Guest commentary: Privacy issues overlooked
Skip to main content
MDHC_Logotype_white
Subscribe
  • My Account
  • Login
  • Subscribe
  • News
    • This Week's News
    • COVID-19
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • People
    • Regional News
    • Digital Edition
    • Plunging demand for COVID-19 tests may leave U.S. exposed
      J&J's 1-dose shot cleared, giving U.S. third COVID-19 vaccine
      By the Numbers: Largest behavioral health hospitals, 2021
      Why healthcare should also fight for $15
    • Plunging demand for COVID-19 tests may leave U.S. exposed
      J&J's 1-dose shot cleared, giving U.S. third COVID-19 vaccine
      Fighting COVID on three fronts
      Presbyterian Hospital in Albuquerque, UNM Sandoval Regional Medical Center in Rio Rancho, N.M., Lovelace Medical Center in Albuquerque and Christus St. Vincent Regional Medical Center in Santa Fe, N.M.
      Providers weigh long-term risks, rewards of post-COVID collaboration
    • Dr. Imran Andrabi
      Q&A: ThedaCare CEO says lessons from COVID-19 will inform new approaches to population health management
      The Check Up: Dr. Imran Andrabi
      The Check Up: Dr. Imran Andrabi of ThedaCare
      Hospitals confront water shortages in winter storm aftermath
      beaumont-hospital-royal-oak_i_i_i.jpg
      Beaumont says nearly 2,000 second-shot vaccinations canceled due to vaccine shortage
    • CMS: Group health plans must cover COVID-19 diagnostic testing
      High MLRs inspire insurers to focus on quality improvements
      Blue Cross and Blue Shield of Oklahoma, OU Health Physicians mired in contract dispute
      Beyond the Byline: Insurers are betting on virtual-first plans as COVID-19 shifts care pathways
    • CMS: Group health plans must cover COVID-19 diagnostic testing
      Another Pennsylvania health network vaccinates employee kin
      Why AstraZeneca and J&J's vaccines, in use elsewhere, are still on hold in America
      Lawmakers probe if Cuomo's policy fueled nursing home deaths
    • UPMC's patient volumes stabilize, boosting 2020 profits
      Genomics firms taking advantage of SPACs trend to go public faster
      COVID-19 could dent hospital revenue by at least $53 billion in 2021, AHA says
      deloitte GDP image chart graph going up
      Sponsored Content Provided By Deloitte
      Breaking the cost curve
    • Teladoc reports $383.3M in fourth-quarter revenue, up 145%
      man and woman looking at ipad wearing face masks stock image
      Sponsored Content Provided By Surescripts
      Improvements to benefits data can enhance ePrescribing and the patient experience
      Oscar Health's $1B IPO sets the stage for more health tech exits in 2021
      A map of the U.S. with images of the coronavirus.
      The digital divide becomes a new social determinant of health
    • Fighting COVID on three fronts
      46.7% of surveyed adults reported delaying dental treatment due to COVID-19. 74.7% delayed a routine checkup.
      Data Points: Dental visits during the pandemic
      A provider wearing PPE looking at a wall with patient notes.
      Rethinking quality and safety in the age of COVID
      exam room-main_i.jpg
      Nurse practitioner with not-for-profit clinic in Detroit church expands to COVID-19 vaccines
    • Alicia Wilson
      Q&A: Emerging leader Alicia Wilson on staying close to home
      Michael Jordan, Novant team up to address health equity
      Former Ascension CEO, the first to lead the health system, passes away
      Biden's pick to head CMS would be first Black woman to hold post
    • Midwest
    • Northeast
    • South
    • West
  • Insights
    • ACA 10 Years After
    • Best Practices
    • Special Reports
    • Innovations
    • The Affordable Care Act after 10 years
    • Dr. John Fischer
      Patient-reported outcomes tool for hernia surgery helps physicians improve care
      New care model helps primary-care practices treat obesity
      doctor with patient
      COVID-19 treatment protocol developed in the field helps patients recover
