The Coastal Packet

The longtime national journal, Progressive Review, has moved its headquarters from Washington DC to Freeport, Maine, where its editor, Sam Smith, has long ties. This is a local edition dealing with Maine news and progressive politics.


The new medical records law is a major privacy threat

The Progressive Review has been a lonely voice reporting on the threat to privacy and other civil liberties posed by the massive new medical records program launched by the Obama administration. Maine has now become the largest state to have such a system and the stories about it include one sentence that implicitly admits the existence of a huge problem. For example, the Kennebec Journal reported, "Information about mental-health diagnoses, substance abuse and HIV status are not disclosed through HealthInfoNet." And why would not such essential medical information be available in the network? The most obvious answer is that the system is not as secure as its promoters claim. As we have pointed out, such systems can be entered improperly by law enforcement, employers or insurance companies.

Joanne Waldron, Natural News
- The Washington Post reports that health and life insurance companies use a type of consumer health "credit report" that is derived from databases containing the prescription medication records on over 200 million Americans. In fact, some insurers are already testing information systems that contain information about the laboratory test results on patients. Previously, in order to determine insurability, insurance companies had to rely on records obtained directly from physician's offices. Insurers these days, however, rely on records that are obtained electronically at a very low cost (currently about 15 bucks), and these records are often used to deny people health insurance. . .

Some of the information stored about each consumer includes a history of five years worth of prescription medications and dosages, dates they were filled/refilled, the therapeutic classes of the drugs, and the name and address of the doctor who prescribed each medication. From this information, each consumer is assigned an expected risk score (kind of like a credit rating, except instead of measuring one's credit worthiness, it measures one's expected health risk).

It is doubtful that most doctors bother to warn their patients that taking optional or unnecessary medications could make it impossible or very expensive to get health insurance. In fact, most patients mistakenly believe that it is illegal for companies to sell private consumer health information. Nothing could be further from the truth.

For instance, according to the aforementioned Washington Post article, one doctor reported that she prescribed a drug called Amitriptyline for migraine headaches, and the patient was then denied life insurance due to the fact the medication was also an antidepressant. The article also asserts that insurers also leap to conclusions about patients' probable health outcomes if they notice that patients are taking the highest possible dosage of, say, a cholesterol medication.

Progressive Review, January 2009 - Of all the things that need fixing in our country this would belong near the bottom of the list. There are numerous problems: cost, governmental interference in medical decisions (doctors will inevitably be told what data they need to keep and how to keep it), the difficulty in reading doctor's handwritten notes, training doctors and nurses in the system, patient privacy and the high likelihood of error in transcribing the records. This project reeks of a medical version of No Child Left Behind - a dubious program that will make certain campaign contributors an awful lot of money, with no verifiable proof that it will improve life that much.

CNN - Only about 8% of the nation's 5,000 hospitals and 17% of its 800,000 physicians currently use the kind of common computerized record-keeping systems that Obama envisions for the whole nation. And some experts say that serious concerns about patient privacy must be addressed first. Finally, the country suffers a dearth of skilled workers necessary to build and implement the necessary technology. . .

It also won't come cheap. Independent studies from Harvard, RAND and the Commonwealth Fund have shown that such a plan could cost at least $75 billion to $100 billion over the ten years they think the hospitals would need to implement program.

That's a huge amount of money -- since the total cost of the stimulus plan is estimated to cost about $800 billion, the health care initiative would be one of the priciest parts to the plan.

The biggest cost will be paying and training the labor force needed to create the network. Luis Castillo, senior vice president of Siemens Healthcare, a company that designs health care technology, said the laborers will have the extremely difficult task of designing a a system that "thinks like a physician.". . .

But highly skilled health information technology professionals are as rare as they come, and many IT workers will need to be trained as health technology experts.

Early government estimates showed about 212,000 jobs could be created from this program, but [one expert] said there simply aren't that many Americans who are qualified.

Robert Pear, NY Times - Congressional leaders plan to provide $20 billion for such technology in an economic stimulus bill whose cost could top $825 billion. . .

So far, the only jobs created have been for a small army of lobbyists trying to secure money for health information technology. They say doctors, hospitals, drugstores and insurance companies would be much more efficient if they could exchange data instantaneously through electronic health information networks. Consumer groups and some members of Congress insist that the new spending must be accompanied by stronger privacy protections in an era when digital data can be sent around the world or posted on the Web with the click of a mouse.

Lawmakers leading the campaign for such safeguards include Representatives Edward J. Markey of Massachusetts and Pete Stark of California, both Democrats; Senator Patrick J. Leahy, Democrat of Vermont; and Senator Olympia J. Snowe, Republican of Maine.

Without strong safeguards, Mr. Markey said, the dream of electronic health information networks could turn into "a nightmare for consumers."

