HEALTH 2.0: Getting the PHR, Privacy and Deborah Peel issue off my chest

I’m a card carrying member of the ACLU. I oppose the Patriot Act. And I absolutely oppose the current Administration’s decision to ignore the FISA law that already bends over backwards to help the government spy on Americans whom it suspects of criminal activity. I’m also appalled when I read stories like this one—in which the FBI has been illegally abusing its power by issuing “National Security letters” willy nilly.

I say all this because it’s now a couple of weeks since Google announced it’s health initiative and during that time we held the second Health 2.0 conference. And all the mainstream press can write about is the potential for privacy violations in online health sites, and PHRs, whether it’s been in the San Diego Union Tribune, ZDNET, USA Today or Modern Healthcare.

So even this balanced article in the Washington Post leads with Deborah Peel from Patient Privacy Rights and you have to wade through her incendiary rhetoric before you get to some sense from John Rother, while David Kibbe’s rational applauding of electronic health records only appears towards the end. Here’s what Peel says:

Many online PHR firms share information with data-mining companies, which then sell it to insurers and other interested parties, Peel said.

Well I’m still waiting to see the proof about this. Essentially she’s saying that consumers’ identifiable data is being sold and used against them, and so PHRs are bad.

Much data is of course sold in health care, but as far as I’m aware it’s all de-idenitifed. Whether PHR companies are systematically selling data is unclear. Whether they are selling identifiable data (the thing HIPAA bans and everyone agrees is a bad idea) I severely doubt.

And the problem is that this type of allegation gets the conversation completely off track. The biggest problem with the US health care system and its use of technology is not privacy violations. It’s inefficient use of data causing harm (and costs and poor quality care).

I am getting more than a little annoyed with this focus on the wrong thing. As my commenter JD paraphrased in my earlier piece on the topic (5th comment down here), do the Deborah Peels of the world not use bank accounts or credit cards? Do they not buy houses or have credit scores? Do they not know about what is already known about them in the real world? People understand this data flow and they accept it because it brings them a return that they value. And the same will be true for health information—if health information technology produces valuable results

So what are the nay-sayers going on about? Well I actually suffered and read the World Privacy Forum report on PHRs by Robert Gellman. It’s a hash of conjecture with its main complaint being that HIPAA doesn’t explicitly cover PHRs. Well, no shit Sherlock. HIPAA passed in 1996. It was actually was prepared years earlier and it’s about the automated transactions that existed then. No one had heard of a PHR in 1995, so why should the law cover them? What will happen is that PHRs will start being provided by covered entities and will be under the aegis of HIPAA (in this country at least—it’s called the “World” privacy forum but in reading the report Gellman only has heard of one country apparently).

But even if PHRs are not covered by HIPAA, what are the terrible consequences? Well let’s see. I’ve taken a few excerpts from the report. In the first Gellman says:

Regardless of the PHR’s policy on marketing disclosures, advertising can provide a method for a consumer’s health information to escape into marketing files. Marketers already have millions of names of consumers categorized by specific diseases and diagnoses. Most of the information comes from consumers who provided it in response to “consumer surveys” or through other stealthy methods for collecting health information for marketing use. Health records maintained by health care providers have been unavailable to marketers directly, but commercial PHRs operated outside of HIPAA offer marketers the promise of more and better health information from consumers.

So the problem is not PHRs. It’s consumer surveys taken over the years by marketers. But let’s blame PHRs because they might potentially be used for the same thing.

But hang on, if I’m a transparent PHR vendor won’t I drive out the scummy guys who are secretly selling data which will be used to harm their customers? And aren’t Microsoft and Google and many others being transparent about that? Yes they are, and why won’t consumers vote with their data?

But if you want to lock your data away in a place where
no marketer will get it without your permission, apparently a vault,
even a Healthvault, is not good enough. Here’s what Gellman says next:

Suppose that a consumer has a totally secure safe in
her home that can only be opened with her express approval. The
consumer writes down her Social Security Number (SSN) on a piece of
paper and puts that paper in the safe. Is her SSN more protected than
before? Not really. Everyone else who had the SSN before the paper was
deposited in the safe still has it. That includes banks, the IRS,
credit bureaus, employers, the Social Security Administration, a
partner or spouse, and perhaps dozens of other agencies and
organizations. The locked safe does nothing to enhance the privacy of
the SSN, although the privacy and security of that one piece of paper
may well be improved.

