The Verizon order, the NSA, and what call records might reveal about psychiatric patients

The NSA knows we are sick because we phone doctors’ offices.

As a mental health professional, Dissent Doe explains in her blog (below) how revealing phone call metadata is:

“Because my phone is used mainly for calls to and from patients and clients, can the NSA figure out who my patients are?  And could they, with just a query or bit of analysis, figure out when my patients were going into crisis or periods of symptom worsening?  I suspect that they can. And because I am nationally and internationally known as an expert on a particular disorder, could the government also deduce the diagnosis or diagnoses of my patients or their family members? Probably.”

There is a huge national media response to the NSA spying on Americans’ cell phone calls, but the media does NOT report on the far worse systemic corporate and government spying on the nation’s electronic health records.

The US healthcare system is engineered for hidden corporate and government surveillance of personal data about the minds and bodies of all 300 million Americans –from prescriptions to diagnoses to DNA—it’s all collected and sold.

The US media simply repeats industry and government talking points about the benefits of electronic health systems without reporting on the massive harms:

  • -Millions of patients/year avoid early diagnosis and treatment of cancer, depression, and sexually transmitted diseases because they know that information will not be private (see citations and statistics in:http://patientprivacyrights.org/wp-content/uploads/2010/08/The-Case-for-Informed-Consent.pdf)
  • -1/8 people hide health information because they know that information will not be private
  • -Should we use technology that causes millions to suffer bad outcomes?

2013 is a critical year: every state will share your health data with hundreds-thousands more hidden users via Health Information Exchanges (HIEs).

  • -Many states to not allow you to ‘opt-out’ of HIEs that exchange your health data.
  • -Most states do not allow you to prevent your most sensitive health information from being exchanged.
  • -So far, not one state gives patients control over data exchange.

SIGN PPR’s petition and say “no” to data exchange without your consent at: http://patientprivacyrights.org/2013/06/sign-the-petition-for-patient-controlled-exchange-of-health-information/

We need trustworthy technologies that put patients back in control of the use, disclosure, and sale of their sensitive health data.

  • -Patients have always controlled who could see and use paper medical records.
  • -Now institutions (corporations and government) control who can see and use the nation’s electronic health records.

Great existing technologies can fix badly designed electronic health systems, but we need new laws that require privacy-protective technologies are built into all electronic systems that handle health data.

States’ Hospital Data for Sale Puts Privacy in Jeopardy

TODAY: watch Prof Sweeney and Jordan Robertson present their research on how easily patients could be re-identified patients from hospital data sold by the state of Washington —at the 3rd International Summit on the Future of Health Privacy in Washington, DC. Register to watch free at: www.healthprivacysummit.org.
Every state sells or gives away sensitive hospital data without regard to how easily it can be re-identified and sold, not just Washington. The buyers may want to sell you something or use your records for employment background checks. Health data is easily available for hidden discrimination.

The solution is all users of personal health data should have to ask first.

May 15, 2013 Health Care Symposium – Dialogue on Diversity

PPR Founder Deborah C. Peel, MD Joins Experts at
Dialogue on Diversity’s Health Care Symposium 2013

The Elusive Concept: Health Care a $15 Tr. Economy Can “Afford”

On May 15, 2013, Dr. Deborah Peel will join other experts in Washington, DC for the Health Care Symposium 2013, “The Elusive Concept: Health Care a $15 Trillion Economy Can “Afford.” During the complimentary lunch, the Honorable Donna M. Christian-Christensen will receive Dialogue on Diversity’s Health Leadership Award, followed by Dr. Deborah Peel’s panel.

Registration is free to the public, and a complimentary breakfast will also be provided. See the full agenda with specific times here.

The day begins with focused discussions on the laws of health care as well as the rising costs, followed by a panel on food and nutrition and the need for preventative strategies. After the lunch panel, experts will discuss cultural competency and class and ethnic access disparities. The day will close with a discussion on the  chief medical threats in the United States, such as Cancer, AIDS, and Obesity.

See more on sessions and speakers in this Press Advisory.

