Again, in the last week, I have come across a few reports and news items which are worth passing on.
These include first:
By: Joseph Conn / HITS staff writer
Story posted: March 10, 2008 - 5:59 am EDT
The National Committee on Vital and Health Statistics has approved a letter to HHS Secretary Mike Leavitt, again recommending that patients be able to control the movement of some of their healthcare information over a proposed national health information network.
It was the second time in the past 21 months that the federal advisory panel at HHS has advocated restoring some form of patient consent as a prerequisite to the disclosure of personal healthcare information on a NHIN.
At a meeting Feb. 20, the NCVHS approved the 11-page letter that likely will be sent to Leavitt this week. In summary, the committee wrote, "We have concluded that NHIN policies should permit individuals limited control, in a uniform manner, over access to their sensitive health information disclosed via the NHIN. Public dialogue should be undertaken to develop the specifics of these policies, and pilot projects should be initiated to test their implementation."
The recommendations stand in marked contrast to past and current HHS privacy policies. In its 2002 revision of the privacy rule of the Health Insurance Portability and Accountability Act of 1996, HHS eliminated patient consent as a requirement for the disclosure of so-called "protected healthcare information" for use in treatment, payment and a host of other healthcare operations.
And last June, the Office of the National Coordinator for Health Information Technology at HHS announced its intention to develop a national privacy and security framework for health IT. Nearly nine months later, staffers at HHS and ONCHIT still are working on the framework behind closed doors.
In its letter, the NCVHS recommended affording patients the ability to sequester particularly sensitive information by treatment category. And while those categories were not specified, the committee did provide examples of categories to be considered for special handling. They were: domestic violence, genetic information, mental health information, reproductive health and substance abuse. If all of the NCVHS examples are accepted in a federal model, it could reduce variation between state and federal privacy laws.
Continue reading this quite long article here:
http://www.modernhealthcare.com/apps/pbcs.dll/article?AID=/20080310/REG/408091039/1029/FREE
The letter is downloadable here:
http://www.ncvhs.hhs.gov/080220lt.pdf
This article and the letter which it reports makes interesting reading. It is clear patients are increasingly wanting control of their private (especially potentially sensitive) health information. Making sure this is achieved is the only way we will get improved acceptance of both EHR’s and PHRs.
On a related topic:
Second we have:
March 15, 2008 - 12:20PM
The University of California's prestigious medical center is planning to fire at least 13 employees for reading pop star Britney Spears' private health records, the Los Angeles Times reported Friday.
Citing someone familiar with the matter, the newspaper said at least six others had been suspended for snooping and six more faced disciplinary action.
Spears, 26, was admitted to the UCLA Medical Center's psychiatric ward on January 31 amid concerns for her mental health, and released six days later. However, the Times said the staff were being disciplined over a previous incident.
The newspaper also said it was not the first time staff had been caught peeking.
Hospital officials had disciplined workers for looking at Spears' records after she gave birth to her first son, Sean Preston, in 2005 at Santa Monica-UCLA Medical Center and Orthopaedic Hospital, it said.
"It's not only surprising, it's very frustrating and it's very disappointing," Jeri Simpson, the Santa Monica hospital's human resources director, told the Times.
Continue reading here:
http://news.smh.com.au/la-hospital-to-fire-staff-peeking-at-spears-records-report/20080315-1zml.html
Yet again we see the integrity of health records compromised by curiosity. We really need to work harder to have those with access to such records understand their obligations to preserve patient privacy and to restrict their access to records they really have a ‘need to know’ about.
Third we have:
March 13, 2008 - 5:35AM
The Rudd government is reportedly considering reviving a smartcard concept to crack down on welfare fraud.
The moves is sure to reignite privacy worries about the smartcard being a de facto national identity card.
Options to save money in the budget include an overhaul of the almost $100 billion in annual Medicare and Centrelink payments.
Federal cabinet is considering developing a new smartcard fitted with a computer chip to beat fraud, The Australian Financial Review reported on Thursday.
Continue reading here:
http://news.smh.com.au/smartcard-is-back-on-the-table/20080313-1z27.html
and the associated denial:
Patricia Karvelas | March 14, 2008
HUMAN Services Minister Joe Ludwig has ruled out any resurrection of the previous government's controversial smartcard scheme.
Senator Ludwig said there would be no backflip on a promise not to have a smartcard.
