Posts Tagged ‘Security’

While there has been plenty of press on privacy and security as it relates to PHR vendors, especially now that Google and Microsoft have jumped into the arena, it is absolutely critical that the press, various “privacy pundits” and the consumer realize that this issue is not just limited to PHR vendors.

Sure, it’s easy to pick on these companies, but honestly, it does not paint an accurate picture as to what the true risks are in the market today as we increasingly move to an environment where our medical records, and for that matter any information about us, will be in digital form. Yes, there are risks, but there are benefits as well, benefits which the majority of Americans are willing to accept in the pursuit of better care.

Now back to those PHR vendors. As I have stated before, the industry as a whole has not done a very good job of policing itself and insuring that the average consumer easily understands the privacy and security afforded to them in a given PHR.

But moving beyond PHR vendors, there are a number of others who also have information on your medical history. Earlier this week, one of the nation’s largest health plans, WellPoint, announced that it had a breach in security that exposed information on roughly 128,000 members. What is particularly disturbing in this case was that these records were exposed on the Internet for over a year and that this was far from an isolated incident at WellPoint.

And WellPoint is not alone. There was the stolen laptop in January that contained records of some 300,000 members of Horizon Blue Cross Blue Shield of New Jersey and the stolen laptop in late February of an NIH researcher with some 3,000 records. And there are many more such incidents you will find by simply doing a Google search.

And who said hospitals were safe? A report just released from the healthcare IT group, HIMSS (Health Information Management Systems Society) found in their survey of 263 HIT professionals that more work needs to be done to better protect and secure patients’ medical records.

This is, dare I say it, a universal issue that will affect any organization regardless of size and where they are in the broad supply chain of medical records, be they payers, providers, researchers, consumers and of course PHR vendors. There are no easy answers here and we may need to simply accept the fact that with the digitization of some of our most important and sensitive information, our medical records and history, that there will be risks which we will all share. Hopefully, the benefits that we will accrue through the adoption ad use of such digital records will outweigh those risks.

Read Full Post »

There is a tremendous amount of press with associated pundits pontificating on the issue of security and privacy of electronic medical records (EMR) and personal health records (PHRs). Cries of I’ll never put my information on Google Health or Microsoft’s HealthVault are commonly heard and widely reported.

But it is always easier to point the finger at others, than at one’s self.

This week’s InformationWeek has an absolute must read feature story on the risk of peer-to-peer (P2P networks). While P2P technology is a very viable and useful technology for businesses to use, such as in a research setting sharing for example complex bioinformatics data, P2P has its share of risks as well. Unlike actual theft of data via hacking into data centers, in the P2P world data on one’s laptop is often inadvertently shared via consumer-based P2P applications such as LimeWire.


Source: InformationWeek, March 17, 2008

For example, an employee or a consultant or even you may have sensitive data on your laptop, such as health records. All the recommended security precautions have been taken, but you also have BearShare, LimeWire, Gnutella or some other consumer-centric P2P app loaded on that laptop for music and video sharing. Unbeknown to you, however, is that if you have not configured the P2P app properly prior to use, you open the doors to not only share music and video data, but other files as well, including those health records.

It was a similar situation such as this that led to the very public data breach at Pfizer last summer as well as the inadvertent release of a terrorist threat assessment report by Booz-Allen Hamilton for the Chicago Transit Authority. And despite these clear security breaches, InformationWeek demonstrated in this article just how easy it is today to go out and find all sorts of files, (the reporter even found a nice set of health records) if you know what you are doing and where to look.

Now I am a strong believer in a consumer’s right to have control over their health records and if they have those records stored within an online PHR, that security and privacy are held paramount. I have also posted previously that I believe that PHR vendors have not been pro-active enough on ths issue. But what I am increasingly having a problem with are the sensationalist organizations such as the World Privacy Forum and the general press that are looking for quick sound bites without having to do any investigative reporting. As the above issue on P2P security clearly illustrates, maybe the problem with security and privacy of sensitive records such as health records is not “out there” on Google Health, HealthVault, WebMD or some other health record service but right “in here” within our own computers, those of a consultant or even the computer my doctor is using.

Time to take some personal responsibility folks.

And by the way, are you using P2P, or more importantly, do you share your computer with other family members, say a teenager who has downloaded a P2P app on to that computer? Don’t say I didn’t warn you.

Read Full Post »

Data liquidity is not always such a good thing, particularly if you live in New Jersey.

Last week it was reported that a laptop with over 300,000 consumer records contained therein was stolen. Now, Horizon Blue Cross/Blue Shield of New Jersey, the owner of that laptop, is notifying these consumers that their personal information may have been compromised.

