Privacy fears slow health IT push

Summary: Until we settle on a unique identifier for all personal databases privacy is unachievable.

By Dana Blankenhorn for ZDNet Healthcare | November 24, 2010 -- 08:14 GMT (00:14 PST)

Follow @ZDNet

CORRECTION: Deborah Peel insists she has always supported health reform.

Fears about the leakage of private health data have kept health an IT backwater since the HIPAA law went into effect.

Why a system where you can't find records and have to re-enter them each time you see a new doctor is considered safer than an automated system remains beyond me. But that's what many doctors believe.

They're acting as data hoarders, no different in their way from kids who download songs from BitTorrent because they fear losing access to them. But the Man wants to put the kids in jail. He coddles the doctor.

Today rules for the Nationwide Health Information Network (NHIN) are being held up by a dispute over whether day-to-day governance will be done through private groups or government rules, said National Coordinator for Health IT David Blumenthal (below).

Questions about implementing privacy and security are delaying recommendations from a Tiger Team tasked with advising the government policy committee which is creating the meaningful use rules.

At the same time activists like Dr. Deborah Peel (above) hover around the media, claiming that EHRs are all "designed for backdoor data mining," deliberately confusing the use of anonymous data in studies with the seizure of individual records by employers or insurers.

Turning records into numbers is the best way of finding out what works in medicine. That's not a privacy violation. Getting fired because your employer found you were seeing a shrink on your own dime is a privacy violation, but that's what EHR systems are designed to prevent, not enable.

~~Dr. Peel opposes health reform, but r~~Reform is the answer to the problem. Only by eliminating the incentive employers and insurers have to peek at records, by having everyone pay equivalently into a common pool, can we gain a measure of medical privacy.

This is not to say that privacy and security are unimportant. They are. But we have a lot more to fear from insiders putting a few gigabytes of data onto a USB stick and selling that stick to an identity theft ring than from what's in the medical records.

Medical records are financial records first.

The answer to that question lies in secure identity, in better keys that keep both our financial and health records safely under our control. Until this key is in our hand, until we settle on a unique identifier for all personal databases, then privacy is unachievable. We'll be going around-and-around until 2020 looks like 1999 does now.

Topics: Health, CXO, Legal, IT Employment

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

25 comments

Log in or register to join the discussion

RE: Privacy fears slow health IT push

The problem is health data is so 'rich' in dates, places, details, names of treating doctors, etc that it is virtually impossible to make it anonymous or prevent it from being re-identified. Patient Privacy Rights has been asked by CMS, ONC, OPM and other agencies about what kind of standards should be in place for the release of large public data sets. See our memo at: http://patientprivacyrights.org/wp-content/uploads/2010/10/ABlumberg-anonymization-memo.pdf

dpeelmd
24 November, 2010 09:47

Reply Vote
- RE: Privacy fears slow health IT push
  
  @dpeelmd Once the number in any field falls below a designated number (5 is the number most frequently used) it's not reported. Collecting numbers is not collecting records, as in the Netflix case. Individual records are of no interest to the researcher.
  
  DanaBlankenhorn
  24 November, 2010 09:51
  
  Reply Vote
  - RE: Privacy fears slow health IT push
    
    @DanaBlankenhorn Again you miss the big picture. Legitimate researchers are not the problem. You seem unaware of the massive sale of the most intimate digital profiles of every American that are constantly updated and sold to whomever by companies such as Rapleaf. have you been reading the WSJ series called "what they know". This is not about seeing tailored ads--these profiles are used to deny us opportunities. Soon we will have very different access to jobs and credit based on these unbelievably intimate dossiers which are illegally collected.
    
    dpeelmd
    24 November, 2010 10:02
    
    Reply Vote
  - RE: Privacy fears slow health IT push
    
    Dana - There are many current health care projects where literally millions of records are being collected from claims data in order to identify quality metrics (funded by RWJF for example). When an individual provider questions the data they are able to request the names of the patients attributed to their panels.. how long before providers start to drop the people who are hurting their outcomes and label them "non-compliant" when in fact it might be due to an inability to afford co-pays on meds )
    
