Privacy Group Comments on ONC’s Patient Data Matching Report

December 23, 2013 – “At an Office of the National Coordinator for Health IT meeting last week, advocacy group Patient Privacy Rights said that initial findings from an ONC report on how to match patients with their health data addressed problems with current health IT systems and data exchanges but missed an opportunity to create and leverage patient engagement in controlling their own health data, Health Data Management reports (Goedert, Health Data Management, 12/20).”

To view PPR’s comments and a copy of the full article, please visit: Privacy Group Comments on ONC’s Patient Data Matching Report

The Truth About HIPAA – It Hasn’t Changed

Everyone thinks HIPAA protects personal health data. It doesn’t.

The most valuable data collected and sold by US “data brokers” is sensitive personal health information.

US “data brokers” capture sensitive health information by tracking our searches, social media, phone apps and GPS data. The majority of US healthcare institutions, health-related state and federal government agencies, and health technology vendors are also “data brokers”.

HIPAA gave millions of hidden institutions, healthcare providers, and technology vendors the right to control, use, and sell our medical records, prescriptions, lab tests, claims data, and more. HIPAA gave them the right to be “data brokers”.

If the President’s Consumer Privacy Bill of Rights (CPBOR) was the law of the land AND also was applied to the healthcare system, patients could control who collects and uses health data—not “data brokers”.

The CPBOR’s strong new rights to control the use of personal data could end the use of data for discrimination in every area of life, including  jobs, credit, mortgages, and opportunities.

The EU got it right:  no government agency or corporation in the EU can collect, use, or sell personal data without permission.

deb

This blog was written in response to the following article: Senators call for consumer privacy protections

 

Can Big Data Make Healthcare Better, Cheaper?

December 12, 2013
Medical records are being digitized on a massive scale to bring down the costs of healthcare and, maybe, to produce better outcomes. It also means a loss of patient privacy. President Obama’s Affordable Care Act promotes the digitization of millions of medical records to measure outcomes and contain costs. Big Data may also help doctors better understand many diseases, who’s most likely to get them and what the best treatments might be. It also makes the most intimate kind of personal information available to the government, insurance and drug companies — even prospective employers. Should patients be able to say “yes” or “no?”

 

Host, Warren Olney of NPR affiliate KCRW, interviews Dr. Deborah Peel, to discuss the risks and the benefits of Big Data in the field of medicine. She is joined by fellow panelists Joel Dudley, Department of Genetics and Genomic Sciences, Mt. Sinai Medical School, Iya Khalil, Executive VP and Co-Founder, GNS Healthcare, and Nortin Hadler, Professor of Medicine and Microbiology/Immunology, University of North Carolina at Chapel Hill.
Subscribe to this Podcast:
PodcastiTunes Podcast
Listen to/Watch entire show:
ListenDownloadAdd to My Shows

ACP Supports Creating National Rx Drug Monitoring Database

Wednesday, December 11, 2013
 
The American College of Physicians supports the development of a national prescription drug monitoring program, which would create a single database that physicians and pharmacies could electronically review before prescribing controlled substances, according to a position paper, CBS News reports. The paper was published in the Annals of Internal Medicine on Monday (Jaslow, CBS News, 12/9).

 

A new national drug data base will extend the failed “War on Drugs”, criminalize millions more, increase patients’ reluctance to use controlled substances, and NOT improve treatment for addiction. US prescriptions are already collected and sold daily by prescription data aggregators like IMS Health, Merck Medco, SureScripts, etc., etc. These businesses all sell the nation’s prescription data to any willing buyers.Meanwhile neither physicians nor patients can get electronic copies of prescription data to improve care.Who should health technology benefit? Patients or corporations?

Why not use patients’ prescription data, already being collected by the hidden data aggregation industry, to improve patient health?

Why not use technology to strengthen the patient-physician relationship and to ensure effective diagnosis and treatment?

