“Health information privacy is an individual’s right to control the acquisition, uses, or disclosures of his or her identifiable health data.”
Fair Information Practices
Fair Information Practices (FIPs) must be universally and consistently adopted and applied to ALL electronic systems to ensure online privacy (control over personal information). FIPs should be build into all electronic systems, processes, and programs.
In brief, the FIPs are:
- Individual Participation
- Purpose Specification
- Data Minimization
- Use Limitation
- Data Quality and Integrity
- Accountability and Auditing
“Organizations should involve the individual in the process of using PII and, to the extent practicable, seek individual consent for the collection, use, dissemination, and maintenance of PII.”
Visit http://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf to view a full list of FIPs developed by the National Strategy for Trusted Identities in Cyberspace.
Click here to view larger and as a pdf
Two Factor Auth (2FA)
theDataMap™ documents the flows of personal data. The goal is to produce a detailed description of personal data flows in the United States.
A comprehensive data map will encourage new uses of personal data, help innovators find new data sources, educate the public, and inform policy makers about data sharing practices so society can act responsibly to reap benefits from sharing while addressing risks for harm.
An example: Matching Known Patients to Health Records in Washington State Data
Information from news accident reports uniquely and exactly matched medical records in publicly available Washington State health data in 43% of the cases, thereby putting names to patient records. See map of 33 states that sell or give away personal health data at: http://thedatamap.org/states.html
On January 2, 2014, IMS Health Holdings announced it will sell stock on the New York Stock Exchange. IMS joins other major NYSE-listed corporations that derive significant revenue from selling sensitive personal health data, including General Electric, IBM, United Health Group, CVS Caremark, Medco Health Solutions, Express Scripts, and Quest Diagnostics.
Quotes from IMS Health Holding’s SEC filing:
- “We have one of the largest and most comprehensive collections of healthcare information in the world, spanning sales, prescription and promotional data, medical claims, electronic medical records and social media. Our scaled and growing data set, containing over 10 petabytes of unique data, includes over 85% of the world’s prescriptions by sales revenue and approximately 400 million comprehensive, longitudinal, anonymous patient records.”
- IMS buys “proprietary data sourced from over 100,000 data suppliers covering over 780,000 data feeds globally.
- And IMS Health Holdings sells health data to “5,000 clients,” including the US Government.All purchases and subsequent sales of personal health records are hidden from patients. Patients are not asked for informed consent or given meaningful notice.
2014 Health Privacy Summit
Controlling Your Personal Health Information: Now Is the Time
The 2014 Health Privacy Summit brings together a diverse group of professionals for two days of lively intellectual exchange.
Healthcare providers, IT innovators, national and international privacy experts from academia, industry, and government will gather to hear insights, ideas, and analysis from leaders in the health privacy community. The program includes a variety of guest speakers and keynotes to provide expert advice and practical recommendations related to the future of health privacy.
June 4 – 5, 2014
Hart Auditorium, McDonough Hall
Georgetown Law Center
600 New Jersey Ave NW
Washington, District of Columbia 20001
Save the date and visit our registration page NOW!