Privacy concerns surface over ONC data project

There’s an old warning, “Just because you’re paranoid doesn’t mean they’re not after you.”

Last week, David Blumenthal, head of the Office of the National Coordinator for Health Information Technology at HHS, tried to tamp down some blogosphere-based insinuations that work by his office might be contributing to a national surveillance state.

NHIN won’t funnel information to CIA: Blumenthal

David Blumenthal, head of HHS’ Office of the National Coordinator for Health Information Technology, has denied allegations that a framework for selecting data transmission standards for the proposed national health information network would configure the system to afford federal control over patient data and funnel that information to federal agencies, including the CIA, Justice Department and National Security Agency.

Blumenthal’s remarks came more than three hours into the March 25 meeting of the Health IT Standards Committee. The committee is a federal panel created under the American Recovery and Reinvestment Act of 2009, also known as the stimulus law, to advise the ONC on matters concerning health IT standards.

Your Medical Records Aren’t Secure

Published March 24, 2010

I learned about the lack of health privacy when I hung out my shingle as a psychiatrist. Patients asked if I could keep their records private if they paid for care themselves. They had lost jobs or reputations because what they said in the doctor’s office didn’t always stay in the doctor’s office. That was 35 years ago, in the age of paper. In today’s digital world the problem has only grown worse.

A patient’s sensitive information should not be shared without his consent. But this is not the case now, as the country moves toward a system of electronic medical records.

In 2002, under President George W. Bush, the right of a patient to control his most sensitive personal data—from prescriptions to DNA—was eliminated by federal regulators implementing the Health Information Portability and Accountability Act. Those privacy notices you sign in doctors’ offices do not actually give you any control over your personal data; they merely describe how the data will be used and disclosed.

In a January 2009 speech, President Barack Obama said that his administration wants every American to have an electronic health record by 2014, and last year’s stimulus bill allocated over $36 billion to build electronic record systems. Meanwhile, the Senate health-care bill just approved by the House of Representatives on Sunday requires certain kinds of research and reporting to be done using electronic health records. Electronic records, Mr. Obama said in his 2009 speech, “will cut waste, eliminate red tape and reduce the need to repeat expensive medical tests [and] save lives by reducing the deadly but preventable medical errors that pervade our health-care system.”

But electronic medical records won’t accomplish any of these goals if patients fear sharing information with doctors because they know it isn’t private…

Read More at The Wall Street Journal

There is no need to choose between the benefits of technology and our rights to health privacy. Please support YOUR right to decide who can see your electronic health information: sign the ‘Do Not Disclose’ petition now!

But privacy is ALREADY gone!

Refer to Wall Street Journal article: Is Government Health Care Constitutional?

The authors fear that Americans’ health privacy rights will be eliminated by health reform if a proposed “public plan” evolves into “single payer”.

They are too late, there is no privacy (the right to control personal information) in the US electronic health system —EXCEPT for the strong new rights Congress added to the stimulus bill: the ban on sales of PHI, the right to segment sensitive records, and the right to limit disclosure of PHI to health plans for payment or HCO if treatment is paid for out-of-pocket.

Our strong existing ethical and legal privacy rights (a powerful national consensus arrived at over 200+ years) are being totally ignored by federal and state government and industry.

The authors clearly don’t know that we have no health privacy today or that privacy advocates in the bipartisan Coalition for Patient Privacy (representing 10 million Americans) work to restore those rights.

In 2002, amendments to the HIPAA regulations granted new rights to corporations and government to use ALL health data without informed consent for purposes no one would ever agree to AND eliminated Americans’ rights to give consent before our data is used. See:HIPAA_Intent_Vs_Reality . In 1999, the HIPAA statute granted law enforcement unfettered access to all electronic health records without informed consent or any judicial process.

Both Democratic and Republican Administrations and Congress have contributed to eliminating patients’ rights to control personal health information. The ONC-Coordinated Federal Health IT Strategic Plan: 2008-2012, requires all EHRs to be “wired” for data mining and requires every citizen to have an EHR by 2014.

The Federal Strategic Plan grants “back door” access to the nation’s electronic records to government agencies; to the for-profit research industry for P4P, QI, population health, genetic research (personalized medicine), etc; and to the insurance industry to detect fraud (this is one of the most offensive and discriminatory measures planned–the last people patients want to have MORE access to sensitive health records are insurers and employers).