For health records, the information in the PHR must
originate from somewhere. Prime sources are physicians and insurers,
but in some PHRs consumers can also add information about their use of
supplements, gyms, and so forth. The health information about consumers
held by their physicians, health plans, dentists, laboratories,
pharmacies, and others remains exactly where it was before it entered
the PHR. That information is subject to the same good or bad rules or
practices that applied before the deposit of the information in the PHR.

So the problem with the vault is that it
contains health data, and that data doesn’t originate in the vault. And
so those nasty people in the health care business who have been selling
your data still have a copy of it and will keep selling it, even
thought you have a copy in a vault. And your data is still out there,
as Gellman makes clear.

No one who had the ability to obtain health
information before a copy entered the PHR need pay any attention to the
PHR or any consumer controls on the PHR. The records that were
available before from other sources remains available. For example,
health fraud investigators can obtain patient records for their work.
Putting a record in the PHR changes nothing because the fraud
investigators can still obtain the record from the physician or health
plan. The PHR record is a copy but not the only copy. Consumers who see
the control promised by PHR vendors may be easily confused about the
meaning of that control.

So how again is this the fault of the PHR vendor (or
non-PHR vendor as Microsoft insists it is)? This entire diatribe is
aimed at the wrong direction—inappropriate use of data that exists due
to what is currently normal activity in health care. It has nothing to
do with PHRs other than these nay-sayers use the PHR to get in the
news—and apparently no one has the sense to oppose them.

Meanwhile for those of you still reading the
report, Gellman wonders off into the absurd—apparently losing your
health data is good for you:

As time passes, as people move, and as people change
physicians, older information tends to disappear, get lost, or remain
disconnected from current information. That benefits privacy, although
the loss of some old information may sometimes, but not always,
negatively affect health care. PHRs may bring old information together
in ways that may not please consumers all of the time.

Let me give one teeny example to show why not
losing your old data—or at least having it available—might be a good
idea. I have a good friend who sliced his finger off in an accident. At
the emergency room they stitched it back on. They then asked him if
he’d had a tetanus shot in the last ten years. He had no idea because
he had no PHR. So they gave him a tetanus shot. Five days later he got
numbness in his feet. He spent three days being mis-diagnosed at vast
expense before someone asked him about that tetanus shot. Had he had
even that recent week old data in a PHR or EMR a decision support tool
using it might have suggested a rare but very serious complication from
a tetanus shot—the one that he might not have needed in the first
place—called Guillain-Barres syndrome.
The delay in diagnosis can be fatal and can certainly cause paralysis.
Would my friend have been helped by a comprehensive PHR/EMR? You bet he
would. But Gellman seems to think that it’s not worth keeping old
information about inoculations or previous events because having that
information “may not please consumers all the time.”

I was so ticked off by this report that I even went to
Deborah Peel’s organization’s website — which the World Privacy Forum
links to — and looked at the long list of privacy violations in their “True Stories” fact sheet.

And what’s the takeaway? Most of these violations were
one-off accidents or criminal activity. There weren’t very many of them
and most of them concern paper records. And most of them had relatively minor consequences.

So why are these zealots so opposed to PHRs and online
health sites—all of which are being offered by companies that have far,
far more to lose than to gain from betraying their consumers’ trust?
And why are they so loathe to mention the potential benefits of the
spread of PHRs, EMRs and other health information tools?

You would think it’s because they care about the
consequences. And while the consequences of having these sites mean
incredible benefits to their users (here’s just one shining example),
the consequences of a breach of health privacy can be bad, including
losing insurance, employment and enduring social embarrassment. 

But hang on a minute. the most potentially devastating of these is losing insurance. But you can already
lose the chance to get insurance (and of course retroactively lose it
when you’re sick) due to information that you are forced to give up in
the application process. That’s far more prevalent and impacts far more
people than some secret information getting out from a PHR and a
malevolent insurer surreptitiously using it. It’s done right in plain
sight! We know all about that in California.

So we should (as I advocate) take the obvious tack and
ban discrimination based on health information—especially with regard
to insurance coverage.

Why haven’t Deborah Peel and the people behind the
Patients Privacy Rights organization gone down that path? I have yet to
hear her ever mention that in an interview, and yet it’s a much, much
bigger problem than PHR privacy violation.

