Getting the PHR privacy and Deborah Peel issue off my chest

I’m a card carrying member of the ACLU. I oppose the Patriot Act. And I absolutely oppose the current Administration’s decision to ignore the FISA law that already bends over backwards to help the government spy on Americans whom it suspects of criminal activity. I’m also appalled when I read stories like this one—in which the FBI has been illegally abusing its power by issuing “National Security letters” willy nilly.

I say all this because it’s now a couple of weeks since Google announced it health initiative and during that time we held the second Health 2.0 conference. And all the mainstream press can write about is the potential for privacy violations in online health sites, and PHRs, whether it’s been in the San Diego Union Tribune, ZDNET, USA Today or Modern Healthcare.

So even this balanced article in the Washington Post leads with Deborah Peel from Patient Privacy Rights and you have to wade through her incendiary rhetoric before you get to some sense from John Rother, while David Kibbe’s rational applauding of electronic health records only appears towards the end. Here’s what Peel says:

Many online PHR firms share information with data-mining companies, which then sell it to insurers and other interested parties, Peel said.

Well I’m still waiting to see the proof about this. Essentially she’s saying that consumers’ identifiable data is being sold and used against them, and so PHRs are bad.

Much data is of course sold in health care, but as far as I’m aware it’s all deidenitifed. Whether PHR companies are systematically selling data is unclear. Whether they are selling identifiable data (the thing HIPAA bans and everyone agrees is a bad idea) I severely doubt.

And the problem is that this type of allegation gets the conversation completely off track. The biggest problem with the US health care system and its use of technology is not privacy violations. It’s inefficient use of data causing harm (and costs and poor quality care).

I am getting more than a little annoyed with this focus on the wrong thing. As my commenter JD paraphrased in my earlier piece on the topic (5th comment down here), do the Deborah Peels of the world not use bank accounts or credit cards? Do they not buy houses or have credit scores? Do they not know about what is already known about them in the real world? People understand this data flow and they accept it because it brings them a return that they value. And the same will be true for health information—if health information technology produces valuable results

So what are the nay-sayers going on about? Well I actually suffered and read the World Privacy Forum report on PHRs by Robert Gellman. It’s a hash of conjecture with its main complaint being that HIPAA doesn’t explicitly cover PHRs. Well, no shit Sherlock. HIPAA passed in 1996. It was actually was prepared years earlier and it’s about the automated transactions that existed then. No one had heard of a PHR in 1995, so why should the law cover them? What will happen is that PHRs will start being provided by covered entities and will be under the aegis of HIPAA (in this country at least—it’s called the “World” privacy forum but in reading the report Gellman only has heard of one country apparently).

But even if PHRs are not covered by HIPAA, what are the terrible consequences? Well let’s see. I’ve taken a few excerpts from the report. In the first Gellman says:

Regardless of the PHR’s policy on marketing disclosures, advertising can provide a method for a consumer’s health information to escape into marketing files. Marketers already have millions of names of consumers categorized by specific diseases and diagnoses. Most of the information comes from consumers who provided it in response to “consumer surveys” or through other stealthy methods for collecting health information for marketing use. Health records maintained by health care providers have been unavailable to marketers directly, but commercial PHRs operated outside of HIPAA offer marketers the promise of more and better health information from consumers.

So the problem is not PHRs. It’s consumer surveys taken over the years by marketers. But let’s blame PHRs because they might potentially be used for the same thing.

But hang on, if I’m a transparent PHR vendor won’t I drive out the scummy guys who are secretly selling data which will be used to harm their customers? And aren’t Microsoft and Google and many others being transparent about that? Yes they are, and why won’t consumers vote with their data?

But if you want to lock your data away in a place where
no marketer will get it without your permission, apparently a vault,
even a Healthvault, is not good enough. Here’s what Gellman says next:

Suppose that a consumer has a totally secure safe in
her home that can only be opened with her express approval. The
consumer writes down her Social Security Number (SSN) on a piece of
paper and puts that paper in the safe. Is her SSN more protected than
before? Not really. Everyone else who had the SSN before the paper was
deposited in the safe still has it. That includes banks, the IRS,
credit bureaus, employers, the Social Security Administration, a
partner or spouse, and perhaps dozens of other agencies and
organizations. The locked safe does nothing to enhance the privacy of
the SSN, although the privacy and security of that one piece of paper
may well be improved.