Key Quotes:

• The Supreme Court created the right to privacy in the 1960s

• the justices posited a constitutionally mandated zone of personal privacy that must remain free of government regulation, except in the most exceptional circumstances.

• Taking key decisions away from patient and physician, or otherwise limiting their available choices, will render any new system constitutionally vulnerable.

• if over time, as many critics fear, a “public option” health insurance plan turns into what amounts to a single-payer system, the constitutional issues regarding treatment and reimbursement decisions will be manifold. The same will be true of a quasi-private system where the government claims a large role in defining acceptable health-insurance coverage and treatments. There will be all sorts of “undue burdens” on the rights of patients to receive the care they may want. Then the litigation will begin.

• In crafting the law, however, its White House and congressional sponsors must keep privacy — that near absolute right to personal autonomy they have so often praised and promoted — squarely before them. The only thing that is certain today is that the courts, and not Congress, will have the last word.

The authors tilt at the wrong windmill –not realizing they are too late: the privacy for health data in electronic systems is already GONE. We hope they will join us and work to RESTORE Americans’ longstanding ethical and legal rights to health privacy–regardless of a “public plan” or whether it turns into “single payer”.

HIMSS & Who is Promoting HIT in Stimulus Spending?

This story tells how HIMSS and Harvard’s Blackford Middleton promoted spending billions on health IT in the stimulus bill.

HIMSS and Blackford believe that health technology will be the silver bullet that enables healthcare reform and kills/slows higher costs. That may be possible, but is highly doubtful because the billions are such a bonanza for the health IT industry.

Will this be yet another example of the stimulus billions being used to prop up large corporations, but not to save individual patients who are sick?

Not only does most of health IT vendor industry NOT care about whether healthcare reform succeeds or not, they actively fought to weaken Americans’ rights to privacy and security. By law, industry cares about maximizing revenue, not treating the sick.

So the BIG question is: will the government require all electronic health records systems to have the tough privacy and security measures the public expects and needs to trust these systems? Will the government require electonic health systems to build in our legal and ethical rights to privacy up front?

Most of the HIT industry lobbied to sell the same old dinosaur products and against privacy. The incumbents are very powerful and not interested in change OR IN OUR PRIVACY RIGHTS.

Reducing Cost or Care? Orszag on HIT

Fascinating ‘insider’ article on the budget process and the Orzag/Obama plan to reduce healthcare costs by building a health IT system ‘wired’ for data mining:
“At the core of both the stimulus bill and the Obama budget is Orszag’s belief that a government empowered with research on the most effective medical treatments can, using the proper incentives, persuade doctors to become more efficient health-care providers, thus saving billions of dollars. Obama is in effect betting his Presidency on Orszag’s thesis.” (See Article)

“Orszag seems more right than wrong about how to bring down health-care costs, but the truth is that, while there is obviously a great deal of waste in the American medical system, nobody knows for certain whether Orszag’s plan—which is now Obama’s plan—will work.”

The plan relies on building HIT infrastructure to obtain the data for “comparative effectiveness” research. Republicans question whether this research approach can reign in healthcare spending enough and also fear it will lead to “vast government intrusion into the doctor-patient relationship”. And the plan relies on building an HIT system to data mine ALL data without informed consent.

Our problems with the plan:

1) Orzag/Obama want ALL health data without informed consent for research, which is unethical, illegal, and destroys patient trust in doctors.
2) Orzag/Obama do not seem to realize that compelling the use of all health data will INCREASE the number of Americans who avoid treatment altogether (already in the millions). Many Americans know that avoiding care is the only way to keep health data private.
3) Millions avoiding treatment means millions delay care or never get care, increasing bad outcomes, deaths, and costs.
4) But worst of all for proponents of research: they won’t get the data needed to learn what works best unless they restore privacy and patient control over data. Researchers cannot get the results all of us want with missing and inaccurate data!
5) To find out what the most effective treatments are for many costly conditions we have to actually have all the data in our systems. Today millions of people with Depression and Addiction have NO data in the system because they pay for private care or attend AA or NA so NO data is ever generated.
6) It will be a tragedy never to find out what treatments are most effective—and a HUGE waste of the billions of stimulus dollars to build an HIT system without privacy.