So I took a little look as to who is on the board of
Patients Privacy Rights. The board includes a veteran Texas Democrat
called Ben Barnes and Kim Ross, an Internet consultant who would appear
to have no axe to grind. But then you start seeing some vested

The board includes several people with affiliations to
organizations that have benefited from the screwed up state of our
current health care system. Peel and Bob Pyles are mental health
clinicians. They would seem to have a legitimate concern about patient
care being harmed if those patients fear that their sensitive
information will be shared without their permission. But that’s not all

How did Peel start getting involved in the privacy
issue? By opposing the Clinton plan because it was supposedly going to
put all information in one big database (which in itself is a very
strange and erroneous reading of that plan). Ed Baxter is a former
lobbyist for Blue Cross of Texas who’s worked with the HIAA. Who’s
HIAA? It was the group behind the Harry & Louise adverts that
helped kill the Clinton plan. And Kim Ross is a former lobbyist for the
Texas Medical Association.

I have no doubt that they have an unbending commitment
to patient privacy that’s strongly held and well intentioned. But
that’s clearly not the only view they hold. I think I’ve found the
answer from the organization’s mission

Without health privacy, electronic health systems will create whole new classes of people who are unemployable, uninsurable and dependent on government, simply because of an illness or genetic risk of disease (my emphasis added)

So I’m not sure this is about privacy at all. I think
this is about a bunch of naysayer anti-“government of any stripe” types
wanting to do anything they can to prevent a rationalization of the
health care system because the government might be involved. Today
they’re opposing EMRs and PHRs, tomorrow it’ll be insurance reform, and
who knows what next.

Perhaps it’s their goal to have a health care system
with no records of any kind. Then there’ll be no privacy violations.
But then again, the quality of the health care won’t be too great.

The rest of us should just ignore them. Instead we can
get on with the serious discussion of how to reform the insurance
market and how to develop and use information tools to improve the cost
and quality of health care. Privacy is important, and it’s too
important to be left in the hands of these extremists.

So can the reporters of America please think about that when they’re writing about online health information?

14 replies »

  1. Modest correction to Sanford. The commenter JD is NOT JD Kleinke the of Omnimedix, but another separate health care industry employee who has no connection to an EMR o PHR company

  2. Wow, It was stated that Health care is not a moral issue,hmmmm
    As for the Patriot Act, when the Use of a Law and its goal as a moral building block, then that Law is within its creation, but miss-used by a people, then it has lost the weight of its design,{The Patriot Act Is Of A Moral Law}to protect the people Of The United States Of America……
    Please allow me to share a little story with you. As I watched my mom die from cancer, and Health care Insurance Companies dumped on her as if she was no more than a dog dieing on the side of the road, i dropped from and out of this system for over 30 years, and now because of system failure, the IT, has come into my life. As I watch Government Officials fight over this Health care Dollar, it reminds me of a bright sunny day in Tennessee while on a friends farm and a little bug flew in to the ground, and the chickens went plum off, boy oh boy the scawking and the feathers went shy high, so I reached down and I took this scared little Health Care Bug from Government Officials, and I have it safely in my hands. As I searched for a way to help, I asked God to help me build a Reform that is of a moral building block for the better good of man kind and to rebuild the National Security of the United states Of America. And you would never guess what God has allowed me to see. This little blog statement you will find true,
    I wish to give a great big thank you to all my new friends on the Internet for posting FASC Concepts in and for Pay It Forward.
    This building block for a honest Health Care Reform has been a great experience and for any one who did not take part, you have truly missed out on what makes Americans Great. This diversity created by Government Officials has failed and now the eyes of 173 million American People watch as now, for the first time Government Officials sit down together as it should be. The out come is yet to be seen. But they know that a anomaly has been created and it is because of the restructuring of The Constitution, The Bill Of Rights, and The Declaration Of Independence, “has been used in it original created forum” as a factor of a peoples right to undo the amendments of Laws that protected Health Care Companies against the People, over a dollar.
    And I wish to say i write what is needed in order that some how I can undo all the wrong I have done in hopes that the slate will be wiped clean….
    Just because our children do not understand I wish to share this again,
    “For days I worked the word diversity in my mind and it came to me that because of this it is not Americas weakness it is our greatest strength. And this is how I will show you.
    Bill Of Rights –
    The Declaration of Independence-
    United under one forum, builds what is called the Trinity of the Protection Of Laws. This is because these Laws were built by people of faith who gave thanks to God for this wisdom. One would have to see and admire the simplicity of the three as one and at the same time they maintain their independence.”
    On page 100 at our site is the early stages of what is called A Prime Directive for Health Care, so please drop on by and see 173 million peoples views in and for Health Care. And it should be known that this information on page 100 is true and documented in Law and History.
    Henry Massingale
    FASC Concepts in and for Pay It Forward
    http://www.fascmovement.mysite.com on google look for page 1 American dream official site.

