Friday, May 4, 2012

Are You Unwittingly Sharing Your Health Information?




The federal government has promised up to $27 billion in Medicare/Medicaid incentives for medical practices and hospitals to use electronic medical records, which are necessary to transfer health information electronically.  Many patients are not aware that their personal medical records are being shared and can be widely accessed. (In Maine, 75% of the population already has health information that has been uploaded to the system.) 

The reason given for health information exchanges is to improve healthcare quality.  The reason given for computerizing medical records is to improve the efficiency and cost of healthcare.  However, the electronic medical record systems used in the US tend to reduce physician efficiency, and increase costs, at least in the short-term.  My personal experience is that they increase errors and reduce patient safety, in addition to being inefficient.  But that's another story.

Our medical staff had several meetings about Maine's health information exchange, and our docs were wary of the concept, because we did not feel privacy was assured.  However, we were told that the exchange was an independent, state-based institution whose goal was to improve care through sharing of information from one Maine provider to another.  Information would not be "placed on the internet."  What I learned instead, through online searching, was that Maine's HealthInfoNet had received $6.6 million in federal grants, which was the major funding source and impetus for the program.  A federal agency coordinates all the state programs.

It was implied that information sharing would be limited to within Maine.  However, DHHS's goal is to share information nationwide, through the internet:
"On January 27, 2011, an additional $16 million was made available to states through ONC’s new Challenge Grants program. This program will provide funding to states to encourage breakthrough innovations for health information exchange that can be leveraged widely to support nationwide health information exchange and interoperability..."
We were told the new database would not collect information on HIV status or treatment by mental health professionals. What I learned from the HealthInfoNet website was different:  mental health records will be entered in the database.  HealthInfoNet got a $600,000 federal grant for this purpose inFebruary.  And it appears that local privacy safeguards for these records may erode as well, if one reads between the lines:  "many efforts are underway to integrate the treatment of mental illness into the general medical care structure."

Is another reason for computerizing and sharing medical records to allow the federal government to gain more personal information on US citizens in an era of increasing domestic surveillance?

According to today's C/NET:
The FBI is asking Internet companies not to oppose a controversial proposal that would require firms, including Microsoft, Facebook, Yahoo, and Google, to build in backdoors for government surveillance...  the White House, U.S. senators and senior FBI officials argue the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities, CNET has learned.
The FBI general counsel's office has drafted a proposed law that the bureau claims is the best solution: requiring that social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail alter their code to ensure their products are wiretap-friendly...
James Bamford (author of The Puzzle Palace) tells us in WIRED that the feds have continued their Total Information Awareness project, supposedly cancelled by Congress in 2003, when it was run by the infamous John Poindexter, only now it has another name.  And we are the subjects of this federal surveillance:  those of us with credit cards, computers and mobile phones, not the unwashed and unwired terrorists.  The US government is building the largest data collection center in the world to collect info on everyone, and to break into encrypted information:
[The] Utah Data Center is being built for the National Security Agency. A project of immense secrecy, it is the final piece in a complex puzzle assembled over the past decade. Its purpose: to intercept, decipher, analyze, and store vast swaths of the world’s communications as they zap down from satellites and zip through the underground and undersea cables of international, foreign, and domestic networks. The heavily fortified $2 billion center should be up and running in September 2013. Flowing through its servers and routers and stored in near-bottomless databases will be all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails—parking receipts, travel itineraries, bookstore purchases, and other digital “pocket litter.” It is, in some measure, the realization of the “total information awareness” program created during the first term of the Bush administration—an effort that was killed by Congress in 2003 after it caused an outcry over its potential for invading Americans’ privacy. 
But “this is more than just a data center,” says one senior intelligence official who until recently was involved with the program. The mammoth Bluffdale center will have another important and far more secret role that until now has gone unrevealed. It is also critical, he says, for breaking codes. And code-breaking is crucial, because much of the data that the center will handle—financial information, stock transactions, business deals, foreign military and diplomatic secrets, legal documents, confidential personal communications—will be heavily encrypted. According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. The upshot, according to this official: “Everybody’s a target; everybody with communication is a target.”
Has your health information been put in an electronic database without your consent?  In my state, the legislature voted for an "opt out" HealthInfoNet system rather than a system where citizens opt in:  Everyone in Maine is enrolled unless you opt out.  They say you can opt out by going to the HealthInfoNet website and unenrolling.  I wonder how well this works?  Since you opt out through the exchange, rather than through your local medical provider, it seems that medical information gets sent to the exchange on everybody, including those who opt out. 

1 comment:

Anonymous said...

Shared information on computer systems between medical facilities and government agencies has been ongoing for a while in some areas.

There are numerous privacy and citizens safety as well as Due Process considerations as well as potential violations of other Constitutional Rights.

One thing I have found is that medical personnel can have "attitudes" or think they know more than they do, or think patients are just being "uncooperative" when a patient wants to know more to make a safe informed decision regarding their healthcare. So all it takes is one ignoramus in the medical community to type something untrue or over-exaggerated in the system, and then anywhere else you try to go to find "better care" if you had a problem somewhere, the erroneous information follows you.
This in turn develops into a lack of cooperation for treatment by medical personnel at the new facility even if it is a different condition you are being seen for, or another display of "attitudes".

Someone can claim another person is "mentally off", and that will create nightmares for a patient elsewhere.

I could expand more on this, but I will save it for a different post.