Wednesday, December 24, 2008

DoD does WHAT?

It is fascinating that the DoD clearly believes it owns and can use the personal health information of 12 million active duty military personnel for whatever purpose it decides. In this case, the DoD is paying a for-profit corporation to do research on active duty military personnel without their consent.

Maybe when you join the military you lose all privacy and Constitutional rights. I don’t know, I'm not a lawyer. If so, that is a steep price to pay to serve your country: losing all health privacy for yourself and your relatives forever. Do those who join the armed forces know they are signing up to become medical guinea pigs? Do they really understand the consequences for their futures and their families futures?

Many questions abound:

• Are the electronic records adequately secured? What a rich target: 12 million health records! What if enemies hack the privately held data base to learn about key military leaders?

• Will Phase Forward continue to use and sell the records for other purposes as HIPAA authorizes? Other data management corporations (such as Thomson Medstat) the government pays to perform fraud and waste audits obtain millions of health records that they later aggregate and sell to employers without anyone's consent.

• Furthermore--this is clearly medical research without informed consent. That is simply unethical and illegal. The US signed the Declaration of Helsinki after WW II because Nazis did human research without consent. Back then America recognized the need for informed consent before research takes place. Today, the codes of research and medical ethics still require patients to give informed consent before personal records can be used or disclosed. Why is this project not being done with informed consent when new 'smart' electronic consent tools could make it easy, cheap, and fast to obtain informed consent and explain all the risks and consequences?

Review this article from the Washington Post's Government Inc. Blog for more information:
Data Mining for DoD Health

Tuesday, December 9, 2008

Genomes: Behold or Beware

Patients whose physicians "collaborate" with genetic testing corporations should beware. Today, Navigenics and all genetic testing businesses can legally sell genomic data. There is no way to know which ones sell or use data without informed consent and which don't. Americans' personal health information is extremely valuable to corporate America. Genomic data requires extreme privacy protection because it can be used to harm not only an individual but all his/her relatives.

According to Navigenics, the personal data shared is "aggregated" and "de-linked" from "your account information", but Navigenics offers no proof that it cannot be re-identified.

As we learned from the NIH experience, it is very difficult to "de-identify" or "anonymize" genetic data. The NIH closed a public research data base of "de-identified" genetic data after researchers proved the data could be re-identified See: . Corporations that share "de-identified" or "anonymized" health data should be required to publish the algorithms that were used and prove the data cannot be re-identified.

Questions abound:
• How can anyone be sure that Navigenics protects the privacy of genomic tests without trusted external audits of their privacy practices and policies?

• Does Navigenics pay MDVIP's doctors a "kickback" for "collaborating" each time a patient gets genomic tests? Does MDVIP inform patients that it has a contract with Navigenics and what each doctor is paid?

• Who is being paid for "collaboration"? What exactly are the financial and contractual terms of "collaboration" between MDVIP and Navigenics?

• Do MDVIP's patients really understand the risks of using Navigenics to do the testing or the risks of letting Navigenics share their genomic data with unknown researchers and research organizations----that can put their data into public data respositories and publish it in studies? Or the security risks that a particular public respository can be hacked?

• Are MDVIP's patients coreced into taking Navigenics tests by their doctors? Most patients want to do what their doctors recommend. What is the consent process?

• Did MDVIP contractually sell or give their patients' genomic data or to Navigenics to own or sell? Should the public trust Navigenics, a for-profit corporation, when personal genomic data is a very valuable commodity?

• Should any for-profit collaboration "define the standards in which preventive genomic medicine will be integrated into patient care for decades to come"? No consumer health privacy expertise, assessment, or input was sought.

• There is not yet an operational, trusted, consumer-led privacy certification organization to audit genomic testing corporations to certify they don't sell genomic data and that consumers control sensitive personal genomic data in their data bases. In the absence of a trusted privacy certification organization, the privacy principles developed in 2007 by the bipartisan Coalition for Patient Privacy or the Code of Fair Information Practices could be used as guides for building a genomic testing and preventive healthcare system that consumers will trust and be willing to use.

• Would MDVIP's patients still feel "the experience (was) positive", "empowered rather than anxious", and "desire to change their lifestyles and more productively work with their physicians" if they knew their doctors were paid by Navigenics and their data was sold and/or put in public data repositories with unknown security and privacy protections?

This blog is in response to the article: Physician network to use genomic-based preventive healthcare