"We are committed to achieving best practice in the provision of government services, but we are not considering a compulsory identity card,'' Senator Ludwig said.
Continue reading here:
http://www.australianit.news.com.au/story/0,24897,23373328-15306,00.html
It is clear that we now have a bit of a ‘no smoke without fire’ situation. The Labor Government knows it needs to exploit new technology to reduce fraud and improve efficiency and customer service. The issue is just how this can be most simply, reliably and cheaply done. As they say ‘watch this space!’
Fourthly we have:
http://www.australiandoctor.com.au/articles/A6/0C0549A6.asp
11-Mar-2008
By Sophie McNamara
PATIENTS should generally be given access to their health records in the form of their choice, such as a photocopy, an electronic version or a summary, the Privacy Commissioner says.
The commissioner, Ms Karen Curtis, is set to release five information sheets this week, including guidance on giving patients access to their own records.
About one-third of 113 complaints received by the commissioner about health providers in 2006/07 related to refusal of access to records.
Patients legally had the right to access their health records, but there were exceptions, such as if access would pose a serious threat to life or health, the commissioner said.
Continue reading here (if medically registered):
http://www.australiandoctor.com.au/articles/A6/0C0549A6.asp
The important thing about this is that the Commonwealth Privacy Commissioner has released some new information disclosure guidelines that are relevant to all clinical and health staff.
The full fact sheets are available at:
www.privacy.gov.au
Well worth a review as things are gradually evolving in this area.
The full media release is found here
http://www.privacy.gov.au/news/media/2008_03.html
Media Release: New privacy guidance to assist private health service providers
11 March 2008
The Australian Privacy Commissioner, Karen Curtis, has today issued new privacy guidance materials for medical practitioners and other health service providers and the public.
“The new guidance materials are the culmination of an extensive consultation process by my Office, and offer health care professionals and members of the public greater clarity about whether particular practices are permitted under the Privacy Act,” said Ms Curtis.
Released on the Office’s website, the guidance materials consist of five information sheets for healthcare in the Australian private sector, and seven FAQs for members of the public.
The information sheets address the following issues:
- Fees that can be charged for patients to access their records.
- Use and disclosure of health information for managing a health service.
- Sharing health information within a treating team.
- Sharing health information with relatives of an incapacitated patient.
- Denial of access to health information due to a serious threat to life or health.
The FAQs answer questions relating to: patients accessing their medical records, who doctors can disclose patient information to, and whether doctors need to obtain the patient's consent.
Ms Curtis stated that the guidance materials will also serve to dispel some myths associated with privacy in the health sector:
“Medical practitioners may not, for example, realise that it is not always necessary to seek a patient’s direct consent for every treatment-related disclosure within a treating team. The guidance materials clarify that disclosure could be permitted as long as the patient would reasonably expect this disclosure to occur.”
The development of the guidance materials included consultations with representatives from the health, consumer and privacy sectors.
An earlier release is also of importance:
http://www.privacy.gov.au/news/media/mapsbp08_media.html
Revised privacy guidelines for Medicare & PBS claims information
07 March 2008
The Australian Privacy Commissioner, Karen Curtis, has issued a revised set of Guidelines covering the handling of claims information collected under the Medicare and Pharmaceutical Benefits programs.
"The Guidelines seek to maintain a high level of privacy protection for Australians' claims information, while ensuring that the regulation does not stand in the way of Government agencies' ability to help the delivery of a high standard of health outcomes," Ms Curtis said.
The Guidelines are legally binding on all Government agencies and ensure they only use and link Medicare and PBS claims information for limited purposes and in particular circumstances. The new Guidelines will take effect from 1 July 2008, until which time the existing Guidelines remain in force.
The Guidelines were first issued in 1993 and have been amended several times. Key features of the new Guidelines include:
- They reinforce that the National Health Act prohibits any Government agency from storing information obtained from Medicare or PBS on the one database.
- They require Medicare to report annually to the Privacy Commissioner on how many records from each program are linked, under what authority they are linked, and an indication of the period they are retained or why they were not destroyed.
- They allow Medicare to link claims information to provide it to a person who has requested access to their information.
The Guidelines are the result of an extensive consultation process with the public, private and community sectors.
The Guidelines are available here.
