Google and our health data

According to a story I watched on Fox today, we're not to be concerned that Google is controlling and distributing our health information and data--they are being HIPAA compliant. Big Whoop. What about being compliant with our wishes, with our concerns? Remember Henrietta Lacks? Did her medical information only matter because she was black? Researchers are lusting for this information--imagine having the data for 1500-2000 people with disease xyz with a key stroke instead of the 30 or 40 you can find with months of appeals and research. And cha ching, your data is part of a study which may bring the researcher/company millions.

https://www.engadget.com/2019/11/11/google-ascension-patient-records-project-nightingale/

https://www.hopkinsmedicine.org/henriettalacks/

The Omnibus Final Rule

It’s just not good to read “conundrum,” “new regulations,” “administrative and technical challenges,” “impede innovation,” and “contentious issue” all in the same article about HIPAA, the Health Insurance Portability and Accountability Act.  Not after the sloppy, struggling, and insecure roll out of Obamacare.  The Omnibus Final Rule.

There are a few hot button words for me in the JAMA September 18, 2013 article, “The HIPAA Conundrum in the Era of Mobile Health and Communications.”

• mandates
• redefined
• expanded
• now considered
• now required
• can be held criminally liable
• pose technical challenges
• estimated cost $114-225 million for start up
• underestimates compliance costs
• may impose unfunded mandates
• may impede innovation
• in theory. . .
• in practice. . .
• actual security will rely on user’s behavior
• important hurdles
• employing consultants has become the norm
• can be costly
• down stream contractors
• poor guidance
• impose
• shift
• refuse
• trapped
• impassable requirements
• penalized
• landscape is rapidly evolving

#83 High tech, high fat, low common sense

The push from the Health Information Management folks to make everything electronic in order to insure the privacy requirements of the new HIPAA (Health Insurance Portability & Accountability Act of 1996 (August 21), Public Law 104-191, which amended the Internal Revenue Service Code of 1986) would be a bit more believable if I hadn’t been in doctors’ offices since HIPAA’s implementation in April.

The new rules require 1) standardization of electronic patient health, administrative and financial data, 2) unique health identifiers for individuals, employers, health plans and health care providers and 3) security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.” A full employment law for the computer folks since these systems have to be continuously upgraded.

We, the patients, have signed innumerable forms saying we’ve been informed. They’ve changed the cubicles at check-in for the waiting rooms, and built fancy stalls to separate us at the pharmacies. Our surname is no longer called out in the waiting room--too bad if your name is Bob or Bill. No more sign in sheets--you might see who arrived at 8:15. But you can’t regulate common sense apparently.

This week I was left alone after a high-tech test in a room with really fancy information equipment, the kind AHIMA wants all medical facilities to have. Up on the computer screen was a list of names, birth dates and ID numbers in the section of the alphabet for my name--records in this database were linked to the records for my testing--and everyone else’s. The password to the equipment used for my test was on a yellow-sticky on the front of the machine. Oh yes, and scattered on the counter were packaged hypodermic needles and an open package of sealed vials (didn’t recognize the medication, but someone else might).

Last spring I was in this same new, state-of-the art facility sitting by myself in one cubicle, with information about the last patient still on the screen. When paper files were being used, I don’t recall ever seeing someone else’s file.

I also noticed that the staff working directly with patients in the back rooms where testing is done, were walking around the halls eating snacks out of open bags. When it was my turn, I was ushered into another area where the technician had her breakfast coffee and muffin on her desk. On my way out, I noticed a lovely staff lounge, with sink, microwave and seating, but why use it when you can eat all day long at your desk while manipulating carefully shielded patient data?