For the past two years, Dialogue on Diversity has worked with PPR as a member of the Coalition for Patient Privacy as well as a Consumer Partner of the Health Privacy Summit.

WHAT:

Health Care Symposium 2013
The Elusive Concept: Health Care a $15 Tr. Economy Can “Afford”
WHEN:
Wednesday, May 15th, 2013 | 8:30 a.m. – 3:30 p.m. ET
WHERE:

The American Federation of Teachers
555 New Jersey Avenue, N.W.
Washington, DC 20001

The Right to Obtain Restrictions Under the HIPAA/HITECH Rule: A Return to the Ethical Practice of Medicine

To view the full article, please visit: The Right to Obtain Restrictions Under the HIPAA/HITECH Rule: A Return to the Ethical Practice of Medicine.

Great explanation of how industry has fought to influence those in government that write the ‘rules’ for how federal law works in practice. The key industry tactic is to complain that complying with the law is too costly or impossible or would take too much time. For reasons we don’t understand, the government agency that writes the ‘rules’ takes the side of industry rather than defending patients.

GOP senators seek to ‘reboot’ federal health IT policy, unveil white paper

This article is by subscription only: GOP senators seek to ‘reboot’ federal health IT policy, unveil white paper

“Key GOP senators released a white paper Tuesday (April 16) raising concerns with federal policy on health information technology, and the lawmakers seek feedback from stakeholders — including the administration, hospitals and vendors – on how the program can be improved. The senators worry that the $35 billion allocated to health IT in the 2009 stimulus package is being spent inefficiently and suggest Congress, the administration and stakeholders work together to “reboot” the electronic health record incentive program so that it to accomplish its goals.”

Materials of interest:

More articles discussing this action:

Employees’ unhealthy habits have growing effect on their insurance premiums

The story below concludes that “Employees now contribute 42 percent more for health care than they did five years ago.”   Just because employees are stuck paying higher healthcare bills doesn’t necessarily mean they are causing costs to increase.

If employees were driving up healthcare costs, then using financial penalties to force them to undergo intrusive health screenings and join wellness programs might make sense.

But employees aren’t causing the high costs of healthcare in the US.  Time magazine concluded that healthcare corporations, such as hospitals and the pharmaceutical industry, outpatient procedures, and lobbying costs are the main culprits.

Time magazine’s issue titled “Bitter Pill, why medical bills are killing us” identified several factors in high US healthcare costs:

The article below quotes the National Business Group on Health (NBGH), a lobbying group with assests of $18,772,047 in 2011. The NBGH blames employees for rising healthcare costs, instead of its many healthcare corporation members.

  • -URL for NBGH members: https://www.businessgrouphealth.org/join/members.cfm
  • -Blaming employees allows the NBGH to defend using coercive, intrusive wellness programs even for employees with complex, hard-to-manage illnesses, that wellness programs don’t help:
    • -See “Wellness Incentives In The Workplace: Cost Savings Through Cost Shifting To Unhealthy Workers” By Jill R. Horwitz, Brenna D. Kelly, and John E. DiNardo. Health Affairs, 32, no.3 (2013):468-476; doi: 10.1377/hlthaff.2012.0683; http://content.healthaffairs.org/content/32/3/468.full.html

Meanwhile screening companies, labs, and wellness programs collect sensitive employee health information and control its use, disclosure, and sale.

  • -There is no ‘chain of custody’ for health data so employees have no way to know who sees their health information.
  • -The US has NO data map to track the thousands of hidden companies that collect, use, or sell Americans’ personal health information.
  • -Corporations that collect employees’ health information treat it as a corporate asset, not as sensitive personal information that patients have strong rights to control.
  • -So it’s impossible to verify whether the NBGH lobbyist’s statement that “few employers would risk intentionally misusing such information” is true or false.

Blaming people who are sick for the high costs of their medical care instead of the corporations that overcharge is a really neat trick. It also provides a rationale for coercing employees to enter wellness programs and violating their rights to health privacy.

