DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Deborah Peel: Comments on guilty plea

Posted on July 20, 2009 by Dissent

In response to the guilty plea by three employees of St. Vincent Health System, reported here earlier today, Dr. Deborah Peel of PatientPrivacyRights.org issued the following statement:

Facebook users can keep people from seeing their walls, but patients can’t keep anyone from seeing their electronic medical records.

What’s interesting is how severe the penalties could be for snooping: “Each faces up to a year in prison and-or a fine of up to $50,000. Sentencing has not been set.”

But the most dangerous data snoops are not hospital employees, but the corporations and industries whose business is the systemic theft, data mining, and sale of Americans’ health records. None of the corporate mega-snoops have been hauled before a judge.

The problem is bad technology. Every US hospital allows thousands of employees access to hundreds of thousands or millions of electronic patient records without informed consent.

Because HIT systems are so poorly designed, VERY FEW snoops are ever caught.

HIT should be designed to keep almost all hospital staff OUT of your records. Only those with your informed consent should be able to get in.

Would you keep your money in a bank if every employee could open your bank account and do as he/she pleased, including copying, using, stealing, or selling your account information or assets?

Fines of $50K and prison sentences will discourage some snoops, if any of them are actually fined or sentenced to jail, but existing privacy-enhancing DRM systems or existing consent management systems applied to HIT could totally BLOCK all snoops from seeing records by ensuring that only those caring for you can see your records. Fines and jail won’t be needed if snoops can’t get into electronic records.

DRM—digital rights management could be used to protect health records, as it does to keep other data private and protected. Why isn’t DRM being used in healthcare? Because the vendors of legacy systems refuse to update their ancient technology. They are not interested in Americans’ longstanding health privacy rights or protecting our data. Vendors and data miners do not want to stop selling OUR electronic health records. Why would they give up billions in revenue unless forced?

The stimulus billions should be spent on NEW, privacy-enhancing health IT—-not wasted purchasing existing dinosaur technologies. But the new HIT Policy and Standards Committees are dominated by industry appointees protecting turf and revenue, and dedicated to opposing to patients’ rights and control of PHI.

The public and Congress must weigh in to prevent the HIT and data mining industries from certifying privacy-destructive systems as the national standard.

I would guess that some people will strongly disagree or even be offended by Dr. Peel’s statements. And if any representative of any of the groups she described would like to respond, I’d be happy to post their response or any debate on these important issues. I’ve repeatedly advocated for much more respect for, and inclusion of informed consent standards when it comes to sharing PHI. HIPAA’s current provisions, some of which are left intact by HITECH Act, allow sharing that I do not think should be allowed without the express consent of patients. But more on that another time.

Related posts:

  • Multiple EHR certifying entities proposed
Category: Uncategorized

Post navigation

← Three plead guilty to accessing slain anchor's medical records
Musings on privacy issues in health research involving disaggregate geographic data about individuals →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Qantas customers involved in mammoth data breach
  • CMS Sending Letters to 103,000 Medicare beneficiaries whose info was involved in a Medicare.gov breach.
  • Esse Health provides update about April cyberattack and notifies 263,601 people
  • Terrible tales of opsec oversights: How cybercrooks get themselves caught
  • International Criminal Court hit with cyber attack during NATO summit
  • Pembroke Regional Hospital reported canceling appointments due to service delays from “an incident”
  • Iran-linked hackers threaten to release emails allegedly stolen from Trump associates
  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.