Categories

Tag: Privacy

Patientgate: Why Patient Recordings Will Change Everything

It’s 8.30 am, just before clinic opens. It is 2010. Dr Byte* checks an online forum, and something catches his eye.

A female patient is complaining about a doctor. Her posting has led to strident reactions from other doctors. Patients are taking her side. It looks ugly.

It turns out that the patient had asked her family doctor whether she could use her smartphone to record the encounter. Her doctor was apparently taken aback and had paused to gather his thoughts. He asked the patient to put her smartphone away, saying that it was not the policy of the clinic to allow patients to take recordings.

The patient described how the mood of the meeting shifted. Initially jovial, the doctor had become defensive. She complied and turned off her smartphone.

The patient wrote that as soon as the smartphone was turned off the doctor raised his voice and berated her for making the request, saying that the use of a recording device would betray the fundamental trust that is the basis of a good patient-doctor relationship.

The patient wrote that she tried to reason, explaining that the recording would be useful to her and her family. But the doctor shouted at her, asking her to leave immediately and find another doctor.

Some participants on the online forum expressed disbelief. But the patient then went on to state that she could prove that this had actually happened, because she actually had a recording of the encounter. Although she had turned off her smartphone, she had a second recording device in her pocket, turned on, that had captured every word.

Continue reading…

What You Need to Know About Patient Matching and Your Privacy and What You Can Do About It

Today, ONC released a report on patient matching practices and to the casual reader it will look like a byzantine subject. It’s not.

You should care about patient matching, and you will.

It impacts your ability to coordinate care, purchase life and disability insurance, and maybe even your job. Through ID theft, it also impacts your safety and security. Patient matching’s most significant impact, however, could be to your pocketbook as it’s being used to fix prices and reduce competition in a high deductible insurance system that makes families subject up to $12,700 of out-of-pocket expenses every year.

Patient matching is the healthcare cousin of NSA surveillance.

Health IT’s watershed is when people finally realize that hospital privacy and security practices are unfair and we begin to demand consent, data minimization and transparency for our most intimate information. The practices suggested by Patient Privacy Rights are relatively simple and obvious and will be discussed toward the end of this article.

Health IT tries to be different from other IT sectors. There are many reasons for this, few of them are good reasons. Health IT practices are dictated by HIPAA, where the rest of IT is either FTC or the Fair Credit Reporting Act. Healthcare is mostly paid by third-party insurance and so the risks of fraud are different than in traditional markets.

Healthcare is delivered by strictly licensed professionals regulated differently than the institutions that purchase the Health IT. These are the major reasons for healthcare IT exceptionalism but they are not a good excuse for bad privacy and security practices, so this is about to change.

Health IT privacy and security are in tatters, and nowhere is it more evident than the “patient matching” discussion. Although HIPAA has some significant security features, it also eliminated a patient’s right to consent and Fair Information Practice.

Continue reading…

IDESG Is a Glimpse of Our Digital Future

I’ve recently returned from the 7th ID Ecosystem Steering Group Plenary in Atlanta. This is an international public-private project focused on the anything-but-trivial issue of issuing people authoritative cyber-credentials: digital passports you can use to access government services, healthcare, banks and everything else online.

Cyber ID is more than a single-sign-on convenience, or a money-saver when businesses can stop asking you for the names of your pets, it’s rapidly becoming a critical foundation for cyber-security because it impacts the resiliency of our critical infrastructure.

Healthcare, it turns out, is becoming a design center for IDESG because healthcare represents the most diverse collection of human interactions of any large market sector. If we can solve cyber-identity for healthcare, we will have solved most of the other application domains.

The cyber-identity landscape includes:

  • proving who you are without showing a physical driver’s license
  • opening a new account without having to release private information
  • eliminating the risk of identity theft
  • civil or criminal accountability for your actions based on a digital ID
  • reducing your privacy risks through anonymous or pseudonymous ID
  • enabling delegation to family members or professional colleagues without impersonation
  • reducing hidden surveillance by state or private institutions
  • when appropriate, shifting control of our digital tools to us and away from corporations

The IDESG process is deliberate and comprehensive. It impacts many hot issues in health care including patient matching, information sharing for accountable care and population healthhealth information exchangesprescription drug monitoring programsaccounting for disclosurespatient engagement and meaningful usethe physician’s ability to communicate and refer without institutional censorshipthe patient’s ability to control information from our increasingly connected devices and implants, and more.

