De-identified? Yeah, right.

See these articles:
Netflix Contest Seen As Posing Privacy Risk
Netflix is about to commit a privacy Valdez with its customers’ viewing data
AOL, Netflix and the end of open access to research data

Once again Netflix plans to violate the privacy of those who rate the movies they rent. Two University of Texas computer scientists demonstrated that the Netflix database of 500,000 with movie ratings could be re-identified, revealing sensitive political and sexual preferences of the actual people who rated movies. Netflix did not get the consent of renters to expose their ratings to the public or ot researchers.

Yet Netflix is moving ahead to release even MORE personal data for its next million-dollar contest. The major media (NYT’s STeve Lohr for example) has NOT reported at all on how Netflix is violating movie renters’ privacy, but instead trumpets the prizes paid to those who develop more accurate ways to predict which movies you will want to watch next.

The problem of re-identification is VERY serious for the healthcare system because health data is impossible to de-identify. It is so rich in detail that de-identification is almost impossible.

Today, the treasure trove of all Americans’ sensitive health data is being endlessly used and disclosed without informed consent to millions of “covered entities” and “business associates” (and their millions of employees)–subjecting EVERY American to the theft, sale, and misuse of the most sensitive personal information that exists.

Who will hire you knowing all about your prescriptions, illnesses and genes?

Job 1 for the AHIC successor? — by Nancy Ferris

Notice how the for-profit research industry wants access “baked” into all EHRs up front for research uses, to avoid getting individuals’ consents.

They call this a “value case” for the nation’s electronic health system. What great Lakoffian re-framing and propaganda. How do you argue against “value”?

It’s a “value” alright, just not a “value” for patients, because it sets up a system that is both unethical (no consent) and illegal (violates Amercians’ longstanding rights to privacy).

The story says the research industry wants open access to “de-identified” data, but that is NOT what they tell Congress or the regulators. They say they must have access to longitudinal data, which CANNOT be de-identified, because most research cannot be conducted using de-identified data.

The new AHIC 2 will be industry-driven and industry-paid for, with so-called “standards” being devised to meet the needs of corporations, not to adhere to the laws and ethics that governed the healthcare until the ’90′s and the advent of electronic systems for health data.

Today there are ‘smart’ technology solutions to make consent easy, cheap, understandable, and instantaneous (see the consents on HealthVault by application partners for a preview of how simple and clear and specific consents can be). Electronic consents can be interactive and actually explain things, rather than be densely written in legalese so no one understands them.

Why continue to use the kind of privacy-violating blanket coerced consents that were necessary in the paper health system? ‘Smart’ technologies can do a far better job. Using robust consent management tools, we can obtain valid and easy-to-understand specific, time-limited, and cheap consents from millions instantaneously.

View Full Article

Data-mining: Australia Just Calls It Something Else

In Australia, the data mining industry pays doctors to sell patients’ prescription records. In the US they pay pharmacies, hospitals, and PBMs. See Article.

A complaint to the Australian Privacy Commissioner was dismissed because the data miners claimed that patients and doctors were “de-identified”. But it is very difficult to fully de-identify personal health data so that re-identification is impossible. If true, the industry should have offered proof that their methods actually work and that the data cannot be re-identified.

As in the US, the theft and sale of personal prescription records is rationalized with claims that it can be used to “provide valuable insight into healthcare trends– including the spread of infectious diseases”. The word that describes using data to provide “valuable insights” is “research”. It happens to be both illegal and unethical to do research without informed consent.

The Machinery Behind Health-Care Reform

Robert O’Harrow tells the story of how Harvard, Harvard Partners HealthCare, Blackford Middleton, and the Health Information and Management Systems Society (HIMSS), the health IT industry’s lobby, got $27B for HIT into the stimulus bill.

HIMSS used classic industry lobbying strategy:
1. Never let a crisis go to waste (in this case the economic crisis) to drive funding for industry.
  1. a. They were very clever because

  • i. The HIT industry was NOT failing (unlike the auto industry) and did not need a stimulus

2. Fund a ‘think tank’ to produce ‘research’ promoting HIT as a way to lower costs, improve healthcare, etc., etc.—in this case headed by Blackford Middleton MD of Harvard.
3. Use the ‘research’ to promote HIT and lobby for stimulus funds.
-Harvard-branded  ‘research’ is very powerful:
  1. b. Non-profit organizations were funded “
  2. to press for electronic health records”

