Will patients trust physicians in
the Digital Age?
It depends on EHRs, HIEs, and you
November 3, 2011
Deborah C. Peel, MD
(c) 2011, Patient Privacy Rights. All rights reserved
I.
Today Americans have no privacy/control over
electronic health information
II. History of health privacy
what happened to the right of consent
consequences
III. Americans’ expectations/ long-standing rights
IV. Key problems
high value of PHI (protected health information)
government/Congress not protecting citizens
public/industry/govt: misaligned interests
I. No privacy/control
over personal
information
(health data, Internet,
pictures, location)
IT Everything A witness to history in healthcare
information technology.
For now, trust no one on Internet privacy
By Joe Conn
FCC Chair Liebowitz: “One day you might be printing
out a CDC fact sheet on alcoholism to help your son
with a project for health class,” he said. “Or you order a
box of your mother's favorite candy to take her when
you go visit. You know you are a dutiful parent, but an
employer could see a boozy job applicant. You know
you're a thoughtful daughter. But a health insurer could
see a destined diabetic.”
http://www.modernhealthcare.com/article/20111020/blogs02/310209999#
IT Everything A witness to history in healthcare
information technology.
• Ubiquitous “leakage” of personally identifiable
information (pii) from one web site to another
• 113 (61%) of the 250 most popular websites leak
user names or user IDs
• ‘trivial algorithms’ can identify 70%+ of individuals
with “precision” via user names from Google, eBay
and public profiles
• FTC and FCC: consumers should be able to “opt out”
of online tracking
• Liebowitz: “opt-out” will be difficult but necessary
BUSINESS
Physician texting provides quick communication -and an easy way to violate HIPAA
By Pamela Lewis Dolan Posted Oct 31, 2011
• Many physicians don’t encrypt
• ignorance or recipient can’t decrypt
• College of Healthcare Information
Management Execs:
• 96.7% allow texting of orders
• 57.6% don’t use encryption
• pii (sex, Dx, adm date, room#, etc) violates HIPAA
http://www.ama-assn.org/amednews/2011/10/31/bica1031.htm
THE WALL STREET JOURNAL
SEPTEMBER 26, 2011
Health-Care Industry: Heal Thyself
Safeguarding patient information is especially important. And
especially difficult.
By M. ERIC JOHNSON
Is controlling costs toughest challenge facing the U.S. health-care industry?
Is safeguarding patient data harder?
• health-care industry lags behind corporate world in adopting integrated systems for security
• applications and data spread throughout departments = plenty of opportunities for leaks
• small, unsophisticated players handle sensitive information without tools to protect it
• devices such as insulin pumps can be hacked to deliver lethal doses
• Take inventory.
• Consider access.
• Make the technology easy to use.
• Educate the doctors.
http://online.wsj.com/article/SB10001424053111904716604576542380296355702.html?grcc=88888&mod=WSJ_hps_sections_health
NHS told to abandon delayed IT project
£12.7bn computer scheme to create
patient record system is to be scrapped
after years of delays
Denis Campbell, Wednesday 21 September 2011
• The NHS has spent billions of pounds on a computerised patient record and
booking system, which has never worked properly.
• The £12.7bn National Programme for IT is being ended after years of delays,
technical difficulties, contractual disputes and rising costs.
http://www.guardian.co.uk/society/2011/sep/22/nhs-it-project-abandoned?INTCMP=SRCH
Americans expect
privacy and security
but….
II. History of
US health privacy
2,400 years of
consensus on privacy
reflected in law and ethics
Hippocrates
“Whatsoever I shall see or hear of
the lives of men or women which
is not fitting to be spoken, I will
keep inviolably secret.”
The ethical codes of all the health
professions require informed consent
before use or disclosures of personal
health information.
“Since the time of Hippocrates physicians have pledged to maintain the
secrecy of information they learn about their patients, disclosing information
only with the authorization or the patient or when necessary to protect an
overriding public interest, such as public health.
Comparable provisions are now contained in the codes of ethics of virtually
all health professionals.”
