By Seth Richardson
The close we creep to socialism, the more information the government needs in order to keep us under its thumb. Denying the government and everybody else access to this information impedes tyranny and fosters liberty. It’s time to take your privacy back, because it’s in more jeopardy now than it’s ever been.
Witness Obama’s dangerous steps towards computerization of private medical records. In his speech to the nation on January 8, 2009, he said, “To improve the quality of our health care while lowering its cost, we will make the immediate investments necessary to ensure that within five years, all of America’s medical records are computerized. This will cut waste, eliminate red tape, and reduce the need to repeat expensive medical tests. But it just won’t save billions of dollars and thousands of jobs – it will save lives by reducing the deadly but preventable medical errors that pervade our health care system.”
A laudable objective perhaps, but it’s a proposal so rife with potential for fraud, mismanagement and genuine harm that it simply must be resisted.
Have you ever been braced for name, address, phone number, date of birth, or social security number by some nosy shop clerk? Who hasn’t? What’s your reflexive reaction to such demands? Do you just obey and provide the information requested, or do you consider the ramifications of doing so versus the benefits you seek to obtain and then make a reasoned choice? Usually, we just capitulate because we’ve been trained to be open and honest, and we rarely ever see the harm in giving out such information.
But, have you ever wondered why you get so much junk mail? It’s because you answer intrusive questions for personal information from shop clerks and on-line businesses. Your personal information has enormous economic value, and even small businesses sell their customer data to “data aggregators,” who take in and collate this information and resell it to other commercial interests, and more frighteningly, to the government.
And junk mail is hardly the only, or most serious danger out there. Identity theft, assault and burglary can all be related to the imprudent release of private information. Does the guy at the car wash who cleans your expensive car have access to your home address either through the company computer or your registration? If so, it’s simple for him to pass along that information, along with the VIN number of your car, which he noted down as he cleaned the dash, which allows a car thief to identify the key necessary to steal your car.
We need to take a page from the Russian playbook here. Do you know what you get when you start asking a Russian for personal data? Stone-faced silence and sometimes outright hostility. Occasionally you might get some information, but it’s almost certain to be false. Russians have a long history of dealing with intrusive, oppressive bureaucracy and nosy government agents, and they’ve learned a lesson we here in the U.S. have forgotten; they’ve learned to keep their mouths shut when the government comes asking for information. It’s a right we’ve abdicated in the interests of commercial convenience.
It’s time for us to seize our privacy again, and start giving inquisitive store clerks and customer service personnel the gimlet eye and our stony silence, and to make no apology for either refusing their requests or chastising them for asking in the first place.
Start with small steps. When you take your car in to the quick-lube for an oil change, pay cash and decline to give them any information at all, even your name. When you call the credit card, cable or satellite company to resolve some issue, and they ask you to confirm your phone number, politely refuse, and be firm, because they will try to pry it out of you. If they get uppity, tell them that if they persist, you’ll cancel your account and find another provider. This usually shuts them up. But whatever you do, don’t give them the correct information. There’s nothing in the law that says you are not allowed to lie to a nosy store clerk. Do so, and be proud that you’ve defeated an attempt to invade your privacy.
And when it comes to your doctor, you should have a sit-down conversation with your medical provider and amend whatever contract you have with them and make it clear, in writing, that they do NOT have your permission to release your medical records to anyone without prior written approval from you. Include your insurance carrier in this declaration as well. Send them a letter, by certified mail, return receipt requested, stating clearly that your medical records are private, and are not to be shared with anyone, under any circumstances, particularly the government, without your permission. Might not work, but it can’t hurt.
And the first and most important thing you can do to begin securing your privacy is to never, ever, under any circumstances, give any merchant your physical home address. Using a post office box provides significant security at the cost of some minor inconvenience and cost. You don’t have to worry about your mail being stolen, people won’t know where you actually live by looking at your address, and you can let mail accumulate without worry if you go on vacation.
And if anyone ever asks you for your social security number, ask them if they have legal authority to compel you to give it to them. If they claim they do, then demand that they cite the federal statute that authorizes them to do so. If they don’t, or can’t cite the law, then carefully evaluate whether you really need to do business with that firm.
Sometimes it’s unavoidable, like when you ask for a loan from a bank or credit union, but in almost every other case, the only reason they want your SSN is so that they can run a credit check, and people run credit checks these days for the most preposterous reasons. If you run into this, and you can get along without the service, then tell them why you’re walking out and do so. Your SSN is the single most dangerous piece of information you have when it comes to your economic security. Guard it like you guard the passbook to your savings account or your cash.
When it comes to intrusive personal questions, just say no.
For more information on how to protect your privacy, go to http://www.howtobeinvisible.com
© 2009 Altnews
~
You would always have an over-ride available to first responders, emergency rooms, etc. If you had some form of identification; name, drivers license number, etc you could get to the data with the appropriate data access privileges. It’s a normal part of any data system.
Skip:
I think that’s a sterling idea. The only issue would be how to get the number if the person is unconscious.
Seth,
Might be easier to base the records on a patient number known only to the individual. No personal data in the records.
I think perhaps the problem is not so much digitization of the data, its who is the custodian of the records and who has access.
Regardless of the provider’s access to the records, we, as patients need to become the custodian of your medical records, in addition to your doctor.
Each patient should keep his or her complete medical history, in encrypted format, on a microSD card or equivalent, and should bring this data to the doctor’s office at each visit to be updated with the current information.
