See article: 'Meaningful Use' criteria released
Can you believe it? Doctors and hospitals that purchase electronic health records (EHRs) 'wired' for 'back-door' data mining will be paid to steal and use our sensitive health records without our permission!
The government and the massive health data mining industry won. Industry and the government’s plan to continue illegal and unethical data mining trumped Americans’ rights to health privacy.
The rules guarantee that employers, insurers, banks, and government will be able to use our sensitive health information---from prescriptions to DNA--- to discriminate against us in jobs, credit, and insurance.
Instead, the new interim rules for EHRs should reward the purchase and use of 'smart' EHRs with consent technologies so patients control who can see and use their health records.
The stimulus billions will be wasted because doctors and hospitals will be rewarded for using obsolete, unethical EHR 'clunkers'. Like the UK, the US will be forced to spend billions to correct a disastrously flawed national electronic health system that prevents patients from controlling their health records.
To understand the "meaningful use" criteria that SHOULD be required in EHRs, see the comments submitted to the Administration by the bipartisan Coalition for Patient Privacy, representing millions of Americans: http://www.patientprivacyrights.org/site/DocServer/LCoalition_to_HIT_PC_Meaningful_Use.pdf?docID=5681
When will the Administration and corporations get it? Privacy protections have to be tough and comprehensive if we want a national HIT system that consumers will trust and use.
To act, join www.patientprivacyrights.org to get e-alerts. Stop corporations and the government from using your sensitive health information for uses you would never agree to.
Showing posts with label technology. Show all posts
Showing posts with label technology. Show all posts
Thursday, December 31, 2009
Friday, October 9, 2009
Open Source Research
See the Government Health IT article: NCI to open research grid to cancer patient 'army'
Women desperate to cure breast cancer are contributing their sensitive personal health information to "an army" of researchers.
But there is no reason that these altruistic women have to risk their futures and their daughters' futures to find a cure.
It's possible to do research without risking their futures and their daughters' and granddaughters' futures by using privacy-protective technologies and robust informed electronic consent. But this project does NOT protect the privacy of these generous and well-intentioned women.
The women's data can be downloaded by "thousands of users"--all of whom make copies of their extremely sensitive, IDENTIFIABLE records. The records are identifiable so that the women can be contacted by researchers.
Some of the major things wrong with this picture:
1) The NCI system allows “researchers (to) form and maintain large breast cancer disease databases.” Is there any way to tell if the security is ironclad, state-of-the-art? No.
2) How many copies will researchers make? How many times will the data be replicated and backed-up across the world? No way to know.
3) What countries will copies of the records be kept in? No way to know.
4) How many and which researchers will download and keep their data? No way to know.
5) The researchers must sign agreements to protect and not sell the data, but there are no 'data police' to enforce those agreements. If there are no 'data police' watching this data, how do the women know it's safe? No way to know.
6) What if a woman does not approve of a particular study or researcher who has their data? Can a woman prevent any researcher from using her information? No.
7) How will the data be handled after the research study is complete? How will the women know if it is destroyed? No way to know.
8) How safe is research access via a web browser? No way to know
The severe flaws in this plan are obvious. Fearful women desperate for cures are being exploited by the government and the research industry that designed these systems to serve their needs, NOT the women's rights to privacy. Putting such sensitive data out into cyberspace KNOWING it can never be retrieved or destroyed is grossly irresponsible. Like Paris Hilton's sex video, this data will live forever in cyberspace, risking future jobs and opportunities of every child of every woman desperate for a cure.
The NCI could do this a better way---we can have research and privacy at the same time. But the privacy protective technologies that can enable both are not being used. Why not?????
See our testimony Sept 18th at the national HIT Policy Committee and the many letters from the Coalition for Patient Privacy to federal agencies and Congress describing how to do research while protecting privacy.
And NO--the Genetic Information Nondiscrimination Act (GINA) DOES NOT protect our genetic data. It allows insurers and employers to have our genetic data and it has no enforcement. Zero. And HIPAA has no protections for genetic data either--it allows others to control and use our data without consent.
The cost of contributing to research should not be that your female descendents are unemployable. Unless data is protected, we will have generations of people who cannot work because employers will not risk hiring anyone at risk of getting a disease.
