[Med-privacy] "Confidentiality Coalition"

[peter marshall]

Contact:
Ashley Katz
Patient Privacy Rights
(512) 732-0033 or (512) 897-6390
akatz@patientprivacyrights.org
http://www.patientprivacyrights.org/

INDUSTRY WANTS BLANK CHECK FOR HEALTH IT IN

ECONOMIC STIMULUS PACKAGE

Washington, DC - Despite the strong commitment by Congress and the =20
President-elect to protect consumers over special interests, a =20
"Confidentiality Coalition" boldly asks Congress to ensure that NO =20
privacy or consumer protections are part of the health IT provisions in =20=

the economic stimulus package (see their letter to congress).

Who does the Confidentiality Coalition represent? "Health plans, =20
pharmaceutical companies, vendors, employers, health product =20
distributors, and pharmacy benefit managers", among others. In reaction =20=

to this coalition's recent letter to Congress, Deborah C. Peel, MD, the =20=

founder of Patient Privacy Rights noted, "notably absent from this =20
coalition are patients and doctors, those who stand to lose the most =20
when they lose all control over personal health information and such =20
information is used in ways other than promoting health."

"At the heart of the argument is whether we have learned anything from =20=

years of letting industry set its own rules. Today we face a wrecked =20
world economy because we let the financial industry steer themselves =20
and 'self-regulate'. We must not repeat the same mistake with the =20
health industry," says Peel.

"Giving for-profit corporations (that have a duty to their shareholders =20=

to make money) a blank check for health IT paves the way to establish a =20=

goldmine of information that can be used to increase profits, promote =20=

expensive -- not necessarily more effective -- drugs, devices and =20
treatment; cherry pick; and market directly to consumers. Including =20
privacy protections that ensure accountability, control and =20
transparency up front, is the only way to engender public trust and =20
thereby innovate and improve health care."

Patient Privacy Rights and the Coalition for Patient Privacy, =20
representing over 50 consumer organizations and 12 million Americans, =20=

has been working together with Congress to promote health IT while =20
ensuring that our nation's health IT system does no put Americans' =20
jobs, access to health care and credit at risk by dismissing the need =20=

for ironclad privacy protections. Trust is essential for the public's =20=

willingness to seek treatment and participate in health IT systems.

Read Patient Privacy Rights's letter to Congress here.=A0 PPR=A0urges =20=

Congress to ensure accountability, control and transparency with health =20=

IT, including the following minimum protections:

ACCOUNTABILITY -- Hold every entity with access to health information =20=

accountable.
	=95 	Those who hold or store personal health information =
should ensure =20
that the data is accurate, reliable and secure1.=A0

Minimum standards should include requirements for: encrypting=A0data=A0in =
=20
database storage=A0and in transit, limiting access to specific =20
individuals via informed, facilitating electronic consent,=A0and =
building =20
in=A0audit trails of all electronic transactions.
	=95 	Congress should authorize and fund Health & Human =
Services (HHS) =20
and the Federal Trade Commission (FTC) to increase their oversight of =20=

data flow and sharing practices including funds for undertaking random =20=

audits of contracts. Require breach notification and whistleblower =20
protections.

CONTROL -- Ensure individuals control the use of personal health =20
information.
An individual's right to control how their personal information is used =20=

is fundamental to the Code of Fair Information Practices and most =20
professional codes of ethics; the same code should apply to our most =20
sensitive information, our health records.
	=95 	Codify a federal right to health information privacy.
	=95 	All systems should ensure individuals can segment =
sensitive =20
information so safeguards are built in up front.
	=95 	Provide incentives for health IT systems to use =
electronic informed =20
consent and innovative consumer privacy controls.

TRANSPARENCY=A0 --=A0 Protect consumers from abusive practices.
Personal health information shouldn't be sold and shared as if it were =20=

some other commodity like stocks or mortgages2.=A0 Healthinformation is =20=

significantly different from other data collected by marketers and data =20=

miners;

it is especially sensitive and can directly impact jobs, credit, and =20
insurance coverage.
	=95 	Prohibit direct or indirect remuneration for the =
sharing, =20
disclosure or use of personal health information with limited =20
exceptions for research and public health.=A0 Ensure that corporations =20=

cannot obtain exclusive or contractual rights to own or control =20
personal health information3.
	=95 	Personal health information obtained for one purpose =
must not be =20
used or made available for other purposes without informed consent4. We =20=

strongly support provisions re-defining and limiting the broad
category of "Health Care Operations."

1=A0Code of Fair information Practices, Principle 5
2=A0See "Evidence of Disclosure," =20
http://www.patientprivacyrights.org/site/DocServer/=20
Evidence_of_Disclosure.pdf?docID=3D4501
3=A0For example, CVS Caremark's iScribe electronic prescribing program =20=

obtains absolute rights to all data inputted into their system via =20
their service agreement with providers allowing them to sell or share =20=

the data with third party partners including drug manufacturers, =20
healthcare clearinghouses and data analysis companies.
4=A0Code of Fair Information Practices, Principle 3