INDUSTRY WANTS BLANK CHECK FOR HEALTH IT IN ECONOMIC STIMULUS PACKAGE

Washington, DC – Despite the strong commitment by Congress and the President-elect to protect consumers over special interests, a “Confidentiality Coalition” boldly asks Congress to ensure that NO privacy or consumer protections are part of the health IT provisions in the economic stimulus package (see their letter to congress).

Who does the Confidentiality Coalition represent? “Health plans, pharmaceutical companies, vendors, employers, health product distributors, and pharmacy benefit managers”, among others. In reaction to this coalition’s recent letter to Congress, Deborah C. Peel, MD, the founder of Patient Privacy Rights noted, “notably absent from this coalition are patients and doctors, those who stand to lose the most when they lose all control over personal health information and such information is used in ways other than promoting health.”

“At the heart of the argument is whether we have learned anything from years of letting industry set its own rules. Today we face a wrecked world economy because we let the financial industry steer themselves and ’self-regulate’. We must not repeat the same mistake with the health industry,” says Peel.

“Giving for-profit corporations (that have a duty to their shareholders to make money) a blank check for health IT paves the way to establish a goldmine of information that can be used to increase profits, promote expensive — not necessarily more effective — drugs, devices and treatment; cherry pick; and market directly to consumers. Including privacy protections that ensure accountability, control and transparency up front, is the only way to engender public trust and thereby innovate and improve health care.”

Patient Privacy Rights and the Coalition for Patient Privacy, representing over 50 consumer organizations and 12 million Americans, has been working together with Congress to promote health IT while ensuring that our nation’s health IT system does no put Americans’ jobs, access to health care and credit at risk by dismissing the need for ironclad privacy protections. Trust is essential for the public’s willingness to seek treatment and participate in health IT systems.

Read Patient Privacy Rights’s letter to Congress here. PPR urges Congress to ensure accountability, control and transparency with health IT, including the following minimum protections:

ACCOUNTABILITY — Hold every entity with access to health information accountable.

Those who hold or store personal health information should ensure that the data is accurate, reliable and secure1.

Minimum standards should include requirements for: encrypting data in database storage and in transit, limiting access to specific individuals via informed, facilitating electronic consent, and building in audit trails of all electronic transactions.
Congress should authorize and fund Health & Human Services (HHS) and the Federal Trade Commission (FTC) to increase their oversight of data flow and sharing practices including funds for undertaking random audits of contracts. Require breach notification and whistleblower protections.
CONTROL — Ensure individuals control the use of personal health information.
An individual’s right to control how their personal information is used is fundamental to the Code of Fair Information Practices and most professional codes of ethics; the same code should apply to our most sensitive information, our health records.

Codify a federal right to health information privacy.
All systems should ensure individuals can segment sensitive information so safeguards are built in up front.
Provide incentives for health IT systems to use electronic informed consent and innovative consumer privacy controls.
TRANSPARENCY — Protect consumers from abusive practices.
Personal health information shouldn’t be sold and shared as if it were some other commodity like stocks or mortgages2. Healthinformation is significantly different from other data collected by marketers and data miners;

it is especially sensitive and can directly impact jobs, credit, and insurance coverage.

Prohibit direct or indirect remuneration for the sharing, disclosure or use of personal health information with limited exceptions for research and public health. Ensure that corporations cannot obtain exclusive or contractual rights to own or control personal health information3.
Personal health information obtained for one purpose must not be used or made available for other purposes without informed consent4. We strongly support provisions re-defining and limiting the broad

category of “Health Care

Operations.”
1 Code of Fair information Practices, Principle 5
2 See “Evidence of Disclosure,” http://www.patientprivacyrights.org/site/DocServer/Evidence_of_Disclosure.pdf?docID=4501
3 For example, CVS Caremark’s iScribe electronic prescribing program obtains absolute rights to all data inputted into their system via their service agreement with providers allowing them to sell or share the data with third party partners including drug manufacturers, healthcare clearinghouses and data analysis companies.
4 Code of Fair Information Practices, Principle 3

About Patient Privacy Rights

As the nation’s health privacy watchdog, Patient Privacy Rights works to ensure that we don’t have to choose between privacy and health care or health IT. Patient Privacy Rights is a 501(c)(3) nonprofit headquartered in Austin, Texas with an office in Washington D.C., funded solely by individuals. Founded by a practicing physician, our mission is to ensure Americans control access to their personal health information so that we progress with privacy. When our most intimate information can be sold and shared with the click of a mouse, many may lose opportunities for work, wealth and well being.

Patient Privacy Rights leads the bi-partisan Coaltion for Patient Privacy, representing nearly 12 million Americans and including over 50 consumer organizations and technology corporations such as the ACLU, American Conservative Union, American Association for People with Disabilities, AIDS Action, Family Research Council and Microsoft.