Report to HHS, NCVHS (June 22, 2006)
Privileges
A physician-patient privilege is recognized in
laws of 43 states and the District of Columbia.
The State of Health Privacy, Health Privacy Project (2000)
A psychotherapist-patient privilege is
recognized in the laws of all 50 states and the
District of Columbia.
Jaffee v. Redmond, 116 S. Ct. 1923, 1929 (1996)
Common Law
All 50 states and the District of Columbia
recognize in tort law a common law or
statutory right to privacy of personal
information.
HHS finding 65 Fed. Reg. at 82,464
Ten states have a right to privacy expressly
recognized in their state constitutions.
Constitutional protections
“In fact, the constitutionally
protected right to privacy of highly
personal information is so well
established that no reasonable
person could be unaware of it.”
Sterling v. Borough of Minersville, 232 F.3d
190, 198 (3rd Cir. 2000).
"The right to be let alone is the most
comprehensive of rights and the right most
valued by civilized men.
To protect that right, every unjustifiable
intrusion by the government upon the
privacy of the individual, whatever the
means employed, must be deemed a
violation of the [Constitution].”
Olmstead v. United States, 277 U.S. 438, 478, 48
S.Ct. 564, 572 (1928) (Brandeis dissenting)
What does ‘privacy’ mean?
The NCVHS defined health information privacy as
“an individual’s right to control
the acquisition, uses, or
disclosures of his or her
identifiable health data”.
(June 2006, NCVHS Report to Sec. Leavitt, definition originally from the IOM)
privacy = control
security ≠ privacy
Privacy = how many keys?
Security
HIPAA regs eliminate consent and privacy
1996
2001
2002
Congress passed HIPAA, but did not
pass a federal medical privacy
statute, so the Dept. of Health and
Human Services (HHS) was required
to develop regulations that
specified patients’ rights to health
privacy. Public Law 104-191
“… the Secretary of Health and Human Services shall
submit to [Congress]…detailed recommendations on
standards with respect to the privacy of individually
identifiable health information.”
President Bush implemented
the HIPAA “Privacy Rule” which
recognized the “right of consent”.
HHS wrote these regulations.
65 Fed. Reg. 82,462
“….a covered health care provider must obtain the
individual’s consent, in accordance with this section,
prior to using or disclosing protected health information
to carry out treatment, payment, or health care
operations.”
HHS amended the HIPAA
“Privacy Rule”, eliminating the
right of consent.
67 Fed. Reg. 53,183
“The consent provisions…are replaced with a new
provision…that provides regulatory permission for
covered entities to use and disclose protected health
information for treatment, payment, healthcare
operations.”
III. Americans’
expectations/rights to
health information
privacy
10.3 million Americans expect
privacy and security
The bipartisan Coalition for Patient Privacy, 2011
AIDS Action
American Association of People with Disabilities
American Association of Practicing Psychiatrists
American Chiropractic Association
American Civil Liberties Union
American Conservative Union
American Psychoanalytic Association
Association of American Physicians and Surgeons
Bazelon Center for Mental Health Law
Bob Barr (former Congressman R-GA)
Citizens for Health
Citizen Outreach Project
Clinical Social Work Association
Consumer Action
Consumers for Health Care Choices
Cyber Privacy Project
Doctors for Open Government
Ethics in Government Group
Fairfax County Privacy Council
Family Research Council
Free Congress Foundation
Georgians for Open Government
Gun Owners of America
Health Administration Responsibility Project, Inc.
Just Health
Multiracial Activist
Microsoft Corporation Inc.
National Center for Transgender Equality
The National Center for Mental Health Prof. & Consumers
National Whistleblower Center
National Workrights Institute
Natural Solutions Foundation
New Grady Coalition
Pain Relief Network
Patient Privacy Rights Foundation
Privacy Activism
Privacy Rights Now Coalition
Private Citizen, Inc.
Republican Liberty Caucus
Student Health Integrity Project
TexPIRG
Thoughtful House Center for Autism
Tolven, Inc.
Tradition, Family, Property, Inc.
Universata, Inc.
