Petition for OSTP to Conduct Public Comment Process on Big Data and the Future of Privacy

February 10, 2013

Patient Privacy Rights, joined by EPIC, ACLU, Center for Democracy & Technology, EFF and 24 other consumer privacy and public interest organizations asked the White House’s Office of Science and Technology Policy to issue a Request for Information in order to conduct a review that incorporates the concerns and opinions of those whose data may be collected in bulk as a result of their engagement with technology.

“We believe that the public policy considerations arising from big data and privacy are issues of national concerns that ‘require the attention at the highest levels of Government.’”

The Coalition for Patient Privacy believes that the “OSTP should consider a broad range of big data privacy issues, including but not limited to:
(1) What potential harms arise from big data collection and how are these risks currently addressed?
(2) What are the legal frameworks currently governing big data, and are they adequate?
(3) How could companies and government agencies be more transparent in the use of big data, for example, by publishing algorithms?
(4) What technical measures could promote the benefits of big data while minimizing the privacy risks?
(5) What experience have other countries had trying to address the challenges of big data?
(6) What future trends concerning big data could inform the current debate?”

For more information, see EPIC, Coalition Urge White House to Listen to Public on “Big Data and Privacy”

To view a copy of the letter, please visit Petition for OSTP to Conduct Public Comment Process on Big Data and the Future of Privacy

3 reasons for the demise of patient privacy

By Dan Bowman from FierceHealthIT

Several factors have contributed to the demise of patient privacy in recent years, according to software analyst and healthcare blogger Shahid Shah (a.k.a., The Health IT Guy).

For example, Shah said at a recent discussion hosted by the Patient Privacy Rights Foundation on the best privacy practices for electronic health records in the cloud, patients tend to not “demand” privacy as the cost of doing business with providers.

“It’s rare for patients to choose physicians, health systems or other care providers based on their privacy views,” Shah said in a blog post summarizing thoughts he shared at the event. “Even when privacy violations are found and punished, it’s uncommon for patients to switch to other providers.”

To view the full article visit 3 reasons for the demise of patient privacy

 

Can we at least try not to kill 440,000 patients per year?

Check out the latest from Doc Searls, courtesy of Doc Searls Weblog.

Obamacare matters. But the debate about it also misdirects attention away from massive collateral damage to patients. How massive? Dig To Make Hospitals Less Deadly, a Dose of Data, by Tina Rosenberg in The New York Times. She writes,

Until very recently, health care experts believed that preventable hospital error caused some 98,000 deaths a year in the United States — a figure based on 1984 data. But a new report from the Journal of Patient Safety using updated data holds such error responsible for many more deaths — probably around some 440,000 per year. That’s one-sixth of all deaths nationally, making preventable hospital error the third leading cause of death in the United States. And 10 to 20 times that many people suffer nonlethal but serious harm as a result of hospital mistakes.

The bold-facing is mine. In 2003, one of those statistics was my mother. I too came close in 2008, though the mistake in that case wasn’t a hospital’s, but rather a consequence of incompatibility between different silo’d systems for viewing MRIs, and an ill-informed rush into a diagnostic procedure that proved unnecessary and caused pancreatitis (which happens in 5% of those performed — I happened to be that one in twenty). That event, my doctors told me, increased my long-term risk of pancreatic cancer.

Risk is the game we’re playing here: the weighing of costs and benefits, based on available information. Thus health care is primarily the risk-weighing business we call insurance. For generations, the primary customers of health care — the ones who pay for the services — have been insurance companies. Their business is selling bets on outcomes to us, to our employers, or both. They play that game, to a large extent, by knowing more than we do. Asymmetrical knowledge R them.

Now think about the data involved. Insurance companies live in a world of data. That world is getting bigger and bigger. And yet, McKinsey tells us, it’s not big enough. In The big-data revolution in US health care: Accelerating value and innovation (subtitle: Big data could transform the health-care sector, but the industry must undergo fundamental changes before stakeholders can capture its full value), McKinsey writes,

Fiscal concerns, perhaps more than any other factor, are driving the demand for big-data applications. After more than 20 years of steady increases, health-care expenses now represent 17.6 percent of GDP—nearly $600 billion more than the expected benchmark for a nation of the United States’s size and wealth.1 To discourage overutilization, many payors have shifted from fee-for-service compensation, which rewards physicians for treatment volume, to risk-sharing arrangements that prioritize outcomes. Under the new schemes, when treatments deliver the desired results, provider compensation may be less than before. Payors are also entering similar agreements with pharmaceutical companies and basing reimbursement on a drug’s ability to improve patient health. In this new environment, health-care stakeholders have greater incentives to compile and exchange information.

While health-care costs may be paramount in big data’s rise, clinical trends also play a role. Physicians have traditionally used their judgment when making treatment decisions, but in the last few years there has been a move toward evidence-based medicine, which involves systematically reviewing clinical data and making treatment decisions based on the best available information. Aggregating individual data sets into big-data algorithms often provides the most robust evidence, since nuances in subpopulations (such as the presence of patients with gluten allergies) may be so rare that they are not readily apparent in small samples.