In the last few years, personal health information on hundreds of thousands of people has been compromised because of security lapses at hospitals, insurance companies and government agencies. These breaches occurred despite federal privacy rules issued under a 1996 law. Congress is trying to strengthen those privacy protections and make sure they apply to computer records. Lobbyists for insurers, drug benefit managers and others in the health industry are mobilizing a campaign to persuade Congress that overly stringent privacy protections would frustrate the potential benefits of digital records.

Wired - An academic says he found thousands of sensitive medical records leaked over peer-to-peer networks from computers at hospitals, clinics and elsewhere. . .

M. Eric Johnson, director of the Center for Digital Strategies at Dartmouth College, says he used simple search terms on several file sharing networks and uncovered files listing patient names, Social Security numbers, birth dates, insurance carrier names and insurance diagnosis codes that revealed which patients were being treated for specific diseases. He conducted some of the searches last month and presented his findings at a conference last week.

Among about 160 files that Johnson claims contained sensitive data were two spreadsheets containing information on 20,000 patients, which identified four patients being treated for HIV-AIDS, 326 patients being treated for cancer, 201 being treated for mental illnesses and thousands afflicted with various other diseases. The spreadsheets came from a collection agency that a hospital employed to track down delinquent payments.

In addition to these records, Johnson found patient psychiatric evaluations from mental health centers in several states; patient billing information from a drug and alcohol rehabilitation center; and a spreadsheet from an AIDS clinic that listed the address, Social Security number and date of birth of 232 clinic visitors. A 1,718-page document (see document above) from a medical testing laboratory included the Social Security numbers, date of birth, insurance information and treatment codes for approximately 9,000 patients. . .

The study was partially funded by a grant from the Department of Homeland Security and comes on the heels of the $780 billion economic stimulus bill that President Obama signed into law last month, which allocates $19 billion to help build a nationwide health-information network that would convert all patient medical records to a digital format by 2014. . .

While the British bill described below is different than Obama's, it raises similar concerns. The America media has not touched this issue.

British Medical Journal - The health consequences of the government's new data-sharing proposals could be "staggering" warns an expert in an editorial.

Dr Vivienne Nathanson, Director of Professional Activities at the British Medical Association expresses concerns about the Coroners and Justice Bill which, in its current form, appears to grant the government unprecedented powers to access people's confidential medical records, and share them with third parties.

Simply it means that laws that currently limit health data sharing could be set aside, says Dr Nathanson. Even the Venereal Diseases Regulations and the provisions of the Human Fertilisation and Embryology Act would not be immune to the potential for removal.

Health data is not privileged in the manner of legal information, but for many years it has been recognized as special, and as sensitive, she writes. Research shows that patients expect the health professional with whom they share information will hold it in confidence, and share it sparingly and on a need to know basis, usually those also involved in offering them care.

Yet Dr Nathanson believes that data in the current draft of the bill suggests blindness to the special sensitivity of health data.

If the current draft legislation goes through with minimal changes, the effect could be to to undermine doctor and patient confidence in the future control of data that neither is willing to record the most sensitive information, she warns.

Health Care Renewal, 2006 - The Wall Street Journal published a story on a patient, Patricia Galvin, who was screwed by insurers after medical information she thought was confidential (about her psychotherapy) was divulged to an insurance company:


Theo Francis, Wall Street Journal -
After her fiancé died suddenly, Patricia Galvin left New York for San Francisco in 1996 and took a job as a tax lawyer for a large law firm. A few years later, she began confiding to a psychologist at Stanford Hospital & Clinics about her relationships with family, friends and co-workers.

Then, in 2001, she was rear-ended at a red light. When she later sought disability benefits for chronic back pain, her insurer turned her down, citing information contained in her psychologist's notes. The notes, her insurer maintained, showed she wasn't too injured to work.

Ms. Galvin, 51 years old, was appalled. It wasn't just that she believed her insurer misinterpreted the notes. Her therapist, she says, had assured her the records from her sessions would remain confidential.

As the health-care industry embraces electronic record-keeping, millions of pages of old documents are being scanned into computers across the country. The goal is to make patient records more complete and readily available for diagnosis, treatment and claims-payment purposes. But the move has kindled patient concern about who might gain access to sensitive medical files -- data that now can be transmitted with the click of a computer mouse. . .

The article points out that complaints to HHS about breaches of medical privacy have exceeded 23,000 and that HHS presently receives about 700 new complaints monthy, while enforcement of "guarantees" such as in the HIPAA act are basically non-existent. I'd bet a large proportion of these breaches were facilitated by electronic legerdemain.

