Sensitive data still pose special challenges

At a recent meeting of the National Health IT Policy Committee, the CEO of a large electronic health records (EHR) corporation said technology for “data segmentation”—which ensures patients control who sees and uses sensitive data—is something “vendors don’t know how to do.”  But that simply isn’t true. Vendors do know how to build that kind of technology, in fact it already exists.

At the same meeting, the National Coordinator for Health IT recognized the Department of Veterans Affairs and the Substance Abuse and Mental Health Services Administration for their “demonstration of technology developed for data segmentation and tagging for patient consent management”, but he seemed to forget that millions of people receiving mental health and addiction treatment have been using EHRS with consent and data segmentation technologies for over 12 years. Again, the technology already exists.

Facts:

  • -Technology is NOT the problem—it’s not too hard or too expensive to build or use consent and data segmentation technologies.
  • -Data segmentation and consent technologies exist:  the oldest example is EHRs used for millions of mental health and addiction treatment records for the past 12 years.
  • -All EHRs must be able to “segment” erroneous data to keep it from being disclosed and harming patients—that same technology can be used to “segment” sensitive health data.
  • -Data segmentation and consent technologies were demonstrated ‘live’ at the Consumer Choices Technology Hearing in 2010. See a video: http://nmr.rampard.com/hit/20100629/default.html
  • -Starting in 2001, HIPAA required data segmentation and consent technology for EHRs that keep “psychotherapy notes” separated from other health data.  “Psychotherapy notes” can ONLY be disclosed with patient permission.
  • -The 2013 amendments to HIPAA require EHRs to enable other situations where data must be segmented and consent is required. For example:
  • -If you pay out-of-pocket for treatment or for a prescription in order to keep your sensitive information private, technology systems must prevent your data from being disclosed to other parties.
  • -After the first time you are contacted by hospital fundraisers who saw your health data, you can opt-out and block the fundraisers from future access to your EHR.

The real problem is current  technology systems and data exchanges are not built to work the way the public expects them to—they violate Americans’ ethical and legal rights to health information privacy.

The public will discover that today’s health technologies and systems have fatal privacy flaws. The unintended consequence of using flawed technology is millions of people will avoid or delay treatment and hide information to keep their health information private and suffer from bad health outcomes.

US health technology should improve health and outcomes, not cause the health of millions to worsen.

How can the US fix the privacy flaws in health technology systems so EHRs and other health technologies can be trusted?

An American Quilt of Privacy Laws, Incomplete

The MOST “incomplete” US privacy law is HIPAA, which eliminated Americans’ rights to control the collection, use, disclosure and sale of their health data in 2001.

The new Omnibus Privacy Rule did not fix this disaster. It made things worse by explicitly permitting health data sales for virtually any purpose without patients’ consent or knowledge. These new regulations violate Congress’ intent to ban the sale of health data in the 2009 stimulus bill.

In addition to not being able to control personal health information Americans have no ‘chain of custody’ for their health data, so there is no way to know who is using or selling our health data.

We need a data map to track all the hidden users and sellers of our personal health information, from our DNA, to our diagnoses, to our prescription records:

  • -Watch Professor Sweeney describe the Harvard Data Privacy Lab/Patient Privacy Rights research project to track hidden users of our health data at: http://patientprivacyrights.org/thedatamap/
  • -WE NEED A DATA MAP TO SHOW THE GOVERNMENT IT’S TIME TO FIX THIS PRIVACY DISASTER!

Attend or watch the next health privacy summit June 5-6 in Washington, DC to learn about these urgent health data problems and potential solutions:

The Immortal Life of Henrietta Lacks, the Sequel

This is an amazing article written by Rebekah Skloot, author of ‘The Immortal Life of Henrietta Lacks’, demanding consent and trust.

Rebecca is right—-the only way Americans will trust researchers is when they are treated with respect and their rights of consent for use of genomes and genetic information is restored.

The public does not yet realize that they have no control over ALL sensitive health information in electronic systems. We have NO idea how many hundreds of data mining and research corporations are collecting and using our blood and body parts. We ALSO have no control over our sensitive health information in electronic systems violating hundreds of years of privacy rights.

