[Med-privacy] PHR Privacy Report Card (release)
peter marshall
pwm@comcast.net
Wed, 2 Dec 2009 14:25:37 -0800
--Apple-Mail-14-165179955
Content-Type: text/plain;
charset=WINDOWS-1252;
format=flowed;
delsp=yes
Content-Transfer-Encoding: quoted-printable
FOR IMMEDIATE RELEASE
December 2, 2009
CONTACT:
Ashley Katz
akatz@patientprivacyrights.org
(512) 732-0033
(512) 820-6415
View as PDF
WATCHDOG ANNOUNCES PERSONAL HEALTH RECORD (PHR)
PRIVACY REPORT CARD
SOME COMPANIES GIVE CONSUMERS CONTROL OVER THEIR
PERSONAL INFORMATION, OTHERS DO NOT.
Austin, TX -- Patient Privacy Rights (PPR), the nation=92s leading =20
health privacy watchdog released its First Personal Health Record =20
(PHR) Privacy Report Card today. Designed to educate and protect =20
consumers, the Report Card, is available online =20
atwww.patientprivacyrights.org/PHR_Report_Card. Our assessment of five =20=
different PHRs found a wide range of existing privacy policies; some =20
PHRs protect our rights to control who can see and use health =20
information, and others do not.
"The good news is there are companies that offer meaningful ways to =20
control your private information," said PPR=92s Executive Director, =20
Ashley Katz. Some PHRs only share your information with your explicit =20=
permission. Some allow you to segment "or lock-up" extra sensitive =20
information, so it can only be seen by those that you permit. Some =20
offer easily accessible reports of who saw and used your information, =20=
when and why.
"The bad news is other companies do not allow patients to control =20
their PHRs. That is a scary thing when you consider that PHRs can =20
store sensitive health information as well as lifestyle habits such as =20=
what you eat, how much you drink, and how often you exercise," said =20
Katz. This information can easily get into the wrong hands, especially =20=
if your PHR is offered by an employer or insurer. "All PHRs claim to =20
be 'patient-centric' and claim that 'privacy is important,' but it=92s =20=
simply not true."
PPR devoted a great deal of time to wade through policies, websites =20
and applications, recognizing that few busy people have the time or =20
expertise to do in-depth evaluations or compare the differences =20
between PHRs. Most people see the words "privacy policy" and think it =20=
means their privacy is protected. That couldn=92t be further from the =20=
truth.
PPR makes no recommendations on specific PHRs. The Report Card is our =20=
opinion based on the information available on these companies' websites.
PPR graded the following PHRs:
CapMed=92s ICE PHR --> C
NoMoreClipboard --> A
WebMDs --> C
PPR also graded the following platforms that incorporate PHRs:
Google Health --> D - Platform, F - Partners
Microsoft HealthVault --> B Platform, F Programs
Detailed grades and commentary are available on the =
website,http://www.patientprivacyrights.org/site/PageServer?pagename=3DPHR=
_Report_Card
Two grades were given to Google Health and Microsoft HealthVault, =20
products we refer to as "Platforms." Google Health and Microsoft =20
HealthVault=92s privacy policies apply only to their Platform, not to =20=
any of the companies linked to their Platform. For example, while the =20=
Platform, may require the individual=92s consent before disclosing any =20=
data; any third party such as another PHR, a tracking tool for =20
diabetes or research search engine does not necessarily play by the =20
same rules.
One grade was given to the Platform itself and another grade was given =20=
to the programs and partner applications linked to the Platform to =20
highlight the differences between the applicable policies. The =20
programs and partner applications for each Platform were treated as =20
one group. There are simply far too many different programs/partners =20
for PPR to grade each individually. As such, we took a random sampling =20=
of these programs/partners. The grade for these groups of companies =20
(an "F" for both Google Health partners and Microsoft HealthVault =20
programs) does not mean that all of the third party companies failed. =20=
Rather some of the companies randomly selected scored poorly because =20
they do not allow meaningful patient control over their information. =20
Note that NoMoreClipboard.com is a PHR available on both platforms and =20=
it earned an "A".