U.S. Bill of Rights Foundation
You Take Control, Inc.
what patients say
about privacy
PPR Zogby poll
2000 adults’ views on privacy
August 2010
http://patientprivacyrights.org/patient-privacy-poll/
AHRQ: 2009
20 focus groups expect control
• A majority want to “own” their health data, and
to decide what goes into and who has access to
their medical records. (AHRQ p. 6)
• A majority believe their medical data is “no one
else’s business” and should not be shared
without their permission….not about sensitive
data but “a matter of principle”. (AHRQ p. 18)
AHRQ: 2009
20 focus groups expect control
• no support for general rules that apply to all
consumers
• consumers should exert
control over their own health
information individually,
rather than collectively. (AHRQ p. 29)
AHRQ Publication No. 09-0081-EF “Final Report: Consumer Engagement in
Developing Electronic Health Information Systems” Prepared by: Westat,
(July 2009)
http://healthit.ahrq.gov/portal/server.pt/gateway/PTARGS_0_1248_888520_0_0_18/09-0081-EF.pdf
U.S. divides into three groups:
--The Privacy Intense ….. about 35-40%
-- The Privacy Pragmatic ……………. about 50-55%
-- The Privacy Unconcerned ……….. about 10-15%
http://patientprivacyrights.org/wp-content/uploads/2011/06/AFW-SUMMIT-6-13-11.pdf
who are the Privacy Intense?
• distrust govt and business IT
• worry about 2ndary use of PHI
• don’t want research access without consent,
strongest concern is discrimination
• want legal controls and strong enforcement
Privacy Intense in general consumer privacy
areas are about 25%, health privacy raises this
to 35-40%
IV. Key problems/
consequences
patients risk health
to protect privacy
refuse diagnosis and treatment
• HHS estimated that 586,000 Americans did not
seek earlier cancer treatment due to privacy
concerns.
65 Fed. Reg. at 82,779
• HHS estimated that 2,000,000 Americans did not
seek treatment for mental illness due to privacy
concerns.
65 Fed. Reg. at 82,777
• Millions of young Americans suffering from
sexually transmitted diseases do not seek
treatment due to privacy concerns.
65 Fed. Reg. at 82,778
refuse diagnosis and treatment
• The Rand Corporation found that
150,000 soldiers suffering from PTSD
do not seek treatment because of
privacy concerns
• The lack of privacy contributes to the
highest rate of suicide among active
duty soldiers in 30 years
“Invisible Wounds of War”, the RAND Corp., p. 436, (2008)
act to protect privacy
The California Health Care Foundation
found that 1 in 8 Americans have put their
health at risk because of privacy concerns:
• Avoid seeing their regular doctor
• Ask doctor to alter diagnosis
• Pay for a test out-of-pocket
• Avoid tests
http://patientprivacyrights.org/2005/11/national-consumer-health-privacy-survey-2005/
Americans expect
privacy and control
but….
huge market for health data
+
theft and sale of health data
→
health data mining industry
Where did this slide come from ? The Medical Information Bureau website. The MBI
sells claims/health data to insurers and employers.
35% of Fortune 500
companies admit to using
medical records for hiring and
promotions
65 Fed. Reg. 82,467.
2011: Top Fortune 500 Companies
health data mining industry
6 General Electric (GE Centricity EHR/HIT systems,
sells clinical data) revenue 151B
15 McKesson (sells Rx data) revenue 108B
18 IBM (sells health data) revenue 100B
19 Cardinal Health (drug distributor) revenue 99B
21 CVS Caremark (sells Rx data) revenue 96B up from
65B in 2010
22 United Health Group (sells data thru Ingenix, its
data management and IT unit, whose revenues
increased more than 25%.
http://money.cnn.com/magazines/fortune/fortune500/2011/full_list/
2011: Top Fortune 500
Health Care: Pharmacy and Other
Services (health data mining industry)
Rank Company/500 rank
Revenues($ billions)
1 Medco Health Solutions #34
66 (sells Rx data)
2 Express Scripts #55 (up from 96)
25 (sells Rx data)
3 Quest Diagnostics #320
7.3 (sells lab data)
“transforms millions of test results into valuable information products”
http://www.questdiagnostics.com/brand/careers/index.html#services
4 Omnicare #371
6.1
(sells data???)
