See article: 'Meaningful Use' criteria released
Can you believe it? Doctors and hospitals that purchase electronic health records (EHRs) 'wired' for 'back-door' data mining will be paid to steal and use our sensitive health records without our permission!
The government and the massive health data mining industry won. Industry and the government’s plan to continue illegal and unethical data mining trumped Americans’ rights to health privacy.
The rules guarantee that employers, insurers, banks, and government will be able to use our sensitive health information---from prescriptions to DNA--- to discriminate against us in jobs, credit, and insurance.
Instead, the new interim rules for EHRs should reward the purchase and use of 'smart' EHRs with consent technologies so patients control who can see and use their health records.
The stimulus billions will be wasted because doctors and hospitals will be rewarded for using obsolete, unethical EHR 'clunkers'. Like the UK, the US will be forced to spend billions to correct a disastrously flawed national electronic health system that prevents patients from controlling their health records.
To understand the "meaningful use" criteria that SHOULD be required in EHRs, see the comments submitted to the Administration by the bipartisan Coalition for Patient Privacy, representing millions of Americans: http://www.patientprivacyrights.org/site/DocServer/LCoalition_to_HIT_PC_Meaningful_Use.pdf?docID=5681
When will the Administration and corporations get it? Privacy protections have to be tough and comprehensive if we want a national HIT system that consumers will trust and use.
To act, join www.patientprivacyrights.org to get e-alerts. Stop corporations and the government from using your sensitive health information for uses you would never agree to.
Showing posts with label records. Show all posts
Showing posts with label records. Show all posts
Thursday, December 31, 2009
Monday, October 19, 2009
The Word Is Out: Do You Know Who Owns Your Health Records?
This WIRED article, Medical Records: Stored in the Cloud, Sold on the Open Market, is based on yesterday’s NYTimes story that closed by quoting Patient Privacy Rights.
It points out the 2 KEY ways that electronic health systems violate patient privacy:
• Health technology vendors sell patient records without consent
• It is impossible to de-identify health information, so promises that the data can’t be re-identified must to be verified by outside audits
The chart at the top of the story is from our website—it shows the millions: businesses and government agencies---that today can do whatever they want with our health records, including selling them for profit.
The ‘fix’ is that Congress must restore patients’ rights to control personal health information------this right has been the foundation of the healthcare system for 2,400 years.
No one else should own our health records and no one should have access to them without our consent.
It points out the 2 KEY ways that electronic health systems violate patient privacy:
• Health technology vendors sell patient records without consent
• It is impossible to de-identify health information, so promises that the data can’t be re-identified must to be verified by outside audits
The chart at the top of the story is from our website—it shows the millions: businesses and government agencies---that today can do whatever they want with our health records, including selling them for profit.
The ‘fix’ is that Congress must restore patients’ rights to control personal health information------this right has been the foundation of the healthcare system for 2,400 years.
No one else should own our health records and no one should have access to them without our consent.
Saturday, October 17, 2009
Re-Identification. From Netflix to Health Records.
Today’s NY Times story points out the FACT that is very easy to re-identify supposedly “de-identified” information. Singer starts with how the Netflix “de-identified” data base was proven to be re-identifiable and moves on to describe Latanya Sweeney’s famous re-identification of the medical records of Gov Weld.
See the NY Times Article: When 2+2 Equals a Privacy Question
See the NY Times Article: When 2+2 Equals a Privacy Question
Friday, July 24, 2009
Bill O'Reilly is REALLY worried about the loss of his personal medical privacy...
So much so that he repeatedly returned to the topic while debating health care reform last night.
See Editorial with Video
68% of Americans share his fears and "Have Little Confidence that Electronic Health Records Will Remain Confidential" (see: Past Meetings: 7/21/09, slide #3 of the "Privacy and Security Work Group: Recommendations" presentation on the HIT Standards Committee website at: http://healthit.hhs.gov/portal/server.ptopen=512&objID=1271&parentname=CommunityPage&parentid=2&mode=2&in_hi_userid=10741&cached=true
O'Reilly debated with a doctor who doesn't seem to know that we have no control over our personal electronic health records, the massive damage that already causes, and how much more we will all be harmed if the Administration does not stop health IT systems from violating our privacy. Patient control over personal health information must be built into every electronic system up front.
