On top of everything else, the Sony data breach revealed employees’ sensitive health information: Top Sony executives saw lists of named employees who had costly medical treatments and saw detailed psychiatric treatment records of one employee’s son.
Like last year’s revelation by AOL’s CEO, it shows US corporations look at employees’ health information and costs. By ‘outing’ the fact that 2 of AOL’s 5,000 employees had premature infants whose treatment cost over $1 million each, the CEO violated the employees’ rights to health information privacy.
Trusted relationships simply cannot exist if individuals have no right to decide who to let in and who to keep out of pii. Current US technology systems make it impossible for us to control personal health data, inside or outside of the healthcare system.
Do you trust your employer not to snoop in your personal health information? How can you trust your employer without a ‘chain of custody’ for your health data? There is no transparency or accountability for the sale or use of our health data, even though Congress gave us the right to obtain an “Accounting for Disclosures (A4D)” for disclosures of protected health data from EHRs in the 2009 stimulus bill (the regulations have yet to be written). And we have no complete map that tracks the millions of places US citizens’ health data flows. See: TheDataMap.
The proposed NATE Trust Community is a privacy-invasive, rent-seeking, and cynical measure that will further fragment the already balkanized Direct secure messaging system and disenfranchise individual patients and physicians.
The proposed NATE Trust Community is a combination of:
weak, self-asserted security and privacy claims by institutions and corporations (privacy-invasive), who are
willing to pay the membership fee (rent-seeking), to the
exclusion of individuals bearing strong identity-proofed certificates such as those issued by the Federal Bridge Certification Authority as originally designed into the Direct secure messaging concept (cynical).
By excluding individual real people from participating in Direct, NATE is violating the core of the physician-patient relationship. The Massachusetts Medical Society has formally voted its objection to this method of implementing Direct in resolutions declaring that FBCA certificates be acceptable for Direct messaging. Physicians paying many $thousands in licensing fees and malpractice insurance each year deserve the opportunity to message with other physicians and with their patients under their medical license. This was our right and practice with Fax and US Mail and it should not be removed as we move to digital messaging.
It’s time to think carefully and look at the large systems (human and technical), institutions, and individuals that contributed to Mr. Duncan’s death. Systems should be designed to protect people and prevent human errors. Certainly we rely on the healthcare system to improve our health and to protect our privacy, especially our rights to health information privacy.
Looking at the death of Mr. Duncan, the poorly designed Epic EHR was a critical part of the problem: the lack of clarity, poor usability, hard to find critical information, and no meaningful quality testing to ensure the system prevents critical errors contributed to his death and endangered many others. Why wasn’t the discharge of a patient with a temperature of 103 from the ER flagged?
EHRs are one of several critical systemic problems.
Current US EHRs were not designed or tested to ensure patient safety or privacy (patient control over the use of PHI for TPO). The Meaningful Use requirements for EHRs don’t address patient safety or ensure patients’ legal rights to control use of PHI. Let’s face it, the MU requirements were set up by the Health IT industry, not by a federal agency charged with protecting the public, such as NIST or the FDA. Industry lobbying resulted in industry ‘self-regulation’, which has failed to protect the public in every other sector of industry. Industry lobbying is another critical systemic problem.
Our public discourse also is a critical systemic problem. The 24/7 US media drives us to play the ‘blame game’—and look at what happens: it’s a sham. A massive public and social media exercise substitutes for a crucial scientific and ethical oversight process by government and industry to face or examine the systemic causes and key actors—both people and institutions. We end up with no responsibility being assigned or addressed. Or the media hoopla and confused thinking leads to the opposite conclusion: everyone and everything is responsible and blamed, which has the same effect: it lets everyone and everything off the hook. Either way, no one and no institutions are to blame.
Making Sense of Blue Button, Meaningful Use, and What’s Going on in Washington …
At the recent Health 2.0 Conference in Santa Clara, co-chair Matt Holt expressed frustration about the difficulty of getting copies of his young daughter’s medical records. His experience catalyzed a heated discussion about individuals’ electronic access to their own health information. Many people are confused about or unaware of their legal rights, the policies that support those rights, and the potential implications of digital access to health data by individuals. The Health 2.0 conference crowd included 2000 entrepreneurs, consumer technology companies, patient advocates, and other potentially “disruptive” forces in healthcare, in addition to more traditional health system players.
Why is this topic so important? Until now, most people haven’t accessed their own health records, whether electronically or in paper, and I believe that making it easier to do so will help tip the scales toward more meaningful consumer/patient engagement in healthcare and in health. Access by individuals and their families to their own health records can empower them to coordinate care among multiple healthcare providers, find and address dangerous factual errors, and take advantage of a growing ecosystem of apps and tools for improving health-related behaviors, saving money on health services, and getting more convenient, personalized care.
A shorthand phrase for this kind of personal empowerment through access to digital health data is “Blue Button,” which is also the name of a public-private initiative in which hundreds of leading healthcare organizations across the US participate. The Blue Button Initiative is bolstered by the electronic access to health information requirements for patients in the “Meaningful Use” EHR Incentive Program, which is administered by CMS (the Centers for Medicare & Medicaid Services) with companion standards and certification requirements set by ONC (the Office of the National Coordinator for Health Information Technology).Continue reading…