Tuesday, November 20, 2012

What Is The Story Regarding The Privacy Of Your Information From Government If Held In A NEHRS?

I was alerted to this issue by a report from the US:
Monday, November 12, 2012

Despite ONC's Effort, Comparing PHR Privacy Policies Still Challenging

by Kate Ackerman, iHealthBeat Managing Editor
To date, personal health record adoption has been somewhat limited, but the market is expected to get a big boost from Stage 2 of the meaningful use incentive program.
Deven McGraw -- director of the Health Privacy Project at the Center for Democracy & Technology -- said, "The market for those tools has been a little soft I think because people have really had to hand enter in the data or scan [them] in, as opposed to being able to feed [the information] directly from a provider's electronic health record, unless they happen to be a patient at Kaiser or part of a system that already offers them that tool." However, she said, "That's going to change in 2014 when a lot of the early adopters in the HITECH incentive program begin Stage 2 and start actively encouraging patients to view and potentially download and transmit their data."
But is the industry ready when it comes to privacy and security regulations?
Survey data show that consumers routinely cite privacy and security as top barriers to personal health record adoption. A 2010 survey from the California HealthCare Foundation found that 75% of U.S. adults without a PHR cited concerns about the privacy of their information as the top barrier to using a PHR. CHCF publishes iHealthBeat.
Jeff Donnell, president of PHR provider NoMoreClipboard, noted that consumers have been exposed to privacy and security issues in the financial services industry. He said, "So they take a look at that and recognize, 'Okay, often times information is used for nefarious purposes,' and people want to make absolutely certain that their data [do not] somehow get stolen or wiped and end up being used by identity thieves." He added, "It's not uncommon to hear about ... a major breach where thousands or hundreds of thousands or in some cases even millions of patient records walk out of an office on a laptop or unencrypted disc, and then those things disappear or get stolen. ... And, that gives people cause for concern."
Further, when consumers are considering PHRs sponsored by health plans or employers, they want to "make absolutely certain" that their data is not visible to their boss and that their health plan cannot use their information to deny coverage, according to Donnell.
Despite the survey data, McGraw said that in practice, convenience and usefulness -- not privacy -- are likely top of mind when consumers are deciding which PHR tool to adopt.
Donnell agreed. "Certainly there are going to be some people who rightfully are going to be very concerned about why would someone want my health information. You know, if I'm George Clooney or Brittney Spears, I'd be worried because I know people are going to try to get at that data," he said. 
However, he said, "If I'm an individual with diabetes or I'm taking care of an aging parent with congestive heart failure, you know what? I'm not all that worried about privacy and security. I'm worried about making sure that I have ready access to information that I'm able to easily manage it, share it with the people who need the data to properly care for me or my family member. So all of a sudden, those privacy concerns while they don't go away, they become very, very minimal in terms of importance."
Donnell said that the data analytics on NoMoreClipboard's website and application show that fewer than 1% of users actually take the time to click through and read the firm's privacy policy.
"Are Personal Health Records Safe? A Review of Free Web-Accessible Personal Health Record Privacy Policies" (Carrión Señor, Journal of Medical Internet Research, August 2012)
Lots more here:
A point made here is that information held in your PHR may - or may not - be safe from your employer or insurer.
After something of a hunt I tracked down the NEHRS Privacy Statement.
You can follow these links.
This then points to this:
While I am no lawyer it does not seem there is much in the way of barriers for the use of information in the NEHRS by those in DoHA and the Department of Human Services - who choose to do so - given the things like my evolving name changes and so on - as reported last week on the blog.
See here:
I think the general approach of only providing information you are happy to see on the front page at makes a great deal of sense in terms of what you put in you NEHRS. You just never know when some information you provide trustingly can come back to bite you!
Remember once information escapes - no matter how - it is very hard to get back.