DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Deborah Peel: Comments on guilty plea

Posted on July 20, 2009 by Dissent

In response to the guilty plea by three employees of St. Vincent Health System, reported here earlier today, Dr. Deborah Peel of PatientPrivacyRights.org issued the following statement:

Facebook users can keep people from seeing their walls, but patients can’t keep anyone from seeing their electronic medical records.

What’s interesting is how severe the penalties could be for snooping: “Each faces up to a year in prison and-or a fine of up to $50,000. Sentencing has not been set.”

But the most dangerous data snoops are not hospital employees, but the corporations and industries whose business is the systemic theft, data mining, and sale of Americans’ health records. None of the corporate mega-snoops have been hauled before a judge.

The problem is bad technology. Every US hospital allows thousands of employees access to hundreds of thousands or millions of electronic patient records without informed consent.

Because HIT systems are so poorly designed, VERY FEW snoops are ever caught.

HIT should be designed to keep almost all hospital staff OUT of your records. Only those with your informed consent should be able to get in.

Would you keep your money in a bank if every employee could open your bank account and do as he/she pleased, including copying, using, stealing, or selling your account information or assets?

Fines of $50K and prison sentences will discourage some snoops, if any of them are actually fined or sentenced to jail, but existing privacy-enhancing DRM systems or existing consent management systems applied to HIT could totally BLOCK all snoops from seeing records by ensuring that only those caring for you can see your records. Fines and jail won’t be needed if snoops can’t get into electronic records.

DRM—digital rights management could be used to protect health records, as it does to keep other data private and protected. Why isn’t DRM being used in healthcare? Because the vendors of legacy systems refuse to update their ancient technology. They are not interested in Americans’ longstanding health privacy rights or protecting our data. Vendors and data miners do not want to stop selling OUR electronic health records. Why would they give up billions in revenue unless forced?

The stimulus billions should be spent on NEW, privacy-enhancing health IT—-not wasted purchasing existing dinosaur technologies. But the new HIT Policy and Standards Committees are dominated by industry appointees protecting turf and revenue, and dedicated to opposing to patients’ rights and control of PHI.

The public and Congress must weigh in to prevent the HIT and data mining industries from certifying privacy-destructive systems as the national standard.

I would guess that some people will strongly disagree or even be offended by Dr. Peel’s statements. And if any representative of any of the groups she described would like to respond, I’d be happy to post their response or any debate on these important issues. I’ve repeatedly advocated for much more respect for, and inclusion of informed consent standards when it comes to sharing PHI. HIPAA’s current provisions, some of which are left intact by HITECH Act, allow sharing that I do not think should be allowed without the express consent of patients. But more on that another time.

Category: Uncategorized

Post navigation

← Three plead guilty to accessing slain anchor's medical records
Musings on privacy issues in health research involving disaggregate geographic data about individuals →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them
  • Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware
  • Developments surrounding data breach at Dutch police
  • Estonia launches international search for Moroccan citizen wanted over data theft
  • Now it’s Tiffany: Another LVMH luxury brand hit by hackers
  • Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.