The full Commonwealth Health Privacy Entry Point is here:
http://www.privacy.gov.au/health/guidelines/index.html#2.8
Fifth we have:
EHTEL, eHealth Focal Point for Europe
eHealth, High Priority on the Agenda of European Decisions Makers
While eHealth solutions are being implemented everywhere in Europe, eHealth has moved up on the political agenda. EHTEL is dedicated to help all stakeholders establishing and using eHealth solutions, e.g. by:
>> Sharing experience with and learning from others
>> Informing of what is going on in Europe and beyond,
>> Contributing to discussions at EU level on e.g. interoperability, eHealth and telemedicine issues.
We at EHTEL share the belief that
>> eHealth is a tool to ensure the required level of information, choice and empowerment, as requested by European consumers and patients.
>> eHealth must comprise multiple communication channels for ensuring both equal access and ubiquity.
>> eHealth is a cooperative process intensifying and changing the interactions of all stakeholders in health and social care.
>> Decision Makers in Healthcare of Europe should fully integrate eHealth into health and social care.
Continue reading here:
http://www.ehtel.org/SHWebClass.ASP?WCI=ShowCat&CatID=1
This is an interesting new site which has some useful quite current material as to what progress is being made in EHR and Telemedicine in Europe. Worth a browse.
Sixth we have:
By KEITH J. WINSTEIN
March 12, 2008; Page D7
Medical devices that control the human heart may need safeguards to protect against remote-control hacking that could deliver electrical shocks to patients, researchers said.
Millions of Americans have pacemakers, which keeps hearts beating regularly, or an implanted defibrillator, which can restart stopped hearts with an electric jolt. After implanting a defibrillator under a patient's skin, a doctor uses a special device, about the size of a breadbox, to tell the defibrillator what to do -- for example, to instruct it to keep the heart beating at a certain rate or deliver a test jolt.
The devices, called programmers, communicate with a defibrillator using radio waves. To prevent tampering, only physicians are allowed to buy one from the manufacturers -- Medtronic Inc., Boston Scientific Corp., and St. Jude Medical Inc.
But hackers could transmit the same radio signals -- causing a defibrillator to shock or shut down, or divulge a patient's medical information -- without needing a programmer, researchers found in a laboratory test of one model from Medtronic.
The study, to be presented at a California computer-security conference in May, suggests manufacturers should consider how to stop unauthorized people from tampering with implanted medical devices that receive instructions via radio waves, a growing category that also includes spinal-cord stimulators and drug-delivery pumps.
Continue reading here (subscription required):
http://online.wsj.com/article/SB120528705417629357.html?mod=djemHL
I am sure this is not a huge worry, but just shows how unexpected risks can sneak up on you. The risk to the current US Vice President is amusing!
Last we have
New Ways To Manage Health Data
Giants Join the Push To Put Records Online
By Michael S. Gerber
Special to The Washington Post
Tuesday, March 11, 2008; HE01
You already bank online and use computer software to do your taxes. So why don't you trust technology to help you manage your health? Microsoft, Google and more than 100 Web sites offering personal health records know the answer, but they're betting they can quell your fears about posting your most private information online and get you to sign on soon.
Online personal health records, or PHRs, began years ago as password-protected templates for storing basic medical information, accessible from any computer connected to the Web. Some still function that way, making them a convenience for patients with chronic conditions, life-threatening allergies and long medication lists. Many experts also recommend PHRs for adult caregivers of elderly family members or parents of children with chronic health problems.
"I think [they] can be very valuable for people who want to keep close track and have portable -- available for them when they need it -- detailed medical records," said Peter Basch, a Washington physician and medical director of MedStar's e-health initiative.
Many PHRs automatically link to hospital Web sites; some upload data from lab tests and medical devices; and others allow emergency rooms to access your medical history even if you're unconscious and far from home.
Lately, Internet giants Microsoft and Google have upped the ante, developing sites that combine PHRs with search engines and other services. (See sidebar.) The new capabilities raise the value of PHRs -- as well as the risk from breaches of privacy. And as the records sites grow in number and sophistication, privacy advocates are stepping up their warnings, especially about PHRs offered by health insurers.
Continue reading here:
http://www.washingtonpost.com/wp-dyn/content/story/2008/03/10/ST2008031001828.html
This is a good summary of the various issues surrounding Personal Health Records and definitely worth a browse.
More next week.
David.