New Data Rules Could Empower Patients but Undermine Their Privacy

Natasha Singer
The New York Times
Originally posted 9 March 20

Here is an excerpt:

The Department of Health and Human Services said the new system was intended to make it as easy for people to manage their health care on smartphones as it is for them to use apps to manage their finances.

Giving people access to their medical records via mobile apps is a major milestone for patient rights, even as it may heighten risks to patient privacy.

Prominent organizations like the American Medical Association have warned that, without accompanying federal safeguards, the new rules could expose people who share their diagnoses and other intimate medical details with consumer apps to serious data abuses.

Although Americans have had the legal right to obtain a copy of their personal health information for two decades, many people face obstacles in getting that data from providers.

Some physicians still require patients to pick up computer disks — or even photocopies — of their records in person. Some medical centers use online portals that offer access to basic health data, like immunizations, but often do not include information like doctors’ consultation notes that might help patients better understand their conditions and track their progress.

The new rules are intended to shift that power imbalance toward the patient.

The info is here.

Lawmakers Push Again for Info on Google Collecting Patient Data

Rob Copeland

Wall Street Journal
Originally published 3 March 20

A bipartisan trio of U.S. senators pushed again for answers on Google’s controversial “Project Nightingale,” saying the search giant evaded requests for details on its far-reaching data tie-up with health giant Ascension.

The senators, in a letter Monday to St. Louis-based Ascension, said they were put off by the lack of substantive disclosure around the effort.

Project Nightingale was revealed in November in a series of Wall Street Journal articles that described Google’s then-secret engagement to collect and crunch the personal health information of millions of patients across 21 states.

Sens. Richard Blumenthal (D., Conn.), Bill Cassidy (R., La.), and Elizabeth Warren (D., Mass.) subsequently wrote to the Alphabet Inc. GOOG +1.35% unit seeking basic information about the program, including the number of patients involved, the data shared and who at Google had access.

The head of Google Health, Dr. David Feinberg, responded with a letter in December that largely stuck to generalities, according to correspondence reviewed by the Journal.

(cut)

Ascension earlier this year fired an employee who had reached out to media, lawmakers and regulators with concerns about Project Nightingale, a person familiar with the matter said. 

The employee, who described himself as a whistleblower, was told by Ascension higher-ups that he had shared information about the initiative that was intended to be secret, the person said.

Nick Ragone, a spokesman for Ascension—one of the U.S.’s largest health-care systems with 2,600 hospitals, doctors’ offices and other facilities—declined to say why the employee in question was fired. 

The info is here.

Large HMO Cited in Mental Health Care Cover-up

Nancy A. Melville
Medscape Medical News
Apr 03, 2013

California's Department of Managed Health Care (DMHC) has cited Kaiser Permanente for using a deceptive dual record-keeping system to cover up violations of the state's "timely access" law, which restricts the amount of time mental health patients should have to wait for an appointment, as well as for other violations.

In a report filed last month, the DMHC concludes that many Kaiser mental health patients faced extensive waiting periods for appointments, well beyond the 10 days for a regular appointment that the law requires.

(cut)

Clinician Whistle-blowers

The violations were discovered through a standard survey or evaluation process that the DMHC uses to review compliance by all California health plans.

After the review was underway, complaints regarding timely access violations were brought forward by a group of Kaiser Permanente's own mental health clinicians, who were represented by the National Union of Healthcare Workers (NUHW). Those complaints were considered and incorporated in the evaluation, Rouillard said.

Among the psychologists lodging complaints was Andris Skuja, PhD, who said the violations had been observed for years before the clinicians referred their concerns to the DMHC.

"Over a number of years, we tried many internal mechanisms with Kaiser to address some mounting concerns we had about the adequacy of treatment," Dr. Skuja told Medscape Medical News.

The entire story is here.

A previous news story about this topic can be found here.

Letting Patients Read the Doctor’s Notes

By PAULINE W. CHEN, M.D.
The New York Times
Originally published on October 4, 2012

Here are some excerpts:


This patient’s experience, like those of so many others who have tried to obtain their medical records, came to mind this week when I read about the long-awaited results of a study in which patients were given complete access to their doctors’ notes. The findings, published in the Annals of Internal Medicine, do more than shed light on what patients want. They make our current ideas about transparency in the patient-doctor relationship a quaint artifact of the past.

Since 1996, when Congress passed the Health Insurance Portability and Accountability Act, or HIPAA, patients have had the right to read and even amend their own records.

In fact, few patients have ever consulted their own records. Most do not fully grasp the extent of their legal rights; and the few who have attempted to exercise them have often found themselves mired in a parallel universe filled with administrative regulations, small-print permission forms, added costs and repeated delays.


(cut)


For one year, the study, aptly called OpenNotes, allowed over 13,000 patients from three medical centers — the Beth Israel Deaconess Medical Center in Boston, the Geisinger Health System in Danville, Pa., and the Harborview Medical Center in Seattle — to have complete access to one part of their medical records, the notes that doctors wrote about them. Within days of seeing their doctors, patients received an e-mail inviting them to read the doctor’s signed note on a secure patient Web site. Two weeks before their return visit, patients received a second e-mail inviting them again to review their doctor’s note from the previous encounter.

After a year, almost all the patients were enthusiastic about the OpenNotes initiative.

Surprisingly, so were the majority of doctors.

The entire article is here.

The research from the Annals of Internal Medicine is here.

Preventing a Data Breach and Protecting Health Records

Preventing a Data Breach and Protecting Health Records
Found in the public domain.

Digital Data on Patients Raises Risk of Breaches

By Nicole Perlroth
Published 12/18/11
The New York Times: Technology

One afternoon last spring, Micky Tripathi received a panicked call from an employee. Someone had broken into his car and stolen his briefcase and company laptop along with it.

So began a nightmare that cost Mr. Tripathi’s small nonprofit health consultancy nearly $300,000 in legal, private investigation, credit monitoring and media consultancy fees. Not to mention 600 hours dealing with the fallout and the intangible cost of repairing the reputational damage that followed.

Mr. Tripathi’s nonprofit, the Massachusetts eHealth Collaborative in Waltham, Mass., works with doctors and hospitals to help digitize their patient records. His employee’s stolen laptop contained unencrypted records for some 13,687 patients — each record containing some combination of a patient’s name, Social Security number, birth date, contact information and insurance information — an identity theft gold mine.

His experience was hardly uncommon. As part of the 2009 stimulus bill, the federal government provides incentive payments to doctors and hospitals to adopt electronic health records. Some 57 percent of office-based physicians now use electronic health records, a 12 percent jump from last year, according to the Centers for Disease Control.

An unintended consequence is that as patient records have been digitized, health data breaches have surged. The number of reported breaches is up 32 percent this year from last year, according to the Ponemon Institute, a security research group. Those breaches cost the industry an estimated $6.5 billion last year. In almost half the cases, a lost or stolen phone or personal computer was responsible.

The entire story can be read here.