For example, here is one way technology could be re-designed to help patients:

Anytime a patient gets a controlled substance prescription, existing systems could automatically search for any prior controlled substance prescriptions the patient received in the last month. If a second or third prescription is found, the physician(s) and patient could be automatically notified and resolve together whether it should be filled or not—and how best to treat the patient’s symptoms

Technology should give patients and doctors they data they need for effective TREATMENT. It’s sad that such a prominent physician group supports giving law enforcement automatic access to every controlled substance prescription in the US. Law enforcement should only be able to access such sensitive patient data AFTER someone has committed a crime or with a judge’s approval.

Why open ALL prescriptions to law enforcement surveillance when the vast majority of patients taking controlled substances are not criminals?

Addiction is NOT a crime, it’s a very treatable medical illness.

deb

 

Canadian Woman Denied Entry To U.S. Because Of Her Medical History

This story deeply troubles me as a practicing psychiatrist and Freudian psychoanalyst. It’s appalling to see technology used in ways that increase the harms and stigma people with mental illness and addiction endure.
 
 
The story is about a disabled Canadian woman denied the right to travel by a U.S. Customs and Border Protection agent because of her history of hospitalization for Depression.
 
Quotes from the story about the agent who denied her US entry for the cruise:
  •   He cited the U.S. Immigration and Nationality Act, Section 212, which denies entry to people who have had a physical or mental disorder that may pose a “threat to the property, safety or welfare’’ of themselves or others.
  •    The agent gave her a signed document which stated that “system checks’’ had found she “had a medical episode in June 2012’’ and that because of the “mental illness episode’’ she would need a medical evaluation before being accepted.
How did the US obtain electronic health data on Canadian citizens?
How frequently is the US Government accessing the electronic health records of Canadians?
How frequently is the US Government (and state governments) accessing our electronic health records?
 
Partial answers come from a CBC News story with information from Wikileaks. Quotes:
  • According to an RCMP (Royal Canadian Mounted Police) website, the CPIC (Canadian Police Information Centre) database stores 9.6 million records in its investigative databanks.
  • The RCMP and U.S. law enforcement agencies provide reciprocal direct access to each other’s criminal databases in order to stem the flow of narcotics and criminal dealings into North America, according to the WikiLeaks cable.
  • When asked about the sharing of police information for security purposes, Kamenitz says the government is “obviously not considering what the impact of that can be and how much that can alter a person’s life.”
 
How does the US use electronic health information on American citizensor people with histories of treatment for mental illness or hospitalization?  
 
This is ominous because of the proliferation of federal laws requiring that state data bases of involuntary commitments for hospitalization be reported to the National Instant Criminal Background Check System (NICS) to prevent violent mentally ill people from buying gunsand the proliferation of state Prescription Drug Monitoring Programs (PDMs) for controlled substances. 
  • (FYI—-Currently US patients are denied their federal rights to have a list of who used their electronic health records and why—the war over the regulations to implement this critical consumer protection is intense. Industry has held this up for almost 5 years claiming its too hard, too expensive, no technology exists, it will burden and scare patients to see how many 1000s of access there are every day, etc, etc.)
There is a huge state and national push to build/use data bases about mental illness or addiction for many purposes. 

 

It’s the same phenomena we saw in 2009 when the technology industry got $29B in subsidies for health IT written into the stimulus bill—despite the absence of interest or support of the majority of patients and physicians. See story by Robert O’Harrow on “The Machinery Behind Healthcare Reform”: http://www.washingtonpost.com/wp-dyn/content/article/2009/05/15/AR2009051503667.html 
Every family and every person is close to someone suffering from Depression, addiction, or another mental illnesses. The lack of privacy already drives over 2 million people a year away from treatment for Depression and major mental illness.
 
This is truly a national tragedy. Knowing the US government accesses the nation’s electronic health records will discourage even more people from seeking treatment for serious mental illnesses that are VERY treatable.  
 
