Majority of Americans want personal control of health information

It’s hard to get Americans to agree on much these days, but overwhelming majorities seem to want control over their own electronic health information.

A poll from Dr. Deborah Peel’s Patient Privacy Rights Foundation and Zogby International found that 97 percent of the more than 2,000 U.S. adults surveyed believe that hospitals, physicians, laboratories and IT vendors should not be allowed to sell or share “sensitive health information” without consent. Ninety-eight percent are opposed to health insurance companies marketing personal health information, according to the survey.

See full poll results here.

Americans Want to Control Their Health Information

Health privacy watchdog Patient Privacy Rights and Zogby International surveyed 2,000 people, and found that almost all object to doctors, hospitals, and insurance companies sharing or selling their information without their consent. An overwhelming majority also wants to decide not only which companies and government agencies can access their electronic health records, but which individuals.

See the Survey Results

Hospitals and doctors are currently busy implementing the first stage of requirements under the HITECH Act, which calls for providing patients within the next two years with an electronic copy of their physical, test results, and medications. Ultimately, patients should be able to access their electronic health record online.

Poll: Huge majorities want control over health info

AUSTIN, TX – Patient Privacy Rights, the health privacy watchdog, has enlisted the help of Zogby International to conduct an online survey of more than 2,000 adults to identify their views on privacy, access to health information, and healthcare IT. The results were overwhelmingly in favor of individual choice and control over personal health information.

View the full poll results here.

Ninety-seven percent of Americans believe that doctors, hospitals, labs and health technology systems should not be allowed to share or sell their sensitive health information without consent.

The poll also found strong opposition to insurance companies gaining access to electronic health records without permission. Ninety-eight percent of respondents opposed payers sharing or selling health information without consent.

“No matter how you look at it, Americans want to control their own private health information,” said Deborah Peel, MD, founder of Patient Privacy Rights. “We asked the question, ‘If you have health records in electronic systems, do YOU want to decide which companies and government agencies can see and use your sensitive data?’ Ninety-three percent said ‘Yes!’”…

…The group advocates a ‘one-stop shop’ website where consumers can set up consent directives or rules to guide the use and disclosure of all or part of their electronic health information; if a request to use or sell health data is not covered by privacy rules, they can be ‘pinged’ via cell phone or e-mailed for informed consent.

Patient Privacy Rights calls this solution the “Do Not Disclose” list – similar to the national “Do Not Call” list. If a patient’s name is on the list, any organization that holds his or her sensitive health information, from prescriptions to DNA, must first explain how that information will be used before being granted permission.

New HIPAA rules need more clarification

When it comes to the new HIPAA privacy and security standards, it seems like everybody has an opinion. Quite a few organizations are spreading the word about the comments they’ve filed in response to the changes HHS proposed in July…

…On the consumer side, the Coalition for Patient Privacy, led by Dr. Deborah Peel’s Patient Privacy Rights Foundation, is lobbying hard for the final rule to restore the right to patient consent for PHI disclosure that HHS stripped from the HIPAA privacy rule in 2002.

“We strongly recommend that HHS require the use of the consent and segmentation technologies showcased June 29 at the Consumer Choices Technology hearing sponsored by HHS/ONC for all HIT systems, HIE and the NHIN,” the coalition says in its letter. “The innovative, low-cost, effective privacy‐enhancing technologies available that can empower patients to have ‘maximal control over PHI’ should be viewed as what is possible now, not 10 years from now.”

HHS Withdraws Controversial Breach Notification Rule under HITECH

A recent HHS decision to withdraw the HIPPA final “breach notification” rule drew praise from patient privacy advocates, who cited the need for stronger privacy protections…

The Patient Privacy Rights Foundation, a privacy watchdog organization, called the move “a huge step in the right direction,”and reiterated its objections to the “harm standard.”

PPR impressed with HHS’ privacy approach

Secretary of Health and Human Services (HHS), the Director of the Office of Civil Rights (OCR), and the National Coordinator for HIT all made very strong, pro-privacy statements at the press conference today announcing the Notice of Proposed Rulemaking (NPRM) titled: 45 CFR Parts 160 and 164, RIN: 0991-AB57, Modifications to the HIPAA Privacy, Security, and Enforcement Rules under the Health Information Technology for Economic and Clinical Health Act.

Signaling a major shift in direction for the Administration and HHS’ Secretary Sebelius said “It’s important to understand this announcement of the NPRM…. is part of an Administration-wide commitment to make sure no one has access to your personal information unless you want them to.”

Patient Privacy Rights heartily congratulates the Administration and Sec. Sebelius for this new pro-privacy, patient-centered approach to personal health information (PHI).

We applaud Secretary Sebelius’ clear acknowledgment that health IT systems should empower patients to control PHI. Putting patients in control of PHI is the only route to prevent wasting billions in stimulus funds on HIT systems that destroy privacy and to stop the theft, misuse, and sale of PHI in today’s primitive HIT systems and data exchanges.

During her remarks, OCR Director Verdugo said, “the benefits of HIT will only be fully realized if health information is kept private and secure at all times.”

And finally Dr. Blumenthal stated, “we want to make sure it is possible for patients to have maximal control over PHI.” He also referred to the Consumer Choices Technology Hearing last week, which demonstrated consent tools that enable patients to control the use and disclosure of their health information from EHRs and for HIE.