Laptops are a hot item and frequently stolen, we all know this and certainly try to safeguard our laptops while traveling. What I fail to understand with this story however, is how any company, be they provider, health plan, employer, etc., would allow an employee to load such sensitive information (and so much of it) onto a laptop and then proceed to take it outside the office.

Sure, many employees are now telecommuting and may come into the office on occasion and pick up some files. Others simply take work home with them to meet a deadline. We all do this. But carrying this amount of sensitive information outside a secure office environment, I just don’t get it, particularly with the tools now available that allow an employee to easily and securely access such files over the Web via a secure connection. If such tools were available at Horizon, and the policies to enforce their use, there would have been no reason for these records to be on a laptop in the first place.

The only conclusion I can come up with is simply a lack of foresight and good security policies at Horizon. Senior Horizon management, and in particular the CIO are on the the hook for this one.

Read Full Post »

While cringing at most news articles I read in the popular press that address PHRs, the LA Times published a thoughtful piece last week that’s worth reading.

I may quibble with some comments such as:

There are “at least 200 PHRs on the market”.  I’ve done a lot of digging and can’t come up with half that amount of viable PHRs.

Or quoting Deborah Peel of Patient Privacy that consumers should not use PHRs sponsored by insurers or employers.   This is simply too broad of a blanket statement and one needs to look closely at portability and privacy of such sponsored PHRs as not all are alike and many are worth participating in.

But by and large, the article does get it right, especially regarding the many flavors of PHRs in the market today.  The challenge for the consumer is trying to wade through the numerous choices to select the PHR most appropriate for their needs.  Unfortunately, the AHIMA, which has a website to educate the consumer on PHRs, does not provide this level of granularity to assist the consumer in their choices.  Hopefully, they recognize this shortfall and will rectify it in 2008.

Read Full Post »

Over on the WSJ Health blog there is a quick posting on how Microsoft joined with some 40 plus organizations including the ACLU, AIDS Action, and Gun Owners of America, to name a few in lobbying Congress, via letter, to update the nation’s privacy laws.

Just as important as who is on the list are those who are not. Microsoft is the only leading software company, there are no insurance companies, no major hospitals, no major employers (e.g., Dossia’s sponsors), no AMA (though there is the American Chiropractors Association, American Association of Psychiatrists and American Psychoanalytic Association). Why these others not signing on to such a petition strikes me as a bit odd.

This is an important issue though that needs national (i.e., Congressional) action.

While attending the AHRQ event last month, I sat in on a session that focused on security and privacy, their current state across the country and potential impact to Regional Health Information Organizations (RHIO) or Health Information Exchanges (HIE). RTI International presented the results of their recent research on privacy and security policies and laws across the US. They found a very convoluted system with little if any consistency nationwide.

RTI’s research included a survey of nearly 4000 respondents in 38 states. They found broad variation of opinions on what actually constitutes privacy and the means by which they insure such for the patient. In some states with little if any privacy laws, HIPAA is the the ceiling. In other states, HIPAA is the floor and these states have passed laws that go well beyond HIPAA to protect a patient’s privacy. To only makes matters worse, what they also found is that in many states, privacy laws are scattered across any number of statutes that have been passed over the years making it extremely difficult for providers to know what they may be liable for, thus further hindering any form of consistent approach to patient privacy.

Yes, it is time for Congress to go back to the drawing boards and develop a clear and consistent set of statutes and policies for the nation to insure patient privacy. Until that is done, all this talk about an NHIN (National Health Information Network) is wasted breath.

Read Full Post »

Had the opportunity last week to get an update from Will Crawford and Ken Mandl of the Children’s Hospital Informatics Program (CHIP), a joint collaboration of Harvard Medical and MIT. The objective was to learn more about the recent agreement between CHIP and Dossia, whereby Dossia will adopt Indivo as the Personal Health Record (PHR) platform, or what CHIP refers to as PCHR for Personally Controlled Health Record system.

Indivo has been one of those academic exercises where some interesting technology (a completely Open Source PHR) has been developed, tested and refined over the years (13 years and counting). The overall purpose has not been to create a product for the market per se, but to develop a platform that can be used to better understand the possible role of a PHR system in healthcare to improve outcomes. Over the years CHIP has addressed a whole host of platform development issues for Indivo from usability to interoperability, privacy, security and finally, consumer and physician adoption. But this has all been very much in an academic setting. Consequently, little real world testing has been done to date on Indivo platform and by real world I mean large-scale deployments and use. Note, they have done limited deployments at both Children’s Hospital, MA-SHARE, a regional RHIO, at MIT where they have a couple of hundred subscribers and in Canada where there are several hundred subscribers as well. They are also currently rolling it out at several other locations.

That is all about to change.

