[Med-privacy] Boston Herald: Known around the world: Private records may be at risk
DPeelMD@aol.com
DPeelMD@aol.com
Sun, 30 Nov 2003 13:53:45 EST
-------------------------------1070218425
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
I was honored to meet with Rep Markey (D-MA) and his staff Nov 11th to
discuss the issues he was quoted on (below). He and Dana Rohrabacher (R-CA) are
cosponsors of the Stop Taking Our Health Privacy Act (STOHP). STOHP seeks to
restore every American's right of consent, which was eliminated by the Amended
HIPAA Privacy Rule. The announcement of the STOHP Act was coordinated with the
announcement of our lawsuit last April 10th, as both efforts seek to restore the
right to medical privacy. Privacy advocates have worked closely with him for
many years, as he has been such a great leader in Congress for privacy rights
from the very beginning of the corporate and governmental assaults on medical
privacy.
Deborah C. Peel MD
www.patientprivacy.info
Known around the world: Private records may be at risk
By Jay Fitzgerald
Sunday, November 30, 2003
Someone in Asia may be looking at your income tax returns or reading
sensitive doctors' notes about your medical history.
That may sound like another nightmare case of Internet hackers cracking
into sensitive computer files. But it's actually the type of highly sensitive
data that U.S. corporations are increasingly making available to overseas
workers, who are now doing everything from processing Americans' credit-card bills
to making sure you returned a rental movie on time.
To date, the outsourcing of back-office jobs to other countries - from
India to the Ukraine - has not led to a major breach of privacy or a proven
case of identity theft by a foreign worker.
But the outsourcing industry was given a major scare recently when a
Pakistani woman, who works in Asia and transcribes medical notes about Americans,
threatened to post patients' records on the Internet unless she got a raise.
Experts say such incidents will increasingly occur - and it's only a
matter of time before a huge scandal erupts.
``They started off sending American jobs overseas,'' said U.S. Rep.
Edward Markey (D-Malden), co-chair of the congressional Privacy Task Force. ``Now
Americans get to lose their jobs and their privacy at the same time.''
The hot-button issue has risen to the level of presidential politics,
with U.S. Sen. John Kerry (D-Mass.) proposing a ``Call Center Consumer's Right
to Know Act,'' designed to protect the jobs and privacy of Americans.
The back-and-forth flow of data between the United States and foreign
work sites is tied to the escalating corporate trend of outsourcing jobs to
developing countries.
The outsourcing controversy has mostly focused on the loss of tens of
thousands of U.S. high-tech jobs to developing countries.
But an increasing number of outsourced jobs also include call-center
personnel, accountants, financial analysts, medical assistants and others in
posts with access to personal data, from Social Security numbers to bank records.
Two of the three major credit-reporting agencies in the United States
are also planning to outsource operations abroad and, along with them, sensitive
data about the credit histories of hundreds of millions of Americans.
Defenders of outsourcing say a combination of U.S. laws and strict
security measures by corporations will protect Americans' privacy.
``We're extremely sensitive to the need for (security),'' said Jim
Brewer, a vice president at Boston-based Keane Inc. The technology consulting firm
recently bought an Indian company to handle outsourced back-office functions
for its U.S. clients.
``We're still governed by the laws of the United States,'' Brewer said.
But critics say privacy laws in the United States - unlike those in the
European Union- have too many legal loopholes that permit the outsourcing of
both jobs and data with little built-in protections.
``The business community has put the American public in a very
vulnerable position,'' said Chris Hoofnagle, a lawyer with the Electronic Privacy
Information Center in Washington.
``Most American privacy laws don't deal with the exporting of
data-processing jobs and information.''
The privacy of patients' health records is supposed to be covered by the
U.S. Health Information Portability and Accountability Act, which prevents
health-care companies from selling information to, for instance, telemarketing
firms. A similar law applies to financial information.
But Hoofnagle and others say companies can legally transfer that
information - as opposed to selling it to a third-party - to overseas firms if those
companies are providing direct vendor services for U.S. corporations.
That was the type of work the Pakistani woman was doing when she used
Americans' medical records as a means to try to squeeze a raise out of her
employer. She was working for an outsourcing company under contrcat by the
University of California-San Francisco Medical Center.
Massachusetts General Hospital is one of many regional hospitals that
outsources work to India and elsewhere, from X-ray development to transcription
services.