Hopefully the NPRM actually gives Americans the control over access to personal information Secretary Sebelius said the Administration is committed to. We are analyzing the 234 page Notice of Proposed Rulemaking (NPRM), and will post our comments on the NPRM as soon as we can.

Below see the Press Conference announcing the Proposed Rule.

HHS pitches new patient privacy safeguards

A new rule proposed today would add substantial protections to the Health Insurance Portability and Accountability Act (HIPAA) for individuals who want to make sure their personal health information remains private and under their control, something that’s considered vital to the eventual success of electronic health record deployments.

Health and Human Services Secretary Kathleen Sebelius acknowledged as much in announcing the rule, saying that, while health IT will help to move the American health system forward, “the privacy and security of personal health data is at the core of all of our work.”

The proposed rule, which will be open to a 60-day comment period starting July 14, takes various routes to providing patient control…

…First reactions to the proposal were generally positive. Deborah Peel, founder and chair of the Patient Privacy Rights organization and an often fierce critic of the government’s record on privacy rights, said she was impressed with Sibelius’s remarks.

“We applaud her for recognizing that HHS should build what the public expects: health IT systems that empower patient control over personal health information,” she said.

HHS’ Health Privacy Site

PPR on article: What ‘Patient-Centered’ Should Mean…

It is extremely helpful that the nominee to head of one of the largest federal agencies, the Centers for Medicare and Medicaid (CMS), stated he believes medical records should belong to patients.

You will be intrigued by Don Berwick’s terrific and very personal article titled “What ‘Patient-Centered’ Should Mean: Confessions Of An Extremist, A seasoned clinician and expert fears the loss of his humanity if he should become a patient.” He is a highly respected physician and scholar. Key quotes:

  • “Medical records would belong to patients. Clinicians, rather than patients, would need to have permission to gain access to them.”
  • “My proposed definition of “patient-centered care” is this: The experience (to the extent the informed, individual patient desires it) of transparency, individualization, recognition, respect, dignity, and choice in all matters, without exception, related to one’s person, circumstances, and relationships in health care . . .”

Discussion on Targeting in the UK using the National Health Service

UK patients are outraged over whether the government NHS (National Health Service) data base was used to find individual cancer patients and pressure them to vote for the Labour party.  See article here.

Even if NHS data was not used, CLEARLY there is enough commercial data for sale in both Britain and the US for cancer victims’ addresses to be found and re-identified.

Allowing the secret US data mining industries that steal, collect, aggregate, and sell all Americans’ sensitive personal health information, health-related searches, health-related posts on social websites, email about health, and health-related purchases to continue doing business-as-usual is a prescription for disaster.

It’s a key reason we are seeking 500,000 people to sign the Do Not Disclose list. If Congress gets 500,000 signatures, they will pass a law to restore our control over our digital health records and set up the list.

Don Berwick MD, President Obama’s nominee to lead the Centers for Medicare and Medicaid, agrees that health information should belong to patients—and doctors should have to ask us to see it. See his article on patient empowerment: What ‘Patient-Centered’ Should Mean.

Yes, it’s illegal for employers and banks to use health information—but if they have it, they can use it—and there is no way to stop them.

We should be able to stop anyone from getting our health information. A national Do Not Disclose list would ensure we decide who sees our health information and who doesn’t.

It’s time to prevent corporations and government from being able to get our sensitive health information without consent. Sign the Do Not Disclose list!

Quotes:

  • “The Conservatives and the Liberal Democrats have attacked the Labour Party for sending “alarmist” literature to cancer patients, and called for an inquiry into whether NHS databases had been used to identify recipients. The row erupted after Labour sent cancer patients mailshots saying that their lives may be at risk under a Conservative government.”
  • “Experian, the data management company, confirmed that both Labour and the Conservatives use its Mosaic database, which divides voters into 67 groups. The databases can use anonymised hospital statistics, including postcodes and the diagnoses of patients, to identify the likely addresses of those with particular illnesses.”

Living Online: Privacy and Security Issues in a Digital Age

Our lives are increasingly lived online. A large number of Americans routinely exchange information in cyberspace for personal, business, and other purposes. What privacy and security issues present themselves in this relatively new and increasingly ubiquitous space? What particular privacy concerns might apply when specific entities, such as the government, hold or process our information? What particular considerations might apply when the information being transmitted is particularly sensitive, such as health care information or financial information? How do privacy, security, and information ownership concerns function when information is being exchanged on social networking sites?

The November 3, 2009 event featured a lunchtime keynote address by Christopher N. Olsen, the Assistant Director in the Division of Privacy and Identity Protection at the Federal Trade Commission.

A panel discussion was held from 1 – 2:30 pm and featured:

  • Moderator, Jeffrey Rosen, Professor of Law at George Washington University and Legal Affairs Editor for The New Republic
  • Deborah C. Peel, MD, Founder and Chair, Patient Privacy Rights; Chair, Coalition for Patient Privacy
  • Lillie Coney, Associate Director, Electronic Privacy Information Center; Coordinator, Privacy Coalition
  • Alan Davidson, Director of Public Policy, Google

Here is the Video of the Panel:

Tuesday, November 3, 2009
11:30 am – 2:30 pm
Center for American Progress
1333 H. Street NW, 10th Floor
Washington, DC 20005