Although the health-care industry has lagged behind sectors like retail and banking in the use of big data—partly because of concerns about patient confidentiality—it could soon catch up. First movers in the data sphere are already achieving positive results, which is prompting other stakeholders to take action, lest they be left behind. These developments are encouraging, but they also raise an important question: is the health-care industry prepared to capture big data’s full potential, or are there roadblocks that will hamper its use

The word “patient” appears nowhere in that long passage. The word “stakeholder” appears twice, plus eight more times in the whole piece. Still, McKinsey brooks some respect for the patient, though more as a metric zone than as a holder of a stake in outcomes:

Health-care stakeholders are well versed in capturing value and have developed many levers to assist with this goal. But traditional tools do not always take complete advantage of the insights that big data can provide. Unit-price discounts, for instance, are based primarily on contracting and negotiating leverage. And like most other well-established health-care value levers, they focus solely on reducing costs rather than improving patient outcomes. Although these tools will continue to play an important role, stakeholders will only benefit from big data if they take a more holistic, patient-centered approach to value, one that focuses equally on health-care spending and treatment outcomes.

McKinsey’s customers are not you and me. They are business executives, many of which work in health care. As players in their game, we have zero influence. As voters in the democracy game, however, we have a bit more. That’s one reason we elected Barack Obama.

So, viewed from the level at which it plays out, the debate over health care, at least in the U.S., is between those who believe in addressing problems with business (especially the big kind) and those who believe in addressing problems with policy (especially the big kind, such as Obamacare).

Big business has been winning, mostly. This is why Obamacare turned out to be a set of policy tweaks on a business that was already highly regulated, mostly by captive lawmakers and regulators.

Meanwhile we have this irony to contemplate: while dying of bad data at a rate rivaling war and plague, our physical bodies are being doubled into digital ones. It is now possible to know one’s entire genome, including clear markers of risks such as cancer and dementia. That’s in addition to being able to know one’s quantified self (QS), plus one’s health care history.

Yet all of that data is scattered and silo’d. This is why it is hard to integrate all our available QS data, and nearly impossible to integrate all our health care history. After I left the Harvard University Health Services (HUHS) system in 2010, my doctor at the time (Richard Donohue, MD, whom I recommend highly) obtained and handed over to me the entirety of my records from HUHS. It’s not data, however. It’s a pile of paper, as thick as the Manhattan phone book. Its utility to other doctors verges on nil. Such is the nature of the bizarre information asymmetry (and burial) in the current system.

On top of that, our health care system incentivizes us to conceal our history, especially if any of that history puts us in a higher risk category, sure to pay more in health insurance premiums.

But what happens when we solve these problems, and our digital selves become fully knowable — by both our selves and our health care providers? What happens to the risk calculation business we have today, which rationalizes more than 400,000 snuffed souls per annum as collateral damage? Do we go to single-payer then, for the simple reason that the best risk calculations are based on the nation’s entire population?

I don’t know.

I do know the current system doesn’t want to go there, on either the business or the policy side. But it will. Inevitably.

At the end of whatever day this is, our physical selves will know our data selves better than any system built to hoard and manage our personal data for their interests more than for ours. When that happens the current system will break, and another one will take its place.

How many more of us will die needlessly in the meantime? And does knowing (or guessing at) that number make any difference? It hasn’t so far.

But that shouldn’t stop us. Hats off to leadership in the direction of actually solving these problems, starting with Adrian Gropper, ePatient Dave, Patient Privacy RightsBrian Behlendorf, Esther Dyson, John Wilbanks, Tom Munnecke and countless other good people and organizations who have been pushing this rock up a hill for a long time, and aren’t about to stop. (Send Doc more names or add comments directly to this blog here.)

Courtesy of Doc Searls Weblog

Will Texans Own Their DNA?

Will Texans Own Their DNA?

Greg Abbott, candidate for Governor, thinks they should

 

On November 12th, Abbott released his “We the People Plan” for Texas. Clearly he’s heard from Texans who want tough new health data privacy protections.

 

Topping his list are four terrific privacy recommendations for health and genetic data:

  • “Recognize a property right in one’s own DNA.”
  • “Make state agencies, before selling database information, acquire the consent of any individual whose data is to be released.”
  • “Prohibit data resale and anonymous purchasing by third parties.”
  • “Prohibit the use of cross referencing techniques to identify individuals whose data is used as a larger set of information in an online data base.”

 

The Omnibus Privacy Rule operationalized the technology section of the stimulus bill. It also clarified that states can pass data privacy laws that are stronger than HIPAA (which is a very weak floor for data protections).

 

Texans would overwhelmingly support the new state data protection laws Abbott recommends . If elected, hopefully Abbott would also include strong penalties for violations. Contracts don’t enforce themselves. External auditing and proof of trustworthy practices should be required.

 

Is this the beginning of a national trend?  I think so.

 

The more the public learns about today’s health IT systems, the more they will reject health surveillance technologies that steal and sell sensitive personal health data.