Best,
Deborah

ONC: Looking for ‘realistic’ ways to account for disclosures

“ONC’s Health IT Policy Committee Tiger Team held a virtual hearing Sept. 30 to gather information about the rule and explore ‘realistic ways to provide patients with greater transparency about the uses and disclosures of their digitized, identifiable information,’ according to a Sept. 23 blog post by Committee Chair Devon McGraw. The Tiger Team asked for answers to specific questions, such as what patients want to know and how transparency technologies currently are being used by covered entities.”

“Deborah Peel, Founder and Chair of the Patient Privacy Rights coalition, suggested in her testimony that accounting for disclosures needs to include all of the detailed information about all uses of a patient’s electronic health information; she added that the rule could be implemented by ‘piggybacking’ onto existing initiatives, such as the Blue Button movement.”

Read more: ONC: Looking for ‘realistic’ ways to account for disclosures – FierceEMR

To read Dr. Peel’s testimony on Accounting for Disclosures click here

Helmet cams raise privacy, liability concerns

“Every time Austin Fire Department Engine 20 rolls toward an emergency call, firefighter Andrzej Micyk straps on a bright yellow helmet to protect himself from heat and falling debris…and a tiny, high-definition video camera that captures…every move — from how he interacts with the public to what he does to gain control of an inferno.”

To view a video the Statesman published with this article, click here

To view the full article click here


Comments from Dr. Peel: “Other major national fire departments ban helmet cams. The Austin TX Fire Dept has no policy about personal helmet cams. The key problem for the public is firefighters often respond to medical emergencies. Should someone with a heart attack or suicide attempt end up on YouTube?”

“This story raises questions about citizens’ rights to health privacy that are similar to the problems that occur when hospital and emergency room employees use cell phones to take pictures of patients.” See recent example: http://abcnews.go.com/Health/woman-sues-hospital-sticker-prank-surgery/story?id=20204405

“In a different context, police cars use video cameras to document encounters with citizens who are potentially breaking the law. In this case, videos serve a very different purpose and protect both citizens and members of the police.”

 

Patient Privacy Rights Presses HHS for Greater Safeguards and Transparency to Protect Patient Data

Last Thursday, September 12, PPR sent a letter to U.S. Health and Human Services (HHS) Secretary Kathleen Sebelius, urging the immediate implementation of tough new patient privacy protections for digital health records.  With privacy now leading the the list of major issues troubling the public in the digital age, PPR believes meaningful and comprehensive data privacy protections are critical components when it comes to restoring patient trust.

In the letter, PPR recommends that HHS:

  • Allocate 1% of HIE (Health Information Exchange) funding to ensure all patients can choose an “HIE of One” a program that directs all personal data disclosures, which are visible to the patient without restriction or delay.
  • Mandate portals for patients and physicians and require the use of voluntary patient email addresses be used for Record Locator Services (RLS). With these technologies, every state can easily and inexpensively offer an “HIE of One” to those who want to decide who may use their data.
  • Require health IT systems to build technology so patients can segment their data for privacy, research, and any other disclosures – allowing patients to decide whether any sensitive data may be used.
  • Provide funding to build and maintain a complete health data map, a service that allows patients to see and understand data flows across the nation and throughout the world. As present, Americans have no “chain of custody” for personal health data and no way to know who is collecting and using health data.

Read the full letter here.

Read the press release here.

The FBI’s New Wiretapping Plan Is Great News for Criminals

To view the full article, please visit: The FBI’s New Wiretapping Plan Is Great News for Criminals

US technology is designed for ‘exceptions’ and ‘outliers’, i.e., ‘worst-case’ scenarios like terrorists and unconscious patients.

