HHS Study on HIPAA and Medical Record Privacy is 18 Months Late–Complex Issue But There’s Time For A Big Facebook Co
Posted Aug 13 2011 2:36am
Why did I mention Facebook? It has to do with privacy as well. Certainly what is being discussed here are the privacy standards and procedures for personal health records for the most part and nobody’s doing much about it. That’s what people, businesses and government does when things get too complicated – NOTHING.
Now with all the talk about privacy and what we see on the web all the time with privacy issues with Facebook and the platform opting people in with having to opt out of many of their privacy issues, why are we promoting a contest? To me right now the 2 don’t seem to match with the same idea, right? I’m not saying Facebook doesn’t have use as it does and just spoke to doctors on how to use it to build their practice, but with caution so as not to make mistakes on what gets posted.
We all know so many sites are selling our personal data and making huge profits from it and as a good example Walgreens themselves said their data selling business is valued at just under $800 million, so again why are we promoting a platform that is maybe not ready for prime time full on privacy and security? If I have missed something here, let me know.
Now when it comes to personal health records, we all know that Google has opted out due to lack of participation and use. Maybe that fact and having to work with privacy policies that have never been defined may have lead to their decision? So many think that all medical information is covered via HIPAA but it’s not and when consumers find out their prescription records are sold for example they go nuts as they think HIPAA covers this. Maybe this is why nobody can make a decision and come up with standards that everyone can live with. If we were not constantly risk assessed on every street corner today perhaps this would not be such a big issue, but that’s not the way it works in the US.
We also have 3rd parties on the web with medical devices that sell out data in addition to all the marketers out there and more than ever this is in the limelight as we all don’t like it. Social networking sites exploit information for commercial purposes too. So again I ask are we going to have privacy or not? Again I understand the complexity of coming to an agreement on all of this but it is confusing to the consumer when HIPAA is spoken at one fork in the road and Facebook at the other. Why does something like this have to be an opt out with facial recognition?
Social networking does not always get it right either, from MIT. They also say some type of privacy laws are needed soon. Again I think at this point we may have figured out we all need to be adults with what we put on the web but when it goes beyond our control and we get matched with data that someone else puts on the web, i.e. a group picture that runs out to identify us, we need to give this some serious thought.
An associate professor of information technology and public policy at the Heinz College at Carnegie Mellon University, showed how a photograph of a person can be used to find his or her date of birth, social security number, and other information by using facial recognition technology to match the image to a profile on Facebook and other websites. Social Security numbers are all a big part of healthcare with medical claims even though they are no longer supposed to be used as an ID number, they are.
I can understand the complexity and the need for several federal agencies to provide input and the fact that nobody wants this big project as there’s a lot to it but for goodness sakes if we are going to talk privacy can we at least stay with the same theme? To make matters even more complicated we have a credit agency now that thinks they can take data from the web and use it with risk assessment based on your credit scores to create algorithms that can tell if you will take your prescriptions…please this is the biggest fleece and selling of mis matched algorithms out there.
I see very mixed messages being sent out from HHS and again can be all be on the same theme of privacy without conflicting software and web sites? Either go one way or the other and remain consistent. I think when it is the responsibility of HHS to promote privacy and then run this web contest with to promote Facebook which is still working on their privacy issues is totally out of place and doesn’t show enough thinking ahead here and thus I come back to everyone is a consumer and a participant. Facebook is fine for an information page, asking for feedback, a presentation or whatever in that respect but to have a government program that runs on there with the facial recognition being used to mine data is a bit irresponsible.
How many at the ONC or HHS are using Facebook and want their own personal data exploited and worse yet, how many new users won’t understand. My goal here in part is to educate and let people know when and where their data is being sold as best I can and where certain websites and services exploit or sell it as so many are not aware and I don’t want to see anyone denied any healthcare services due to a marketing for profit scheme.
For 15 years, the Health Insurance Portability and Accountability Act (HIPAA) has given patients a variety of privacy protections for personal health information obtained by medical providers. Unbeknownst to many, though, the same protections do not apply to records controlled by consumers. Privacy advocates say it’s time that stricter standards apply to those records — but efforts to do just that have gone nowhere in Washington, and Congressionally mandated recommendations on how to make it happen are already 18 months late.
But the HHS Office of National Coordinator (ONC) for Health Information Technology, the agency responsible for overseeing the details of the law, has still not filed the report. A spokesman for HHS told iWatch News the department was working on it, but could provide no target date for release.
An ONC spokesperson said the agency has had ongoing discussions with the FTC, the Department of Commerce and HHS Office for Civil Rights, and said the delay in issuing the report “reflects the complexity of the issues at hand and our commitment to thoroughly evaluate these issues with our federal partners to develop strong, fair and consistent recommendations.”
Deven McGraw, director of the Health Privacy Project at CDT, pointed out that HIPAA laws have always only applied to specific health care entities. “HIPAA is not the right set of rules [for personal health records] because it’s all geared toward how traditional health organizations have used data,” she said.
There is one regulation for personal health records in the 2009 HIPAA legislation. If a digital medical records provider transmits protected health information to an organization or business partner that is covered by HIPAA, such as a hospital or clinic, then they are considered a “business associate” under the law and therefore subject to the same privacy rules as those they contract with.