Unfortunately, simply “blaming the victims” won’t solve escalating healthcare costs.  We have to look broadly at individuals, the entire healthcare system, the food-chain, and larger cultural factors to identify and deal with all the real causes.

Privacy Framework: A Practical Tool?

An interesting article about our Privacy Framework- to view the full article please visit Privacy Framework: A Practical Tool?

Some key quotes:

“The PPR Trust Framework is … designed to help organizations ensure that technology and IT systems align with the privacy requirements of critical importance to patients and reflect their legal and ethical rights to health information privacy,” Peel says.

“The framework was developed by a group within Patient Privacy Rights – the bipartisan Coalition for Patient Privacy – along with Microsoft and the consulting firm PricewaterhouseCoopers, Peel says. It was developed, tested and validated on Microsoft’s HealthVault personal health record platform.”

“Ensuring the privacy of patient data is a key concern for any healthcare IT vendor,” says Sean Nolan, distinguished engineer, Microsoft HealthVault. “Microsoft as a company advocates for a more standardized federal approach to the privacy of data, and this is especially true for the HealthVault team. We believe that it takes a deep corporate commitment to the privacy of patient data in order to support initiatives such as the PPR Trust Framework.”

Groups develop privacy framework for health IT

To view the full article, please visit Groups develop privacy framework for health IT.

An article written at ModernHealthcare.com about our new Privacy Trust Framework explains how the framework came into being and what it’s major principles are.

Key quote from the article:

“‘This comes from what the American public wants and was devised by Microsoft and PricewaterhouseCoopers,’ Peel said. ‘Some of the bigger corporations see the future as the public controlling things. Microsoft wanted to distinguish itself from Google Health (its one-time rival as a developer of PHR platforms) and wanted HealthVault to be the privacy place and wanted to compete in that way.’ PricewaterhouseCoopers saw a future auditing opportunity, she said. ‘We’re now moving with the Blue Button where patients can access their information and control it. The ultimate consumer is the patient.'”

The Privacy Trust Framework can be found here.

Framework Outlines Key Principles for Protecting Privacy of Patient Data

To view the full article, please visit Framework Outlines Key Principles for Protecting Privacy of Patient Data.

iHealthBeat released an article about the Privacy Rights framework explaining its goals and principles.

Key quote from the article:

“The framework aims to help health care organizations measure how well their IT systems and research projects meet certain best practices for protecting patient privacy.

Patient Privacy Rights eventually intends to develop a system to license organizations based on their privacy policies and practices.”

The full Privacy Trust Framework can be viewed here.

New Framework Details 15 Core Health Privacy Principles

To view the full article, please visit New Framework Details 15 Core Health Privacy Principles.

HealthDataManagement.com recently posted this article about Patient Privacy Rights’ Privacy Trust Framework. The article tells HealthDataManagement readers “The Framework is designed to help measure and test whether health information systems and research projects comply with best privacy practices in such areas as whether patients have control over their protected health information, an organization obtains meaningful consent before disclosing data and obtains new consent before secondary data use occurs, patients have the ability to selectively share data, and the organization uses servers housed in the United States, among other factors.”

The key principles for our Privacy Trust Framework:

*Patients can easily find, review and understand the privacy policy.

* The privacy policy fully discloses how personal health information will and will not be used by the organization. Patients’ information is never shared or sold without patients’ explicit permission.

* Patients decide if they want to participate.

* Patients are clearly warned before any outside organization that does not fully comply with the privacy policy can access their information.

* Patients decide and actively indicate if they want to be profiled, tracked or targeted.

* Patients decide how and if their sensitive information is shared.

* Patients are able to change any information that they input themselves.

* Patients decide who can access their information.

* Patients with disabilities are able to manage their information while maintaining privacy.

* Patients can easily find out who has accessed or used their information.

* Patients are notified promptly if their information is lost, stolen or improperly accessed.

* Patients can easily report concerns and get answers.

* Patients can expect the organization to punish any employee or contractor that misuses patient information.

* Patients can expect their data to be secure.

* Patients can expect to receive a copy of all disclosures of their information.

The full framework can be viewed at Privacy Rights Framework.