On Sept. 17th, Dossia announced that they had chosen Indivo as the platform for the 5 million plus employees, retirees and dependents, that Dossia’s employers represent. That is a massive leap forward and a huge vote of confidence for the folks at CHIP and their Indivo PHR. But a lot of questions have been raised as to how independent CHIP and Indivo will remain now that they have such a large client and even more importantly, there is a ton of cynicism regarding what the true motivations are of the employers that are sponsoring Dossia.

Will and Ken wanted to set the record straight. Following are a few highlights from our conversation (Note, these are NOT verbatim, but based on my quick notes):

Ques: How independent will Indivo Health remain? Does the agreement with Dossia put any restrictions on Indivo?

Ans: CHIP remains an independent non-profit entity directly responsible for Indivo. The Indivo platform will remain an Open Source platform and adhere to the conditions of the open source community for enhancements, distribution and use. There are no restrictions on CHIP’s ability to establish future partnerships/relationships with others. In fact CHIP maintains complete autonomy and can exit this agreement at any point in time.

One area that Dossia did insist on was for CHIP to establish a stronger governance model for developing and enhancing the Indivo PHR. This governance model will formalize the process by which enhancements are chosen for development, acceptance, QA/QC testing protocols and how such enhancements will be formally supported upon their release. (Ed. This makes good sense for as an academic exercise, this issue was not high on the priority list. Dossia’s insistence on this point will lead to a better product for the broader market.)

Ques: Who will actually operate and maintain the Dossia/Indivo PHR once it is live? When is go live date?

Ans: CHIP will be directly responsible for day-to-day operation of the Dossia PHR. They will be contracting with an outside hosting service to physically host the PHR. Data transmitted to and from the hosting service is completely encrypted, end to end, to insure security and privacy of employee records. They will roll-out Indivo to a small group of early adopters within the Dossia community later this year.

Ques: Will Dossia employers have access to employee data?

Ans: Employers will have absolutely no access whatsoever to employee data that is resident on the Indivo platform. Important to point out that according to Ken and Will, the employers insisted on this as well. (Ed. Enlightened employers are more concerned with helping their employees stay healthy, which provides a much greater contribution to their bottom line, than trying to weed-out those that may have health issues by digging into their records.)

Ques: What is the biggest challenge going forward?

Ans: This is just hard to do. It requires an in-depth examination of existing systems, addressing interoperability, developing mechanisms that autonomously and automatically update records (they’re experimenting with bots), enhancing the user experience and most importantly insuring privacy and security of the platform. A core operating belief at CHIP is to focus on the end user, the consumer/patient. This is reflected in what they prefer to call their PHR, a PCHR for Personally Controlled Health Record system with an emphasis on personal control. CHIP believes that if they can make Indivo work for the consumer, it will have a corresponding and positive impact on other healthcare stakeholders, chief among them, physicians.

Having worked in academia and in industry I have seen my fair share of such partnerships disintegrate due to diametrically opposing views on what the priorities should be. Academics typically want to pursue their research and get published (trust me, you don’t get published and receive the accolades of your peers by commercializing a product), while companies such as those associated with Dossia are interested in the product and not another paper for JAMIA.

But overcoming such differences will be relatively trivial compared to getting all stakeholders (providers, employees and payers) on-board the Dossia initiative adopting and using Indivo to produce better outcomes and health for the consortium’s massive employee base. But Dossia does represent massive buying power in the healthcare market and can use that to their advantage.

CHIP and Dossia are really breaking new ground here as this will be the first large scale deployment in the US of a multi-data sourced PHR serving such a large community nationwide. If they can move beyond some fundamental motivational differences there is a lot of potential here to really move the ball forward on consumer adoption and use of PHRs. But no doubt about it, we still have quite a ways to go and it will be hard work. Closely tracking this initiative will offer some important insights into the future of this evolving technology and the broader theme of consumer directed healthcare. Stay tuned.

Read Full Post »

Have you ever come home from a strenuous work-out famished and can find nothing in the cupboards or the refrigerator to satisfy your cravings? If so, then you have some idea of what I experienced on HealthVault.

Getting into HealthVault was a work-out. It all began with the need to establish a Microsoft Windows Live ID account, which is really just a re-branding of the universally disliked Microsoft Passport. Why Microsoft, do you feel you compelled to continually entrap us with such things as this? Claims of added security are unconvincing as I certainly do not have to go through such a process as this for my on-line bank accounts or Fidelity account, both of which are VERY secure.

Once I got into HealthVault, low and behold the cupboards were bare.

Upon entering, one finds a fairly clear, crisp and consistent layout with tabs across the top to get one started. First, you are prompted with a simple process to establish your account by creating a record. Records for loved ones can also be created at this time or later. Each record has a simple file structure that includes: Health Info, Document Library, Sharing, Programs, History and Profile.

