The KHIT Blog: "Your use of the Services constitutes your agreement to the Privacy Policy"

Monday, March 16, 2015

"Your use of the Services constitutes your agreement to the Privacy Policy"

A new app service is touted as "The OpenTable for Healthcare."

"It's Free!"
OK, but, wait, there's more...

One of my Facebook pals posted this stuff to my wall. It links to a PBS story.

App’s terms of service give away your SSN, medical history

Do you know what you’re agreeing to when you click “I agree” on a website’s terms of service form?

In all likelihood, the answer is no. To read just the privacy statement from every different website they visit in a year, Americans would have to dedicate more than 30 eight-hour work days to the mind-numbing task, according to one study. And the privacy policy is only one part of a website’s terms of service.

Yet by signing terms of service, users may cede control of their intellectual property, agree to be used as research subjects and allow companies to collect and distribute their personal information, including, perhaps, medical information.

NewsHour Weekend Anchor and Senior Correspondent Hari Sreenivasan was troubled recently when he received an email from ZocDoc, a popular medical care scheduling service, describing the company’s updated terms of use...

My reaction on Facebook.

Recall the privacy concerns aired in my prior post "Wearables update: The iWatch"?

Also, tangentially, a concern I tweeted while covering the Health 2.0 WinterTech Conference back in January:

ZocDoc: "It's Free!" OK, then, what's the business model? "VC Built to Flip? Trafficking in patients' data? Like Facebook and Twitter and all of these other "free" apps do with consumers' personal data?

Do you really want perhaps granting Amazon's Jeff Bezos (ZocDoc investor) access to your medical data?

Just asking.

UPDATE

OK, going back to the app I cited while covering WinterTech 2015.

From the "Notice of Privacy Practices" on their websites:

How is Patient Privacy Protected?
As the healthcare providers providing online medical services through Doctor on Demand (the “Healthcare Providers”, “us”, “we”, “our”), we understand that information about you and your health is personal. Because of this, we strive to maintain the confidentiality of your health information. We continuously seek to safeguard that information through administrative, physical and technical means, and otherwise abide by applicable federal and state guidelines.

How do we use and disclose health information?
We use and disclose your health information for the normal business activities that the law sees as falling in the categories of treatment, payment and health care operations. Below we provide examples of those activities, although not every use or disclosure falling within each category is listed:

Treatment – We keep a record of the health information you provide us. This record may include your test results, diagnoses, medications, your response to medications or other therapies, and information we learn about your medical condition through the online services. We may disclose this information so that other doctors, nurses, and entities such as laboratories can meet your healthcare needs.

Payment – We document the services and supplies you receive when we are providing care to you so that you, your insurance company or another third party can pay us. We may tell your health plan about upcoming treatment or services that require prior approval by your health plan.

Health Care Operations – Health information is used to improve the services we provide, to train staff and students, for business management, quality improvement, and for customer service. For example, we may use your health information to review our treatment and services and to evaluate the performance of our staff in caring for you.

We may also use your health information to:

Comply with federal, state or local laws that require disclosure.

Assist in public health activities such as tracking diseases or medical devices.

Inform authorities to protect victims of abuse or neglect.

Comply with Federal and state health oversight activities such as fraud investigations.

Respond to law enforcement officials or to judicial orders, subpoenas or other process.

Inform coroners, medical examiners and funeral directors of information necessary for them to fulfill their duties.

Facilitate organ and tissue donation or procurement.

Conduct research following internal review protocols to ensure the balancing of privacy and research needs.

Avert a serious threat to health or safety.

Assist in specialized government functions such as national security, intelligence and protective services.

Inform military and veteran authorities if you are an armed forces member (active or reserve).

Inform a correctional institution if you are an inmate.

Inform workers’ compensation carriers or your employer if you are injured at work.

Recommend treatment alternatives.

Tell you about health-related products and services.

Communicate within our organization for treatment, payment, or health care operations.

Communicate with other providers, health plans, or their related entities for their treatment or payment activities, or health care operations activities relating to quality assessment or licensing.

Provide information to other third parties with whom we do business, such as a record storage provider. However, you should know that in these situations, we require third parties to provide us with assurances that they will safeguard your information.

"Treatment," Payment," "Health care Operations" is simply HIPAA Covered Entity language. The final bullet point begs some questions.

"Provide information to other third parties with whom we do business, such as a record storage provider. However, you should know that in these situations, we require third parties to provide us with assurances that they will safeguard your information."

What comprises "assurances that they will safeguard your information"?

Simple verbal or written "assurances"? Or legally-defensible documentation showing that their 3rd parties are in full compliance with HIPAA as it now pertains to BA's? That's what I'd want to see.

Minimally.

I hope the OCR and OIG will be doing their jobs with respect to these rapidly proliferating health apps developer BA's that will be trafficking in ePHI. I intend to raise the issue.

See my 2012 post "45.CFR.164.3, 45.CFR.164.5, and 42.CFR.2." Again, HIPAA compliance is not for policy dilettantes. And, the requisite HIPAA Privacy and Security Officers are not simply hanging around Home Depot parking lots looking for day work.
___

More to come...

No comments:

Brave New Health

Commonwell Health Alliance

Another important read (pdf)

I love this kind of stuff. It sustains and humbles me. "As politicians, advertisers, salesmen, and propagandists for various political, economic, moral, religious, psychic, environmental, dietary, and artistic doctrinaire positions know only too well, fallible human minds are easily tricked, by clever verbiage... Common language—or at least, the English language—has an almost universal tendency to disguise epistemological statements by putting them into a grammatical form which suggests to the unwary an ontological statement. A major source of error in current probability theory arises from an unthinking failure to perceive this."

Quotes

"An economist is a person who sees something that works in practice and tries to figure out whether it will work in theory."