Bruce Schneier concludes  his May 29th  essay:

“Finally there’s a general principle at work that’s worth explicitly stating. All tools can be used by the good guys and the bad guys. Cars have enormous societal value, even though bank robbers can use them as getaway cars. Cash is no different. Both good guys and bad guys send e-mails, use Skype, and eat at all-night restaurants. But because society consists overwhelmingly of good guys, the good uses of these dual-use technologies greatly outweigh the bad uses. Strong Internet security makes us all safer, even though it helps the bad guys as well. And it makes no sense to harm all of us in an attempt to harm a small subset of us.”

Fear-driven technology harms Democracy and health:

  • Example #1: FBI

Bruce Schneier’s essay (below) tells how US-created security flaws help the wrong people (criminals and terrorists) and harm the rest of us (law-abiding citizens).

  • Giving the government access (via back doors, brute force decryption, etc) to everyone’s data to find terrorists is the ‘worst-case’ scenario used to justify destroying strong data security protections.
  • But law-abiding people, businesses, and government really NEED strong data security protections to function everyday online.
  • Criminals and terrorists can exploit the security flaws created to catch them to steal information and harm governments, individuals, and corporations; but ordinary citizens and businesses can’t build or afford security technology to protect their own data.
  • WORST CONSEQUENCES: people will not trust technology and governments, and cyber-wars can destroy people, governments, and corporations.

 

  • Example #2: US health technology systems

The US eliminated data privacy in health technology systems, helping the wrong people (government and corporations) and harming patients.

  • Government and corporations control the use of the nation’s health data. Medical emergencies are the ‘worst-case’ scenario used to justify this technology: if you are unconscious in an emergency room (a one-in-a-million), you can’t give consent to share your data.
  • But the 299,999, 700 million US patients who are awake expect to control use of personal health data in order to trust doctors and technology.
  • Government and industry control use of the nation’s data for various purposes without the knowledge of the public, there is no ‘chain of custody’ for health data and no data map to track uses. Some hidden uses may be beneficial and some may harm patients.  Patients can’t buy or use privacy technology to protect health data.
  • WORST CONSEQUENCES: 40-50 million people/year avoid or delay treatment, or hide information to protect the privacy of health information, risking their lives and health.  Technology causes tens of millions of people who need treatment to suffer bad health outcomes.

 

In a Democracy, judges should approve spying on suspected criminals or terrorists. In a Democracy patients should be asked for consent to use personal health data. Advance directives or break-the-glass technology can permit access to health data when patients are unconscious.

 

In a Democracy, shouldn’t technology support ‘best-case’ scenarios , i.e., citizens’ freedoms and human and civil rights to privacy and health?

Consumer Watchdog and Other Privacy Groups Urge FTC to Block Pending Facebook Privacy Changes

“A coalition of six consumer privacy groups is calling on the Federal Trade Commission to enforce an earlier consent order with Facebook and block proposed changes in the social network’s Statement of Rights and Responsibilities and its Data Use Policy because the proposed changes violate the 2011 settlement with the Commission.”

“The changes will allow Facebook to routinely use the images and names of Facebook users for commercial advertising without consent,” the groups said. “The changes violate Facebook’s current policies and the 2011 Facebook settlement with the FTC. The Commission must act to enforce its order.”

Signing the letter were Consumer Watchdog, the Electronic Privacy Information (EPIC), the Center for Digital Democracy, Patient Privacy Rights, U.S. PIRG, and Privacy Rights Clearing House. Read a copy of the letter here: http://www.consumerwatchdog.org/resources/ltrfacebookftc090413.pdf

“Facebook has long played fast and loose with users’ data and relied on complex privacy settings to confuse its users, but these proposed changes go well beyond that,” said John M. Simpson, Consumer Watchdog’s Privacy director. “Facebook’s overreach violates the FTC Consent Order that was put in place after the last major privacy violation; if the Commission is to retain any of its credibility, it must act immediately to enforce that order.”

To view the full article, please visit: http://www.marketwatch.com/story/consumer-watchdog-and-other-privacy-groups-urge-ftc-to-block-pending-facebook-privacy-changes-2013-09-05