Republicans, Democrats, Libertarians, and the majority of Amercians REALLY care about health privacy. The national concensus is that we should control who sees our health records; which has been our legal and ethical right since the nation's founding. Restoring the right to control PHI in electronic health systems will quell fears that the majority has have about electronic systems.
Quotes from the story:
• O’Reilly demonstrated his primary fear – almost panic – over the assumption that his medical records may not be private any more if President Obama passes some version of his healthcare bill. But enough with the foreplay -- O’Reilly dived right into his main fear. “My health records which are now in the hands of my private physician . . . they’re gonna be in Washington, right, so every malady that I have is gonna be seen by people in Washington. I don’t want that, do you want that?”
• After a little back and forth on the issue, O’Reilly repeated, “On a computer disk in D.C. will be what’s wrong with me . . . based on my medical history. It makes me very, very nervous.” Yes, we noticed.
• O’Reilly, again, focused worriedly on the privacy issue. “Let me ask you this,” O’Reilly posited. “It worries me that my medical history and your medical history is now gonna be on a disk in Washington, D.C., rather than the confidentiality of a doctor-patient, which we have had in this country for decades – that’s gone.”
• “The data is going to go to a bank in Washington, D.C.,” O’Reilly fretted. “ . . . I’m talking about you, Dr. Marc Lemont Hill, having a condition . . . with his program, it goes to D.C. and the bureaucracy decides how to treat you, not your physician. Doesn’t that worry you?”
• “So you don’t mind having your condition – whatever it may be – leave your doctor’s office and go to D.C. . . ,” O’Reilly said.
• O’Reilly hammered the privacy issue, once again, saying, “It’s going to a database that can be accessed . . . okay, if you don’t mind it, I do, and that’s a big concern of mine. We don’t have any privacy as it is in this country . . . .”
• Hill pointed out the bigger issue than the privacy of medical records (to most Americans, but not to O’Reilly) is 50 million uninsured Americans – and said that President Obama addressed that in the press conference.
• But the biggest question of all – what’s O’Reilly’s medical condition? The one O’Reilly is terrified might fall into the hands of the government? Is it really so awful that O'Reilly (not usually one to worry about privacy) is willing to kill health care reform just to protect it?
See Editorial with Video
68% of Americans share his fears and "Have Little Confidence that Electronic Health Records Will Remain Confidential" (see: Past Meetings: 7/21/09, slide #3 of the "Privacy and Security Work Group: Recommendations" presentation on the HIT Standards Committee website at: http://healthit.hhs.gov/portal/server.ptopen=512&objID=1271&parentname=CommunityPage&parentid=2&mode=2&in_hi_userid=10741&cached=true
O'Reilly debated with a doctor who doesn't seem to know that we have no control over our personal electronic health records, the massive damage that already causes, and how much more we will all be harmed if the Administration does not stop health IT systems from violating our privacy. Patient control over personal health information must be built into every electronic system up front.
Republicans, Democrats, Libertarians, and the majority of Amercians REALLY care about health privacy. The national concensus is that we should control who sees our health records; which has been our legal and ethical right since the nation's founding. Restoring the right to control PHI in electronic health systems will quell fears that the majority has have about electronic systems.
Quotes from the story:
• O’Reilly demonstrated his primary fear – almost panic – over the assumption that his medical records may not be private any more if President Obama passes some version of his healthcare bill. But enough with the foreplay -- O’Reilly dived right into his main fear. “My health records which are now in the hands of my private physician . . . they’re gonna be in Washington, right, so every malady that I have is gonna be seen by people in Washington. I don’t want that, do you want that?”
• After a little back and forth on the issue, O’Reilly repeated, “On a computer disk in D.C. will be what’s wrong with me . . . based on my medical history. It makes me very, very nervous.” Yes, we noticed.