(leading Rx provider for seniors)“we capture a tremendous amount of data”
..combines data with outcomes algorithm technology
5 Lab Corp. of America #447
4.7 (sells lab data??)
http://money.cnn.com/magazines/fortune/fortune500/2011/industries/224/index.html
research loophole
allows sale of
data from EHRs,
PHRs, claims data,
lab data, prescriptions, health
searches, state data, newborn
bloodspots, etc, etc
Clinical Data Services
The CDS Advantage
Disease Counts in Database
Hypertension 2,284,249
Hyperlipidemia 2,212,629
Depression 1,185,828
Cardiovascular Disease 1,004,214
GERD 984,864
Diabetes 922,169
Asthma 750,963
Osteoarthritis 602,043
COPD 319,310
ADD/ADHD/HKD 188,424
Rheumatoid Arthritis 85,757
Alzheimer's 35,790
Parkinson's 22,017
Note: Data reported as of
February 28th, 2010
Codified Medical Problems
Prescriptions/Historical Meds
Patient Allergies, Medical
Orders and Events
Vital Signs and Physical
Findings
Lab Values
https://www2.gehealthcare.com/portal/site/usen/menuitem.b399d8492e44a6765c09cbd5
8c829330/?vgnextoid=ae0f4fb9efff5210VgnVCM100000382b3903RCRD&fromChannel=
7e0f4fb9efff5210VgnVCM100000382b3903____
Kansas City Business Journal
Cerner finds a treasure in data mining
by Mike Sherry Staff Writer
• The North Kansas City-based health care information technology company,
known mostly for the health-record software sold to hospitals and clinics, is
leveraging the billions of anonymous patient records it has at its disposal as
marketable information to pharmaceutical companies and researchers.
• Included in Cerner’s data warehouse are 1.2 billion lab results. It also has smaller
•
numbers of medication orders and other data.
The company collects the information through data-sharing agreements with
roughly 125 of its software clients.
Cerner is not violating the ban on sales because of the “research” exception
http://www.bizjournals.com/kansascity/stories/2009/06/01/story5.html?b=1243828800^1835382
EMR vendor to share patient data with
genetics research firm
3/20/2008 by Richard Pizzi
• “Perlegen Sciences, Inc., a company exploring the clinical
application of genetic research, plans to collaborate with an
undisclosed electronic medical records vendor to identify
and develop genetic markers that predict how patients are
likely to respond to specific medical treatments.
• Under the terms of the agreement, Perlegen, based in
Mountain View, Calif. , will have exclusive access to the EMR
vendor's database of U.S. records for the purpose of
assessing and selecting patients from whom appropriate
genetic samples could be collected.”
claims data is sold
What is BHI® (Blue Health Intelligence)?
shares critical health information with employers
premier health intelligence resource
BHI sets the new standard for healthcare data aggregation, reporting and analysis
Size and Value of data for sale
1) longitudinal data on 54 million BCBS members [without consent]
2) reporting not only by MSA, industry and product type, but by Diagnosis Related Groups
(DRGs) code, age group and gender [allows re-identification]
How does BHI ensure the privacy and security of members’
healthcare information?
1) adheres to HIPAA regs = no consent for use and sale of data
2) Use a system-generated identifier, allowing longitudinal analysis [allows re-identification]
3) fully de-identified in accordance with HIPAA [17 identifiers removed, still allows reidentification of .04%]
http://www.bcbs.com/innovations/bhi/bhi-faqs-1-12-09.pdf
Health Research Data for the Real World: the
MarketScan Data Bases
David M. Adamson, PhD
Stella Chang, MPH
Leigh G. Hanson, MS, MBA
Research and Pharmaceutical Division
Thomson Medstat, now THOMSON REUTERS
January 2006
KEY QUOTE: “Data from individual patients are integrated from all providers of
care, maintaining all healthcare utilization and cost record connections at the
patient level.