  3. c. Blumenthal, Daschle, and the Obama Administration were ‘sold’ on the ‘research’.
  4. d. The ‘research’ gave Blumenthal, Daschle, and the Obama Administration a way to justify dismissing the problems OMB and other sceptics raised about the ‘research’
  • iii. Mark Frisse and Joseph Antos are sceptics quoted about the ‘research’.
  1. e. Congress was ‘sold’ on the ‘research’ which claims that HIT will reduce costs, etc.
4. HIMSS and the Harvard ‘think tank’ draft much of HITECH’s plan to purchase flawed HIT systems.
5. Congress passed the stimulus bill with $2B more for HIT than the $25B HIMSS recommended
6. Industry wins.
7. Public loses.
  1. f. The public’s expectations and rights of control over health information are eliminated by funding flawed HIT/EHRs and data exchanges.

The result almost 4 years later is we have no idea where our health data is held, who is using it or why—no health data map, no ‘chain of custody’ for where our data flows, no way to control health data in electronic systems or data exchanges, and no way to stop data sales (a recent example is Medtronics selling records from patients’ wireless heart monitors).

Soon, we will finally be able to download electronic copies of our health data, a crucial first step to restoring control over our own information. Once we have all our health information, then we can press to restore control over whi can see, use or sell it.
To view the full article, please visit: The Machinery Behind Health-Care Reform

First HIT Policy Committee Meeting on Stripping Privacy Away?

No surprise the new HIT Policy committee is gearing up to eliminate privacy, i.e. patient control over personal health information, using the excuse that the entire nation’s records are needed for biosurveillance and research without informed consent. See the quotes from Drs Calman and Clark. The title of the article says it all: “Committee studies public health, research“.

The committee is dominated by industry appointees who will make sure the policies they come up with grant unfettered government and industry access to Americans’ most sensitive personal data, from prescriptions to DNA.

What they don’t get is they will lose the public’s support and trust if they build a system where everyone’s health records can be data mined for any research purpose. A Westin/Harris IOM poll found only 1% of the public would allow researchers unfettered access to their electronic medical records. The government and the research community are completely at odds with the public’s rights to health privacy.

The reality is millions of Americans already refuse to participate in healthcare systems that harm them because they have no control over their medical records.

HHS noted in the Preamble to the HIPAA Privacy Rule that 600,000 Americans/year avoid early diagnosis and treatment for cancer because treatment records are not private private. Two million people/year with mental illness avoid diagnosis and treatment for the same reason: their records are not private. The Rand Corporation found that 150,000 Iraqi vets refuse treatment for PTSD because their treatment is not private, resulting in the highest rate of suicide in active duty military personnel in 30 years.

Can this commitee face reality when they have severe conflicts of interest and want the use of Americans’ health data?

The lack of privacy drives millions away from healthcare. And the lack of privacy causes suffering and death–bad outcomes.

It looks like patients’ and consumers’ best hope for preserving their health privacy rights in electronic systems may be Gayle Harrell. She may be the only committee member who can face reality.

DoD does WHAT?

It is fascinating that the DoD clearly believes it owns and can use the personal health information of 12 million active duty military personnel for whatever purpose it decides. In this case, the DoD is paying a for-profit corporation to do research on active duty military personnel without their consent.

Maybe when you join the military you lose all privacy and Constitutional rights. I don’t know, I’m not a lawyer. If so, that is a steep price to pay to serve your country: losing all health privacy for yourself and your relatives forever. Do those who join the armed forces know they are signing up to become medical guinea pigs? Do they really understand the consequences for their futures and their families futures?

Many questions abound:

• Are the electronic records adequately secured? What a rich target: 12 million health records! What if enemies hack the privately held data base to learn about key military leaders?

• Will Phase Forward continue to use and sell the records for other purposes as HIPAA authorizes? Other data management corporations (such as Thomson Medstat) the government pays to perform fraud and waste audits obtain millions of health records that they later aggregate and sell to employers without anyone’s consent.

• Furthermore–this is clearly medical research without informed consent. That is simply unethical and illegal. The US signed the Declaration of Helsinki after WW II because Nazis did human research without consent. Back then America recognized the need for informed consent before research takes place. Today, the codes of research and medical ethics still require patients to give informed consent before personal records can be used or disclosed. Why is this project not being done with informed consent when new ‘smart’ electronic consent tools could make it easy, cheap, and fast to obtain informed consent and explain all the risks and consequences?

Review this article from the Washington Post’s Government Inc. Blog for more information:
Data Mining for DoD Health