This week the many stories about CVS showed employers can force employees to take blood tests, health screenings, and be forced into “wellness” programs–all of which REQUIRE collection of sensitive health information—which employees cannot control.

We have NO map of who collects and uses personal health data—Henrietta Lacks family was NEVER asked for consent to use her genome.

Contribute to build a map to track the thousands of hidden users of health data at: www.localhost:8888/pprold

Attend or watch the 3rd International summit on the Future of Health Privacy (free). Register at: www.healthprivacysummit.org

Big Data Is Opening Doors, but Maybe Too Many

To view the full article, please visit Big Data Is Opening Doors, but Maybe Too Many.

Steve Lohr likens today’s Big Data issues to the introduction of the mainframe computer in the 1960s. Even then, new technology threatened the “common notions of privacy”.

A few key quotes from the article:

“…the latest leaps in data collection are raising new concern about infringements on privacy — an issue so crucial that it could trump all others and upset the Big Data bandwagon. Dr. Pentland is a champion of the Big Data vision and believes the future will be a data-driven society. Yet the surveillance possibilities of the technology, he acknowledges, could leave George Orwell in the dust.”

“The World Economic Forum published a report late last month that offered one path — one that leans heavily on technology to protect privacy. The report grew out of a series of workshops on privacy held over the last year, sponsored by the forum and attended by government officials and privacy advocates, as well as business executives. The corporate members, more than others, shaped the final document.”

Re: Your Online Attention, Bought in an Instant

Natasha Singer unearths more about the instantaneous selling of intimately detailed profiles about Americans in her article in The New York Times: Your Online Attention, Bought in an Instant

Best case: We get more ‘targeted’ ads. We supposedly want personalized ads so badly that we willingly give up deeply intimate portraits about who we are to the hidden data mining industry forever. Really? When did we ever have ANY meaningful choice about who collects and sells our most intimate personal information? See Duhigg’s NYTimes story.

Worst case: Hidden, technology enabled discrimination prevents us from getting jobs and destroys our reputations before anyone will meet with us. Companies like Rubicon literally know more about us than our partners, our mothers or fathers, our best friends, our children or our psychoanalysts. This information is used to harm us—-read Prof Sweeney’s paper on how ads like “YOUR NAME, arrested?” pop up next to the names of African-Americans but NOT next to Anglo-sounding names. What happens when future employers see ads like that when searching for information about you online? Read her paper here.

HELP FIX THIS PRIVACY DISASTER
HELP BUILD a map that tracks all hidden users and sellers of our sensitive health information.
DONATE to the Harvard/Patient Privacy Rights’ research project at: https://org2.democracyinaction.org/o/6402/donate_page/donate-to-thedatamap

European citizens have far stronger protections for their sensitive health and personal data than US citizens.
Learn why and learn about solutions to strengthen US data protections. Register for free to attend the 3rd International Summit on the Future of Health Privacy June 5-6 in DC: www.healthprivacysummit.org

Re: The Internet is a surveillance state

In response to the CNN article by Bruce Schneier: The Internet is a surveillance state

Bruce Schneier is wrong. Privacy is not over — the public is just now learning how invasive Internet technology, tech corporations, and government really are, and that they ACT to protect and maintain the US surveillance economy. When enough citizens tell Congress and the President to stop, this privacy disaster will stop.

The public is just beginning to WAKE UP. Today is the start of privacy in the Digital Age in the US, not the end.

It’s a lie that people happily give up privacy for “targeted ads” — tech giants like Google, Facebook, etc. have PREVENTED us from having apps and tools that enable privacy (ie, our right TO control personal information online). We have NO choices because government and the data mining industry have prevented us from having meaningful choices.