Hospitals and health industry incumbents that seek to solve the hot issues raised by health reform are not eager to wait for a deliberate and comprehensive process. For them, privacy and cyber-security is a nice-to-have. Who will pay for this digital enlightenment?

Continue reading…

Actually, We’d Probably All Be Better Off With Our Health Records on Facebook

A Facebook user’s timeline provides both a snapshot of who that user is and a historical record of the user’s activity on Facebook. My Facebook timeline is about me, and fittingly, I control it. It’s also one, single profile. Anyone I allow to view my timeline views my timeline—they don’t each create their own copies of it.

Intuitive, right? So why don’t medical records work that way? There is no unified, single patient record—every doctor I’ve ever visited has his or her own separate copy of my records. And in an age where we can conduct banking transactions on my smartphone, many patients still can’t access or contribute to the medical records their doctors keep for them.

My proposal? Medical records should follow Facebook’s lead.

Cross-industry innovation isn’t new. BMW borrowed from the tech world to create its iDrive; Fischer Sports reduced the oscillation of its skis by using a technologycreated for stringed instruments. So I asked myself: Who has mastered the user-centric storing and sharing platform? The more I thought about it, the more I decided a Facebook timeline approach could be just what medical records need.
To see what I mean, let’s explore some of Facebook timeline’s key features to see how each could map to features of the ideal medical record.

“About” for Complete, Patient-Informed Medical History

On Facebook: The “about” section is the one that most closely resembles the concept of a user profile. It includes a picture selected by the user and lists information such as gender; relationship status; age, political and religious views; interests and hobbies; favorite quotes, books and movies; and free-form biographical information added by the user.

In medical records: The “about” section would be a snapshot of the patient’s health and background. It should include the patient’s age, gender, smoking status, height, weight, address, phone number, and emergency contact information; the patient’s primary care provider; and insurance information. This section would include a summary list of the patient’s current diagnoses and medications, as well as family history. And importantly, both the doctor and the patient would be able to add details.

FACEBK about-patient

“Privacy Settings” and “Permissions” for Controlled Sharing

On Facebook: Privacy settings allow users to control who can see the information they post or that is posted about them. For example, in my general privacy settings I can choose to make my photos visible only to the people I’ve accepted as “friends.” However, if I post a photo I want the entire world to see, I can change the default setting for that photo to be visible publicly instead.

Facebook also allows users to grant “permissions” for outside applications to access their profiles. For example, let’s say I use TripAdvisor to read travel reviews. TripAdvisor lets me sign in to its site using my Facebook account, rather than creating a separate TripAdvisor account. But, to do this I must grant TripAdvisor “permission” to access my Facebook account.

In medical records: Patients could use “privacy settings” to control whether all or part of their information can be seen by a family member or caregiver. For
example, if my aging mother wanted to give me access to her “events” (upcoming doctor’s appointments), she could do so. If my college-aged son who is still on my health plan wanted to give me access to his knee X-rays, he could.

Continue reading…

Probably Illegal and Unquestionably Stupid: Covered California’s Release of Personal Health Information.

The Los Angeles Times has reported that Covered California, the largest state’s health insurance exchange under the Affordable Care Act, has started releasing to insurance agents throughout the state the names and contact information of tens of thousands of persons who started an application using the state’s online system but failed to complete it.

The Covered California director Peter Lee acknowledges the practice but says that the outreach program still complies with privacy laws and was reviewed by the exchange’s legal counsel. “I can see a lot of people will be comforted and relieved at getting the help they need to navigate a confusing process,” explained Lee.

I am hardly as confident as Covered California’s lawyers apparently were that this practice was legal.

The law requires that disclosures to third parties be necessary and I do not see why Covered California could not have contacted non-completers directly and ask them if they wanted help from an insurance agent rather than disclosing their identity to insurance agents.  But even if the practice could be said to be borderline legal, it is difficult to imagine a practice more likely to sabotage enrollment efforts in California — and, since California’s interpretation could be precedent for other states — elsewhere.

For every person unable to complete their application online in California and who will, with the comforting help provided by insurance agents, now want to complete it, there are likely 10 who will be turned off by the cavalier attitude towards privacy exhibited by this government agency.  Beyond a violation of ACA privacy safeguards, the action is either a sign of desperation about enrollment figures, even in a state that boasts of its success such as Peter Lee’s California, or monumental stupidity.

If California wanted to create an adverse selection death spiral, it would be difficult to be more effective than, without notice or consent,  releasing personally identifiable information to insurance agents.

Continue reading…

Whose Data Is It Anyway?