Deborah Adair, MGH's chief privacy officer, said the California
incident is an aberration - and MGH has much more strict contracts and guidelines to
protect patients' records. ``It's all about good, solid contracting,'' said
Adair, whose hospital has agreements with a number of Indian companies to handle
back-office work.
But Ian Mahony, a Boston lawyer who represents U.S.-based companies
that outsource work, said he fears it's only a matter of time before a major sca
ndal occurs.
He noted that outsourcing back-office work to domestic companies is
already rife with risks - and those risks are merely multiplied when work is
outsourced overseas. Developing countries might not have the laws, infrastructure
and police support to deter abuse by their workers, Mahony said.
Mahony said he ``cautions'' U.S. companies to think twice before
outsourcing duties, if only because of the risks of being sued or angering consumers
should sensitive data leak out.
But competitive pressures and the attraction of cheap labor almost
ensure that the pace of outsourcing will quicken, officials say. To critics,
corporations say simply: Trust us, we have rules and procedures to protect private
information.
Not good enough, some critics say.
``It's absolutely not adequate,'' Markey said of corporate vows to
protect customers' privacy. ``It's probably going to take a huge (scandal) to
implement adequate privacy laws.''
-------------------------------1070218425
Content-Type: text/html; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD>
<META charset=3DUTF-8 http-equiv=3DContent-Type content=3D"text/html; charse=
t=3Dutf-8">
<META content=3D"MSHTML 6.00.2800.1226" name=3DGENERATOR></HEAD>
<BODY style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial; BACKGROUND-COLOR: #fffff=
f">
<DIV>I was honored to meet with Rep Markey (D-MA) and his staff Nov 11th to=20=
discuss the issues he was quoted on (below). He and Dana Rohrabacher (R-CA)&=
nbsp;are cosponsors of the Stop Taking Our Health Privacy Act (STO=
HP). STOHP seeks to restore every American's right of consent, which was eli=
minated by the Amended HIPAA Privacy Rule. The announcement of the STOH=
P Act was coordinated with the announcement of our lawsuit last April 10th,=20=
as both efforts seek to restore the right to medical privacy. Privacy a=
dvocates have worked closely with him for many years, as he has been such a=20=
great leader in Congress for privacy rights from the very beginning of the c=
orporate and governmental assaults on medical privacy.<BR>Deborah C. Peel MD=
<BR><A href=3D"http://www.patientprivacy.info">www.patientprivacy.info</A><B=
R><BR><IMG title=3D"" height=3D37 alt=3D"" src=3D"http://www.bostonherald.co=
m/images/business_adlogo.gif" width=3D126 border=3D0 DATASIZE=3D"1512"> <BR>=
<BR><FONT lang=3D0 style=3D"BACKGROUND-COLOR: #ffffff" face=3DArial color=
=3D#003366 size=3D2 FAMILY=3D"SANSSERIF" PTSIZE=3D"10" BACK=3D"#ffffff"><B>K=
nown around the world: Private records may be at risk</B><BR></FONT><FONT la=
ng=3D0 style=3D"BACKGROUND-COLOR: #ffffff" face=3DArial color=3D#000000 size=
=3D2 FAMILY=3D"SANSSERIF" PTSIZE=3D"10" BACK=3D"#ffffff">By Jay Fitzgerald<B=
R><I>Sunday, November 30, 2003</I><BR><BR><B>S</B>omeone in Asia may be look=
ing at your income tax returns or reading sensitive doctors' notes about you=
r medical history. <BR><BR> That may sound like anot=
her nightmare case of Internet hackers cracking into sensitive computer file=
s. But it's actually the type of highly sensitive data that U.S. corporation=
s are increasingly making available to overseas workers, who are now doing e=
verything from processing Americans' credit-card bills to making sure you re=
turned a rental movie on time. <BR><BR> To date, the=
outsourcing of back-office jobs to other countries - from India to the Ukra=
ine - has not led to a major breach of privacy or a proven case of identity=20=
theft by a foreign worker. <BR><BR> But the outsourc=
ing industry was given a major scare recently when a Pakistani woman, who wo=
rks in Asia and transcribes medical notes about Americans, threatened to pos=
t patients' records on the Internet unless she got a raise. <BR><BR> &n=
bsp; Experts say such incidents will increasingly occur - and it=
's only a matter of time before a huge scandal erupts. <BR><BR> &=
nbsp; ``They started off sending American jobs overseas,'' said U.S. R=
ep. Edward Markey (D-Malden), co-chair of the congressional Privacy Task For=
ce. ``Now Americans get to lose their jobs and their privacy at the same tim=
e.'' <BR><BR> The hot-button issue has risen to the=20=