Women desperate to cure breast cancer are contributing their sensitive personal health information to "an army" of researchers.
But there is no reason that these altruistic women have to risk their futures and their daughters' futures to find a cure.
It's possible to do research without risking their futures and their daughters' and granddaughters' futures by using privacy-protective technologies and robust informed electronic consent. But this project does NOT protect the privacy of these generous and well-intentioned women.
The women's data can be downloaded by "thousands of users"--all of whom make copies of their extremely sensitive, IDENTIFIABLE records. The records are identifiable so that the women can be contacted by researchers.
Some of the major things wrong with this picture:
1) The NCI system allows “researchers (to) form and maintain large breast cancer disease databases.” Is there any way to tell if the security is ironclad, state-of-the-art? No.
2) How many copies will researchers make? How many times will the data be replicated and backed-up across the world? No way to know.
3) What countries will copies of the records be kept in? No way to know.
4) How many and which researchers will download and keep their data? No way to know.
5) The researchers must sign agreements to protect and not sell the data, but there are no 'data police' to enforce those agreements. If there are no 'data police' watching this data, how do the women know it's safe? No way to know.
6) What if a woman does not approve of a particular study or researcher who has their data? Can a woman prevent any researcher from using her information? No.
7) How will the data be handled after the research study is complete? How will the women know if it is destroyed? No way to know.
8) How safe is research access via a web browser? No way to know
The severe flaws in this plan are obvious. Fearful women desperate for cures are being exploited by the government and the research industry that designed these systems to serve their needs, NOT the women's rights to privacy. Putting such sensitive data out into cyberspace KNOWING it can never be retrieved or destroyed is grossly irresponsible. Like Paris Hilton's sex video, this data will live forever in cyberspace, risking future jobs and opportunities of every child of every woman desperate for a cure.
The NCI could do this a better way---we can have research and privacy at the same time. But the privacy protective technologies that can enable both are not being used. Why not?????
See our testimony Sept 18th at the national HIT Policy Committee and the many letters from the Coalition for Patient Privacy to federal agencies and Congress describing how to do research while protecting privacy.
And NO--the Genetic Information Nondiscrimination Act (GINA) DOES NOT protect our genetic data. It allows insurers and employers to have our genetic data and it has no enforcement. Zero. And HIPAA has no protections for genetic data either--it allows others to control and use our data without consent.
The cost of contributing to research should not be that your female descendents are unemployable. Unless data is protected, we will have generations of people who cannot work because employers will not risk hiring anyone at risk of getting a disease.
Saturday, August 15, 2009
Healthcare moving to Cloud Computing
Joe Conn looks more deeply into the problems of 'cloud' computing for the storage, exchange, and analysis of health data. See his article in Modern Healthcare: 'Healthcare is slow to change' to cloud environment
Today there is not yet a trusted organization to certify the privacy of electronic health records systems, whether on servers or in clouds.
Until the privacy of health data can be assured first with trusted security certification and then with a separate stringent privacy certification (proving that patients control the use and disclosure of their sensitive records) Americans will not trust that their data is safe.
Proof that consumers control personal data in clouds will be essential for trust in health IT.
So far all we have are promises of security and privacy. We won't trust without verification .
Today there is not yet a trusted organization to certify the privacy of electronic health records systems, whether on servers or in clouds.
Until the privacy of health data can be assured first with trusted security certification and then with a separate stringent privacy certification (proving that patients control the use and disclosure of their sensitive records) Americans will not trust that their data is safe.
Proof that consumers control personal data in clouds will be essential for trust in health IT.
So far all we have are promises of security and privacy. We won't trust without verification .
Wednesday, August 12, 2009
Who is tracking YOU?
On the Internet ALL your health searches about scary and stigmatizing illnesses, all searches or purchases of books on health, and all searches or purchases of medications and devices are tracked and sold.
It is impossible to search for health information privately via Google, etc.
Health websites take massive advantage of Americans' powerful expectations that ALL healthcare providers put their interests and their privacy first---expectations which come from the traditional doctor-patient relationship and the ethics that have governed Medicine for 2,400 years (derived from the Hippocratic Oath).