A common and somewhat unique aspect to EHR vendor contracts is that the EHR vendor lays claim to the data entered into their system. Rob and I, who co-authored this post, have worked in many industries as analysts. Nowhere, in our collective experience, have we seen such a thing. Manufacturers, retailers, financial institutions, etc. would never think of relinquishing their data to their enterprise software vendor of choice.

It confounds us as to why healthcare organizations let their vendors of choice get away with this and frankly, in this day of increasing concerns about patient privacy, why is this practice allowed in the first place?

The Office of the National Coordinator for Health Information Technology (ONC) released a report this summer defining EHR contract terms and lending some advice on what should and should not be in your EHR vendor’s contract.

The ONC recommendations are good but incomplete and come from a legal perspective.

As we approach the 3-5 year anniversary of the beginning of the upsurge in EHR purchasing via the HITECH Act, cracks are beginning to show. Roughly a third of healthcare organizations are now looking to replace their EHR. To assist HCO clients we wrote an article published in our recent October Monthly Update for CAS clients expanding on some of the points made by the ONC, and adding a few more critical considerations for HCOs trying to lower EHR costs and reduce risk.

The one item in many EHR contracts that is most troubling is the notion the patient data HCOs enter into their EHR is becomes the property in whole, or in-part, of the EHR vendor.

It’s Your Data. Act Like it.

Prior to the internet-age the concept that any data input into software either on the desktop, on-premise or in the cloud (AKA hosted or time sharing) was not owned entirely by the users was unheard of. But with the emergence of search engines and social media, the rights to data have slowly eroded away from the user in favor of the software/service provider.

Facebook is notorious for making subtle changes to its data privacy agreements that raise the ire of privacy rights advocates.

Continue reading…

Give Us Our Damn Lab Results!!

Two years ago, the Department of Health and Human Services released proposed regulations that would allow patients to obtain their clinical lab test results directly from the lab, rather than having to wait to receive the results from their health care provider.  CDT and other consumer groups enthusiastically supported this proposed rule at the time of its release.

Yet an Administration largely characterized by increasing patient access to health information seems inexplicably unable to close the deal on this important access initiative.  As a result, patients still must wait for their providers to contact them with test results.

Under the current regulations, known as the Clinical Laboratory Improvement Amendments (CLIA), laboratories are restricted from disclosing test results to patients directly.  Instead, labs can only send the test results to health care providers, people authorized to receive test results under state law or other labs. Only a handful of states permit labs to send patients test results directly, and some of these states require the provider’s permission before patients can have the results.  The HIPAA Privacy Rule reflects this restriction, exempting CLIA-regulated labs (which are the great majority of clinical labs) from patients’ existing right to access their health information.

This existing regime has put patients at risk. A 2009 study published in the Archive of Internal Medicine indicated that providers failed to notify patients (or document notification) of abnormal test results more than 7 percent of the time. The National Coordinator for Health IT recently put the figure at 20 percent.  This failure rate is dangerous, as it could lead to more medical errors and missed opportunities for valuable early treatment.

The 2011 proposed regulations would modify CLIA to permit labs to send results directly to patients, and they would also modify the HIPAA Privacy Rule to give patients the right to access or receive their lab results.  Contrary state laws would be preempted.  Patients would have the ability to request their lab results in a particular form or format, as with their other health information; for example, patients could request a paper copy of their test results, or to have the results sent electronically to the their personal health records

Continue reading…

A New Way to Sue Health Care Professionals Using HIPAA?

Walgreens has been ordered to pay $1.44 million in a lawsuit brought against it for a violation of the Health Insurance Portability and Accountability Act (HIPAA) by one of its pharmacist employees.  While this may not sound like a big deal, this case represents only the second time HIPAA has been successfully used this way in court and it could have serious repercussions on the health care system.

The story begins when a Walgreens pharmacist looked up the medical records of her husband’s ex-girlfriend, whom she suspected gave her husband an STD. Apparently she found what she was looking for and told her husband about it, who then sent a text message to his ex and informed her that he knew all about her results.

The ex did not appreciate this, and told the Walgreens pharmacy about what happened.  At some point after that, the pharmacist accessed the ex’s medical records again, and eventually the ex filed a lawsuit against Walgreens, claiming it was responsible for the HIPAA violation because it failed to properly educate and supervise its employee.

Walgreens argued what the pharmacist did fell outside of her job duties and therefore it was not responsible for the breach.  The judge and jury disagreed, and the jury decided Walgreens was responsible for 80% of the damages owed the plaintiff (so I guess that means the total judgement for the plaintiff was $1.8 million). Walgreens has already said it will appeal.