      Rachel Wyatt
      Project to curb pressure injuries in hospitals shows promise
    • What's next for on-demand telehealth companies?
      A CalOptima PACE vaccination clinic.
      Will COVID-19 be the catalyst for creating a more sustainable healthcare system?
      A map of the U.S. with images of the coronavirus.
      The digital divide becomes a new social determinant of health
      Ascension’s St. Mary’s Hospital Surgery Center at Towne Centre and Allegheny Health Network’s Bethel Park surgery center
      Hospitals see opportunity, risk in ambulatory surgery centers
    • Dr. Daniel Hall
      UPMC pilots machine learning, telehealth to inform patient transfers
      A woman being recorded using her inhaler on a smartphone.
      Digital check-ins, connected inhalers help control asthma
      A phone screen showing the question, "Mary we hope this information was helpful and we'd like to keep guiding you. Are you interested in knowing when it's your turn to receive the vaccine?"
      Chatbots, texting campaigns help manage influx of COVID vax questions
      A woman with a wearable sensor talking to her provider.
      Wearable sensors help diagnose heart rhythm problems in West Virginia
  • Transformation
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • What's next for on-demand telehealth companies?
      Rising prescription copays drop adherence, spike mortality, research shows
      Dr. John Fischer
      Patient-reported outcomes tool for hernia surgery helps physicians improve care
      Highmark Health inks six-year cloud, tech deal with Google
    • Hospitals' Medicare billing practices suggest upcoding, OIG says
      California hospitals prepare ethical protocol to prioritize lifesaving care
      Amazon, JPMorgan Chase, Berkshire Hathaway disband Haven
      Digital pathways poised to reshape healthcare continuum in 2021
    • Dr. Daniel Hall
      UPMC pilots machine learning, telehealth to inform patient transfers
      A woman being recorded using her inhaler on a smartphone.
      Digital check-ins, connected inhalers help control asthma
      Humana partners with in-home provider for 24/7 care
      A phone screen showing the question, "Mary we hope this information was helpful and we'd like to keep guiding you. Are you interested in knowing when it's your turn to receive the vaccine?"
      Chatbots, texting campaigns help manage influx of COVID vax questions
    • Coordinated payment policies could speed transition to value, experts say
      CMMI's geographic direct contracting model needs an overhaul, experts say
      Hospitals fight UnitedHealthcare policies over lab test, specialty drug payments
      Cigna eliminates prior authorization for coronary CT scans
  • Data/Lists
    • Rankings/Lists
    • Interactive Databases
    • Data Points
    • Health Systems Financials
      Executive Compensation
      Physician Compensation
  • Op-Ed
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
    • Dr. Alan Kaplan
      The risks, rewards of taking organizations 'where they haven’t gone before'
      Wellstar CEO calls adapting for the pandemic her bold move
      Howard P. Kern
      Recognizing the value of telehealth in its infancy
      Dr. Stephen Markovich
      A bold move helped take him from family doctor to OhioHealth CEO
    • Dr. Stephen Markovich
      Making sure we're aligned along the path to achieving inclusion
      Barry Ostrowsky
      Ending racism is a journey taken together; the starting point must be now
      Laura Lee Hall and Gary Puckrein
      Increased flu vaccination has never been more important for communities of color
      John Daniels Jr.
      Health equity: Making the journey from buzzword to reality
    • Mikelle Moore
      The promising future of rural healthcare, even amid the COVID-19 pandemic
      In-person visitation must be part of the national COVID-19 response
      We've lost so much to the pandemic, but we've also made gains that will endure
      Medical groups key to meeting president's vaccine pledge