Americans are not yet ready to believe that every aspect of healthcare in the US is profit-driven, rather than driven by the ethical codes all health professionals swear to at graduation: the promises to "do no harm" and to "guard their secrets".
Americans are not yet ready to believe that Wall Street has taken over Medicine---and that instead of guaranteeing the strong health privacy rights Americans have under the law, Wall Street erases our rights to ensure shareholder profits.
View this story in the NY Times: Ads Follow Web Users, and Get More Personal
It is impossible to search for health information privately via Google, etc.
Health websites take massive advantage of Americans' powerful expectations that ALL healthcare providers put their interests and their privacy first---expectations which come from the traditional doctor-patient relationship and the ethics that have governed Medicine for 2,400 years (derived from the Hippocratic Oath).
Americans are not yet ready to believe that every aspect of healthcare in the US is profit-driven, rather than driven by the ethical codes all health professionals swear to at graduation: the promises to "do no harm" and to "guard their secrets".
Americans are not yet ready to believe that Wall Street has taken over Medicine---and that instead of guaranteeing the strong health privacy rights Americans have under the law, Wall Street erases our rights to ensure shareholder profits.
View this story in the NY Times: Ads Follow Web Users, and Get More Personal
Sunday, May 17, 2009
HIMSS & Who is Promoting HIT in Stimulus Spending?
This story tells how HIMSS and Harvard's Blackford Middleton promoted spending billions on health IT in the stimulus bill.
HIMSS and Blackford believe that health technology will be the silver bullet that enables healthcare reform and kills/slows higher costs. That may be possible, but is highly doubtful because the billions are such a bonanza for the health IT industry.
Will this be yet another example of the stimulus billions being used to prop up large corporations, but not to save individual patients who are sick?
Not only does most of health IT vendor industry NOT care about whether healthcare reform succeeds or not, they actively fought to weaken Americans' rights to privacy and security. By law, industry cares about maximizing revenue, not treating the sick.
So the BIG question is: will the government require all electronic health records systems to have the tough privacy and security measures the public expects and needs to trust these systems? Will the government require electonic health systems to build in our legal and ethical rights to privacy up front?
Most of the HIT industry lobbied to sell the same old dinosaur products and against privacy. The incumbents are very powerful and not interested in change OR IN OUR PRIVACY RIGHTS.
HIMSS and Blackford believe that health technology will be the silver bullet that enables healthcare reform and kills/slows higher costs. That may be possible, but is highly doubtful because the billions are such a bonanza for the health IT industry.
Will this be yet another example of the stimulus billions being used to prop up large corporations, but not to save individual patients who are sick?
Not only does most of health IT vendor industry NOT care about whether healthcare reform succeeds or not, they actively fought to weaken Americans' rights to privacy and security. By law, industry cares about maximizing revenue, not treating the sick.
So the BIG question is: will the government require all electronic health records systems to have the tough privacy and security measures the public expects and needs to trust these systems? Will the government require electonic health systems to build in our legal and ethical rights to privacy up front?
Most of the HIT industry lobbied to sell the same old dinosaur products and against privacy. The incumbents are very powerful and not interested in change OR IN OUR PRIVACY RIGHTS.
Monday, May 11, 2009
First HIT Policy Committee Meeting on Stripping Privacy Away?
No surprise the new HIT Policy committee is gearing up to eliminate privacy, i.e. patient control over personal health information, using the excuse that the entire nation's records are needed for biosurveillance and research without informed consent. See the quotes from Drs Calman and Clark. The title of the article says it all: "Committee studies public health, research".
The committee is dominated by industry appointees who will make sure the policies they come up with grant unfettered government and industry access to Americans' most sensitive personal data, from prescriptions to DNA.
What they don't get is they will lose the public's support and trust if they build a system where everyone's health records can be data mined for any research purpose. A Westin/Harris IOM poll found only 1% of the public would allow researchers unfettered access to their electronic medical records. The government and the research community are completely at odds with the public's rights to health privacy.
The reality is millions of Americans already refuse to participate in healthcare systems that harm them because they have no control over their medical records.