We also note that if the Program or Partner application is "HIPAA =20
compliant" it can use any information provided from your account for =20
"treatment, payment and health care operations" without getting your =20
express consent. This does not give the individual control over their =20=
private, sensitive information. Most people have no idea how broad =20
those three categories actually are.
A detailed FAQ is available with the Report Card =
online:http://www.patientprivacyrights.org/PHR_RC_FAQs
The FAQ covers the following questions:
What is a PHR?
What is a platform?
How did you grade these PHRs?
Will you allow vendors to respond to these grades?
Have you received any money from these vendors?
What laws protect PHRs?
Should you use a PHR?
How can a PHR harm me?
Why is "anonymous", "de-identified", or "aggregate" data a problem?
What can be done?
The public needs to wake up and pay attention. Our personal health =20
information is everywhere and being passed from one company to the =20
next, without our permission or knowledge. If we don=92t demand control, =
=20
we will lose it forever.
We need federal laws that make Fair Information Practices the rule for =20=
all health information. Data shared for one purpose should be used =20
solely for that purpose unless the patient gives consent for any new =20
use. No single piece of data should be allowed to go to an employer, =20
insurer or other entity without patient permission.
Laws alone will never be enough; technology will continue to evolve. =20
Consumer watchdogs like Patient Privacy Rights need your support to =20
shine light on how your health information is used and misused.
With public awareness, federal protections and consumer watchdogs on =20
the lookout, industry can be pressured to restore our rights to health =20=
privacy and compete based on whether their systems or products offer =20
the most protections and give individuals the greatest degree of =20
control over their data.
###
About Patient Privacy Rights:
Patient Privacy Rights is the nation=92s leading health privacy =20
watchdog. Our mission is to ensure the right to control your medical =20
privacy to protect jobs and opportunities. Patient Privacy Rights has =20=
over 10,000 members in all 50 states. We lead the trans-partisan =20
Coalition for Patient Privacy representing over 10 million Americans.
--Apple-Mail-14-165179955
Content-Type: text/html;
charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div><div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; min-height: 14px; "><br></div> </div><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; color: =
rgb(0, 0, 0); font-family: 'Comic Sans MS'; font-size: medium; =
font-style: normal; font-variant: normal; font-weight: normal; =
letter-spacing: normal; line-height: normal; orphans: 2; text-align: =
auto; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"font-family: =
Verdana, Arial, Helvetica, sans-serif; font-size: 10pt; =
background-color: rgb(255, 255, 255); margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; "><table cellspacing=3D"10" =
style=3D"font-family: Arial, Helvetica, sans-serif; font-size: 12px; =
color: rgb(0, 0, 0); line-height: 12px; width: 705px; height: 571px; =
position: static; z-index: auto; "><tbody><tr style=3D"font-family: =
Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); =
line-height: 12px; "><td style=3D"font-family: Arial, Helvetica, =
sans-serif; font-size: 12px; color: rgb(0, 0, 0); line-height: 12px; =
"><table cellspacing=3D"4" cellpadding=3D"4" width=3D"688" =
style=3D"font-family: Arial, Helvetica, sans-serif; font-size: 12px; =
color: rgb(0, 0, 0); line-height: 12px; border-right-color: rgb(0, 0, =
0); border-right-width: 1px; border-right-style: solid; =
border-top-color: rgb(0, 0, 0); border-top-width: 1px; border-top-style: =
solid; border-left-color: rgb(0, 0, 0); border-left-width: 1px; =
border-left-style: solid; width: 688px; border-bottom-color: rgb(0, 0, =
0); border-bottom-width: 1px; border-bottom-style: solid; height: 547px; =
position: static; z-index: auto; "><tbody><tr style=3D"font-family: =
Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); =
line-height: 12px; "><td style=3D"font-family: Arial, Helvetica, =
sans-serif; font-size: 12px; color: rgb(0, 0, 0); line-height: 12px; =
"><div align=3D"center"> </div></td></tr><tr style=3D"font-family: =
Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); =
line-height: 12px; "><td style=3D"font-family: Arial, Helvetica, =
sans-serif; font-size: 12px; color: rgb(0, 0, 0); line-height: 12px; =
padding-right: 8px; padding-left: 8px; padding-bottom: 8px; padding-top: =
8px; "><table border=3D"0" style=3D"font-family: Arial, Helvetica, =
sans-serif; font-size: 12px; color: rgb(0, 0, 0); line-height: 12px; =
"><tbody><tr style=3D"font-family: Arial, Helvetica, sans-serif; =
font-size: 12px; color: rgb(0, 0, 0); line-height: 12px; "><td =
style=3D"font-family: Verdana, Arial, Helvetica, sans-serif; font-size: =
13px; color: rgb(0, 0, 0); line-height: 15px; text-align: left; ">FOR =
IMMEDIATE RELEASE<br><br>December 2, 2009<br><br>CONTACT:<br>Ashley =
Katz<br><a title=3D"E-mail akatz@patientprivacyrights.org" =
href=3D"mailto:akatz@patientprivacyrights.org" style=3D"color: blue; =
">akatz@patientprivacyrights.org</a><br>(512) 732-0033<br>(512) =
820-6415<br><br><a =
href=3D"http://www.patientprivacyrights.org/site/R?i=3DmA_087A2EE00TE8qvEJ=
D1w.." style=3D"color: blue; ">View as PDF</a><br><a =
href=3D"http://www.patientprivacyrights.org/site/R?i=3DvAnBOpZuVV-A_RgYt58=
Wvg.." style=3D"color: blue; "></a></td></tr></tbody></table><div =
style=3D"font-family: Arial, Helvetica, sans-serif; font-size: 12px; =
color: rgb(0, 0, 0); line-height: 12px; "> <br =
class=3D"webkit-block-placeholder"></div><table border=3D"0" =
align=3D"center" style=3D"font-family: Arial, Helvetica, sans-serif; =
font-size: 12px; color: rgb(0, 0, 0); line-height: 12px; "><tbody><tr =
style=3D"font-family: Arial, Helvetica, sans-serif; font-size: 12px; =
color: rgb(0, 0, 0); line-height: 12px; "><td style=3D"font-family: =
Verdana, Arial, Helvetica, sans-serif; font-size: 15px; color: rgb(0, 0, =
0); line-height: 17px; text-align: center; "><strong>WATCHDOG ANNOUNCES =
PERSONAL HEALTH RECORD (PHR)<br>PRIVACY REPORT CARD<span =
class=3D"Apple-converted-space"> </span><br><br>SOME COMPANIES GIVE =
CONSUMERS CONTROL OVER THEIR<br>PERSONAL INFORMATION, OTHERS DO =
NOT.<span =
class=3D"Apple-converted-space"> </span></strong><br></td></tr></tbod=
y></table><table border=3D"0" style=3D"font-family: Arial, Helvetica, =
sans-serif; font-size: 12px; color: rgb(0, 0, 0); line-height: 12px; =
"><tbody><tr style=3D"font-family: Arial, Helvetica, sans-serif; =
font-size: 12px; color: rgb(0, 0, 0); line-height: 12px; "><td =
style=3D"font-family: Verdana, Arial, Helvetica, sans-serif; font-size: =
13px; color: rgb(0, 0, 0); line-height: 15px; text-align: left; =
"><br>Austin, TX -- Patient Privacy Rights (PPR), the nation=92s leading =
health privacy watchdog released its First Personal Health Record (PHR) =
Privacy Report Card today. Designed to educate and protect consumers, =
the Report Card, is available online at<a =
href=3D"http://www.patientprivacyrights.org/site/R?i=3DVyOnGOsCCPiUEzWkfw-=
SWA.." style=3D"color: blue; =
">www.patientprivacyrights.org/PHR_Report_Card</a>. Our assessment of =
five different PHRs found a wide range of existing privacy policies; =
some PHRs protect our rights to control who can see and use health =
information, and others do not.<span =
class=3D"Apple-converted-space"> </span><br><br>"The good news is =
there are companies that offer meaningful ways to control your private =
information," said PPR=92s Executive Director, Ashley Katz. Some PHRs =
only share your information with your explicit permission. Some allow =
you to segment "or lock-up" extra sensitive information, so it can only =
be seen by those that you permit. Some offer easily accessible reports =
of who saw and used your information, when and why.<span =
class=3D"Apple-converted-space"> </span><br><br>"The bad news is =
other companies do not allow patients to control their PHRs. That is a =
scary thing when you consider that PHRs can store sensitive health =
