The Changing Landscape - The Impact to Patients’ Privacy

Both President Bush and President Obama agree that every American should have an electronic health record by 2014. Congress agrees too and has poured $27 billion into digitizing the healthcare system.  Using data instead of paper records, technology tools can analyze mountains of health information to understand what treatments work best for each of us, improve quality, facilitate research, and lower costs. Strong support for electronic health records systems and health data exchanges is bipartisan.

But the systems being funded have major, potentially fatal design flaws which are NOT being addressed by either party:

• Patients have no control over who sees or sells sensitive personal health information.
• Comprehensive, effective data security measures are not in use; 80% of health data is not even encrypted.
• Health data is held in hundreds or thousands of places we have never heard of because of hidden data flows.
• Hundreds of thousands of employees of corporations, third parties inside and outside the healthcare system, researchers, and government agencies can easily obtain and use our personal health information, from prescription records to DNA to diagnoses.
• There is no "chain of custody" for our electronic health data.

The consequences of the lack of meaningful and comprehensive privacy and security protections for sensitive health data are alarming. Over 20 million patients have been victims of health data breaches – these numbers will only increase. Millions of patients each year are victims of medical ID theft, which is much harder to discover and much more costly than ID theft. Such easy access to health data by thousands of third parties is causing an explosion of healthcare fraud (see FBI press release on $100M Armenian-American Fraud ring: http://www.fbi.gov/newyork/press-releases/2010/nyfo101310.htm). Equally alarming, this lack of privacy can cause bad health outcomes, millions of people every year avoid treatment because they know their health data is not private:

• HHS estimated that 586,000 Americans did not seek earlier cancer treatment due to privacy concerns. 65 Fed. Reg. at 82,779
• HHS estimated that 2,000,000 Americans did not seek treatment for mental illness due to privacy concerns. 65 Fed. Reg. at 82,777
• Millions of young Americans suffering from sexually transmitted diseases do not seek treatment due to privacy concerns. 65 Fed. Reg. at 82,778
• The Rand Corporation found that 150,000 soldiers suffering from PTSD do not seek treatment because of privacy concerns. "Invisible Wounds of War", The RAND Corp., p.436 (2008). Lack of privacy contributes to the highest rate of suicide among active duty soldiers in 30 years.

Public distrust in electronic health systems and the government will only deepen unless these major design flaws are addressed.

The President's Consumer Privacy Bill of Rights shows he knows that trust in the Internet and electronic systems must be assured. The same principles that will ensure online trust must also be built into the healthcare system --- starting with Principle #1:

"Consumers have a right to exercise control over what personal data companies collect from them and how they use it."