As I said above, it may not sound like a big deal, but it potentially is.

Although HIPAA has a mechanism by which health care providers can be subject to federal civil and criminal penalties for violations, conventional legal wisdom says HIPAA does not allow for a “private cause of action”, meaning a private individual cannot sue a health care provider for breaching their medical privacy.

Or at least that’s how HIPAA used to be interpreted, before Neal Eggeson, the enterprising young attorney who successfully argued the only two cases in which HIPAA has been used in this fashion, came along.

Continue reading…

The Federal Health Data Services Hub Hubbub

Secrecy breeds suspicion. The role of secrecy in health care is practically non-existent so when we see examples of secrecy, as in the operational details of the Federal Data Services Hub, we get the recent outcry from a range of politicians and journalists waving privacy flags. For Patient Privacy Rights, this is a teachable moment relative to both advocates and detractors of the Affordable Care Act.

There’s a clear parallel between the recent concerns around NSA communications surveillance and health care surveillance under the ACA. Some surveillance is justified, to combat terrorism and fraud respectively, but unwarranted secrecy breeds suspicion and may not help our civil society.

“The Hub” is described by the government as:

“For all marketplaces, CMS [the Centers for Medicare and Medicaid Services] is also building a tool called the Data Services Hub to help with verifying applicant information used to determine eligibility for enrollment in qualified health plans and insurance affordability programs.  The hub will provide one connection to the common federal data sources (including but not limited to SSA, IRS, DHS) needed to verify consumer application information for income, citizenship, immigration status, access to minimum essential coverage, etc.

CMS has completed the technical design, and reference architecture for this work, is establishing a cross-agency security framework as well as the protocols for connectivity, and has begun testing the hub.  The hub will not store consumer information, but will securely transmit data between state and federal systems to verify consumer application information. Protecting the privacy of individuals remains the highest priority of CMS.”

Here’s where the secrecy comes in: I tried to find out some specific information about the Hub. Technical or policy details that would enable one to apply Fair Information Practice Principles? Some open evidence of privacy by design? Some evidence of participation by privacy experts? I got nothing. Where’s Mr. Snowden when we need him?

Continue reading…

What the Recent Data Breach Says About the State of Health IT

Recently officials at Oregon Health Sciences University discovered that residents in several departments were storing patient information on Google Drive, and had been doing so for the past two years. They treated this discovery as a breach of privacy and notified 3000 patients about the incident.

While I don’t condone the storage of patient information on unapproved services like Gmail or Google Drive, this incident pretty much highlights the sorry state of information systems within the hospital and the unfulfilled need by physicians for tools that facilitate workflow and patient care.

It says something that the Oregon residents felt compelled to take such a drastic action. I don’t know what punishment – if any – those responsible were given by administrators for their “crimes.” I’ll leave it to readers to make up their own minds about the wisdom of the unauthorized workaround and the appropriateness of any punishment. But I do know that the message the incident sends is a very clear one.

We’re screwing this up. There is really no earthly reason why it should be any more difficult to share a patient record than it is to share a Word doc, a Powerpoint or yes, even a cloud-based Google Drive spreadsheet.

Why the Breach Happened

What’s going on here? Let’s say I admit a patient to the hospital.  Our friend was hospitalized here just last month, and like many patients, he has dementia or is poorly educated, and does not know the names of the medications he takes. Unfortunately, I don’t have the ability to see what he takes or how he was treated during the prior admission because the records in the computer are there for documentation’s sake and don’t contain any meaningful information. This is clearly a problem for me.

Therefore I will spend time calling outside facilities to gather information and repeat several tests and imaging procedures.

Medical care has become a team sport, and residents have developed systems for keeping track of their patients and communicating to other physicians. It takes some time to think about and process each patient that comes in, to consolidate all the information. Ultimately, I need to boil that information down to a five-minute description on the patient, their problems, the status of their current admission, and what needs to happen before they go home.  We do this in the form of a signout document.

Figure: The signout document has four to five columns and includes the To Do list for each patient.

The EMR does not have a good way to store information in this format, and  additionally I have no way of editing this in real-time to communicate with my
coworkers what still needs to be done. That’s why residents were storing their  signouts in Google Drive.

What providers need here is simple data management. We need to store and access this list from different computers. We need the ability to enter a subset of those data  using a custom form, and the ability to print subsets of those data to create a To Do lists, rounding sheets, or progress notes.Continue reading…

Registration

Forgotten Password?