• O’Reilly, again, focused worriedly on the privacy issue. “Let me ask you this,” O’Reilly posited. “It worries me that my medical history and your medical history is now gonna be on a disk in Washington, D.C., rather than the confidentiality of a doctor-patient, which we have had in this country for decades – that’s gone.”
• “The data is going to go to a bank in Washington, D.C.,” O’Reilly fretted. “ . . . I’m talking about you, Dr. Marc Lemont Hill, having a condition . . . with his program, it goes to D.C. and the bureaucracy decides how to treat you, not your physician. Doesn’t that worry you?”
• “So you don’t mind having your condition – whatever it may be – leave your doctor’s office and go to D.C. . . ,” O’Reilly said.
• O’Reilly hammered the privacy issue, once again, saying, “It’s going to a database that can be accessed . . . okay, if you don’t mind it, I do, and that’s a big concern of mine. We don’t have any privacy as it is in this country . . . .”
• Hill pointed out the bigger issue than the privacy of medical records (to most Americans, but not to O’Reilly) is 50 million uninsured Americans – and said that President Obama addressed that in the press conference.
• But the biggest question of all – what’s O’Reilly’s medical condition? The one O’Reilly is terrified might fall into the hands of the government? Is it really so awful that O'Reilly (not usually one to worry about privacy) is willing to kill health care reform just to protect it?
Tuesday, June 23, 2009
On HealthDataRights.org and their Declaration
HealthDataRights.org supports only ACCESS to personal health data--which is a no-brainer and a right Americans have always had. The stimulus bill makes clear that we all have the right to copies of our electronic health records because some providers have make them so hard to get.
But HealthDataRights does NOT support the most critical right of all: the right to CONTROL who can access and use our personal health data in electronic systems. They even claim "privacy" stops data flow and will stop research--which is a lie. Informed consent and control over our own data ensures it's there when we want it and ONLY for uses or research that we agree with.
HealthDataRights.org is a faux consumer rights organization, as revealed in their FAQs:
• "The organizers of HealthDataRights.org include doctors, researchers, software developers, writers, entrepreneurs, health economists, and many others who share a common goal of greater health data availability." TO WHOM WILL THE ENTIRE NATION'S DATA BE AVAILABLE? TO THE DATA MINING AND RESEARCH INDUSTRIES THAT WANT OPEN ACCESS TO OUR DATA FOR USES WE HAVE NO CONTROL OVER.
• "Some of us have seen clearly how restrictions on health data and medical records can lead to great pain and suffering—needlessly, in most cases." MILLIONS OF PATIENTS EVERY YEAR SEE CLEARLY HOW DANGEROUS HEALTHCARE IS WITHOUT PRIVACY AND DELAY OR REFUSE CARE, LEADING TO DEATHS FROM CANCER, PTSD, AND DEPRESSION---COSTING FAR MORE THAN IF TIMELY OR PREVENTIVE CARE WAS PRIVATE.
• "At the same time, we know that too often “privacy” is used as an inappropriate excuse to keep people from gaining access to their own health data and information, which they have every right under HIPAA and most state laws to view and access." CLAIMING PRIVACY AS AN EXCUSE NOT TO GIVE ACCESS TO PERSONAL HEALTH DATA IS WRONG OF COURSE, BUT WORSE AND FAR MORE DAMAGING IS EXPOSING HEALTH DATA TO THEFT, SALE, AND MISUSE BY MILLIONS OF HEALTH-RELATED BUSINESSES AND ALL GOVERNMENT AGENCIES.
• "Does this Declaration suggest people should have exclusive rights to their data?
"No, we are not suggesting that, although this is a thorny issue. Doctors need accurate information about their patients and are required by law to maintain this information. Labs are required to hold onto their test results for up to seven years. There are also health care organizations that use their patients’ or members’ data to suggest improvements to the care delivered to them, usually with a blanket permission signed by the patient at the initial visit and later forgotten. This is not necessarily a bad thing and may be very beneficial for patients, even though permission is not sought for each particular instance of that use. In addition, aggregated and anonymized, population data obviously is key to learning what is working for whom, what is cost effective for whom, and what is the best way to treat any condition for whom. We are supportive of organizations that are endeavoring to improve public health by learning from population data. An “exclusive right” could be read as contradictory to that. What we do affirm, strongly, is that people do have a right to their own data."