Key Quotes from the article:

• The deficit spectre has loomed over every major debate. The most contentious issue has been health care.
• Orszag came to the debate with a third option, which combined Summers’s concern about deficits and Daschle’s insistence that Obama tackle health care this year. He argued that health-care reform is deficit reduction.
• At the core of both the stimulus bill and the Obama budget is Orszag’s belief that a government empowered with research on the most effective medical treatments can, using the proper incentives, persuade doctors to become more efficient health-care providers, thus saving billions of dollars. Obama is in effect betting his Presidency on Orszag’s thesis.
• Orszag, despite his image as a number-crunching technocrat, considers himself an activist.
• At Princeton, he wrote his senior thesis on the relationship between the Federal Reserve and Congress. One of his conclusions was that “it is clear that Congress suffers from a lack of understanding of even the most rudimentary economics.” Orszag’s paper won an award for the best thesis that year in international economics or politics.
• At the Congressional Budget Office, Orszag hired specialists in health-care economics and turned the institution into a clearinghouse of information about rising health-care costs. When I asked him whether he was an advocate for policies at a place that was supposed to be nonpartisan, he replied, “I would say I was activist.”
• Kent Conrad, the chairman of the Senate Budget Committee, has made eradicating the federal budget deficit his life’s work. He told me that he picked Orszag to run the C.B.O. in 2007, and repeatedly asked him to testify before his committee, because they shared a concern about long-term spending trends.
• If there was one aspect of the President’s budget that demonstrated Obama’s European sympathies, Ryan said, it was health care. More specifically, it was Orszag’s approach to curbing health-care costs. “He believes you need to set up this über-bureaucracy—the institute of comparative effectiveness—which we’ll put smart people in, and they will design the metrics and the processes on how medicine is to be practiced,” Ryan said. “And then the federal government will impose and enforce those processes. . . . It is precisely what they employ in England. It’s precisely what they employ in Canada.” Rather than celebrate Orszag’s attempt to rein in health-care spending, Ryan seemed horrified by it.
• Obama will spend the rest of this year fighting a war on two fronts. On one are Democrats protecting old-line economic interests: oil, gas, and coal companies; agribusiness; student-loan companies; and pharmaceutical companies and medical providers who fear that Orszag’s ideas for cutting health-care costs will hit them hard. On the other are institutional interests. Obama will be battling committee chairmen who oppose his Pell-grant reforms, and placating senators who resent his willingness to use a feature of the budget process known as “reconciliation,” which limits debate and prevents the use of a filibuster, to pass his health-care plan.
• Orszag’s job is to defend Obama’s budget on all fronts, but he will be most deeply engaged in health care. I asked him how he could be so sure that his ideas about how to reduce health-care costs would work, mentioning that I had been surprised to learn that Paul Ryan and other Republicans had seized on health-care cost controls as the issue they believed would bring down Obama’s health-care plan and, with it, they surely hoped, his Presidency. Specifically, they believed that Orszag’s obsession with “comparative effectiveness,” research about which treatment options work best for a given ailment, will lead to vast government intrusion into the doctor-patient relationship. The research, which received major funding in the stimulus legislation and which was also included in Obama’s budget, had assumed a sinister meaning on the right.
• Orszag dismissed the criticism as a caricature. “I don’t see how it interferes with the doctor-patient relationship to suggest that it would be better if your doctor had more information about what would work for you,” he said. “The best way of putting it is that your doctor shouldn’t have disincentives to give you the higher-quality care, which often happens now.” Far from a huge government bureaucracy, he proposes a simple adjustment of incentives: “You get paid more if the treatment has been shown to be effective and a little less if not.”
• Orszag seems more right than wrong about how to bring down health-care costs, but the truth is that, while there is obviously a great deal of waste in the American medical system, nobody knows for certain whether Orszag’s plan—which is now Obama’s plan—will work.
• As Orszag explained his ideas, I couldn’t help remembering an encounter I had with him one day in the hallway at O.M.B. I told him that I had read his Princeton undergraduate thesis. He looked at me and smiled a little sheepishly. He said that at some point after his arrival at graduate school, in London, he had had a sudden realization: that he had made a mistake, and the crucial formula that he had used in his thesis, the one that had won him the prize, was incorrect. “It was so innovative,” he said, “that it was wrong.”

