Wednesday, September 23, 2009

Is Healthcare Privacy Really "Too Complicated"?

This morning, I received an e-mail from Patient Privacy Rights, which is a non-profit organization based in Texas that was founded by a physician named Dr. Deborah Peel. I've mentioned Patient Privacy Rights before because it is one of the few organizations that works to ensure adequate protection of consumer healthcare data and it was started by a healthcare industry "insider". Plus, the Federal Government seems to think patient privacy rights is a non-issue, and even a GAO report revealed that the U.S. Department of Health and Human Services is woefully unprepared to deal with issues like insurance identity theft, for example, lacking even a medical record dispute resolution policy.

The e-mail shared an interesting report that showed that in over 20 nationwide consumer focus groups examining the subject of health IT and privacy showed overwhelmingly that consumers feel WE should control our own healthcare data, and that we as patients should also be able to decide how our healthcare information is used AND shared.

But the debate in Washington consists mainly of advocates for the IT industry along with their highly-paid lobbyists and, of course, lawmakers -- with almost no representatives of patient advocates representing our concerns. The IT industry makes a boatload of money selling, for example, our prescription history (minus our personal identification, such as name or insurance number) to private companies who analyze and re-sell that data to private-companies such as IMS Health and Wolters Kluwer Health. In other words, the pharmacies sell them OUR Rx data, and the companies aggregate it and then turn around and sell it for millions of dollars every year.

But were you ever asked if you wanted your data used in this manner?

I can assure you that the answer is definitely NO, because all of the parties involved are excluded under the "covered entities" exclusion outlined in the Health Insurance Portability and Accountability Act (HIPAA). Covered entities may also include billing and coding data entry folks based offshore, including places like India, Pakistan and China. Now isn't that comforting to know?

According to Patient Privacy Rights, what they are hearing from Washington industry insiders is "it's too complicated." To be sure, no one is belittling how complicated healthcare is, but health information technology without privacy is a deal-breaker.

The baseless claims being used are that healthcare involves numerous parties, both public entities and corporations like insurance companies and their subcontracted vendors.

But those claims sound pretty lame, actually. There is even an example of a similar public-private cooperative mandated in the law, and that has worked (surprisingly) quite well for all parties involved. What is that?

Why not model the effort after the Fair Credit Reporting Act (FCRA) which obliges privately-held credit reporting agencies to maintain accurate records (including the thousands of U.S. lenders who supply them with that information), while protecting the privacy of our info by limiting access to it. By limiting who can use the credit reports, and requiring timely resolution of disputes, we have a system that private entities (including banks and credit reporting agencies) can rely upon while simultaneously protecting the rights of consumers, and provides a way that disputes can be resolved in a timely fashion that satisfies all parties involved.

The FCRA is an example of government-mandated protection of private data that is maintained by unrelated third-party entities which, by and large, is a model for the healthcare industry which claims "it's too complicated", which reflects not so much the technological difficulty involved, but an entrenched industry that is extremely resistance to change unless they benefit from that change.

You can do something about it. Visit Patient Privacy Rights and give them a sort of Tweet (as in from Twitter) limited to 255 charahters with YOUR questions for the key decision makers in Washington. See here for your opportunity to make your voice heard on this very important issue!


Cherise said...


Huge eye opener!

Anonymous said...

Heath Care Renewal has a tremendous amount of information about health IT. BESIDES the patient privacy issue, the IT doctor points out that as long as health IT is portrayed as the 'great savior' for reducing healthcare costs, we are looking through rose-colored glasses. Poorly done health-related IT may actually increase costs . . . and the IT companies have successfully situated themselves where they answer to no-one. Privacy issues--that's not the IT responsibility; medical errors/bad programming--that's not the IT responsibility. To make matters worse, the IT companies seeking dominance in healthcare have already written in non-disclosure clauses whereby if a doctor or hospital finds a problem--he/they cannot alert other end-users of the problem because of intellectual property issues.

In re: patient privacy, it would appear the solicitation by a pharmacy chain of a single pharmaceutical (Prozac) and resulting court battle--it seems any consequences that may result from privacy breaches is merely another 'cost of doing business.'

I suppose as long as we are willing to act like sheep, we deserve the label "sheeple" and our leaders can rely upon us to compliantly baaaaah!