    • Letters: Eliminating bias in healthcare needs to be ‘deliberate and organic’
      Letters: Maybe dropping out of ACOs is a good thing for patients
      Letters: White House and Congress share blame for lack of national COVID strategy
      Letters: VA making strides to improve state veterans home inspections
    • Sponsored Content Provided By Optum
      How blockchain could ease frustration with the payment process
      Sponsored Content Provided By Optum
      Three steps to better data-sharing for payer and provider CIOs
      Sponsored Content Provided By Optum
      Reduce total cost of care: 6 reasons why providers and payers should tackle the challenge together
      Sponsored Content Provided By Optum
      Why CIOs went from back-office operators to mission-critical innovators
  • Awards
    • Award Programs
    • Nominate
    • Previous Award Programs
    • Other Award Programs
    • Best Places to Work in Healthcare Logo for Navigation
      Nominations Open - Best Places to Work in Healthcare
      Nominations Open - 50 Most Influential Clinical Executives
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Minorities in Healthcare
      • - Luminaries
      • - Top 25 Minority Leaders
      • - Minorities to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Excellence in Nursing Awards
    • Design Awards
    • Top 25 COOs in Healthcare
    • 100 Top Hospitals
    • ACHE Awards
  • Events
    • Conferences
    • Galas
    • Webinars
    • COVID-19 Event Tracker
    • podium march webinar logo lockup
      Sponsored Content Provided By Podium
      Webinar: Critical Touchpoints for Every Patient’s Journey — How Technology Plays an Important Role
      scp health logo lockup march 2021
      Sponsored Content Provided By SCP Health
      Webinar: COVID’s call to action — Reset for success in 2021
    • Women Leaders in Healthcare Conference
    • Social Determinants of Health Symposium
    • Healthcare Transformation Summit
    • Leadership Symposium
    • Virtual Briefings
      • - Hospital of the Future
      • - Mental Health
      • - Patient Safety & Quality
      • - Strategic Marketing
      • - Virtual Health
      • - Workplace of the Future
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Minority Leaders Gala
    • Top 25 Women Leaders Gala
  • Listen
    • Podcast - Next Up
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
    • Next Up Podcast: Educating patients on the COVID-19 vaccine with Tanya Andreadis
      Dr. Joseph Cacchione
      Next Up Podcast: Educating patients on the COVID-19 vaccine with Dr. Joseph Cacchione
      Dr. Karen DeSalvo
      Next Up Podcast: What to expect with telehealth and healthcare technology in the next four years
      Carter Dredge
      Next Up Podcast: Ready, set, innovate! Innovation and disruption in healthcare
    • Beyond the Byline: Insurers are betting on virtual-first plans as COVID-19 shifts care pathways
      Beyond the Byline: How residents' stories shape our coverage of the vaccination rollout in nursing homes
      Beyond the Byline: Regulators aim to boost value push with fraud and abuse law updates
      An older man wearing a mask receiving a vaccine.
      Beyond the Byline: Verifying information on the chaotic COVID-19 vaccine rollout
    • Outreach during COVID-19
      Leading intention promote diversity and inclusion
      Introducing Healthcare Insider Podcast
    • The Check Up: Dr. Imran Andrabi
      The Check Up: Dr. Imran Andrabi of ThedaCare
      The Check Up: Tanya Blackmon
      The Check Up: Tanya Blackmon of Novant Health
      The Check Up: Dr. Patrick Hwu
      The Check Up: Dr. Patrick Hwu of the Moffitt Cancer Center
      The Check Up: Suresh Gunasekaran
      The Check Up: Suresh Gunasekaran of the University of Iowa Hospitals & Clinics
    • ivana naeymi-rad one on one intelligent medical objects
      Video: Ivana Naeymi Rad of Intelligent Medical Objects
  • MORE +
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Information Technology
September 09, 2010 01:00 AM