PATIENTS SHOULD HAVE EXCLUSIVE RIGHTS TO THEIR HEALTH DATA----EVEN NEWT GINGRICH SAYS AMERICANS SHOULD "OWN" THEIR PERSONAL HEALTH DATA.
THIS IS WHERE THEY STATE THAT THE RIGHT TO PRIVACY---THE BASIS OF THE HIPPOCRATIC OATH AND OUR STRONG EXISTING LEGAL RIGHTS TO PRIVACY---WOULD "BE CONTRADICTORY" TO PUBLIC HEALTH RESEARCH. PUBLIC HEALTH DATA IS COLLECTED BECAUSE OF LAWS THAT WERE DEBATED BEFORE BEING PASSED. BUT FUTURE "POPULATION HEALTH" RESEARCH USING ELECTRONIC HEALTH SYSTEMS WILL TAKE PLACE WITHOUT CONSENT BECAUSE EVERY ELECTRONIC HEALTH RECORD WILL BE "WIRED" FOR DATA MINING WITHOUT PATIENT KNOWLEDGE OR CONSENT. RESEARCH WITHOUT CONSENT VIOLATES MEDICAL ETHICS AND INTERNATIONAL TREATIES.
• Who is funding HealthDataRights.org?
HealthDataRights.org is entirely volunteer and has no funding. Any direct costs are being paid out of pocket by the individuals involved. THE INDIVIDUALS' NAMES ARE NOT LISTED.
You can see the story on HealthDataRights.org debut at: http://www.patientprivacyrights.org/site/News2?page=NewsArticle&id=9475&news_iv_ctrl=-1
But HealthDataRights does NOT support the most critical right of all: the right to CONTROL who can access and use our personal health data in electronic systems. They even claim "privacy" stops data flow and will stop research--which is a lie. Informed consent and control over our own data ensures it's there when we want it and ONLY for uses or research that we agree with.
HealthDataRights.org is a faux consumer rights organization, as revealed in their FAQs:
• "The organizers of HealthDataRights.org include doctors, researchers, software developers, writers, entrepreneurs, health economists, and many others who share a common goal of greater health data availability." TO WHOM WILL THE ENTIRE NATION'S DATA BE AVAILABLE? TO THE DATA MINING AND RESEARCH INDUSTRIES THAT WANT OPEN ACCESS TO OUR DATA FOR USES WE HAVE NO CONTROL OVER.
• "Some of us have seen clearly how restrictions on health data and medical records can lead to great pain and suffering—needlessly, in most cases." MILLIONS OF PATIENTS EVERY YEAR SEE CLEARLY HOW DANGEROUS HEALTHCARE IS WITHOUT PRIVACY AND DELAY OR REFUSE CARE, LEADING TO DEATHS FROM CANCER, PTSD, AND DEPRESSION---COSTING FAR MORE THAN IF TIMELY OR PREVENTIVE CARE WAS PRIVATE.
• "At the same time, we know that too often “privacy” is used as an inappropriate excuse to keep people from gaining access to their own health data and information, which they have every right under HIPAA and most state laws to view and access." CLAIMING PRIVACY AS AN EXCUSE NOT TO GIVE ACCESS TO PERSONAL HEALTH DATA IS WRONG OF COURSE, BUT WORSE AND FAR MORE DAMAGING IS EXPOSING HEALTH DATA TO THEFT, SALE, AND MISUSE BY MILLIONS OF HEALTH-RELATED BUSINESSES AND ALL GOVERNMENT AGENCIES.
• "Does this Declaration suggest people should have exclusive rights to their data?