Health Affairs Briefing: Stimulating Health Information Technology

Deborah Peel, MD– Founder & Chair of Patient Privacy Rights– is one of the speakers at this open event, happening March 10th, 2009 in Washington, DC.

There is widespread agreement that greater investment in information technology (IT) is critical to reforming U.S. health care. The use of such technologies as electronic health record systems, personal health records, e-prescribing, and computerized physician order entry holds the potential for vastly improving care at a reasonable cost. The recently enacted economic stimulus legislation included just over $19 billion for health information technology, so major public and private investments in the sector now lie ahead.

At this crucial moment, Health Affairs devotes its forthcoming March-April 2009 issue to health IT—its transformative promise, but also the challenges to its adoption and the substantial dangers it could pose if that adoption is not done right. The issue will be released at a briefing on Tuesday, March 10, at the JW Marriott in Washington, D.C. At the briefing, speakers will discuss the public policy issues surrounding health IT, particularly those raised by the health IT provisions in the stimulus package. Speakers will also discuss pioneering health IT initiatives, the privacy concerns raised by health IT, and industry health IT innovations.

The briefing and the new Health Affairs issue are supported by grants from the Markle Foundation, the California HealthCare Foundation, and the federal Agency for Healthcare Research and Quality.

Here are the details:

WHEN: Tuesday, March 10, 2009, 9:00 a.m. 12:30 p.m.
WHERE: JW Marriott [Metro Center], 1331 Pennsylvania Ave., NW, Washington, DC, 20004
RSVP online for this event here. For more information call Staci Gorden at 301-652-1558.


Carol Diamond, The Markle Foundation
Linda Dimitropoulos, RTI International
Colin Evans, Dossia Consortium
Robert Kolodner, Office of the National Coordinator for Health Information Technology*
Louise Liang, Kaiser Permanente
Deven McGraw, Center for Democracy and Technology
Farzad Mostashari, New York City Department of Health
Peter Neupert, Microsoft Health Solutions Group
Neal Patterson, Cerner Corporation*
Deborah Peel, Patient Privacy Rights Foundation
Mark Smith, California HealthCare Foundation
James Walker, Geisinger Health System
Jonathan White, Agency for Healthcare Research and Quality

* Invited Speakers

See Full Event Info

From Sharing Music to Sharing Medical Records

Scientific American gets it. Do you? View story here.

Dr. Eric Johnson’s latest study is out. Our job is to inform the public and Congress, who are continually being falsely reassured that health IT systems are secure and private by spinmeisters for the insurance, hospital, drug, Health IT, and health data mining industries.

Industry’s blatant false promises of security and privacy are something we have been urging FTC to investigate (as false and deceptive trade practices) and the new Administration should understand to ensure that the stimulus funds are not spent on primitive health technologies with abysmal security and no consumer control over PHI. We need ‘smart’ health IT, ‘smart’ human processes, and we need the health care industry to step up and use them, so we have trusted electronic systems and don’t waste the stimulus billions.

See Dr. Johnson’s paper here.

The research examined samples of health-care data disclosures and search activity in peer-to-peer file sharing networks of the top 10 publicly traded health care firms (using Fortune Magazine’s list) over a two-week period. More than 500 hospitals were represented in the 10 organizations. 3,328 files were collected for the study.

•”data losses in the healthcare sector continue at a dizzying pace”
•”Far worse than losing a laptop or storage device with patient data (Robenstein 2008), inadvertent disclosures on P2P networks allow many criminals access to the information, each with different levels of sophistication and ability to exploit the information.”
•”Many of the documents were leaked by patients themselves. For example we found several patient-generated spreadsheets containing details of medical treatments and costs–likely for tax purposes.”
•”we found a hospital-generated spreadsheet of personally identifiable information on recently-hired employees including social security numbers, contact information, job category, etc”
•”For a hospital system, we found two spreadsheet data bases that contained detailed information on over 20,000 patients including socials security numbers, contact information, and insurance information.”
•”For a mental health center, we found patient psychiatric evaluations.”