Guest commentary: Privacy issues overlooked

Latanya Sweeney
  • Tweet
  • Share
  • Share
  • Email
  • More
    Print

    From my son's pediatrician to my father's specialist, physicians are talking about electronic health records. Widespread EHR adoption is a goal of the American Recovery and Reinvestment Act of 2009, which provides financial compensation to healthcare providers and hospitals for meaningful uses of EHRs in years 2011 to 2015.

    If successful, the ARRA will ignite a mass exodus from a prehistoric paper age into a tech-savvy networked cosmos called the Nationwide Health Information Network in which patient information flows seamlessly across computers, devices, organizations and locations as needed. For lasting success, special care must be taken to allow widespread sharing of patient information while protecting patient privacy, and that brings into question the recently released list of requirements from the CMS that include no privacy incentives and the current NHIN approaches from the Office of the National Coordinator that lack privacy and utility.

    Read the full story here.

    Like many Americans, I pay bills electronically, e-mail photographs, search the Web for supplemental health information, and complete so many functions online I rarely visit brick-and-mortar offices. Yet my son's pediatrician uses paper records like those of my father's specialist.

    The technology mismatch is striking. About 61% of Americans looked online for health information in 2009, but only 4% of American office-based physicians used fully functional EHRs in 2007 even though evidence exists that using EHRs improves care.

    The CMS just released the first of about three rounds of meaningful uses. As these reimbursement requirements roll out over the coming years, the NHIN should eventually support about 100 meaningful uses. One is listing patient allergies and medications at the time and place of service. If I present unconscious at a California emergency room, the NHIN would allow attending physicians to reference my Pennsylvania information. Naive solution: Give patients smart cards containing relevant information, but smart cards alone cannot satisfy all uses (e.g. a lab sending timely results to the requesting provider). So, the NHIN should provide sufficient utility to support the full spectrum of meaningful uses.

    Technical bliss also requires the NHIN keep patient information confidential. Privacy is essential to doctor-patient trust allowing patients to freely communicate intimate behaviors and details to physicians and physicians to freely store related facts and notes. A significant loss of privacy in the NHIN will render it useless and can cause serious personal harm as patients opt out and doctors find unforeseen ways to hide sensitive patient information. The ARRA specifies numerous requirements for patient privacy protection, yet the CMS list of meaningful uses for 2011 includes no privacy incentives.

    EHRs and the NHIN enable quick and easy sharing of patient information widely and in bulk for many worthy purposes beyond direct patient care. As data-sharing increases, risk of personal harm tends to increase thereby intensifying the tension between limiting data sharing to direct patient care (more privacy) and sharing data widely (more utility).

    The techno-policy infrastructure that enables data-sharing, the NHIN, controls this tension, and the NHIN design can itself introduce additional adverse consequences and worthy uses. There is a false belief one must be traded against the other—i.e., to reap benefits of the NHIN, Americans must give up privacy. Unfortunately, the current NHIN approach is worse, making it unlikely Americans will have privacy or utility.

    The ARRA charges the ONC within HHS with promoting EHR adoption and NHIN development.

    Tasks involve identifying meaningful uses, aligning economic incentives, establishing information exchange standards, and promoting privacy protection mechanisms. ONC's job rivals the Twelve Labors of Hercules, as I have witnessed many of ONC's heroic accomplishments from the vantage point of the privacy and security seat of the HIT Policy Committee, a federal advisory committee established by Congress to advise the ONC. I was appointed through a national search and am the only professional computer scientist.

    With only months remaining before early adopters start using new and retooled EHRs to qualify for compensation in 2011, the time seems ripe to examine privacy and the NHIN and seek corrective action.

    The current approach to NHIN design is “let a thousand flowers bloom.” Regional and state groups receive financial support from the ONC but are left alone to navigate the immature technical terrain and make isolated decisions. The lack of overall architectural coordination promises autonomous local NHINs that are not likely to interoperate and can expose patient information to different hazards.

    The ONC's website describes the NHIN Limited Production Exchange as today's NHIN. Federal entities (e.g., the Social Security Administration, the Veteran's Administration and the Centers for Disease Control) lead the effort with participation from private parties (e.g., Kaiser Permanente).

    Technical operations are: (1) patient lookup; (2) document query; (3) document retrieval; (4) audit log query; (5) authorized case follow-up; and, (6) event messaging. These functions allow participants to locate patient information, identify available documents, retrieve patient documents, etc. The last operation, event messaging, stores criteria and automatically forwards matching patient information when it appears. Overall, this is not a bad set of operations, but there are problems with the overall design. Here are a few.

    Given explicit identifiers of a patient (e.g., name and Social Security number), patient lookup returns institution-specific identifiers for that patient using patient registries.

    Each register is a master patient index containing patient name, telephone, gender, date of birth, Social Security number, the patient's unique identifier at each organization, and optionally, deceased information, marital status, religious affiliation, race, ethnicity and address. There are concerns with this approach. For example, insiders (anyone at any participating facility who can access patient information) can do malicious surveys to locate patients and patient records at other facilities. For example, a domestic violence stalker can use the system to locate victims.

    In one version, event messaging allows third-party notification of patient information without the patient's knowledge. This function may help public health agencies receive reportable information, but as designed, enables unsupervised surveillance. For example, an insider could receive notifications of all abortions performed at other organizations.