- J.D. Kleinke, medical economist
___

"The only person who enjoys change is a baby with a wet diaper."

"Every misspent dollar in our health care system is part of somebody's paycheck.

- Brent James, M.D., M.Stat

“We could do healthcare, at markedly higher quality, for everyone in this country, without rationing or denying anybody the care that they need, without having the government dictate how doctors practice or whether hospitals could expand, at half the cost we do it now.”

- Health Care Futurist Joe Flower

Most of the sciences, unlike parts of medical science, are not concerned with the impossible. There is not complementary and alternative physics, or chemistry, or biochemistry, or engineering. These disciplines compare their ideas against reality, and, if the ideas are found wanting, abandoned."

- Mark A. Crislip, MD

"Q: How much alcohol is too much?
A: More than your doctor drinks."

- a physician I once heard speak during a CME presentation

“Just because science doesn’t know everything, doesn’t mean you get to fill in the gaps with whatever fairy tale most appeals to you.”

- Dara O’Briain

'[I]t is one small step from using the computer for "helping" doctors to monitoring them, judging them, dictating to them what to do, and withdrawing payment for computer non-compliance. The use of computer data is a multi-edged sword. It can be used for the "good," facilitating diagnosis and treatment and making it more accurate and up-to-date, and for “evil,” invading privacy, inviting security breechs, and making decisions based on the opinions of remote authorities rather than those present at the patient-doctor encounter.'

- Richard Reece, MD

“[T]here ARE statistics which are non-political. Just because The Washington Post/Fox News reports the temperature is 75 degrees doesn’t mean it’s really snowing and sunscreen is a liberal/conservative plot. Even if you earn a living being ideological.”

- Michael L. Millenson

"It is a generally a fairly convincing argument that people shouldn’t have to be subsidized to undertake a change which is in their best interest.

The reconciliation seems to be that EHR is not supposed to make a doctor’s practice more efficient and higher quality. It is supposed to make the system of care more efficient and higher quality, which is not the same thing. Those of you who took calc recall that maximizing the total of variables is not achieved by maximizing any one variable and this is a perfect example of that.

Those of you have served in combat certainly noticed that too — if everyone works as a team the unit takes fewer casualties. If you try to save your own hide, you might, but at the expense of more casualties overall."

- Al Lewis

"There are two ideas to keep in mind about Bayesian reasoning and how we tend to mess it up. The first is that base rates matter, even in the presence of evidence about the case at hand. This is often not intuitively obvious. The second is that intuitive impressions of the diagnosticity of evidence are often exaggerated."

- Daniel Kahneman, "Thinking, Fast and Slow"

"Physicians apply advanced scientific knowledge, but they must do so without the favorable conditions that experimental scientists create for themselves. Multitasking is forced on physicians, often in chaotic environments and under severe time and resource constraints."

- Lawrence and Lincoln Weed, "Medicine in Denial"

"It’s time to stop the whining about Obama care and acknowledge we already have universal health care. We just pay for it in the stupidest way possible that ensures problems are that much more disastrous and complicated when they’re finally treated."

- Mark Hoofnagle, MD, PhD

"Every act of conscious learning requires the willingness to suffer an injury to one's self-esteem. That is why young children, before they are aware of their own self-importance, learn so easily."

- Thomas Szasz, MD
___

"Of course, one reason that process metrics* are so popular is that processes are much easier to define and measure than outcomes."

- The Skeptical Scalpel
___

"There is an “illusion of validity” for any random data point, a seductive sense that is colored by what we hope will be true. Mountains of pharmaceutical claims are often made from mere molehills of data."

- Danielle Ofri, MD
___

"Joy empowers people. It is a source of energy that enables people to hope and plan and change their lives for the better. Spend some time around someone who is relentlessly negative and how do you feel–drained, right? More and more research shows that joy is not something that just happens to you, like a bolt of lightening out of the blue. Joy is, instead, a habit to cultivate. Negative thinking and despair are the crabgrass of our souls–weeds that take root and spread, sometimes to all areas of life. Joy, in contrast, is a soul’s rose–hardy when cared for, able to put down roots over time and withstand disease and extremes. Like a rose, however, your joy can become blighted from neglect or harsh conditions. We all need to tend to our joy–to prune away the badness, and to know that, even though it may look like a prickly bare root, if you invest time in a joyous outlook, gorgeous things will bloom, even in the harshest conditions."

- Dr. Jan Gurley
___

"'Solutions' exist only in mathematics."

- Karen Martin
___

"The issue of how to regulate clinical software is, in the long run, indistinguishable from the issue of how to regulate medicine. The only difference is that medicine is practiced in the open, without secrecy, subject to peer review, and under a merit-based state license."

- Adrian Gropper, MD
___

"Economist, rope, tree: some assembly required."

- Source unknown

DISCLAIMER:

I write this blog wholly on my own time and my own dime. The views proffered are expressly my own as a concerned and active citizen/taxpayer (in addition to being the result of my substantive experience in the various IT fields), and in no way reflect any policy views of my former employer, notwithstanding that some of the thinking has indeed obviously been spurred by the implications of the work with which I have been doing for them.

FAIR USE POLICY
I cite a ton of news and web sources spanning the breadth of relevant technical and policy domains, sometimes at substantial length. I believe I remain well within the bounds of "Fair Use," as [1] I am not doing any of this for profit, [2] I always provide attribution and links -- which, [3] far from negatively impacting any copyright holders' commercial interests, might actually increase traffic to and interest in their offerings.

Nonetheless, should I post anything of yours regarding which you have any objection, just let me know and I will remove it forthwith.

The KHIT Blog

Search the KHIT Blog

Monday, March 16, 2015

"Your use of the Services constitutes your agreement to the Privacy Policy"

No comments:

Post a Comment