For health records, the information in the PHR must
originate from somewhere. Prime sources are physicians and insurers,
but in some PHRs consumers can also add information about their use of
supplements, gyms, and so forth. The health information about consumers
held by their physicians, health plans, dentists, laboratories,
pharmacies, and others remains exactly where it was before it entered
the PHR. That information is subject to the same good or bad rules or
practices that applied before the deposit of the information in the PHR.

So the problem with the vault is that it
contains health data, and that data doesn’t originate in the vault. And
so those nasty people in the health care business who have been selling
your data still have a copy of it and will keep selling it, even
thought you have a copy in a vault. And your data is still out there,
as Gellman makes clear.

No one who had the ability to obtain health
information before a copy entered the PHR need pay any attention to the
PHR or any consumer controls on the PHR. The records that were
available before from other sources remains available. For example,
health fraud investigators can obtain patient records for their work.
Putting a record in the PHR changes nothing because the fraud
investigators can still obtain the record from the physician or health
plan. The PHR record is a copy but not the only copy. Consumers who see
the control promised by PHR vendors may be easily confused about the
meaning of that control.

So how again is this the fault of the PHR vendor (or
non-PHR vendor as Microsoft insists it is)? This entire diatribe is
aimed at the wrong direction—inappropriate use of data that exists due
to what is currently normal activity in health care. It has nothing to
do with PHRs other than these nay-sayers use the PHR to get in the
news—and apparently no one has the sense to oppose them.

Meanwhile for those of you still reading the
report, Gellman wonders off into the absurd—apparently losing your
health data is good for you:

As time passes, as people move, and as people change
physicians, older information tends to disappear, get lost, or remain
disconnected from current information. That benefits privacy, although
the loss of some old information may sometimes, but not always,
negatively affect health care. PHRs may bring old information together
in ways that may not please consumers all of the time.

Let me give one teeny example to show why not
losing your old data—or at least having it available—might be a good
idea. I have a good friend who sliced his finger off in an accident. At
the emergency room they stitched it back on. They then asked him if
he’d had a tetanus shot in the last ten years. He had no idea because
he had no PHR. So they gave him a tetanus shot. Five days later he got
numbness in his feet. He spent three days being mis-diagnosed at vast
expense before someone asked him about that tetanus shot. Had he had
even that recent week old data in a PHR or EMR a decision support tool
using it might have suggested a rare but very serious complication from
a tetanus shot—the one that he might not have needed in the first
place—called Guillain-Barres syndrome.
The delay in diagnosis can be fatal and can certainly cause paralysis.
Would my friend have been helped by a comprehensive PHR/EMR? You bet he
would. But Gellman seems to think that it’s not worth keeping old
information about inoculations or previous events because having that
information “may not please consumers all the time.”

I was so ticked off by this report that I even went to
Deborah Peel’s organization’s website — which the World Privacy Forum
links to — and looked at the long list of privacy violations in their “True Stories” fact sheet.

And what’s the takeaway? Most of these violations were
one-off accidents or criminal activity. There weren’t very many of them
and most of them concern paper records. And most of them had relatively minor consequences.

So why are these zealots so opposed to PHRs and online
health sites—all of which are being offered by companies that have far,
far more to lose than to gain from betraying their consumers’ trust?
And why are they so loathe to mention the potential benefits of the
spread of PHRs, EMRs and other health information tools?

You would think it’s because they care about the
consequences. And while the consequences of having these sites mean
incredible benefits to their users (here’s just one shining example),
the consequences of a breech of health privacy can be bad, including
losing insurance, employment and enduring social embarrassment.

But hang on a minute. the most potentially devastating of these is losing insurance. But you can already
lose the chance to get insurance (and of course retroactively lose it
when you’re sick) due to information that you are forced to give up in
the application process. That’s far more prevalent and impacts far more
people than some secret information getting out from a PHR and a
malevolent insurer surreptitiously using it. It’s done right in plain
sight! We know all about that in California.

So we should (as I advocate) take the obvious tack and
ban discrimination based on health information—especially with regard
to insurance coverage.

Why haven’t Deborah Peel and the people behind the
Patients Privacy Rights organization gone down that path? I have yet to
hear her ever mention that in an interview, and yet it’s a much, much
bigger problem than PHR privacy violation.

