Secrecy breeds suspicion. The role of secrecy in health care is practically non-existent so when we see examples of secrecy, as in the operational details of the Federal Data Services Hub, we get the recent outcry from a range of politicians and journalists waving privacy flags. For Patient Privacy Rights, this is a teachable moment relative to both advocates and detractors of the Affordable Care Act.
There’s a clear parallel between the recent concerns around NSA communications surveillance and health care surveillance under the ACA. Some surveillance is justified, to combat terrorism and fraud respectively, but unwarranted secrecy breeds suspicion and may not help our civil society.
“The Hub” is described by the government as:
“For all marketplaces, CMS [the Centers for Medicare and Medicaid Services] is also building a tool called the Data Services Hub to help with verifying applicant information used to determine eligibility for enrollment in qualified health plans and insurance affordability programs. The hub will provide one connection to the common federal data sources (including but not limited to SSA, IRS, DHS) needed to verify consumer application information for income, citizenship, immigration status, access to minimum essential coverage, etc.
CMS has completed the technical design, and reference architecture for this work, is establishing a cross-agency security framework as well as the protocols for connectivity, and has begun testing the hub. The hub will not store consumer information, but will securely transmit data between state and federal systems to verify consumer application information. Protecting the privacy of individuals remains the highest priority of CMS.”
Here’s where the secrecy comes in: I tried to find out some specific information about the Hub. Technical or policy details that would enable one to apply Fair Information Practice Principles? Some open evidence of privacy by design? Some evidence of participation by privacy experts? I got nothing. Where’s Mr. Snowden when we need him?
And here’s where the suspicion comes in: The rhetoric around privacy risks of the Hub may be vastly overblown. As with terrorism, the harms are dramatized to make a point. Hacking risk (an argument free Internet advocates present to oppose surveillance back-doors) and government abuse of power are almost exactly the same argument in both the communications and health surveillance discussions.
The teachable moment here is about real privacy and transparency in health information exchange. There’s a reason citizens don’t have access to our own health information and that privacy advocates are not welcome at the citizen information management table. Keeping our own data and data flows secret allows all of us to be fleeced of $1 Trillion per year (that’s about $3,000/yr per person) through a combination of price manipulation, upcoding fraud, unwarranted treatments and a dearth of practical quality measures. The risk of identity theft is economically trivial by comparison.
The health information exchange secrecy drama is playing out today in many federal and state venues. Some of it is directly linked to the ACA and HITECH, but that’s incidental. The limited access to our own information and confusion around government policymaking are both because $1 Trillion of potential health industry decrease creates immense political forces. Calling for delay of the Hub, delay of ICD-10 coding, delay of Meaningful Use Stage 2, delay of patient access to state health information exchanges, delay of automated patient access to copies of personal health data (known as Blue Button Plus), along with ongoing efforts to hide transfers and sale of our health information under misguided HIPAA exemptions, are the real face of these political forces.
The privacy take home message of the Hub is that a systemic lack of transparency and the manipulation of our personal information are the means large institutions use to maintain control over market shares, prevent patient control over data use, and block innovation.
Update (8/15/2013, 6:33pm ET):
An update to this still-developing story: CMS is announced a plan to do identity matching as part of the Data Services Hub.http://www.ihealthbeat.org/articles/2013/8/15/cms-seeks-to-create-matching-agreements-for-aca-data-hub
The announcement is needed because US persons, by law, do not have a federal identity. Each federal agency that has data about us, (CMS and IRS for example, in the Data Services Hub) under different identities as a privacy-protecting measure. To protect privacy, matching of people across the different services, a form of surveillance, is subject to strict controls and citizen notice. So far, so good for the Data services Hub in the sense that today’s announcement is restating what was already obvious and simply pointing us to the applicable laws and regulations.
When it comes to state-level and private-sector surveillance of our health care visits, through state health information exchanges, prescription drug monitoring programs, all payer claims databases, and private exchanges like the insurance information bureaus and the planned CommonWell Health Alliance, citizens do not have the same rights to privacy as we have across federal service providers. All health information exchanges today, depend on “master patient index” matching / surveillance technology. This technology is unregulated and completely opaque to us. We don’t know when it’s used, we don’t know if it has errors and, worst of all, we can’t control when this technology is used to combine health services like mental health or family planning that we might prefer to keep from being “matched” along with the rest of our healthcare.