    Sostaine
    24 November, 2010 10:12
    
    Reply Vote
- RE: Privacy fears slow health IT push
  
  [b][url=http://www.hotelsneardisneyland.biz/]HOTELS NEAR DISNEYLAND[/url][/b]|
  [b][url=http://www.rentalleaseagreementform.org/]FREE PRINTABLE RENTAL LEASE AGREEMENT[/url][/b]
  [b][url=http://www.printablerealestateforms.com/]PRINTBLE REAL ESTATE FORMS[/url][/b]
  [b][url=http://www.bestfoodforall.com/]FOOD FOR ALL[/url]|[/b]
  [b][url=http://www.printable-legal-forms.com/]PRINTABLE LEGAL FORMS[/url][/b]
  
  lorain123
  24 November, 2011 03:47
  
  Reply Vote
RE: Privacy fears slow health IT push

Where on EARTH did you get the idea I oppose health care reform??? That is simply false, a fabrication. I have never said or written any such thing. I am very much in favor of health care reform and HIT, but technology should not enable thousands of strangers to harm patients and eliminate privacy.<br><br>If you are going to continue to write about me why don't you call and talk to me before you misrepresent my positions and print lies? This is not the first time you have done this to me. As a journalist I thought you'd be interested in the truth.

dpeelmd
24 November, 2010 09:53

Reply Vote
- You've stepped in it now Dana....
  
  @dpeelmd Your off-the-cuff style of journalism is probably going to get you into court...
  
  happyharry_z
  24 November, 2010 09:59
  
  Reply Vote
  - RE: Privacy fears slow health IT push
    
    @happyharry_z It may. Which is why I try to apologize and correct first, as soon as I'm notified of a mistake. And learn from mistakes.
    
    DanaBlankenhorn
    24 November, 2010 12:37
    
    Reply Vote
- RE: Privacy fears slow health IT push
  
  @dpeelmd Will do. I apologize for my actions, and the offense they may have caused. The story has been corrected.
  
  DanaBlankenhorn
  24 November, 2010 12:29
  
  Reply Vote
- RE: Privacy fears slow health IT push
  
  @dpeelmd I corrected the article immediately after getting off the phone and tried to apologize again by phone and e-mail in the last few hours.
  
  I'm willing to admit publicly and privately I screwed up. My actions were wrong. There may be reasons but there is no excuse.
  
  DanaBlankenhorn
  24 November, 2010 12:48
  
  Reply Vote
RE: Privacy fears slow health IT push

If no one was ever discriminated against because of a medical condition these fears might be over blown. If people also understood the limitations of some of the largest EMR vendors that use MUMPS and Cache that make it difficult if not impossible to restrict data by fields you also might have more concerns yourself.

Actually many people are totally unaware of how much medical data is already being mined.. 95% of all pharmacy records are uploaded to third party benefits firms each night and then repacked with the AMA physician data base (18% of the AMA's income) and then resold to pharma drug reps. This allows drug companies to target doctors to change their prescribing patterns with little real benefit to patients. When some states attempted to limit this practice the multi-billion dollar drug benefit firms sued in an attempt to stop the laws.

We are also now seeing "free" EHR's that put pharma ads right on each page of your medical record or deliver "ads" during the check in process directly to patients and essentially put a drug rep in the exam room with the patient and in the doctors office when s/he is working.

There are also over 1 million pregnancies terminated in this country each year and mental health treatment is a huge risk factor for many people. Anti-depressants are now the number one prescribed medication in the US and yet many employers and even voters continue to discriminate against people being treated for a mental health illness (Dr Peel is a psychiatrist btw) Both of these patient populations have very legitimate fears about having their medical information shared with anyone other then their treating providers but in the 30% of large employers who are self insured they frequently use your medical history for promotions and over seas assignments.

Finally - anyone who understands data is very well aware that you cannot really de-identify data - (you can however add noise to the data to make it useful for research) and there are growing concerns around secondary uses of your data.

Life insurance companies already use your RX history as a surrogate for your medical history (if you are taking chantrax to stop smoking you might instead be tagged with being treated for depression) and be unable to obtain or pay higher rates. Many financial firms (mortgage and credit) are also looking into using your prescription history to asses your credit risk. A very legitimate concern is that some day soon if you have a spouse who is treated for cancer that you will not be able to get a mortgage because you are now in a higher risk category due to a health problem that might bankrupt you.

The solution isn't always an either or approach to privacy and security (too different topics) but an informed decision making process. One of the roles of Government is to look out for the most vulnerable amongst us - those with debilitating medical conditions and protect their rights at the same time we move forward. A more appropriate approach might be to address and mitigate the fears without attacking the messengers.

Sostaine
24 November, 2010 10:09

Reply Vote
- RE: Privacy fears slow health IT push
  
  Just today - Vt. law on drug data mining ruled unconstitutional http://www.businessweek.com/ap/financialnews/D9JM3BH00.htm
  
  "Three companies -- IMS Health, SDI and Source Healthcare Analytics -- had sued over the law, which was enacted in July 2009. The companies gather data on drugs ordered by doctors and sell it to pharmaceutical manufacturers."
  
  Sostaine
  24 November, 2010 10:17
  
  Reply Vote
  - RE: Privacy fears slow health IT push
    
    @Sostaine The purpose of that data mining was to target pharmacists, not patients. There is no evidence patient names were being given to drug reps.
    
    DanaBlankenhorn
    24 November, 2010 12:31
    
    Reply Vote
- RE: Privacy fears slow health IT push
  
  @Sostaine A better solution might be to enforce existing laws and put someone in jail for violating them.
  
  DanaBlankenhorn
  24 November, 2010 12:51
  
  Reply Vote
RE: Privacy fears slow health IT push

Check out the fact that the state of Texas actually gives away identifiable patient hospital records to insurers and corporations for "research" uses. See: http://www.theaustinbulldog.org/index.php/Main-Articles/Main-Articles/department-of-state-health-services.html

Do you really believe these companies use your records to improve your health? No, they use YOUR records to discriminate against you and to improve their bottom lines.

dpeelmd
24 November, 2010 10:24

Reply Vote
- A solution
  
  @dpeelmd The solution here is to eliminate the incentive, by eliminating differentiated pricing. As a supporter of health reform I'm certain you understand that.
  
  DanaBlankenhorn
  24 November, 2010 12:32
  
  Reply Vote
- RE: Privacy fears slow health IT push
  
  @dpeelmd As I indicated above (and have written elsewhere) criminal sanctions against data leaks may also be required. Crime committed under a corporate name remains a crime. If people have to go to jail for companies to learn that, top executives pulled down from million dollar perches and put next to Bernie Madoff, that's what has to happen.
  
  DanaBlankenhorn
  24 November, 2010 12:39
  
  Reply Vote
RE: Privacy fears slow health IT push

"Medical records are financial records first."

Not really. But if they were, where is the NFIN (F - for Financial)? And if there was one suggested, would you support it?

There are two distinct issues here:
One is data security to guard against breach and theft. This is a technology issue that can be rectified with better technology.
The other is Privacy. This is a legal issue and until legislation is passed to protect people's privacy in an electronic age, this issue will not go away.
Not many people have problems with proper clinical research which will benefit all of us in the long run. However, "research" is not defined anywhere and therefore marketing research or any other perverse version of research is perfectly legal if the data is "de-identified" and the law allows one to hire an "expert" to decide if the de-identification is acceptable.

Then there is the ownership issue. Why is it that those who own the servers on which the "data" resides also own the "data" to do with it as they please? To go back to your financial assertion, does the bank own my valuables just because I store them in their safe deposit box?
The common knowledge is that there are mountains of money to be made from all this data. Pure clinical research does not usually yield fortunes, so how exactly are people planning on "monetizing" this data? And if all we want to do with the data is clinical research for the public good, why is it so hard to acknowledge that and legislate around it?

For the record, I support health reform and I wish it would have gone much farther than it did towards universal health care and at least some public option. I also support EHR adoption and health information exchange, but I want it done right from the get go precisely because I want it to be successful.

Margalit Gur-Arie
24 November, 2010 11:23

Reply Vote
- Disagree that it is a "technolgy issue"
  
  @Margalit Gur-Arie The multiple high profile breaches that I have been the victim of personally could have easily been prevented using basic precautions. The problem is that the humans in the equation did not follow said basic precautions. That's what lead to the theft of one of the VA's unencrypted laptops with large amounts of personal data on it. Then to top even that, they did it again - this time by allowing one of their contractors to do the same thing. They never seem to learn.
  
  My point is that the technology to prevent these breaches was already there. It is the humans that failed and continue to fail, not the technology.
  
  cornpie
  24 November, 2010 12:13
  
  Reply Vote
  - RE: Privacy fears slow health IT push
    
    @cornpie I agree with both of you. Medical record data needs to be taken as seriously as credit card data. Credit card companies have been ruined for such breaches. I wonder how long before a hospital is?
    
    DanaBlankenhorn
    24 November, 2010 12:33
    
    Reply Vote