Medicare and Medicaid data for sale
“at the patient level”
Personal health information is for sale
Thomson Medstat
prescription records
are sold
Businessweek July 23, 2008: “They Know What's in Your Medicine Cabinet,
How insurance companies dig up applicants' prescriptions—and use them to deny
coverage" http://www.businessweek.com/magazine/content/08_31/b4094000643943.htm?chan=magazine+channel_in+depth
states sell DNA and
hospital records
DNA Deception
by Emily Ramshaw
February 22, 2010
“nine years' worth of e-mails and internal documents
on the Department of State Health Services’
newborn blood screening program reveals the
transfer of hundreds of infant blood spots to an
Armed Forces lab to build a national and, someday,
international mitochondrial DNA (mtDNA) registry”--it turns out newborn bloodspots were being sold by
DSHS and TX A&M for research
Austin Bulldog
Hospital Patient Privacy Sacrificed as State
Agency Sells or Gives Away Data
Technology Used by For-Profit Companies
Strips Away Inadequate Layers of Security
by Suzanne Batchelor
http://www.theaustinbulldog.org/index.php/Main -Articles/MainArticles/department-of-state-health-services.html
DSHS collects , sells, and gives away inpatient hospital data
without consent for:
• public-health, medical research, trade groups, lobbyists,
businesses, anonymous downloaders
physicians allow use of
PHI for comparative
effectiveness
research without
consent
DARTNet
Distributed Ambulatory Research in Therapeutics Network
• extracts “de-identified” Critical Care Record (CCR) from EHRs of 400K patients treated
by 500 primary care docs
• patient consent not obtained –research uses physician consent instead
• physicians prompted to obtain specific information during patient visits
• 2nd study on Depression needs 2.4 M patients, will add a RHIO
8 DARTNet orgs/EHR vendor
Medical Clinic of North Texas
NextGen®
WellMed Medical Group (TX)
SmartClinic®
Tiena Health (TX)
Allscripts Professional®
Wilmington Health Asso. Allscripts Professional®
University of Colorado
Allscripts Enterprise®
University of Minnesota
Allscripts Enterprise®
Cranford Family Medicine (AK)
e-MDs®
Family Health Center of Joplin
e-MDs®
http://www.effectivehealthcare.ahrq.gov/index.cfm/search-forguides-reviews-andreports/ ?pageaction=
Displayproduct&productID=151
Patient info available via DARTNet but
not through claims data
Medication allergies
Reason for appointment
Family history
Findings (BP, weight, height, etc.)
Social history (alcohol and tobacco use, etc.)
Laboratory orders and results
Prescribed medications
Past medical history
Date of onset of disease
Referrals
Provider-level data
Practice-level data
Data collected/prompted for collection at point
of care
weak security
breaches, data theft
& data sales
Sep 19, 2010
Steady Bleed: State of
HealthCare Data Breaches
Study reveals patient data breaches continue month after month - at an alarming rate.
•
•
•
•
200-bed hospital 24/mo
20-clinic physician practice 29/mo
UK major teaching hospital 129/mo
Top 50 U.S. Health System 125/mo
http://www.informationweek.com/blog/main/archives/2010/09/steady_bleed_st.html
Department of Justice Press Release
For Immediate Release
United States Attorney's Office
October 13, 2010
Manhattan U.S. Attorney Charges
44 Members and Associates
of an Armenian-American
Organized Crime Enterprise with
$100 Million Medicare Fraud
Cybercrime—data purchasers
• seeks data to file false medical
claims:
RSA White Paper: Cybercrime and the Healthcare Industry
Cybercrime—data sellers
• post seeks buyers for > 6,500
medical records
RSA White Paper: Cybercrime and the Healthcare Industry
Americans expect
privacy and control
but….