The HealthVault experience begins with one creating a profile for a given record. The profile asks for very basic contact information, nothing more. It does not ask for one iota of health-specific information and therein lies one of the most fundamental problems with HealthVault today.

As a platform, it is but a repository of data. HealthVault relies on your documents that you might upload to your HealthVault account and its partner network to provide all health-specific data through connections to their applications and Web services, which HealthVault refers to as “Programs.” Thus, it is incumbent upon the consumer to create a health-centric ecosystem, including selecting HealthVault partners that are pertinent to their needs. This is a very arduous process and not recommended for the feint-of-heart.

Why so arduous?

First, it is not easy to determine which Programs one may want to add. Secondly, wouldn’t it be nice to know which Programs are actually worth subscribing to? Hey Microsoft, how about a user’s ranking system for these partners with comments ala Cnet? Third, you do not stay in the HealthVault environment when you pick a partner, instead, you hop out of HealthVault to a partner’s website. Once there, it is not at all consistent across the various partners as to how to connect the Program to HealthVault. For some, like the American Health Association’s blood pressure monitoring it was pretty straight-forward. For others, such as Healthy Circles, Peaksware or US Wellness it is a completely different story. When you arrive on their site, there is nothing that points you in the direction of how to incorporate their Program into HealthVault. With the majority of these sites, about the only thing I could easily find was their press release referencing their partnership with HealthVault. Not much help there!

Why Microsoft did not demand that partners create a separate landing page for anyone coming from HealthVault to a partner’s site to insure consistency and quality of the experience is a mystery to me. This is a monumental shortfall of HealthVault today and I cannot imagine any consumer having the patience I did in trying to navigate through this morass.

Another significant shortfall is that there are only 7 partners providing Programs for HealthVault and the majority are very small, niche players who are riding Microsoft’s marketing coattails. Sure, some of them may make it, but as a consumer, I’d be very cautious enlisting most of them until they get some traction in the market. Where are the bigger players Microsoft?

Not is all lost and there are indeed some redeeming features of HealthVault including the Sharing and History features as well as their privacy policies.

The Sharing feature of HealthVault allows one to establish specific guidelines on what health information in their record they are willing to share with outside parties such as another family member, their physician, a fitness coach, etc. Today, sharing is pretty basic and is tiered into three levels of access: View, View & Modify and Custodian. Custodian is very similar to administrator privileges on one’s computer. Within the next few weeks, Microsoft states that they will be updating Sharing capabilities to allow for sharing of data within user defined time-ranges, e.g., you may want to provide access for only 15 days to insure privacy. Microsoft also will be adding a “tagging” feature allowing one to tag very specific data and information for sharing (or keeping private), rather than granting full access to all information in one’s health record.

The History feature will also be useful as it tracks the complete history of not only their interaction with HealthVault, including uploads of data from health monitoring devices or an update of the record from their physician, but also all others who may have access to their HealthVault record. Therefore, one can quickly see whether or not their physician has visited their HealthVault record and even if they made any changes to the record. This is much simpler than trying to dig through one’s record to see what is new. Important to note that only the Custodian of the record has access to History, which is to insure privacy.

Microsoft has also taken great pains to insure the privacy and security of HealthVault and all who use it. Adopting the policies first put forth by the early pioneers at Children’s Hospital of Boston and MIT, the developers of one of the first Web-based personal health platforms (now called IndivoHealth), Microsoft is putting the consumer in control of their health records. Microsoft’s privacy policy clearly states that they will not, for any reason (unless legally-bound), share your information for any purposes. All data that is exchanged between a consumer and HealthVault is encrypted via https. Data is stored in encrypted format in servers that are logically and physically separate from other Microsoft Web service offerings (e.g., Hotmail). At anytime, a consumer can ask to have their HealthVault account, or a given record deleted. Microsoft also claims that all partners will adopt similar privacy policies. Congratulations Microsoft on promoting a privacy policy that puts the consumer firmly in control of their health information.

In conclusion, despite excellent privacy policies and some other nice features (Sharing and History), I find that HealthVault Beta is NOT consumer ready. It is incomplete on a number of levels, confusing at times and is not user friendly. As it is today, HealthVault Beta is best used to attract partners to enlist and not much else.

I am not entirely writing off HealthVault. On the contrary there is potential here but it is going to take time for that potential to develop. An important factor in HealthVault’s long-term success is contingent on the partners (both quality and quantity of partners) that Microsoft can enlist to build critical mass on the HealthVault site. Microsoft also must address the shortfalls I’ve pointed such as the user experience, which today is simply unacceptable.

Microsoft has taken a bold leap here with HealthVault, a leap that redefines the PHR market. But that bold leap also brings a lot of expectations and the Microsoft HealthVault team has quite a ways to go before they meet the expectations of this potential consumer.

Read Full Post »

Older Posts »