Liberty Coalition would like to thank Dr. Peel for being our first guest blogger in 2008.

What will be the hottest privacy issues/battles in 2008?
By Deborah C. Peel, MD
Founder and Chair, Patient Privacy Rights

1) e-prescribing. We have to stop all e-prescribing bills unless Congress builds in consumers’ rights to control access to their personal prescription records. The nation is just learning that it is impossible to have a private prescription in the US, even if we pay for our medications with cash. Every single prescription in the US has been data mined and sold daily from all 51,000 pharmacies in the US for over a decade. Congress should not legalize the systemic data mining and sale of our prescription records.

BUT, there is bipartisan support for e-prescribing because it is supposed to save money, save lives, and allow law enforcement to ‘catch’ pain medicine addicts. Should every American lose prescription privacy to build a surveillance system to ‘catch’ the 2 ½% of the population who are addicted to pain medications? Addiction is not a crime. Is surveillance of pain medication users and phsycian-prescribers by law enforcement the best way to help people with addictive disorders or chronic pain?

Pain and addiction are best treated by health professionals. See Patient Privacy Rights ‘Viagra-man’ 30 second video on this issue at http://www.patientprivacyrights.org/site/PageServer?pagename=Campaign_fo...

2) Open access to the nation’s electronic health records by researchers and all other secondary users. On December 22, 2007, the healthcare industry-dominated NCVHS quietly issued a report titled “Enhanced Protections for Uses of Health Data: A Stewardship Framework for “Secondary Uses” of Electronically Collected and Transmitted Health Data” at http://www.ncvhs.hhs.gov/071221lt.pdf . This report recommends that Americans have ZERO control over access to their electronic health information. Zero. Instead, the NCVHS recommends that others decide when and for what purposes our health data is used. Consumers have NO rights to opt-out of this proposed “data stewardship” system. Although the report notes how concerned Americans are about the illegal and unethical uses and sale of personal health data, of the 75 who presented testimony or comments to NCVHS on this subject, only Patient Privacy Rights and the American Psychoanalytic Association represented the interests of consumers and their right to control all access to personal health information. This is the right that Hippocrates first identified 2,400 years ago as essential for trust in doctors and participation in treatment. The right of informed consent is codified in over 200 years of American law and every ethical code for health professionals, researchers, and pharmacists, but law and ethics are not enough to stop this disastrous plan----American consumers must say ‘NO!”

Similarly, the IOM Committee on “Health Research and the Privacy of Health Information: The HIPAA Privacy Rule”, which took testimony last year is expected to release its report soon. Again, the majority of those who testified were in favor of unfettered access to the nation’s health records for researchers, even though only 1% of the public would allow that (See Prof Alan Westin’s Survey and Report at http://www.patientprivacyrights.org/site/DocServer/_Westin_IOM_Srvy_Rept... )

The problem is private corporations are re-inventing themselves as ‘research organizations’, including some of the most blatant data thieves and data aggregators on the planet, like Blue Cross Blue Shield’s Blue Health Initiative (sells enrollee health and claims data to large employers), IMS Health and Verispan LLC (sell prescription records to insurers and employers), and Thomson Medstat (sells longitudinal health records to large employers).

The only ‘data stewards’ Americans can trust are themselves.

3) Health IT legislation. This session of Congress there will be a renewed push by
Senators Kennedy, Enzi, Clinton, and Hatch to pass “Wired” (S. 1693), which eliminates Americans’ rights to control access to personal health information in electronic systems. Thanks to the leadership of Senator Leahy in the waning days of 2007, supported by the many bipartisan organizations that signed letters opposing “Wired”, it did not pass. (see the Coalition for Patient Privacy’s press release at http://www.patientprivacyrights.org/site/DocServer/C4PP_Wired_Press_Rele... .

The Senators pushing this bill do not have the votes to pass it as a stand alone bill, so their strategy will once again be to try and attach it to a piece of must-pass legislation like the Medicare fix or SCHIP which have to be addressed by June. Look for lots of action late this spring. Sign up for e-updates from Patient Privacy Rights at http://www.patientprivacyrights.org/site/PageServer?pagename=Sign_Up_To_...

4) Consumer-led certification of health technology systems and products. Patient Privacy Rights is working to build a consumer-led organization to offer a Goodhousekeeping seal-of-approval process so Americans have a clear way to know which electronic health systems and PHRs they can trust. By building a consumer-led certifying organization that will require state-of-the-art privacy and security measures in technology products, together consumers can CHANGE the marketplace, give Americans what they want (health privacy), and press Congress to restore our privacy rights in electronic health systems via federal statute. (the HIPAA regulations actually eliminated our rights to control access to personal health information.) The organization will be ready to certify health IT products and systems for privacy in 1-2 months.

Conclusion: In 2008 we can expect the Administration, industry, and key Congressional leaders of both parties to keep trying to eliminate American’s traditional legal and ethical rights to control their personal health information. Personal health data is the most valuable personal information on Earth---we are in a war over who controls it. The value of electronic health data is conservatively estimated to be $81 billion dollars.

But who REALLY owns personal health data? The only possible answer is each individual, based on ethics dating back 2,400 years to Hippocrates and the very strong laws in every state dating from the nation’s founding.

Who does NOT own our health data: employers, pharmacies, hospitals, IT vendors, data miners, data aggregators, PBMs, switching companies, CMS and other federal agencies, state agencies and registries, researchers, doctors, health providers, HMOs, PPOs, business associates, covered entities, clinics, insurers, banks and financial institutions, etc, etc, etc.

Even though serious threats to our health privacy are rampant, we WILL win back our rights because after all: our health records are the most sensitive personal information about us on Earth. No one else can claim any right to control or own our health records. They belong to us.