  3. For those of you excited by the arguments of the PHR vendors, don’t forget, they have a product to sell, and they are desperate to sell it. Matthew Holt’s “commenter,” J.D., is just another vendor (Omnimedix), and has a lot to lose if his version of the PHR isn’t picked up, as well as if the whole concept of PHR isn’t picked up. We’d all do well to keep in mind that we must have watchdogs out there questioning every step of this. So instead of vilifying the watchdogs, just keep your eye on the pulse of the debate and don’t let the vendors take some kind of moral high ground stance that they don’t deserve.

  4. I think Healthcare is a right to know regarding oneself. And this right has to be more patient focussed rather than care provider focussed as it is today.

  5. This was a great post because I am starting to get a PHR together and I’m torn:
    — on one hand, it doesn’t seem like a good idea to have all my info in one place where it can be mined for advertisting and god-knows-what else.
    — on the other hand, I have a chronic condition, rheumatoid arthritis, and I am uninsurable, except through group health plans that HAVE to take me. This is all fairly well documented in my health records that I have to send to every insurance company and every doctor. It’s considered fraud not to disclose this when applying for insurance. I have no illusion that anything about me is protected info, although I’m not sure that’s a good enough reason to give it up.
    — the benefits to me, as someone who moves and changes jobs frequently (although I am _hoping_ I’ve settled in now), are immense. So many companies have my data anyway, the potential privacy issue seems almost like something I feel like I should object to, instead of a real objection.
    Any harm that can be done to me has been done to me by the selling of my health records already.
    Thanks for putting this in perspective.

  6. Thank you for drawing our attention to the right focus. As you wrote, “the biggest problem with the United State’s health care system and its use of technology is not privacy violations. It is the inefficient use of data causing harm (and costs and poor quality care).” You managed to introduce common sense back into the discussion; the setting up of national health care information adds no additional risk to patient’s privacy rights than what actually exists now. The information uploaded to the system is a mere copy, not the original. In fact, what is uploaded can be de-identified, thus offering patient privacy protection. Naturally, a well-designed system will preserve consumers’ right to decide who gets access to the data. Perhaps, consumers or patients may specifically block insurance companies, financial institutions, and employers from accessing the information. This will address the concern that these business entities may use the information to deny insurance coverage, loans, or employment, which creates whole new classes of people who are unemployable, uninsured, and dependent on the government, as Dr. Deborah Peel of Patient Privacy Right Foundation claimed. I believe consumers will appreciate that with Microsoft, Google, and Dossia getting into the business; the overall PHR industry privacy quality will improve. The Health Insurance Portability and Accountability Act, written before any PHR vendors came into business, is not updated, but can be amended or modified to come up with a broader “covered party” definition, and to standardize patient privacy disclosure code for PHR vendors requiring the sale of data only in a de-identified format. We therefore should not use any loophole in HIPAA to deny the value of a national health information system. A consumer will share personal information if there is a return or benefit. A borrower gives up his/her social security number in the loan application and allows a bank to access his/her credit report. We provide our medical history, together with the social security number and other personal data in the purchase of a health insurance policy. As a traveling person, I want my personal health information on a system that is secure, accurate, and readily available to those who need to take care of me, especially in times of an emergency. What good is my personal privacy will do for me if I no longer exist to give meaning to it.

