Privacy advocate Deborah Peel, M.D., is worried that several ongoing healthcare sector initiatives, including the emphasis on nationwide, interoperable health information exchange, provisions of the21st Century Cures bill, and a push for a national unique patient identifier, could erode patient privacy and individuals' control over their records.
Electronic health records systems, and databases that store massive amounts of data on millions of patients, have "created a situation where our absolutely most sensitive information is at the greatest risk of all personal information," says Peel, founder and chair of advocacy group, Patient Privacy Rights, in an interview with Information Security Media Group.
"And on top of that, as Congress has woken up and found out, your doctors are not getting the information they need [for treatment]. That was the whole purpose of having an electronic health record system, and it's failed miserably. ..."
Peel's concerned that the intensifying focus on improving electronic health records interoperability and nationwide data sharing, in an effort to ease access to treatment information, could lead to more hacker attacks as well as insider breaches.
Plus, she opposes proposed changes to the HIPAA Privacy Rule included in the 21 Century Cures bill, which the House recently passed and sent to the Senate. Those changes would allow healthcare entities to disclose patient data to other healthcare entities or business associates for research purposes without patient authorization.
"The point of the medical record is to help the physician take better care of you," She says. "Who goes to the doctor to join endless numbers of hidden 'research projects'? I don't know anyone who does."
Patients need to have more control over collection and storage of their own health information, she says, and they should be given the opportunity to approve the use of their records in research projects.Unique Patient IDs
Peel also is concerned about renewed calls by some healthcare industry associations, including the College of Healthcare Information Management Executives, for Congress to re-examine its long ban on the creation of a national unique patient identifier
When Congress passed HIPAA in 1996, the law called for the creation of a unique health identifier for individuals. But in response to privacy concerns, Congress in 1999 passed a law prohibiting federal funding for the identifier. However, some healthcare IT leaders say some sort of ID is more critical than ever in facilitating secure national health information exchange and ensuring patient record accuracy in the wake of mass adoption of electronic health record systems.
But Peel fears a national patient identifier would open the door for more invasions of privacy. "The rationale for a unique patient ID is exactly the same as the rationale of a Social Security number. It was supposed to be used for one purpose. And what happened to the Social Security number? It's used as a national ID for everywhere, and it allows all kinds of people to collect information about you from everywhere."
Peel, a practicing psychiatrist and psychoanalyst, is founder and chair of the advocacy group Patient Privacy Rights. Peel became active in privacy rights at the federal level in 1993. She advocated first as an individual and later on behalf of state and national medical specialty organizations for patient control of access to medical records. She has made multiple presentations at national panels and Congressional briefings.