Where is the mainstream and trade journal reporting on this???

The true problems in HIT

The experts quoted are correct that cost, interoperability, difficulty of use, work-flow disruption, and lack of proof of safety/effectivenss are good reasons not to spend $20 billion in HIT stimulus money on bad products (the equivalent of buying SUVs instead of hybrids and electric cars).

But Kibbe and Klepper should look beyond their own perspectives to consider the wider context and the real make-or-break issue: what must EHR systems have to ensure the public’s trust and willingness to use them?

Of course, doctors must be able to afford, easily use, and know that EHR systems actually work and are effective, but systemic failure is inevitable unless patients trust electronic systems. Today’s health IT systems and products are not even close to meeting the public’s expectations for control over personal data and and ironclad security.

From the consumer perspective, the worst defects in today’s EHR systems are:

1) Patients have no control over the use or disclosure of their personal health information in these systems.

2) Doctors, hospitals, labs, pharmacies, PBMs, insurers, data miners, data aggregators, etc, etc, and software vendors control the disclosure, use, and sale of the nation’s personal health information.

3) Most of today’s EHR technology is extremely primitive (20-30 years old) and does not comply with patients’ longstanding legal and ethical privacy rights:
•most EHRs do not have the functional capacity to segment sensitive records
•human-readable audit trails of disclosures are not required, so patients have no way to know who snooped in their records or where their personal health information has been sent or sold
•the security measures are abysmal. CIO magazine story from 2006 reported that all 850 EHR systems examined could easily be hacked:,289142,sid182_gci1273006,00.html

The most important reason not to buy $20 billion dollars worth of dinosaur EHR technology is that consumers will NEVER trust electronic health systems unless they control sensitive personal data and unless the systems have state-of-the-art security to prevent the frequent breaches, losses, and thefts of millions health records.

Until the American public has PROOF electronic systems can be trusted, failure is inevitable. Why not build EHRs and the electronic health system right from the start, rather than spending billions later to rebuild?

Must we repeat the mistakes made in the UK? The NHS system was built without patient control over data. Billions of dollars and many years were wasted before the government realized that forcing patients into an electronic health system that shares data without consent doesn’t work.

View the full story referenced

Treasury Moves to Restrict Lobbyists From Influencing Bailout Program

Will we see the same kind of problems the Treasury Dept has had when HHS allocates the 20 Billion in funds for HIT? Will HHS limit the massive health industry’s lobbyists influence over how HIT funds are spent? Will HHS turn to real consumer coalitions like the Coalition for Patient Privacy for guidance instead of faux consumer, industry-funded trade organizations?

The dominant HIT industry lobby wants to ensure that Americans get primitive, legacy HIT products and systems, instead of innovative privacy-protective technologies.

If the stimulus dollars are used to purchase existing health IT products that don’t restore consumers’ rights to control the use and sale of personal health information, corporations will continue to “lock down” and own our personal health information. See Peter Neupert’s comments:

• Peter Neupert of Microsoft recently wrote in a TechNet blog about the health IT industry: “The thing is, nobody can make good decisions without good data,” Neupert wrote. “Unfortunately, too many in our industry use data ‘lock-in’ as a tactic to keep their customers captive. Policy makers’ myopic focus on standards and certification does little but provide good air cover for this status quo. Our fundamental first step has to be to ensure data liquidity—making it easy for the data to move around and do some good for us all.”

• The health IT industry’s ‘customers’ are the large hospital chains, health plans, labs, pharmacies, PBMs, and other health-related corporations that collect, store, handle and sell Americans’ personal health information from prescription records to DNA. They do not serve the public or have much regard for our legal and ethical rights to control personal health information.

The people who can’t make good decisions without the data are patients and doctors! We have almost no access to our own electronic health information. That’s our personal health data Neupert and Kibbe wrote about—and they make it clear that industry believes it owns our data.

The last thing Americans need is for the HIT stimulus funds be used to buy outdated, primitive technologies without meaningful or comprehensive privacy protections. That’s a prescription for waste and failure. Will the initial consumer privacy protections in the stimulus be nullified by purchases of inferior, privacy-destructive technologies?

View the Washington Post Article: Treasury Moves to Restrict Lobbyists From Influencing Bailout Program