology Farzad Mostashari, MD, called for “moral and right” action on the part of some EHR vendors, particularly when it comes to data lock-in and pricing transparency. On February 19, a front page article in the New York Times exposed the tactics of some of the founding members of CommonWell in grabbing much of the $19 Billion of health IT incentives while consolidating the industry and locking out startups and innovators. That same week, Time magazine’s cover story is a special report on health care costs and analyzes how the US wastes $750 Billion a year and what that means to patients. To round things out, the March issue of Health Affairs, published a survey showing that “the average physician would lose $43,743 over five years” as a result of EHR adoption while the financial benefits go to the vendors and the larger institutions…”

Most U.S. Doctors Believe Patients Should Update Electronic Health Record, but Not Have Full Access to It, According to Accenture Eight-Country Surve

To view the full article, please visit Most U.S. Doctors Believe Patients Should Update Electronic Health Record, but Not Have Full Access to It, According to Accenture Eight-Country Survey.

According to a Harris Poll,  70% of doctors don’t “believe” patients should be able to get FULL copies of their electronic health records.

But patients have always had the right to copies of their paper medical records—it was just a hassle to get them.  HIPAA,  HITECH, and the Omnibus Privacy Rule all affirmed patients have the right to download copies of their electronic health information.

Do only 30% of doctors understand patients’ rights under the law?  MD Anderson Cancer Center has given patients FULL downloads of their electronic health records for years.

Dr. Peel at Authors’ Roundtable at HIMSS 2013

Dr. Deborah Peel, PPR Founder & Chair, will join her co-authors to talk about pressing privacy issues raised in HIMSS’s just released book, Information Privacy in the Evolving Healthcare Environment. As a co-author, Dr. Peel’s contributing chapter discusses patients’ rights to privacy and consent and outlines the auditable criteria of PPR’s Trust Framework, which includes 15 clear principles to ensure meaningful consent within all electronic systems.

Purchase the book here.

Restoring patient control over PHI will be a key topic discussed, with additional focus on the technologies and laws needed to address the gaps and flaws in the Omnibus Privacy Rule.

Date: Tuesday, March 5, 2013
Time: 11:00 AM CT
Where:
HIMSS 2013 Annual Conference and Exhibition
Room 213
New Orleans Ernest N. Morial Convention Center
900 Convention Center Boulevard
New Orleans, Louisiana

An advocate for patients’ rights to health privacy since 2004, when she formed PPR, Dr. Peel has led the charge for more stringent data privacy and security protections, as well as tough new enforcement and penalties for violations that were included in the January 2013 release of the Omnibus Privacy Rule.

theDataMap™

theDataMap™ is an online portal for documenting flows of personal data. The goal is to produce a detailed description of personal data flows in the United States.

A comprehensive data map will encourage new uses of personal data, help innovators find new data sources, and educate the public and inform policy makers on data sharing practices so society can act responsibly to reap benefits from sharing while addressing risks for harm. To accomplish this goal, the portal engages members of the public in a game-like environment to report and vet reports of personal data sharing. More…

Members of the public sign-up to be Data Detectives and then work with other Data Detectives to report and vet data sharing arrangements found on the Internet. Data Detectives are responsible for content on theDataMap™.

See the debut of theDataMap™ from the “Celebration of Privacy” during the 2nd International Summit on the Future of Health Privacy here:

How the Insurer Knows You Just Stocked Up on Ice Cream and Beer

View the full article at How the Insurer Knows You Just Stocked Up on Ice Cream and Beer.

Your employer already has access to personal medical information such as how often you get check ups and whether you’re taking prescription mediation through your insurance carrier, but now some companies are beginning to monitor where you shop and what you eat.

Some key quotes from the article:

“…But companies also have started scrutinizing employees’ other behavior more discreetly. Blue Cross and Blue Shield of North Carolina recently began buying spending data on more than 3 million people in its employer group plans. If someone, say, purchases plus-size clothing, the health plan could flag him for potential obesity—and then call or send mailings offering weight-loss solutions.”

“Some critics worry that the methods cross the line between protective and invasive—and could lead to job discrimination. ‘It’s a slippery-slope deal,’ says Dr. Deborah Peel, founder of Patient Privacy Rights, which advocates for medical-data confidentiality. She worries employers could conceivably make other conclusions about people who load up the cart with butter and sugar.”

“Analytics firms and health insurers say they obey medical-privacy regulations, and employers never see the staff’s personal health profiles but only an aggregate picture of their health needs and expected costs. And if the targeted approach feels too intrusive, employees can ask to be placed on the wellness program’s do-not-call list.”

Data Protection Laws, an Ocean Apart

American citizens are like just like EU citizens: they want the same strong rights to control personal information online, especially health information.

See the letter Patient Privacy Rights and other NGOs signed supporting the EU’s tough requirements for data protection.  The letter urges the US government policy makers to support the same tough data protections for US citizens, also embodied in the protections President Obama laid out in the “Consumer Privacy Bill of Rights”.

Unfortunately, the “Consumer Privacy Bill of Rights” exempts all health data, leaving the flawed HIPAA Privacy Rule that eliminates our control over personal health data in effect. The 563 page Omnibus Privacy Rules adds strong data security protections and stronger enforcement of violations for some health data holders and users, but not all. But it does not restore patients’ rights to consent before personal health information is accessed or used, even though the right to control health information has been the law of land for centuries and is the key ethic in the Hippocratic Oath (requires doctors to keep information private and not share it without consent).

US citizens will not trust their physicians or electronic health systems unless they control who can see and use their records, from diagnoses to DNA to prescriptions.

Rekindling the patient ID debate

Unique patient identifiers pose enormous implications for patient control and privacy. Dr. Deborah Peel is quoted in this article explaining how detrimental UPIs will be for patient trust and safety. To view the full article, please visit Rekindling the patient ID debate.

Key Quotations:

“The idea of unique patient identifiers (UPIs) is not a concept extracted from the next dystopian novel. It could very well be reality in the not-so-distant future. The question remaining, however, is whether or not the benefits of such technology outweigh constitutional privacy and patient trust concerns.”

“Deborah Peel, MD, founder of Patient Privacy Rights, and a fierce opponent of UPIs, writes in a Jan. 23 Wall Street Journalarticle, ‘In the end, cutting out the patient will mean the erosion of patient trust. And the less we trust the system, the more patients will put health and life at risk to protect their privacy.’

Peel points to the present reality of patient health information – genetic tests, claims data and prescription records – already being sold and commercialized. ‘Universal healthcare IDs would only exacerbate such practices,’ she avers.”

Questions of Privacy

ModernHealthcare.com recently posted a great article about PPR’s Dr. Deborah Peel and her work.

A few key points from the article:

“In 2002, HHS redrafted the privacy rule of the Health Insurance Portability and Accountability Act, replacing its patient consent requirement for the sharing of most patient records with a new provision. The rewrite afforded ‘regulatory permission,’ according to the rule, for hospitals, physicians, insurance companies, pharmacies, claims clearinghouses and other HIPAA-covered entities to use and disclose patient data for treatment, payment and a long list of other healthcare operations without patient consent.”

“’Let’s face it,’ Peel says, ‘HHS is the agency that eliminated patient control over electronic medical records and has remained hostile to patients’ rights ever since.’”

“‘Where I’m coming from is, I’ve spent all this time in a profession with people being hurt,’ Peel says. ‘Starting in the 1970s, when I first let out my shingle, people came to me and said, if I paid you in cash, would you keep my records private. Now, we’ve got a situation where you don’t even know where all your records are. We don’t have a chain of custody for our data, or have a data map’ to track its location.”