HHS noted in the Preamble to the HIPAA Privacy Rule that 600,000 Americans/year avoid early diagnosis and treatment for cancer because treatment records are not private private. Two million people/year with mental illness avoid diagnosis and treatment for the same reason: their records are not private. The Rand Corporation found that 150,000 Iraqi vets refuse treatment for PTSD because their treatment is not private, resulting in the highest rate of suicide in active duty military personnel in 30 years.
Can this commitee face reality when they have severe conflicts of interest and want the use of Americans' health data?
The lack of privacy drives millions away from healthcare. And the lack of privacy causes suffering and death--bad outcomes.
It looks like patients' and consumers' best hope for preserving their health privacy rights in electronic systems may be Gayle Harrell. She may be the only committee member who can face reality.
The committee is dominated by industry appointees who will make sure the policies they come up with grant unfettered government and industry access to Americans' most sensitive personal data, from prescriptions to DNA.
What they don't get is they will lose the public's support and trust if they build a system where everyone's health records can be data mined for any research purpose. A Westin/Harris IOM poll found only 1% of the public would allow researchers unfettered access to their electronic medical records. The government and the research community are completely at odds with the public's rights to health privacy.
The reality is millions of Americans already refuse to participate in healthcare systems that harm them because they have no control over their medical records.
HHS noted in the Preamble to the HIPAA Privacy Rule that 600,000 Americans/year avoid early diagnosis and treatment for cancer because treatment records are not private private. Two million people/year with mental illness avoid diagnosis and treatment for the same reason: their records are not private. The Rand Corporation found that 150,000 Iraqi vets refuse treatment for PTSD because their treatment is not private, resulting in the highest rate of suicide in active duty military personnel in 30 years.
Can this commitee face reality when they have severe conflicts of interest and want the use of Americans' health data?
The lack of privacy drives millions away from healthcare. And the lack of privacy causes suffering and death--bad outcomes.
It looks like patients' and consumers' best hope for preserving their health privacy rights in electronic systems may be Gayle Harrell. She may be the only committee member who can face reality.
Wednesday, May 6, 2009
A Start to Securing PHI?
Sometimes press releases for new products tell us far more about the risk of identity theft in electronic health systems than the mainstream press or trade journals.
Check out this zinger quote: "Most organizations don't even know where their PHI is." Why doesn’t the mainstream press tell the public that the health care organizations (like hospitals) have no idea where all their sensitive personal health data resides?
How about this: "The software (Identity Finder) automatically finds PHI such as social security numbers, medical record numbers, dates of birth, driver licenses, personal addresses, and other private data within files, e-mails, databases, websites, and system areas. Once found, the software makes it simple for users or administrators to permanently shred, scrub, or secure the information." Emails? Who sends drivers license numbers, SS#s, and Dates of Birth in emails? Clearly lots of healthcare organizations do.
We can only hope products like this sell.
See full article at http://news.prnewswire.com/DisplayReleaseContent.aspx?ACCT=104&STORY=/www/story/05-05-2009/0005019328&EDATE
Check out this zinger quote: "Most organizations don't even know where their PHI is." Why doesn’t the mainstream press tell the public that the health care organizations (like hospitals) have no idea where all their sensitive personal health data resides?
How about this: "The software (Identity Finder) automatically finds PHI such as social security numbers, medical record numbers, dates of birth, driver licenses, personal addresses, and other private data within files, e-mails, databases, websites, and system areas. Once found, the software makes it simple for users or administrators to permanently shred, scrub, or secure the information." Emails? Who sends drivers license numbers, SS#s, and Dates of Birth in emails? Clearly lots of healthcare organizations do.
We can only hope products like this sell.
See full article at http://news.prnewswire.com/DisplayReleaseContent.aspx?ACCT=104&STORY=/www/story/05-05-2009/0005019328&EDATE
Tuesday, March 10, 2009
Stimulating Health IT
Health Affairs Briefing: Deborah Peel, MD, founder & chair of Patient Privacy Rights, represents consumers in a discussion of Health Information Technology and how to proceed with privacy. Learn more and find how you can attend.
Subscribe to:
Posts (Atom)