information as well as lifestyle habits such as what you eat, how much =
you drink, and how often you exercise," said Katz. This information can =
easily get into the wrong hands, especially if your PHR is offered by an =
employer or insurer. "All PHRs claim to be 'patient-centric' and claim =
that 'privacy is important,' but it=92s simply not true."<span =
class=3D"Apple-converted-space"> </span><br><br>PPR devoted a great =
deal of time to wade through policies, websites and applications, =
recognizing that few busy people have the time or expertise to do =
in-depth evaluations or compare the differences between PHRs. Most =
people see the words "privacy policy" and think it means their privacy =
is protected. That couldn=92t be further from the truth.<span =
class=3D"Apple-converted-space"> </span><br><br>PPR makes no =
recommendations on specific PHRs. The Report Card is our opinion based =
on the information available on these companies' websites.<span =
class=3D"Apple-converted-space"> </span><br><br><strong>PPR graded =
the following PHRs:</strong><br>CapMed=92s ICE PHR<span =
class=3D"Apple-converted-space"> </span><strong>--></strong><span =
class=3D"Apple-converted-space"> </span>C<br>NoMoreClipboard<span =
class=3D"Apple-converted-space"> </span><strong>--></strong><span =
class=3D"Apple-converted-space"> </span>A<br>WebMDs<span =
class=3D"Apple-converted-space"> </span><strong>--></strong><span =
class=3D"Apple-converted-space"> </span>C<br><br><strong>PPR also =
graded the following platforms that incorporate PHRs:</strong><br>Google =
Health<span =
class=3D"Apple-converted-space"> </span><strong>--></strong><span =
class=3D"Apple-converted-space"> </span>D - Platform, F - =
Partners<br>Microsoft HealthVault<span =
class=3D"Apple-converted-space"> </span><strong>--></strong><span =
class=3D"Apple-converted-space"> </span>B Platform, F =
Programs<br><br>Detailed grades and commentary are available on the =
website,<a =
href=3D"http://www.patientprivacyrights.org/site/PageServer?pagename=3DPHR=
_Report_Card" style=3D"color: blue; =
">http://www.patientprivacyrights.org/site/PageServer?pagename=3DPHR_Repor=
t_Card</a><span class=3D"Apple-converted-space"> </span><br><br>Two =
grades were given to Google Health and Microsoft HealthVault, products =
we refer to as "Platforms." Google Health and Microsoft HealthVault=92s =
privacy policies apply only to their Platform, not to any of the =
companies linked to their Platform. For example, while the Platform, may =
require the individual=92s consent before disclosing any data; any third =
party such as another PHR, a tracking tool for diabetes or research =
search engine does not necessarily play by the same rules.<br><br>One =
grade was given to the Platform itself and another grade was given to =
the programs and partner applications linked to the Platform to =
highlight the differences between the applicable policies. The programs =
and partner applications for each Platform were treated as one group. =
There are simply far too many different programs/partners for PPR to =
grade each individually. As such, we took a random sampling of these =
programs/partners. The grade for these groups of companies (an "F" for =
both Google Health partners and Microsoft HealthVault programs) does not =
mean that all of the third party companies failed. Rather some of the =
companies randomly selected scored poorly because they do not allow =
meaningful patient control over their information. Note that =
NoMoreClipboard.com is a PHR available on both platforms and it earned =
an "A".<br><br>We also note that if the Program or Partner application =
is "HIPAA compliant" it can use any information provided from your =
account for "treatment, payment and health care operations" without =
getting your express consent. This does not give the individual control =
over their private, sensitive information. Most people have no idea how =
broad those three categories actually are.<span =
class=3D"Apple-converted-space"> </span><br><br>A detailed FAQ is =
available with the Report Card online:<a =
href=3D"http://www.patientprivacyrights.org/site/R?i=3DVm0M3GFDnHJUcen81oU=