So I took a little look as to who is on the board of
Patients Privacy Rights. The board includes a veteran Texas Democrat
called Ben Barnes and Kim Ross, an Internet consultant who would appear
to have no axe to grind. But then you start seeing some vested

The board includes several people with affiliations to
organizations that have benefited from the screwed up state of our
current health care system. Peel and Bob Pyles are mental health
clinicians. They would seem to have a legitimate concern about patient
care being harmed if those patients fear that their sensitive
information will be shared without their permission. But that’s not all

How did Peel start getting involved in the privacy
issue? By opposing the Clinton plan because it was supposedly going to
put all information in one big database (which in itself is a very
strange and erroneous reading of that plan). Ed Baxter is a former
lobbyist for Blue Cross of Texas who’s worked with the HIAA. Who’s
HIAA? It was the group behind the Harry & Louise adverts that
helped kill the Clinton plan. And Kim Ross is a former lobbyist for the
Texas Medical Association.

I have no doubt that they have an unbending commitment
to patient privacy that’s strongly held and well intentioned. But
that’s clearly not the only view they hold. I think I’ve found the
answer from the organization’s mission

Without health privacy, electronic health systems will create whole new classes of people who are unemployable, uninsurable and dependent on government, simply because of an illness or genetic risk of disease (my emphasis added)

So I’m not sure this is about privacy at all. I think
this is about a bunch of naysayer anti-“government of any stripe” types
wanting to do anything they can to prevent a rationalization of the
health care system because the government might be involved. Today
they’re opposing EMRs and PHRs, tomorrow it’ll be insurance reform, and
who knows what next.

Perhaps it’s their goal to have a health care system
with no records of any kind. Then there’ll be no privacy violations.
But then again, the quality of the health care won’t be too great.

The rest of us should just ignore them. Instead we can
get on with the serious discussion of how to reform the insurance
market and how to develop and use information tools to improve the cost
and quality of health care. Privacy is important, and it’s too
important to be left in the hands of these extremists.

So can the reporters of America please think about that when they’re writing about online health information.

Matthew Holt

5 Responses to Getting the PHR privacy and Deborah Peel issue off my chest

  1. Steve Levine says:

    Matthew: For what it's worth, just because my old friend Kim Ross is a former lobbyist for Texas Medical Association doesn't mean TMA is working actively in support of Deb Peel's campaign. In fact, she regularly asks us to step up what we're doing on patient privacy. It's a balancing act between protect patient confidence, supporting activities that make life easier and better for patients, and keeping the paperwork/administrative load light for physicians. You make a lot of good points here.
    Steve Levine
    VP, Communication
    Texas Medical Association

  2. David Hansen says:

    Matthew, I believe I made similar points emphatically 12 years ago in a seminar you sponsored, and since then the voiced fears of privacy zealots have only increased in volume, all the while hindering the application of computer systems to save lives. Two changes might swing this:
    1. A creeping, quiet disregard of privacy concerns by consumers themselves. I see this happening in a major way in social networking: Not many five years ago would have predicted that so many people would voluntarily give Facebook and other social networking sites their online email passwords, thereby allowing the networking sites to datamine their correspondence (this is used to invite new people to that member's network). Yet in fact people providing passwords to their email accounts is one of the biggest growth drivers for successful networks over the last couple years.
    2. The industry itself sets up believable regulation, likely including visible government monitoring and enforcement, relaxing the fears of the zealots.

  3. Judy Feder says:

    As a "card carrying" e-patient (I've been living with late stage cancer for over 6 years), I agree both that privacy zealotry can be misdirected, and that the crowds are clearly demonstrating their changing attitudes toward privacy on social networks. My experience with online patient communities is that the thirst for relevant information and the desire to "give back" by sharing one's experience frequently trumps privacy concerns.

  4. Matthew,
    Great balancing analysis of the PHR issue. I think there is a lot to learn from the Data Portability movement that is springing up around social networking.
    The issues with data portability parallel the PHR. As the consumer and focus of my PHR shouldn't I have a say in who gets to see data in my record?
    The PHR is a bigger issue than any one company can solve. Let's join with the folks on and bring PHRs in to the current millennium.
    Why data portability? Because various health care payers are promoting PHR offerings to their members but what happens if you need to move to a different plan, may be as a result of a job change. Can you take that record with you Or will it be held hostage?…

  5. Peter Frishauf says:

    I couldn't agree more! A few years ago I was so frustrated by the bureaucracy of privacy I recorded a video editorial, "Are We Really Better Off With HIPAA?" The editorial can can be found here:
    The editorial stimulated hundreds of posts.
    Please note: While I am the founder of Medscape, other than being a peer-reviewer and contributer, I have no affiliation with the site since 2002.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Health 2.0