The federal laws covering citizen surveillance are a step in the right direction. Shouldn’t our state and private health surveillance agencies be held to even higher privacy standards?
Adrian Gropper, MD is Chief Technical Officer of Patient Privacy Rights and participates in Blue Button+, Direct secure messaging governance efforts and the evolution of patient-directed health information exchange.
Categories: Uncategorized
Way cool! Some very valid points! I appreciate you writing this
post and the rest of the website is really good.
This is a brilliant site as I got to learn a lot from the information provided. A big thumbs up to Adrian for taking such a brave topic and expressing it quite interestingly.
Excellent site ! I’m keen on this excellent website very much. I learn many important subject with this site. Thanks admin for sharing like for example nice site.
http://munireusacom.wordpress.com/2013/07/30/ammunition-9mm-ammo/
I am waiting for the first sizeable loss of confidential health care information from a government database – like has happened with other data.
This data would include: medications (including psychiatric meds), sexual health (HIV status, record of abortions, treatment for VD), and increasingly will include genetic information about susceptibility to disease, etc.
Yes, should be fun to watch the finger pointing and recriminations – as long as my data is not included.
This topic about confidentiality in insurance sector has been spoken about for many years already & still is very controversial to many people.
I really appreciate the work you’re doing in this most difficult area.
There’s a world of difference between secret surveillance and open surveillance. In healthcare, we have secret surveillance that has to stop.
Check out the “Reclaim your name” initiative by FTC commissioner Julie Brill http://bits.blogs.nytimes.com/2013/06/26/reclaim-your-name/?_r=0 The simple point is that tracking and surveillance should be done in the open, under a privacy policy accessible to the citizen and with citizen access to review, comment or correct their data.
Ellison’s comment about NSA and Visa highlights this issue. Visa does not track you in secret, they do show you an FTC-enforced privacy policy, they give you convenient online access to your tracks and they have an effective redress procedure in case of errors. Visa does not reach out and combine their tracking of you with AmEx tracking so that you can have some control over who sees what.
Compare the credit card example with the medical databases being assembled by states and private exchanges (under names like All Payer Claims Database, Prescription Drug Monitoring Program, etc…). The patient does not see a privacy policy for these databases that are fed by the state exchange or directly from their HIPAA providers. The patient has no convenient access, no accountability, no redress. This is coercive and secret.
Either the interpretation of HIPAA has to change or states need to pass laws that bring this patient surveillance into the open. We need “Reclaim your Patient ID”.
There was a flurry of news last week about the HUB following the IG report that security testing for the exchanges was behind. (apparently they are catching back up now) http://www.kaiserhealthnews.org/Daily-Reports/2013/August/07/health-exchange-security-testing.aspx
The “Right” is also raising fears of privacy breaches as well http://www.thenewamerican.com/usnews/health-care/item/16067-the-dangerous-obamacare-data-hub
The odd thing is that most of us give up tremendous privacy about where we live, where we bank, our bank balances, what we buy all for the convenience of a Visa card at our banks. (HT to Larry Ellison on Charlie Rose show this week) http://www.cbsnews.com/video/watch/?id=50152857n
Sorry for the snarky nature of my comment.
Nevertheless, I don’t have a whole lot more confidence in Don Berwick than I do in the Rand Corp. The number still seems high.
It’s a JAMA article by ex CMS head Don Berwik and Andrew Hackbarth; Eliminating Waste in US Health Care; JAMA. 2012;307(14):1513-1516 Published online March 14, 2012. doi:10.1001/jama.2012.362
The “Midpoint” number for 2011 was $910 Billion and the “High” estimate was $1.3 Trillion. I was using $1 Trillion because it’s already 2013 and these things usually go up.
Adrian,
You say:
“Keeping our own data and data flows secret allows all of us to be fleeced of $1 Trillion per year (that’s about $3,000/yr per person) through a combination of price manipulation, upcoding fraud, unwarranted treatments and a dearth of practical quality measures.”
Sounds a little high to me. Where did you get that estimate? From the same RAND Corp employees that projected savings from the EMR?
“The federal laws covering citizen surveillance are a step in the right direction. Shouldn’t our state and private health surveillance agencies be held to even higher privacy standards?”