q3A.." style=3D"color: blue; =
">http://www.patientprivacyrights.org/PHR_RC_FAQs</a><span =
class=3D"Apple-converted-space"> </span><br><br>The FAQ covers the =
following questions:<span =
class=3D"Apple-converted-space"> </span><br><br>What is a =
PHR?<br>What is a platform?<br>How did you grade these PHRs?<br>Will you =
allow vendors to respond to these grades?<br>Have you received any money =
from these vendors?<br>What laws protect PHRs?<br>Should you use a =
PHR?<br>How can a PHR harm me?<br>Why is "anonymous", "de-identified", =
or "aggregate" data a problem?<br><br><em><span style=3D"text-decoration: =
underline; "><strong>What can be done?</strong></span></em><ol =
style=3D"font-family: Arial, Helvetica, sans-serif; font-size: 12px; =
color: rgb(0, 0, 0); line-height: 12px; "><li style=3D"font-family: =
Verdana, Arial, Helvetica, sans-serif; font-size: 13px; color: rgb(0, 0, =
0); line-height: 15px; text-align: left; ">The public needs to wake up =
and pay attention. Our personal health information is everywhere and =
being passed from one company to the next, without our permission or =
knowledge. If we don=92t demand control, we will lose it =
forever.</li><li style=3D"font-family: Verdana, Arial, Helvetica, =
sans-serif; font-size: 13px; color: rgb(0, 0, 0); line-height: 15px; =
text-align: left; ">We need federal laws that make Fair Information =
Practices the rule for all health information. Data shared for one =
purpose should be used solely for that purpose unless the patient gives =
consent for any new use. No single piece of data should be allowed to go =
to an employer, insurer or other entity without patient =
permission.</li><li style=3D"font-family: Verdana, Arial, Helvetica, =
sans-serif; font-size: 13px; color: rgb(0, 0, 0); line-height: 15px; =
text-align: left; ">Laws alone will never be enough; technology will =
continue to evolve. Consumer watchdogs like Patient Privacy Rights need =
your support to shine light on how your health information is used and =
misused.</li><li style=3D"font-family: Verdana, Arial, Helvetica, =
sans-serif; font-size: 13px; color: rgb(0, 0, 0); line-height: 15px; =
text-align: left; ">With public awareness, federal protections and =
consumer watchdogs on the lookout, industry can be pressured to restore =
our rights to health privacy and compete based on whether their systems =
or products offer the most protections and give individuals the greatest =
degree of control over their data.</li></ol><br><br><table border=3D"0" =
align=3D"center" style=3D"font-family: Arial, Helvetica, sans-serif; =
font-size: 12px; color: rgb(0, 0, 0); line-height: 12px; "><tbody><tr =
style=3D"font-family: Arial, Helvetica, sans-serif; font-size: 12px; =
color: rgb(0, 0, 0); line-height: 12px; "><td style=3D"font-family: =
Verdana, Arial, Helvetica, sans-serif; font-size: 13px; color: rgb(0, 0, =
0); line-height: 15px; text-align: center; =
">###</td></tr></tbody></table><br><span style=3D"text-decoration: =
underline; ">About Patient Privacy Rights:</span><span =
class=3D"Apple-converted-space"> </span><br><br>Patient Privacy =
Rights is the nation=92s leading health privacy watchdog. Our mission is =
to ensure the right to control your medical privacy to protect jobs and =
opportunities. Patient Privacy Rights has over 10,000 members in all 50 =
states. We lead the trans-partisan Coalition for Patient Privacy =
representing over 10 million =
Americans.<br><br></td></tr></tbody></table><img =
src=3D"http://www.patientprivacyrights.org/site/PixelServer?j=3DMF92N0FtOo=
G83W5xgZ9CvA.." height=3D"1" width=3D"1"></td></tr><tr =
style=3D"font-family: Arial, Helvetica, sans-serif; font-size: 12px; =
color: rgb(0, 0, 0); line-height: 12px; "><td style=3D"font-family: =
Arial, Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); =
line-height: 12px; "><p align=3D"center" style=3D"font-family: Arial, =
Helvetica, sans-serif; font-size: 12px; color: rgb(0, 0, 0); =
line-height: 12px; =
"><br></p></td></tr></tbody></table></td></tr></tbody></table></div></span=
></div><br></body></html>=
--Apple-Mail-14-165179955--