The economic stimulus package that President Obama has signed contains upwards of $20 billion to create electronic health records for most Americans within five years. The president has been very outspoken in his belief that EHRs are essential to health care reform and that the subsequent savings they’ll generate will help to strengthen the larger overall economy.
Whenever the subject of proliferating EHRs catches the national spotlight, you can bet that debates about privacy aren’t far behind. Indeed the privacy issue has already started to gain some traction in the media. In this video clip, CNN’s Campbell Brown and Elizabeth Cohen examine how easy it is for someone to obtain private medical information online by simply using someone’s Social Security number and date of birth.
While this assessment may be accurate, it’s a bit light on the fairness
scale. Brown and Cohen only make a very brief mention of facts like
President Obama’s plan to appoint a chief privacy officer and to
implement unprecedented privacy controls to safeguard the EHR
transformation. Instead they emphasize the more sensational angle
implying that electronic health information just isn’t safe. They also
seem to downplay the fact that a simple thing like creating a password
can protect one’s private information.
The Office of the National Coordinator for Health Information Technology (ONCHIT) issued a paper Monday called The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information. The summary states that the framework creates a set of consistent principles to:
. .address the privacy and security challenges related to electronic
health information exchange through a network for all persons,
regardless of the legal framework that may apply to a particular
organization. The goal of this effort is to establish a policy
framework for electronic health information exchange that can help
guide the Nation’s adoption of health information technologies and help
improve the availability of health information and health care quality.
The principles have been designed to establish the roles of individuals
and the responsibilities of those who hold and exchange electronic
individually identifiable health information through a network.”
Along with the Nationwide Privacy and Security Framework the Department of Health and Human Services (HHS) has issued The Health IT Privacy and Security Toolkit. The Toolkit includes new HIPAA Privacy Rule guidance documents developed by the ONCHIT and the Office for Civil Rights (OCR) to help facilitate the electronic exchange of health information.
For the next week, you have a unique opportunity to make your voice heard on health information privacy issues, their impact on the Health 2.0 movement, and how best to build public trust in these technologies.
The National Academy of Public Administration (with funding from the Office of Management & Budget) is hosting a unique "national dialogue" on the intersection of health IT and privacy, which will take place on the Web beginning yesterday, October 27, and lasting through November 3.
They are seeking to gather feedback from the public on the important privacy issues that confront all of us as we promote the movement to e-health. A report will be generated based on the responses, so it is important that a broad range of stakeholders participate. Go to www.thenationaldialogue.org to find out more and to log on!
Hat tip to: The Health 2.0 social network
By AMY TENDERICH
Note: Amy Tenderich, who writes and maintains the wonderful Diabetes Mine,
just did this very illuminating interview with Google Health’s Missy
Krassner. As you’ll see, she doesn’t slow-pitch to Missy. This is a
sure-footed, tough-minded exchange about the real issues that are on
the table now in Health 2.0. – Brian Klepper
Slowly but surely, using the Internet for your health needs is
becoming as mainstream as shopping on the web: no longer futuristic,
but is it for everyone? And perhaps more importantly, are mainstream
commercial health platforms from companies like Google and Microsoft
really useful for people with specific chronic illnesses? I thought it
would be interesting to hear their side of the story.
So please welcome Missy Krasner, Product Marketing Manager for Google Health, whom I was lucky enough to catch up with for an interview last week.
Missy, shortly after Google Health launched last Spring, David Kibbe, former Director of Health IT for the AAFP, noted
that most of its services were “only mildly useful and sort of
‘toyish.’” How have these services evolved to be more useful to people
with health conditions?
I have been following health care consumerism for several years now. Particularly, the “Direct Access” or “Direct To Consumer” laboratory testing market. While analytic lab testing has led out in this area, genetic testing has received all the regulatory attention, national press, and policy efforts (GINA).So it is no surprise that consumer genetic movement would be the first legal test of the Health 2.0 movement. As reported by Matthew Holt here on THCB, and a host of national outlets (Wired has had extensive coverage here, here, and here), there seems to be quite a hornets nest unleashed by our friends at the California and New York Departments of Health who are attempting to prevent consumers from accessing their own genetic information.
Thanks to some transparency efforts of the blogosphere, you can read the actual cease and desist letter written by Karen Nickels, the California Department of Pubic Health Chief of Laboratory Field Services. I actually know Karen Nickels personally. She has been a long time steward of ensuring regulatory exactness of all things laboratory within the State of California for 30+ years. She has a well deserved reputation as one tough cookie for the “precision” with which she carries out her dutiesUltimate Genetic Fighting – Which Genetic Variation Wins?