___
State laws and regulations trump HIPAA where they are deemed “more strict” (uniform operational definitions of “more strict” never included). I guess we should be grateful; usually the prevailing doctrine of “Federal Primacy” means that a state cannot promulgate regs that are “more strict” than federal (e.g., EPA, consumer credit).
“Private health surveillance agencies”?
“Agencies”? These are not “agencies.” You mean “businesses” (commercial or “not-for-profit”). Would these fall under HIPAA/HITECH Omnibus “Business Associates” requirements, to the extent they traffick in ePHI? (I would say ‘yes,’ but that will probably only clarify over the coming years via litigation.)
We should always remember that the 4th Amendment “right to privacy” ONLY extends to incursions by the federal government (and with the recent NSA revelations, it seems that the 4th has become moot).
See my post “Clapp Trap” – http://bgladd.blogspot.com/
Private entities can generally invade your privacy willy-nilly, constrained primarily (and weakly) by the prospect of tort litigation. Hence, Google can blithely assert that “you have no reasonable expectation of privacy when using our Gmail service.”
The clear implication is that they will secretly mine the contents of your emails for stuff they think they can sell — or provide to the NSA.
“Total Information Awareness” is alive and well, except in the unaware minds of its targets. Google “total information awareness bgladd” (1st result) to read the pushback I wrote a decade ago. The Zombies are watching.
An update to this still-developing story: CMS is announced a plan to do identity matching as part of the Data Services Hub. http://www.ihealthbeat.org/articles/2013/8/15/cms-seeks-to-create-matching-agreements-for-aca-data-hub
The announcement is needed because US persons, by law, do not have a federal identity. Each federal agency that has data about us, (CMS and IRS for example, in the Data Services Hub) under different identities as a privacy-protecting measure. To protect privacy, matching of people across the different services, a form of surveillance, is subject to strict controls and citizen notice. So far, so good for the Data services Hub in the sense that today’s announcement is restating what was already obvious and simply pointing us to the applicable laws and regulations.
When it comes to state-level and private-sector surveillance of our health care visits, through state health information exchanges, prescription drug monitoring programs, all payer claims databases, and private exchanges like the insurance information bureaus and the planned CommonWell Health Alliance, citizens do not have the same rights to privacy as we have across federal service providers. All health information exchanges today, depend on “master patient index” matching / surveillance technology. This technology is unregulated and completely opaque to us. We don’t know when it’s used, we don’t know if it has errors and, worst of all, we can’t control when this technology is used to combine health services like mental health or family planning that we might prefer to keep from being “matched” along with the rest of our healthcare.
The federal laws covering citizen surveillance are a step in the right direction. Shouldn’t our state and private health surveillance agencies be held to even higher privacy standards?
No. The Blue Button Hub will have information about providers, not patients. More information about providers, in this case their ability to give us our own data in a useful form, is always welcome.
Bravo Again Adrian!
Unlike the NSA debate, where very real genuine issues of national security are in play, health care data must be more transparant- especially to the patient as you continually and correctly promote?
Is the potential for abuse and erosion of privacy and confidentiality of medical information a concern? Of course. But it can be managed.
The positive benefits of patient-directed health information exchange are well worth the potential risks.
I am not surprised at all with the model put forth by the federal health services data hub . The federal government, which does some very necessary and beneficial functions/programs seems to be getting more pathlogically centralized and overly complex with each passing day? That is why I have tried to become a “communitarian” in my personal life anyway.
Adrian-Your closing paragraph nails it = “The privacy take home message of the Hub is that a systemic lack of transparency and the manipulation of our personal information are the means large institutions use to maintain control over market shares, prevent patient control over data use, and block innovation”
I fear (hope?) that this will be a genuine “HUB-FLUB” of monumental but, unfortunately very expensive, proportion.
Dr. Rick Lippin
Southampton,Pa
Is this the same “Hub” that is described here? http://www.healthit.gov/buzz-blog/health-innovation/part-blue-button-movement/
“Get on the Blue Button Hub: Our Blue Button team is developing a new consumer facing website (the “Blue Button Hub”) that will enable consumers to find out which of their providers and insurers are using the Blue Button, and then how to use that information. Whether you’re using Blue Button to give consumers access to their data or providing an app or tool to make it useful, please contact us if you’d like to be included on the Hub.”
Excellent post Adrian. More transparency is clearly needed here or we’ll be giving ammunition to the conspiracy theorists and leaving the door open for potential abuses in the future.