level of presidential politics, with U.S. Sen. John Kerry (D-Mass.) proposin=
g a ``Call Center Consumer's Right to Know Act,'' designed to protect the jo=
bs and privacy of Americans. <BR><BR> The back-and-f=
orth flow of data between the United States and foreign work sites is tied t=
o the escalating corporate trend of outsourcing jobs to developing countries=
. <BR><BR> The outsourcing controversy has mostly fo=
cused on the loss of tens of thousands of U.S. high-tech jobs to developing=20=
countries. <BR><BR> But an increasing number of outs=
ourced jobs also include call-center personnel, accountants, financial analy=
sts, medical assistants and others in posts with access to personal data, fr=
om Social Security numbers to bank records. <BR><BR> =
Two of the three major credit-reporting agencies in the United States are a=
lso planning to outsource operations abroad and, along with them, sensitive=20=
data about the credit histories of hundreds of millions of Americans. <BR><B=
R> Defenders of outsourcing say a combination of U.S=
. laws and strict security measures by corporations will protect Americans'=20=
privacy. <BR><BR> ``We're extremely sensitive to the=
need for (security),'' said Jim Brewer, a vice president at Boston-based Ke=
ane Inc. The technology consulting firm recently bought an Indian company to=
handle outsourced back-office functions for its U.S. clients. <BR><BR> =
; ``We're still governed by the laws of the United States,=
'' Brewer said. <BR><BR> But critics say privacy law=
s in the United States - unlike those in the European Union- have too many l=
egal loopholes that permit the outsourcing of both jobs and data with little=
built-in protections. <BR><BR> ``The business commu=
nity has put the American public in a very vulnerable position,'' said Chris=
Hoofnagle, a lawyer with the Electronic Privacy Information Center in Washi=
ngton. <BR><BR> ``Most American privacy laws don't d=
eal with the exporting of data-processing jobs and information.'' <BR><BR>&n=
bsp; The privacy of patients' health records is supposed t=
o be covered by the U.S. Health Information Portability and Accountability A=
ct, which prevents health-care companies from selling information to, for in=
stance, telemarketing firms. A similar law applies to financial information.=
<BR><BR> But Hoofnagle and others say companies can=
legally transfer that information - as opposed to selling it to a third-par=
ty - to overseas firms if those companies are providing direct vendor servic=
es for U.S. corporations. <BR><BR> That was the type=
of work the Pakistani woman was doing when she used Americans' medical reco=
rds as a means to try to squeeze a raise out of her employer. She was workin=
g for an outsourcing company under contrcat by the University of California-=
San Francisco Medical Center. <BR><BR> Massachusetts=
General Hospital is one of many regional hospitals that outsources work to=20=
India and elsewhere, from X-ray development to transcription services. <BR><=
BR> Deborah Adair, MGH's chief privacy officer=
, said the California incident is an aberration - and MGH has much more stri=
ct contracts and guidelines to protect patients' records. ``It's all about g=
ood, solid contracting,'' said Adair, whose hospital has agreements with a n=
umber of Indian companies to handle back-office work. <BR><BR> &n=
bsp; But Ian Mahony, a Boston lawyer who represents U.S.-based c=
ompanies that outsource work, said he fears it's only a matter of time befor=
e a major scandal occurs. <BR><BR> He noted that out=
sourcing back-office work to domestic companies is already rife with risks -=
and those risks are merely multiplied when work is outsourced overseas. Dev=
eloping countries might not have the laws, infrastructure and police support=
to deter abuse by their workers, Mahony said. <BR><BR> &nb=
sp; Mahony said he ``cautions'' U.S. companies to think twice before outsour=
cing duties, if only because of the risks of being sued or angering consumer=
s should sensitive data leak out. <BR><BR> But compe=
titive pressures and the attraction of cheap labor almost ensure that the pa=
ce of outsourcing will quicken, officials say. To critics, corporations say=20=
simply: Trust us, we have rules and procedures to protect private informatio=
n. <BR><BR> Not good enough, some critics say. <BR><=
BR> ``It's absolutely not adequate,'' Markey said of=
corporate vows to protect customers' privacy. ``It's probably going to take=
a huge (scandal) to implement adequate privacy laws.'' <BR><BR> &=
nbsp; <BR><BR><BR></FONT></DIV></BODY></HTML>
-------------------------------1070218425--