Don’t Let EHR Vendors Own Your Data

“In a recent blog posting, John Moore and Rob Tholemeier of Chilmark Research ask the question: ‘Who’s Data is it Anyway?’ Your electronic health records data is not the property of your vendor and there are things you can do about it, they contend.”

To view the full article, please visit: Don’t Let EHR Vendors Own Your Data

Myth: The Benefits of Electronic Health Records Outweigh the Privacy Risks

Myth: The Benefits of Electronic Health Records Outweigh the Privacy Risks

Fact: It’s impossible to weigh the ‘benefits’ of EHRs vs. the ‘risks’ when we have no way of knowing what all the ‘risks’ are. Current health IT systems and data exchanges enable unlimited hidden use and sale of personal health data.

There is no map that tracks hidden disclosures of health data to secondary, tertiary, quaternary, etc, etc users. It’s crazy, but we have no ‘chain of custody’ for our most sensitive personal information, health data.

How can we make informed decisions about using EHRs when there is no map to track the 100s-1000s-1,000,000s of places our personal health information, from prescriptions to DNA to diagnoses, ends up?

Take a look at this website: http://www.theDataMap.org

·        Harvard Professor Latanya Sweeney leads this project to map the hidden flows of health data.

·        Patient Privacy Rights is a sponsor.

·        Not only is it impossible for individuals to make an informed decision about the risks and benefits of EHRs, but it’s ALSO impossible for Congress to create sane health reform and healthcare laws, formulate appropriate health and privacy policies that provide ironclad data privacy and security protections when we have no idea where PHI goes, who uses and sells it, or what it’s used for.

·        One example of not knowing where/how our personal health data ends up: Identifiable diabetic patient records are sold online for $14-$25 each. See: http://abcnews.go.com/Health/medical-records-private-abc-news-investigation/story?id=17228986&singlePage=true#.UFKTXVHUF-Y

If you think about privacy-destructive health IT,  it is the exact opposite of what patients expect. And it violates patients’ strong existing rights to health information privacy and control over personal health data:

·        One example: Patients give pharmacies a prescription for only one purpose: to fill their prescription. They don’t expect all 55,000 US pharmacies to sell every prescription, every night. The prescription data mining industry sells our easily identifiable prescription records collects 10s-100s of billions in revenue every year.

·        Another example: Patients expect physicians to keep their records private. They don’t expect physicians or EHRs to sell their sensitive data, treating patient data as another way to make money. But selling patient data is the business model of almost all EHRs, including Practice Fusion, Greenway, Cerner, Athena, GE Centricity, etc, etc. Patients give doctors information for one purpose only: to treat them. They don’t expect it to be used and sold by Business Associates, subcontractors, and subcontractors of the subcontractors for other purposes. Again, in the US patients have had a very long history of rights to health information privacy in law and ethics (the Hippocratic Oath).

 

Fact: the public will only trust health technology if they control their health data and can have real-time lists of those who use their health data. Hidden use of personal health data must stop. Users should ask our consent first. We need control, accountability and transparency to trust health technology.

Abbott’s Privacy Rights Proposals Draw Attention

“Attorney General Greg Abbott‘s support for more stringent privacy laws is getting some notice, as privacy rights activists say his proposals would lead to more protections for Texans. But concerns tied to the enforcement of the proposed policies are also being raised.”

To view the full article, please visit: Abbott’s Privacy Rights Proposals Draw Attention

Don’t Let EHR Vendors Own Your Data

“In a recent blog posting, John Moore and Rob Tholemeier of Chilmark Researchask the question: “Who’s Data is it Anyway?” Your electronic health records data is not the property of your vendor and there are things you can do about it, they contend.”

If you have a subscription to HealthData Management and would like the view the full article, please visit: Don’t Let EHR Vendors Own Your Data

The Reports of the Death of Privacy Were Exaggerated: California Breathes New Life into the Privacy Rights of its Residents

Vast NSA troves of phone and email data and the huge focus on HealthCare.gov’s website provoked intense public concern about hidden uses and sales of personal data…..especially personal health data.

But there is great news from California:  tough new laws to protect data privacy were enacted in September.  See: “The Reports of the Death of Privacy Were Exaggerated: California Breathes New Life into the Privacy Rights of its Residents”, Tuesday, November 19, 2013, by Sharon R. Klein and Odia Kagan

States like CA and TX (HB 300) passed new laws because state residents are demanding stronger data privacy protections, and Congress and federal agencies have failed to act.

Key new data privacy protections in CA:

“Business(es) offering software or hardware to consumers… designed to maintain medical information or to assist in the diagnosis and treatment of individuals” must:

Press your state lawmakers to pass strong new data protection laws like California’s.  People want technology that protects privacy. They won’t trust companies and government that eliminate privacy and use personal data without consent.

Rejecting Billions, SnapChat Expects a Better Offer

To view the full article, please visit: Rejecting Billions, SnapChat Expects a Better Offer

SnapChat made front page of NYTimes this morning valued at BILLIONS by WallStreet! This is huge news: the very first privacy app worth billions! If people/industry value control over pictures IMAGINE how many millions of people would want privacy apps to control health data!