"No, we are not suggesting that, although this is a thorny issue. Doctors need accurate information about their patients and are required by law to maintain this information. Labs are required to hold onto their test results for up to seven years. There are also health care organizations that use their patients’ or members’ data to suggest improvements to the care delivered to them, usually with a blanket permission signed by the patient at the initial visit and later forgotten. This is not necessarily a bad thing and may be very beneficial for patients, even though permission is not sought for each particular instance of that use. In addition, aggregated and anonymized, population data obviously is key to learning what is working for whom, what is cost effective for whom, and what is the best way to treat any condition for whom. We are supportive of organizations that are endeavoring to improve public health by learning from population data. An “exclusive right” could be read as contradictory to that. What we do affirm, strongly, is that people do have a right to their own data."
PATIENTS SHOULD HAVE EXCLUSIVE RIGHTS TO THEIR HEALTH DATA----EVEN NEWT GINGRICH SAYS AMERICANS SHOULD "OWN" THEIR PERSONAL HEALTH DATA.
THIS IS WHERE THEY STATE THAT THE RIGHT TO PRIVACY---THE BASIS OF THE HIPPOCRATIC OATH AND OUR STRONG EXISTING LEGAL RIGHTS TO PRIVACY---WOULD "BE CONTRADICTORY" TO PUBLIC HEALTH RESEARCH. PUBLIC HEALTH DATA IS COLLECTED BECAUSE OF LAWS THAT WERE DEBATED BEFORE BEING PASSED. BUT FUTURE "POPULATION HEALTH" RESEARCH USING ELECTRONIC HEALTH SYSTEMS WILL TAKE PLACE WITHOUT CONSENT BECAUSE EVERY ELECTRONIC HEALTH RECORD WILL BE "WIRED" FOR DATA MINING WITHOUT PATIENT KNOWLEDGE OR CONSENT. RESEARCH WITHOUT CONSENT VIOLATES MEDICAL ETHICS AND INTERNATIONAL TREATIES.
• Who is funding HealthDataRights.org?
HealthDataRights.org is entirely volunteer and has no funding. Any direct costs are being paid out of pocket by the individuals involved. THE INDIVIDUALS' NAMES ARE NOT LISTED.
You can see the story on HealthDataRights.org debut at: http://www.patientprivacyrights.org/site/News2?page=NewsArticle&id=9475&news_iv_ctrl=-1
Tuesday, February 24, 2009
From Sharing Music to Sharing Medical Records
Scientific American gets it. Do you? View story here.
Dr. Eric Johnson's latest study is out. Our job is to inform the public and Congress, who are continually being falsely reassured that health IT systems are secure and private by spinmeisters for the insurance, hospital, drug, Health IT, and health data mining industries.
Industry's blatant false promises of security and privacy are something we have been urging FTC to investigate (as false and deceptive trade practices) and the new Administration should understand to ensure that the stimulus funds are not spent on primitive health technologies with abysmal security and no consumer control over PHI. We need 'smart' health IT, 'smart' human processes, and we need the health care industry to step up and use them, so we have trusted electronic systems and don’t waste the stimulus billions.
See Dr. Johnson's paper here.
The research examined samples of health-care data disclosures and search activity in peer-to-peer file sharing networks of the top 10 publicly traded health care firms (using Fortune Magazine's list) over a two-week period. More than 500 hospitals were represented in the 10 organizations. 3,328 files were collected for the study.
•"data losses in the healthcare sector continue at a dizzying pace"
•"Far worse than losing a laptop or storage device with patient data (Robenstein 2008), inadvertent disclosures on P2P networks allow many criminals access to the information, each with different levels of sophistication and ability to exploit the information."
•"Many of the documents were leaked by patients themselves. For example we found several patient-generated spreadsheets containing details of medical treatments and costs--likely for tax purposes."
•"we found a hospital-generated spreadsheet of personally identifiable information on recently-hired employees including social security numbers, contact information, job category, etc"
•"For a hospital system, we found two spreadsheet data bases that contained detailed information on over 20,000 patients including socials security numbers, contact information, and insurance information."