Should doctors and nurses be subject to different penalties for
precisely the same infraction? Of course not. Are they? Sure. Just ask
Britney Spears.Britney was hospitalized at UCLA at least
twice in the past few years –
once when she gave birth to her first son in 2005, and again in early
2008 for psychiatric care. Both times, dozens of UCLA staff members
peeked at her medical records, despite having no clinical reason to do
This voyeurism, of course, is hard wired into our DNA, and
we aren’t about to purge our inner paparazzis any time soon. But even
celebs have a right to keep their medical records private. Although the
Health Insurance Portability and Accountability Act
(HIPAA) has caused some real mischief, one of its beneficial effects is
that it put the issue of medical record snooping on our radar screen.
Whether the victim is a Hollywood starlet or your next-door neighbor,
it is just plain wrong.
Most organizations have hired HIPAA
police and done extensive HIPAA training with their staff.
Nevertheless, all the UCLA snoops were documented to have passed an
on-line HIPAA tutorial. When Britney hit the door, Inquiring People
just wanted to know.
Lest you think this is a UCLA thing, we had
a similar situation (with another famous actress) a few years ago, as
have dozens of other hospitals. In fact, human nature being what it is,
I can’t imagine this not happening – unless the rules are clear, widely disseminated, and strictly enforced.
Exclusive to THCB: A couple weeks ago I pointed to a new study, commissioned by Kroll Fraud Solutions and conducted by HIMSS Analytics, that makes startlingly clear the gap between what most health systems are doing to comply with HIPAA, and what they need to do to actually safeguard the patient data in their possession.Tomorrow, Wednesday, April 23rd at 2PM EST, and again next Tuesday, April 29th at 2PM, EST, you’re invited to a 40 minute Webcast, moderated by Yours Truly, that goes through the issues. Jennifer Horowitz, the investigator from HIMSS Analytics, Lisa Gallagher, HIMSS Senior Director of Privacy and Security and Brian Lapidus, Kroll’s COO, will talk about how health care executives typically perceive the issue and how they report their own awareness and preparedness, in stark contrast to the threat and what happens when a breach actually occurs. I was a bystander in this energetic discussion, but it was an eye-opener for me.
If you’re at all involved in managing health system security or if you’re simply interested in the deeper realities of what’s necessary to protect patient data, this one’s a must. Join us for this revealing and important Webinar. Click here to get the study report and to register.
piece in the medical privacy jigsaw puzzle is online behavioral
Last week, the Federal Trade Commission
(FTC) received comments from the Network Advertising
on the agency’s proposed principles for OBA. As part
of this filing, the NAI has published in draft its own
approach to behavioral ad targeting in health, included in the Self-Regulatory Code of Conduct for
behavioral advertising OBA
is the process whereby the online consumer’s search behavior is
analyzed across multiple websites and then categorized for use in
NAI’s members are reputed to cover 95% of
the online advertising market. NAI’s
membership includes 24/7 Real Media, Acerno, Advertising.com (an AOL company),
Atlas (a Microsoft company), BlueLithium (a Yahoo! Company), Doubleclick
(a Google company), Media6degrees, Mindset Media, Revenue Science, Safecount,
Specific Media, Tacoda (an AOL company), and
Yahoo!. Furthermore, NAI is
processing membership applications from Undertone Networks, Google and
Toward the end
of the NAI’s
Code you will find a section called, "The need for common understanding
by industry," in which the NAI
lists the "minimum restricted and sensitive consumer segments" that
online advertisers should avoid targeting.
EXCLUSIVE TO THCB: HIMSS Analytics, the research arm of the powerful, thoughtful and highly regarded Health Information Management Systems Society, has published a sobering study, Security of Patient Data – see here – that highlights the gap between hospital patient data security practices and the reality of impacts if a breach occurs. The report, commissioned by Kroll Fraud Solutions, should be a splash of cold water to health care executives in all settings with responsibility for patient data. A link to the Executive Summary has been placed at the bottom of this post.
In the wake of several recent incidents involving breaches of celebrity records, what’s fascinating about the study is that the executives interviewed claimed a very high familiarity with HIPAA rules; they averaged 6.53 (on a 7 point scale) and 75 percent of those interviewed gave themselves a 7. The report attributes the high sense of HIPAA knowledge with the current rounds of HIPAA compliance audits and the penalties for non-compliance that have resulted in some cases.
Given Matthew’s quite visceral response to some complaints that broad-based, government-encouraged (mandated, I suspect), electronic medical records I am interested in both his and THCB readers’ thoughts on the Bangor Daily News editorial staff’s approach to health care reform.
They suggest that transparency is the key – "lawmakers should require health providers and insurance companies to report all of their costs to the public."