Junk Food Science 2006 - Ms. Galvin's fears that her most private thoughts and secrets are "mere data of a transaction, like a grocery receipt" are well-founded and truly give life to an observation I made several years ago while leading electronic medical records implementation at a large hospital. . . Unfortunately, as Ms. Galvin discovered to her horror, good things do not come from treating twenty-first century medical "transactions" as nineteenth century accounting data.

We're not alone in the United States. In the UK, the ambitious Connecting for Health national EMR project and plans for a central clinical database have been met with stiff resistance from patient advocacy groups. Plans to upload medical records onto the central clinical database will put patient confidentiality at risk, the UK program has been told by its own consultants. . .

A similar advocacy movement is needed in the U.S., for there has been an idealistic and almost reckless push in the US to put any and all healthcare information into EMR's and other electronic databases, even when the financial and clinical benefits are unproven. . .

In a decade when conflict of interest and mismanagement in healthcare is common, break-ins to supposedly secure databases appear in the news almost weekly, and dominant computer operating systems are barely able to keep ahead of hackers' attempts to circumvent security, the dream of patient confidentiality is increasingly utopian. . .

In reality, if you want to keep information secure, don't put it on a computer; and if you have to put it on a computer, and the computer is to be put on a network, then the information by definition is no longer secure. . .

Healthcare professionals quickly come to know that patients' records are not really confidential, but when they become electronic, the numbers of people and interests with potential access explodes. The public would be astounded to learn that HIPAA gives virtually anyone remotely connected to their healthcare, third-party reimbursement or regulatory surveillance, access to their most private information. . .

In a related story, the Chicago Sun Times just reported on an online Personal Health Records database being created by one of the country's largest health management companies, Blue Cross and Blue Shield Association, which has partnered with America's Health Insurance Plans, the main lobbying organization for 1,300 health insurance companies. The newspaper reports:

"The two groups have developed and pilot tested standards on what should be included in the records and that make them portable, enabling consumers to transfer the records when they change insurers or doctors.
The groups, whose members cover more than 200 million people, said the goal is to have insurers include in every personal health record core data such as records of visits to doctors' offices and hospitals; medical conditions and illnesses; treatment plans, including medications; immunizations; allergies; health risks, and health insurance information. . . "

Patient Privacy Rights, a national consumer watchdog organization based in Austin, Texas, denounced this plan. "This is a wolf in sheep's clothing," said Deborah Peel, MD, founder and chair of Patient Privacy Rights. "Insurer-provided electronic personal health records held in a data bank that the insurers control will be used primarily to benefit insurers, not patients. . .

Xerobank, UK, 2009 - Doctors have condemned a 'Big Brother' scheme to give the public sector and private companies much wider access to personal medical records. Eight organizations, including the British Medical Association and the medical royal colleges, have protested against it.

They have written a letter to oppose a proposed law that would make it easier for the Government to share data. . .

They also warn that increasing availability of patient records on the national computer database elevates the risk of information falling into the wrong hands.

They say that anonymous sperm donors or those with venereal diseases could find themselves being publicly identified under the new law.

The BMA argues much of the at-risk data could be used by medical researchers, potentially in the pay of drugs companies. . .

BMA chairman Dr Hamish Meldrum said: 'If patients cannot be 100 per cent sure their records are confidential they will inevitably be reluctant to share vital information with their doctor.'

ACLU, 2003 - Recent media reports have revealed that a little-known Defense Department office is developing a computer system called "Total Information Awareness" that threatens to turn us all into "suspects" without proof of criminal wrongdoing.

The system, which includes an advanced form of ""data-mining,"" would effectively provide government officials with immediate access to our personal information such as all of our communications (phone calls, emails and web searches), financial records, purchases, prescriptions, school records, medical records and travel history. Under this program, our entire lives would be catalogued and available to government officials.

Although Congress defunded this project, elements of it remain scattered throughout the government.

Fierce Healthcare, 2008 - Despite vows that it was getting things in order, UCLA Medical Center still seems to have a problem with protecting the privacy of its medical records. According to a new report from the California Department of Public Health, the privacy of a high-profile patient was breached by two nurses and an emergency department tech in mid-April. What's more, the Department found that almost twice as many medical center employees as had previously been reported had improperly accessed records between January 2004 and June 2006. That brings the full total of workers implicated in records snooping to 127.

Previous investigations had found that UCLA employees had inappropriately viewed the records of several celebrities and high-profile patients, including actress Farrah Fawcett and singer Britney Spears. In one particularly egregious case, a former administrative specialist faces federal criminal charges for violating Fawcett's privacy, as well as 938 other patients, from April 2003 to May 2007.

UCLA's attempts to discipline the employees have varied. Of 59 employees newly linked to breaches by the Department of Public Health, 24 worked at UCLA when they were identified. The hospital is proposing to fire seven, suspend six for two to three weeks each and issue verbal or written warnings to eight others, with three remaining under investigation.


Post a Comment

<< Home