•"For a mental health center, we found patient psychiatric evaluations."
Where is the mainstream and trade journal reporting on this???
Dr. Eric Johnson's latest study is out. Our job is to inform the public and Congress, who are continually being falsely reassured that health IT systems are secure and private by spinmeisters for the insurance, hospital, drug, Health IT, and health data mining industries.
Industry's blatant false promises of security and privacy are something we have been urging FTC to investigate (as false and deceptive trade practices) and the new Administration should understand to ensure that the stimulus funds are not spent on primitive health technologies with abysmal security and no consumer control over PHI. We need 'smart' health IT, 'smart' human processes, and we need the health care industry to step up and use them, so we have trusted electronic systems and don’t waste the stimulus billions.
See Dr. Johnson's paper here.
The research examined samples of health-care data disclosures and search activity in peer-to-peer file sharing networks of the top 10 publicly traded health care firms (using Fortune Magazine's list) over a two-week period. More than 500 hospitals were represented in the 10 organizations. 3,328 files were collected for the study.
•"data losses in the healthcare sector continue at a dizzying pace"
•"Far worse than losing a laptop or storage device with patient data (Robenstein 2008), inadvertent disclosures on P2P networks allow many criminals access to the information, each with different levels of sophistication and ability to exploit the information."
•"Many of the documents were leaked by patients themselves. For example we found several patient-generated spreadsheets containing details of medical treatments and costs--likely for tax purposes."
•"we found a hospital-generated spreadsheet of personally identifiable information on recently-hired employees including social security numbers, contact information, job category, etc"
•"For a hospital system, we found two spreadsheet data bases that contained detailed information on over 20,000 patients including socials security numbers, contact information, and insurance information."
•"For a mental health center, we found patient psychiatric evaluations."
Where is the mainstream and trade journal reporting on this???
Tuesday, February 3, 2009
Identity Theft Through Your Health Records
This post reflects on the article in the Denver Post: Uncovering the Identity Trade Business.
This story details identity theft by a Denver hospital employee. It is a single instance, but it shows how easy it is for any hospital employee, anywhere to steal patients' identities.
Hospitals will become a major source for identity theft because today's primitive, poorly designed health IT systems allow thousands of employees access to all patient information--including what's needed to steal identities. Not only can thousands of hospital employees see every patient's medical records (think George Clooney and Farah Fawcett--whose records were sold to the Enquirer), they can see and steal the demographic and financial information too.
For whatever reasons, the media has primarily reported on how wonderful electronic health systems are without explaining the severe risks they pose to privacy and the new problems they can create (errors, downtime, work flow obstacles, data sales, lack of interoperability, etc).
The health IT stimulus bill with $20B for HIT needs very strong consumer protections to ensure that the current 'norm' for hospital electronic health systems, ie badly designed, open access systems, is replaced by systems that only allow access to the few staff members the patient has given permission to see and use his/her electronic records. The current HIT bill does not require the use of consent management technologies to restore patient control over PHI.
This story details identity theft by a Denver hospital employee. It is a single instance, but it shows how easy it is for any hospital employee, anywhere to steal patients' identities.
Hospitals will become a major source for identity theft because today's primitive, poorly designed health IT systems allow thousands of employees access to all patient information--including what's needed to steal identities. Not only can thousands of hospital employees see every patient's medical records (think George Clooney and Farah Fawcett--whose records were sold to the Enquirer), they can see and steal the demographic and financial information too.
For whatever reasons, the media has primarily reported on how wonderful electronic health systems are without explaining the severe risks they pose to privacy and the new problems they can create (errors, downtime, work flow obstacles, data sales, lack of interoperability, etc).
The health IT stimulus bill with $20B for HIT needs very strong consumer protections to ensure that the current 'norm' for hospital electronic health systems, ie badly designed, open access systems, is replaced by systems that only allow access to the few staff members the patient has given permission to see and use his/her electronic records. The current HIT bill does not require the use of consent management technologies to restore patient control over PHI.
Subscribe to:
Posts (Atom)
