DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Deborah Peel: Comments on guilty plea

Posted on July 20, 2009 by Dissent

In response to the guilty plea by three employees of St. Vincent Health System, reported here earlier today, Dr. Deborah Peel of PatientPrivacyRights.org issued the following statement:

Facebook users can keep people from seeing their walls, but patients can’t keep anyone from seeing their electronic medical records.

What’s interesting is how severe the penalties could be for snooping: “Each faces up to a year in prison and-or a fine of up to $50,000. Sentencing has not been set.”

But the most dangerous data snoops are not hospital employees, but the corporations and industries whose business is the systemic theft, data mining, and sale of Americans’ health records. None of the corporate mega-snoops have been hauled before a judge.

The problem is bad technology. Every US hospital allows thousands of employees access to hundreds of thousands or millions of electronic patient records without informed consent.

Because HIT systems are so poorly designed, VERY FEW snoops are ever caught.

HIT should be designed to keep almost all hospital staff OUT of your records. Only those with your informed consent should be able to get in.

Would you keep your money in a bank if every employee could open your bank account and do as he/she pleased, including copying, using, stealing, or selling your account information or assets?

Fines of $50K and prison sentences will discourage some snoops, if any of them are actually fined or sentenced to jail, but existing privacy-enhancing DRM systems or existing consent management systems applied to HIT could totally BLOCK all snoops from seeing records by ensuring that only those caring for you can see your records. Fines and jail won’t be needed if snoops can’t get into electronic records.

DRM—digital rights management could be used to protect health records, as it does to keep other data private and protected. Why isn’t DRM being used in healthcare? Because the vendors of legacy systems refuse to update their ancient technology. They are not interested in Americans’ longstanding health privacy rights or protecting our data. Vendors and data miners do not want to stop selling OUR electronic health records. Why would they give up billions in revenue unless forced?

The stimulus billions should be spent on NEW, privacy-enhancing health IT—-not wasted purchasing existing dinosaur technologies. But the new HIT Policy and Standards Committees are dominated by industry appointees protecting turf and revenue, and dedicated to opposing to patients’ rights and control of PHI.

The public and Congress must weigh in to prevent the HIT and data mining industries from certifying privacy-destructive systems as the national standard.

I would guess that some people will strongly disagree or even be offended by Dr. Peel’s statements. And if any representative of any of the groups she described would like to respond, I’d be happy to post their response or any debate on these important issues. I’ve repeatedly advocated for much more respect for, and inclusion of informed consent standards when it comes to sharing PHI. HIPAA’s current provisions, some of which are left intact by HITECH Act, allow sharing that I do not think should be allowed without the express consent of patients. But more on that another time.

No related posts.

Category: Uncategorized

Post navigation

← Three plead guilty to accessing slain anchor's medical records
Musings on privacy issues in health research involving disaggregate geographic data about individuals →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked
  • Hunters International to provide free decryptors for all victims as they shut down (2)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.