  7. Re: your comments on PHR, privacy & Deborah Peel —
    We’d like to draw your attention to substantial elements of misinformation and misinterpretation included in a note recently published in Healthcare IT News, on 3/21/08, titled “Patient privacy rights advocate attacks plans to mine medical records.”
    Perlegen shares with Dr. Peel, the author of the note, the highest regard for maintaining patient privacy. We are actively working to protect that privacy in the context of realizing the substantial clinical benefits we all might expect from the advent of more personalized medicine.
    Making personalized medicine a reality relies on the discovery and validation of genetic markers to help predict how individual patients might respond to specific medical treatments. Technology for genetic analysis is no longer the bottleneck, thanks to enormous advances in SNP genotyping and next-generation re-sequencing tools. Rather, it is the lack of clinically-appropriate, appropriately consented DNA sample sets that has effectively stymied this effort. Our collaboration for de-identified EMR access is designed to solve this bottleneck, in a way that is absolutely consistent with patient privacy and each individual’s right to self-determination.
    To reiterate the point we made in our press release – Perlegen will never have access to the specific identity of any patient, nor will any patient’s DNA ever be collected, much less used, without their prior, written and fully-informed consent. That is the law, and Perlegen is firmly committed to following it in both letter and in spirit.
    In fact, we will only have access to de-identified data fields, from which we can sort those case records covering patients from whom we believe a DNA sample might be useful in understanding their variable response to treatments they’ve already received. We then work through our EMR provider, who in turn works with both the medical facilities and physicians that treat those patients. Before those institutions re-identify any patient, the treating hospital or clinic must receive IRB approval for the study. Only at that point may patients be contacted and informed that preliminary review indicates they might be suitable for a study, and asked if they then consent to further review of their records by their physician.
    If that treating physician, based on the allowed chart review, then concurs that the patient meets the study criteria, the physician may contact the patient to offer him or her the possibility of participating in the study, by providing a new and fully-consented DNA sample. The sample is then immediately de-identified, linked with the de-identified case record, and sent back to Perlegen for further analysis – thus, at no time does Perlegen ever have identifiable clinical information anywhere in its possession. We take these responsibilities seriously and have worked out what we believe is the minimum possible information set required to develop a potential genetic diagnostic test: correlation between a set of de-identified genetic markers and a set of de-identified clinical outcomes.
    The FDA and the pharmaceutical industry have been under assault for years on the subject of drug safety and effectiveness, but they’ve had a limited set of tools with which to make progress in this important area. The genetic studies we’re conducting hold the promise to make significant improvements in this area, but only through rigorous scientific studies involving significant numbers of clinically-appropriate and fully-consented DNA samples from the right sets of patients. We firmly believe this use is appropriate, we’ve repeatedly verified that it is within HIPAA guidelines, is absolutely respectful of patients’ rights to privacy and self-determination, has solid safeguards in place for data management and information flow, and provides each treating hospital or clinic with direct inclusion in the process though site-specific IRB approvals, physician-guided sample collection, and – always – individual patient consents.
    Thank you for your time and consideration.
    Bryan L. Walser, MD, JD
    Chief Executive Officer
    Perlegen Sciences, Inc.

  8. If you’re a frequent flyer road warrior and find yourself on a gurney in some E.R. room in need of urgent medical attention while away from home, seems to me you would absolutely want the attending Doc or E.R. medic to have immediate access to your personal health information (PHI) so they could abide by the “due no harm” mantra. Whether your personal health info is stored in a CCR or EHR or PHR or some other portable appliance, so long as the Doc can instantly and accurately identify (you are you) and immediately find out what Meds you’re taking and what Meds he should NOT administer, this is a must have for all of us.
    As a Consumer, I want my personal health info on a system that is secure, accurate and readily available to those who need to take care of me.
    Why else would so many prominent Health IT Vendors be building exactly such of solution. The Center for Health Information Technology highlights a few: http://www.centerforhit.org/x2022.xml