Health IT systems/data exchanges
• “Wild West”—physicians may share PHI only for
treatment, BUT receivers sell and disclose PHI
• 2ndary use of sensitive health information is the norm
• no data map: data flows inside and outside US
• HIPAA “research” and “public health” loopholes allow
wide use of PHI/data mining for “research”, profit and
discrimination
• no transparency/accountability
• complex HIT systems
– One hospital = 200+ HIT systems/software/vendors
• abysmal security
Key problems for the public
• govt, research & industry
– want access to data and oppose consent
– oppose privacy-enhancing technologies
– huge investments in legacy systems
• legal gaps/weaknesses in privacy
protections
• no Congressional oversight
• limited federal agency oversight, except
FTC & HHS (now auditing/penalizing)
Key problems for public
• PHI = most valuable pii
• HIT gold rush: $27-29B for HIT vendors
• patients/physicians are misinformed/hold
conflicting beliefs:
– assume data privacy despite breaches
– believe doctors can protect data YET huge
majorities distrust HIT
– told privacy is the key obstacle to “data
liquidity”---YET consent = instant data flow
DANGEROUS TIMES
• govt and industry now use the words ‘privacy’
and ‘trust’
• BUT are not implementing meaningful and
comprehensive policies and privacy-enhancing
HIT
• public can’t easily participate at federal level
ie, privacy experts, academics, advocates
• Today’s policies and HIT violates existing law &
public expectations
conclusion:
current law and
HIPAA are
inadequate to
protect privacy
Americans’ strongest individual
rights to control personal
information are for health
information--if we lose privacy rights in
healthcare will we ever gain
information privacy in the online
commercial environment?
solutions
Patient-centered HIT systems
1. universal online consent tools--benefits
• dynamic, not static
• fine-grained decisions, like online banking "Bill Pay"
-automatic rules (like monthly payments), or case-by-case
• ability to share selectively (in accord with laws, rights,
expectations)
• no need to update consents in many locations
• no need for MPI or single patient ID
• independent audit trails of all uses and disclosures
via use of authentication and authorization systems
(employees have unique access codes and can see selected data)
(c) 2007-2010, Private Access, Inc. All rights reserved. (Reprinted with permission).
Patient-centered HIT system
2. health banks--benefits
• ironclad security and architecture
• today there is no place w/ a complete and accurate
copy of our health records
• patients control access and use of PHI
• only patients can collect complete and accurate PHI
• ‘safe’ research without risk of exposing data
•
•
•
•
like census bureau: run research queries on individual
data
unlike census bureau, no research without consent
sensitive data is NOT released
• no need for MPI or UPIN (single ID)---patients have
separate ID at each location = better privacy protections
(stolen data has less value)
Health Record Bank
Encounter
data sent to
Health
Record Bank
Clinician’s Bank
Patient data
delivered to
Clinician
Optional
payment
Clinician EHR
System
YES
Encounter Data
Entered in EHR
Patient
Permission?
NO
DATA NOT
SENT
Health Record Bank
Clinical Encounter
Clinician
Inquiry
Secure
patient
health
data files
Patient-centered HIT systems
3. other systems--benefits
• decentralized consents with centralized control. In this
situation, patients can make local data sharing decisions
at the time and place of service, but have a universal
portal to update or change consents as needed
• an NHIN that works likes a patient file cabinet. In this
situation, all patient information goes to a common
location for the patient, and the patient can make
decisions about sharing at that storage location
in the meantime……
what you can do now
•
•
•
•
•
•
•
use EHRs with segmentation (e-MDs)
press vendors for consent & segmentation
press hospitals for privacy & security
give “Miranda” warnings
stand with patients
sign “Do Not Disclose” petition
volunteer/support PPR
Deborah C. Peel, MD
Founder and Chair
(O) 512-732-0033
dpeelmd@patientprivacyrights.org
www.patientprivacyrights.org
(c) 2011, Patient Privacy Rights. All rights reserved
HIPAA “Research loophole”
• The term “research” is defined at 45 C.F.R. 164.501
as “systematic investigation, including research
development, testing, and evaluation, designed to
develop or contribute to generalizable knowledge.”
• Information is not PHI and not subject to the HIPAA
Privacy Rule if it id “de-identified” as provided in 45
C.F.R. 164.514(b). An organization can use a “limited
data set” for research if they strip out certain
identifiers and enter into a “data use agreement”
under 164.514(e).
• But stronger laws and ethics trump HIPAA