Signs of intelligent life in the Universe:

  • Attend or watch the 3rd International Summit on the Future of Health Privacy (its free). The EU Data Protection Supervisor will keynote and so will the US Chief Technology Officer—-the stark differences between US and EU data protections will be discussed—register at: http://www.healthprivacysummit.org/d/vcq3vz/4W
  • SnapChat—millions of free downloads of an app that shows people want technology that gives THEM control over their data: single use of info (a picture in this case) and the ability to delete info. See: http://patientprivacyrights.org/2013/02/snapchat-and-the-erasable-future-of-social-media/
  • A recent Pew Research Center study found smartphone users are taking action to protect their privacy:
  • The default for Microsoft’s Windows 8 browser is ‘Do Not Track’
    • Microsoft’s Chief Privacy Officer Brendon Lynch said a recent company study of computer users in the United States and Europe concluded that 75 percent wanted Microsoft to turn on the Do Not Track mechanism. “Consumers want and expect strong privacy protection to be built into Microsoft products and services.”
    • See more in the New York Times article: Do Not Track? Advertisers Say ‘Don’t Tread on Us’

DONATE to help Latanya Sweeney and Patient Privacy Rights build a health data map—-we MUST prove that thousands of hidden data users are stealing, using , and selling our personal health data: http://patientprivacyrights.org/donate/

SEE Latanya describe thedataMap at: http://patientprivacyrights.org/thedatamap/
This is the beginning of privacy, the war has just begun.

Health IT Gurus predict the Next Big App

To view the full article, please visit Health IT Gurus predict the Next Big App.

“Mobile healthcare apps are multiplying fast and putting a vast array of new tools in the hands of patients and the providers who deliver their care. The pace and scope of innovation makes it hard to imagine what app developers will create next. So we put the question to some of the thinkers in the best position to know what’s needed and what’s possible.”

Here are a few key quotes from the article:

Dr. Deborah Peel, founder of Patient Privacy Rights Foundation, a privacy advocacy organization:

“People want control of their information. They want to be able to decide who sees it and make it go away. And so I think that the next big thing in healthcare is going to be that kind of control for patients over their information.”

Dr. Farzad Mostashari, head of the Office of the National Coordinator for Health Information Technology at HHS:

“We are going to be in an era where everyone is going to be looking to improve health and healthcare at lower cost. And we are going to be looking at every underutilized resource in healthcare. And the greatest, the most underutilized resource in healthcare is the patient and their family members…”

Putting Health IT on the Path to Success

“The promise of health information technology (HIT) is comprehensive electronic patient records when and where needed, leading to improved quality of care at reduced cost. However, physician experience and other available evidence suggest that this promise is largely unfulfilled.

Comprehensive records require more than having every physician and hospital use an electronic health record (EHR) system. There must also be an effective, efficient, and trustworthy mechanism for health information exchange (HIE) to aggregate each patient’s scattered records into a complete whole when needed. This mechanism must also be accurate and reliable, protect patient privacy, and ensure that medical record access is transparent and accountable to patients.”

*Subscription needed to see full article.

Google Concedes That Drive-By Prying Violated Privacy

SAN FRANCISCO — Google on Tuesday acknowledged to state officials that it had violated people’s privacy during its Street View mapping project when it casually scooped up passwords, e-mail and other personal information from unsuspecting computer users.

In agreeing to settle a case brought by 38 states involving the project, the search company for the first time is required to aggressively police its own employees on privacy issues and to explicitly tell the public how to fend off privacy violations like this one.

While the settlement also included a tiny — for Google — fine of $7 million, privacy advocates and Google critics characterized the overall agreement as a breakthrough for a company they say has become a serial violator of privacy.

Privacy Piracy Interview with PPR Founder

PRIVACY PIRACY HOST, MARI FRANK, ESQ. INTERVIEWS
DEBORAH PEEL, MARCH 11TH, 2013

On Monday, March 11th, 2013 Deborah C. Peel, MD, founder & chair of Patient Privacy Rights, was interviewed on Privacy Piracy with Mari Frank.

Among the topics of discussion were:

  1. The current state of Health Privacy
  2. How can individuals help to save and strengthen health privacy rights?
  3. What is the focus of the third International Summit on the Future of Health Privacy?