  9. Matt,
    You need to consider the following about HIPPA. The Bush admin repealed the HIPPA consent provision which required gaining a patient’s consent before his or her medical informaion could be shared for “health care operations,” and this is what opened the door to doctors, big Pharma, and other companies and entities being able to access a person’s medical information.In your home of the UK, 60 percent of doctors have stated that they will refuse to upload patient’s medical records into the Connecting for Health database because it violates people’s right to privacy. And this is in a nation with socialized medicine where the government employees reject the policy of their own government!
    Here are the reasons I steadfastly oppose the Nationwide Health Information Network, RHIOs, and any other sort of national medical database. What would the impact be upon a person if a bank can review a person’s medical history when applying for a loan, if that person has some challenging condition like MS? Would an employer hire someone upon review of their medical records indicating treatment for mental illness? What about insurance companies being able to access every doctors visit of a person in order to find a way to rescind their health insurance. Before developing EHRs, there needs to be a groundwork created that states the patient has the right to control access to his or her medical information and segregate that medical history as well. The government should never be in the business of forcing people to have computerized medical records against their will. This is why patients should be required to opt in and or opt out of RHIOs or the NHIN. Insurance companies, banks, and employers should be prohibited from accessing a patient’s EHRs. At this point, one can develop EHRs that can offer the potential benefit without sacrificing their right to privacy as guaranteed by the 4th Amendment.

  10. Good rant, Matt!
    Speaking of privacy, has anyone checked out Google street view lately? If you live in a major city, there is a good chance you can see an up-close view of your house. Wonderful yet creepy.

  11. Matthew,
    I’m with you.
    Is our energy truly best directed to worrying about 1) preventing a potential privacy violation or about 2) preventing getting killed or maimed in the health system due to lack of information technology and care providers having the right information at the right time?
    #1 is a very valid, but mostly theoretical concern.
    #2 is a very real problem affecting all of us today.

  12. “You have zero privacy anyway. Get over it.”
    Scott McNealy, CEO Sun Microsystems 1998

  13. Good post Matt and like you, I’ve been on a similar crusade/rant to get people to start thinking beyond the simplistic view that all PHRs are bad, that all pose the risk of selling your data, etc., etc. Written on the topic myself a couple of times, but not quite to the extent as this. Hopefully, te press will get beyond the sensationalist journalism we have seen so far and really take an honest look at the issue.
    Some points I’d like to add:
    First, you and others mention HIPAA. It’s tossed around like some rag doll at a kid’s slumber party and too often put on a pedestal as to this is what PHR privacy should aspire to. But when one digs deeper into HIPAA, well, it does have some pretty big gaping privacy holes in it such as a consumer’s medical records can be readily and easily shared among care providers, at their discretion without the consumer’s knowledge. Now looking at a number of the better PHRs in the market, they are giving the consumer the right to determine as to who they wish to see their records. That’s a lot tighter control on privacy than HIPAA.
    And what about all that pharmacy/prescription data, albeit de-identified so to speak, that is already being shared – just ask Thompson, they’ll sell you it. No one seems willing to talk about that – why not?
    Where I do agree with Peel, to a limited extent, is that most PHR providers have done an absolutely crappy job of being upfront and honest with regards to their privacy and security policies. These policies are often difficult to read and understand and why the hell do most PHR vendors hide them at the bottom on their home page in ridiculously small font type? As an industry they brought it on themselves and don’t even get me started on HON, or BBB or Verisign certifications which one sees thrown wily nilly all over the place. This industry has to get its act together and do a better job as an industry with regards to privacy – PERIOD!
    Luckily, with Microsoft, Google and Dossia getting into the mix, the overall PHR industry privacy quality metric will improve. Just look at what Microsoft did recently is making public their T&C with partners as it pertains to privacy requiring that these partners have the same strict privacy guidelines as Microsoft. Have a post on this particular issue with a link to the MS T&C over on my site.
    An important point you make is that consumers are willing to share information if they get something in return. Same will hold true for medical information. One need only look at a site such as PatientsLikeMe to see consumers share the deepest details of their medical history in the hopes of helping one another deal with the serious chronic illnesses that they, as a community are suffering with. That my friend speaks volumes to what privacy is and is not!
    Again, great post Matt and glad to see that others share the same feeling as I on this red herring of an issue.

  14. Excellent post. It’s time soneone held Deborah Peel accountable for her unfounded and unhelpful rhetoric. She has managed to make herself the go-to person for dramatic (if false) quotes to buck up so-called news reports. It’s just one more symptom of the prostrate status of journalism today. Writers and editors run her quotes without ever investigating whether there is anything behind them but bald assertions. That’s not journalism—it’s sheer laziness. Proves the point that the easiest person to sell a half-baked story to is a storyteller.
    Peel fancies herself a crusader and has all the appurtenant failings. Going off half cocked is one of them. Let’s hope that her 15 minutes of “fame” is over soon.