    Participating institutions maintain patient information portals. If deployed widely, these portals would be in environments (e.g. provider groups) having no professional staff to follow the latest computer security practices.

    Security additions may help but don't seem forthcoming and other concerns would still remain because of the overall design of NHIN Exchange. These problems are not inevitable as other possible designs don't have them. It is therefore prudent for local communities to understand how different technical designs for the NHIN have an impact on patient privacy.

    The ONC's website also describes NHIN Direct. Microsoft and Cerner Corp. representatives mentioned replacing fax with e-mail over secure channels to combat eavesdropping.

    A crowd-sourced effort emerged. Unpaid volunteers jointly construct technology for fax-based scenarios (e.g., provider-provider and provider-lab). One concern with this approach is an inability to achieve all meaningful uses due to overfitting fax scenarios.

    For example, an emergency room doctor cannot reasonably retrieve allergies and medications for an unconscious out-of-state patient using e-mail. How does the emergency room doctor know which provider to e-mail? Will responses be timely? How does the recipient know the e-mail is legitimate? The NHIN requires more machinery, but is NHIN Direct a stepping-stone or a distraction? No roadmap shows how the effort eventually achieves all meaningful uses. Common problems to e-mail (e.g. spam, fraud, privacy) and free public labor (e.g. legal responsibility, software fusion) remain unaddressed. For these reasons, the utility of NHIN Direct is gravely uncertain.

    It doesn't take a doctorate in computer science to know the prognosis for the NHIN is not good, and it doesn't require political sensitivity to know what public reaction will be.

    With few months remaining and a desire that EHR adoption be successful and long-lasting, I propose an intervention. Develop a “flowerpot,” a single conceptual NHIN defined by trust invariants based on stakeholder barriers (e.g. patient privacy and provider liability). A local NHIN participates in the flowerpot only if a risk assessment proves its implementation satisfies constraints. Then, no matter the services or technical architecture deployed by local NHINs, the overall flowerpot of NHINs gives universal responsible guarantees to patients, providers and other stakeholders. So, “let a thousand flowers bloom” … in a single flowerpot!

    Latanya Sweeney, Ph.D.

    Distinguished Career Professor of Computer Science, Technology and PolicySchool of Computer Science Carnegie Mellon UniversityPittsburgh

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    Cigna's MDLive acquisition could foster virtual-first plan development, analysts say
    Cigna's MDLive acquisition could foster virtual-first plan development, analysts say
    Ascension to expand pilot of Google EHR search tool
    Ascension to expand pilot of Google EHR search tool
    Sponsored Content
    Get Free Newsletters

    Sign up for free enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today

    The weekly magazine, websites, research and databases provide a powerful and all-encompassing industry presence. We help you make informed business decisions and lead your organizations to success.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS
    • Instagram

    Stay Connected

    Join the conversation with Modern Healthcare through our social media pages

    MDHC_Logotype_white
    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2021. Crain Communications, Inc. All Rights Reserved.
    • News
      • This Week's News
      • COVID-19
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition
    • Insights
      • ACA 10 Years After
      • Best Practices
      • Special Reports
      • Innovations
    • Transformation
      • Patients
      • Operations
      • Care Delivery
      • Payment
    • Data/Lists
      • Rankings/Lists
      • Interactive Databases
      • Data Points
    • Op-Ed
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Awards
      • Award Programs
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Minorities in Healthcare
          • - Luminaries
          • - Top 25 Minority Leaders
          • - Minorities to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Nominate
      • Previous Award Programs
        • Excellence in Nursing Awards
        • Design Awards
        • Top 25 COOs in Healthcare
      • Other Award Programs
        • 100 Top Hospitals
        • ACHE Awards
    • Events
      • Conferences
        • Women Leaders in Healthcare Conference
        • Social Determinants of Health Symposium
        • Healthcare Transformation Summit
        • Leadership Symposium
        • Virtual Briefings
          • - Hospital of the Future
          • - Mental Health
          • - Patient Safety & Quality
          • - Strategic Marketing
          • - Virtual Health
          • - Workplace of the Future
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Minority Leaders Gala
        • Top 25 Women Leaders Gala
      • Webinars
      • COVID-19 Event Tracker
    • Listen
      • Podcast - Next Up
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • MORE +
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing