What is Snowden’s Impact on Health IT?

This article expounds upon the implications of Edward Snowden’s actions for the Health IT industry.

Key quotes:

Deborah Peel, MD, founder of Patient Privacy Rights, says there are many parallels between the Snowden controversy and the U.S. healthcare system.

According to Peel, the NSA has one million people with top security clearance to 300 million people’s data. The U.S. healthcare system has hundreds of millions of people — none with top security clearances, and the majority with inadequate basic training in security or privacy — who can access millions of patients’ most sensitive health records. Further, we don’t know how many millions of employees of BAs, subcontractors, vendors and government agencies have access to the nation’s health data, she added.

“Corporations and their employees that steal or sell Americans’ health data for ‘research’ or ‘public health’ uses or for ‘data analytics’ without patients’ consent or knowledge are rewarded with millions in profits; they don’t have to flee the country to avoid jail or charges of espionage,” she said.

“The NSA justifies its actions using the war on terror,” Peel added. “The Department of Health and Human Services claims its actions are justified to lower healthcare costs. These are obviously very different agencies collecting different kinds of very sensitive personal information, but both set up hidden, extremely intrusive surveillance systems that violate privacy rights and destroy trust in government.”

“The benefits of technology can be reaped in all sectors of our economy without the harms if we restore/update our laws to assure privacy of personally identifiable information in electronic systems. Our ethics, principles, and fundamental rights should be applied to the uses of technology,” Peel says.

Prince William’s DNA

As more individuals start posting their genomes or other genetic information online, privacy issues grow. A recent article from GenomeWeb about Prince William’s DNA highlights one of PPR’s concerns about publicly sharing such information: one person’s choice to research and reveal information about themselves reveals information about so many others who had no say in that decision.

To be clear, PPR is not opposed to genetic testing and actually believes there are many new and exciting possibilities that exist within the realm of genetic analysis. However, there are several issues that need to be addressed before people start encouraging others to publicly share their own genetic information. This excerpt from the article sums up the dilemma quite nicely:

“What is noteworthy is the ethics of publishing details of this genetic analysis at all,” Brice says, noting that “one of the major ethical concerns about genetic information and privacy” is that individual information can lead to the disclosures about family members.

The Duke’s cousins are free to have genetic tests if they want, but disclosing information about other, non-consenting individuals, is “highly questionable,” Brice says.

To read the full article, click here. (Note: Free subscription may be required).

The Verizon order, the NSA, and what call records might reveal about psychiatric patients

The NSA knows we are sick because we phone doctors’ offices.

As a mental health professional, Dissent Doe explains in her blog (below) how revealing phone call metadata is:

“Because my phone is used mainly for calls to and from patients and clients, can the NSA figure out who my patients are?  And could they, with just a query or bit of analysis, figure out when my patients were going into crisis or periods of symptom worsening?  I suspect that they can. And because I am nationally and internationally known as an expert on a particular disorder, could the government also deduce the diagnosis or diagnoses of my patients or their family members? Probably.”

There is a huge national media response to the NSA spying on Americans’ cell phone calls, but the media does NOT report on the far worse systemic corporate and government spying on the nation’s electronic health records.

The US healthcare system is engineered for hidden corporate and government surveillance of personal data about the minds and bodies of all 300 million Americans –from prescriptions to diagnoses to DNA—it’s all collected and sold.

The US media simply repeats industry and government talking points about the benefits of electronic health systems without reporting on the massive harms:

  • -Millions of patients/year avoid early diagnosis and treatment of cancer, depression, and sexually transmitted diseases because they know that information will not be private (see citations and statistics in:http://patientprivacyrights.org/wp-content/uploads/2010/08/The-Case-for-Informed-Consent.pdf)
  • -1/8 people hide health information because they know that information will not be private
  • -Should we use technology that causes millions to suffer bad outcomes?

2013 is a critical year: every state will share your health data with hundreds-thousands more hidden users via Health Information Exchanges (HIEs).

  • -Many states to not allow you to ‘opt-out’ of HIEs that exchange your health data.
  • -Most states do not allow you to prevent your most sensitive health information from being exchanged.
  • -So far, not one state gives patients control over data exchange.

SIGN PPR’s petition and say “no” to data exchange without your consent at: http://patientprivacyrights.org/2013/06/sign-the-petition-for-patient-controlled-exchange-of-health-information/

We need trustworthy technologies that put patients back in control of the use, disclosure, and sale of their sensitive health data.

  • -Patients have always controlled who could see and use paper medical records.
  • -Now institutions (corporations and government) control who can see and use the nation’s electronic health records.

Great existing technologies can fix badly designed electronic health systems, but we need new laws that require privacy-protective technologies are built into all electronic systems that handle health data.

The Ethics of Publishing Genomes: Can Today’s Family Members Give Consent for the Next Generation?

To view the full article by Andrea Peterson in ThinkProgress, please visit: The Ethics of Publishing Genomes: Can Today’s Family Members Give Consent for the Next Generation?

In the early 1950’s, doctors at Johns Hopkins took the cells from Henrietta Lacks’ tumor and, without her consent, have used them for years for research. Earlier in March, the entire genome of Henrietta Lacks was published with neither the knowledge nor consent of her surviving family. This privacy breach has “started a new chapter in that tale about the complex relationship between researchers and the privacy of genetic information.”

Some key quotes from Dr. William Pewen, Assistant Professor of Public Health and Family Medicine at Marshall University, and a former top health care adviser to the now retired Sen. Olympia Snowe (R-ME):

  • -“The release of Henrietta Lack’s genome illustrates the fact that genetic information isn’t an individual matter — it impacts family members as well. This underscores the need to ensure the rights of individuals and preserve the confidentiality of research data. Once patient privacy is lost, problems are simply compounded. Just how can today’s family members give consent for the next generation?”
  • -“[i]n an age of technology advances and ‘Big Data’ analytics, it’s clear that medical data can be used in countless detrimental ways. That will simply be fostered if we allow ethics and human rights to be undermined by expediency.”

HIStalk News 3/22/13 – Quotes Dr. Deborah Peel on new CVS policy

To view the full article, please visit HIStalk News 3/22/13.

Key quote from the article:

“Patient Privacy Rights Founder Deborah Peel, MD calls a new CVS employee policy that charges employees who decline obesity checks $50 per month “incredibly coercive and invasive.” CVS covers the cost of an assessment of height, weight, body fat, blood pressure, and serum glucose and lipid levels, but also reserves the right to send the results to a health management firm even though CVS management won’t have access to the results directly. Peel says a lack of chain of custody requirements means that CVS could review the information and use it to make personnel decisions.”

CVS requiring employees to undergo weight, health assessment

To view the full article, please visit CVS requiring employees to undergo weight, health assessment.

Key quotes from the article:

“This is an incredibly coercive and invasive thing to ask employees to do,” Patient Privacy Rights founder Deborah Peel told the Boston Herald, noting that such policies are becoming more prevalent as health costs increase.

“Rising health care costs are killing the economy, and businesses are terrified,” she continued to the Herald. “Now, we’re all in this terrible situation where employers are desperate to get rid of workers who have costly health conditions, like obesity and diabetes.”

“While patient-privacy activists have cried foul, Michael DeAngelis, a CVS spokesman, explained that the goal is health.”

To learn more about the issue, please visit our Health Privacy Summit Website and register for the 3rd International Summit on the Future of Health Privacy.

CVS imposes health penalty if workers’ body weight is not reported or they don’t quit smoking

To view the full article, please visit CVS imposes health penalty if workers’ body weight is not reported or they don’t quit smoking.

CVS has instated a very invasive new policy of charging workers a hefty $600 dollar a year fine if they do not disclose sensitive health information to the company’s benefits firm. According to the article, “Under the new policy, nearly 200,000 CVS employees who obtain health insurance through the company will have to report their weight, blood sugar, blood pressure and cholesterol to WebMD Health Services Group, which provides benefits support to CVS.” However, if employees refuse, they will be charged an extra $50 a month in health insurance costs.

Patient Privacy Rights’ Dr. Deborah Peel tells the public, “‘This is an incredibly coercive and invasive thing to ask employees to do,’…’Rising healthcare costs are killing the economy, and businesses are terrified, Now, we’re all in this terrible situation where employers are desperate to get rid of workers who have costly health conditions, like obesity and diabetes.'”

To learn more about this issue, please visit our Health Privacy Summit Website and register for the 3rd International Summit on the Future of Health Privacy.

Re: Celebrity Credit Reports and more, hacked

Multiple celebrities have had their personal information hacked and posted online recently, and this is nothing new. We’ve seen breaches of health information of celebrities in the past, and this will continue to happen, even when privacy and security is a top priority as it is in financial institutions and credit bureaus.

It is critical that privacy be the foundation in Health IT, or Americans’ health information will be the most valuable and available information on the market.

From the Fast Company Article: Michelle Obama’s Credit Report Hacked

“Three of the major credit agencies were hacked and information about Michelle Obama, Beyonce and numerous other celebrities has been leaked on an unnamed website, gossip site TMZ first reported on Tuesday.

Experian, TransUnion, and Equifax confirmed to Bloomberg News that they had found cases where information had been accessed unlawfully by hackers.”

Google Concedes That Drive-By Prying Violated Privacy

SAN FRANCISCO — Google on Tuesday acknowledged to state officials that it had violated people’s privacy during its Street View mapping project when it casually scooped up passwords, e-mail and other personal information from unsuspecting computer users.

In agreeing to settle a case brought by 38 states involving the project, the search company for the first time is required to aggressively police its own employees on privacy issues and to explicitly tell the public how to fend off privacy violations like this one.

While the settlement also included a tiny — for Google — fine of $7 million, privacy advocates and Google critics characterized the overall agreement as a breakthrough for a company they say has become a serial violator of privacy.

Web Site Investigated for Posting Private Data

“WASHINGTON — Law enforcement officials said on Tuesday that they had opened an investigation into a Web site that posted the home addresses, Social Security numbers and other personal information for more than a dozen celebrities and politicians, including Vice President Joseph R. Biden Jr., Michelle Obama and Jay-Z.

“At this point, we are trying to determine the sourcing of this and the validity of the stuff that is being posted,” said a senior federal law enforcement official.

The investigation is being led by the Federal Bureau of Investigation, the Secret Service and the Los Angeles Police Department, law enforcement officials said.”