The medical record can then be loaded into a facility’s computer system should the individual require emergency treatment or treatment away from his home physician’s office.
The key is privacy, and the danger is unauthorized access.
One suggestion is a dual-key encryption system that only allows an individual’s medical records on-line to be opened with the permission of the patient, or, in emergencies, with a doctor’s request and an administrative override.
For routine visits, the patient would have to “unlock” the encryption either on-line or by telephone when making the appointment or some time before the visit. On-line permission is trivial, but for those without computers or computer savvy, after making the appointment the patient would call a separate computer-controlled number, enter their patient ID number or, better yet, access their record using voice recognition technology. The computer would then request a PIN or passcode to unlock the medical record until the visit and for some time afterwards, so the physician can complete the notes and lab work.
Once the default time span has expired, or the physician has closed the file, it’s relocked and cannot be accessed without a new permission.
For emergencies, a physician in an ER could request access to the record, and the physician (or his designee) at the primary care physician’s office, along with an administrator, can open the record. All such requests would require positive identification of the individuals who opened or accessed the record, with a copy of that list being sent to the patient each and every time his or her record is accessed.
Government should be forbidden to access any patient record without the concurrence of the primary care physician and an administrator, and even then, the records would be stripped of all personally identifying information before being transmitted to the government, except under a warrant issued by a judge.
I understand you concern with proper medical treatment, but privacy and security of medical records must be the primary consideration, and only if those challenges can be met, should medical records be placed on-line.
Each wise man/woman in this discussion has made good observations about various parts of the medical record elephant. For many people, the bottom line is whether it significantly helps with their medical treatment. I’ve seen many cases where indecipherable or incomplete or improperly conveyed information has seriously compromised medical treatment. There may also be benefits
for treatment in the use of online personal medical information.
See the article “The Informed Patient”, by Laura Landro, in today’s online Wall Street Journal.
Skip, thanks for the link.
“…since the 2001 terror attacks, a slim majority of the American public has favored protecting security over preserving civil liberties”: Along with a significant majority of Bush administration officials, of course. I will be interested to see just how much of that ithe Obama team will reverse.
Link concerning government purchase of data.
http://www.washingtonpost.com/wp-dyn/content/article/2006/06/14/AR2006061402063_pf.html
Guffman wrote, “‘The government’ is buying info from data aggregators? I didn’t know that. Links, stats, sources?”
Lacking any response, I assume there’s no support for that allegation.
Skip, someday on this blog we are going to have a nice long conversation about the meaning of the word “socialism.” (It’s off topic in this thread.) I hope you’ll be there for it.
Good discussion. Here’s a different view.
As much as I hate to admit it, I have finally come to the view that we have to do something about our health care system. The cost increases are out of control and we cannot create the mechanisms (competition) to control them. National emotions will no longer tolerate some uninsured (even if they are voluntary).
So I now think we have to go “all in” on health care, as painful as it will probably be. This means -
Some level of health insurance for everyone
No pre-existing conditions
Hopefully the ability to purchase additional coverage
To do this we must control and reduce costs, and computerized records are an important part of that effort. Only computerized data will provide the comprehensive view of medical activities that is needed to make reliable decisions about treatment.
For example, it is said, and probably true, that doctors direct unneeded tests to protect themselves from lawsuits. But when they get in court with only an AMA study they are vulnerable. They need the backing of extensive data and, perish the thought, perhaps the backing of government approved procedures (take a swing at that).
We already have two examples of computerized records; the census and the IRS records. Both are used extensively for studies without damage to individuals, to my knowledge.
Many useful studies are done on de-personalized records. These represent no threat to individuals. However, history is an important part of learning from data and this requires tracking individuals.
An example is poverty rates. From the census we get data showing a certain percentage of the nation lives in poverty. This is a big deal to the socialists. But from the IRS records we learn (by tracking individuals) that only a small percentage remain in poverty for an extended time and a significant percentage move from poverty to the highest levels of income in a surprisingly short time. Also the top earners drop back down in many cases. This is a much more important view of poverty than we get from the census. But it doesn’t support the socialist agenda so the MSM will seldom mention it.
Similar learning will surely be buried in comprehensive medical data. There will always be the potential for misuse, but we have to control that. As we have with the census and IRS data.
I don’t arrive at this position easily, but I have given up on the free market winning this battle. We have to do something, so lets start the fight and try to get something workable.
Bob: You’re right, I pay my own way medically so I don’t face the insurance nightmare, and I refuse all open authorizations to share information. I’m very specific about the circumstances of release. It’s always in your best interests to read the disclosure terms of your medical provider and insurance company and to renegotiate the terms.
Most people simply sign what’s placed before them without even reading it, much less realizing that you can modify the terms of the contract if you want to. Yes, in some cases, the provider will not agree, but when it comes to medical records, you have a good deal of control over your records IF YOU EXERCISE IT.
Standard waivers are called standard for a reason, and they always, without exception, favor the medical provider or insurance company. But these terms are not written in stone, and they are often negotiable to some degree. Like any contract, you should know what you’re signing, and if you don’t like the terms, discuss it with the other party and come to a meeting of the minds before signing.
It’s true that insurance companies hold most of the cards, and can be quite arrogant and dismissive of your rights, but you do have rights, and you are allowed to assert them, and should.
The issue of medical records security is not so much one of concern that some footpad will break into a medical records facility and rifle through records, because unless you’re a celebrity trying to hide a stint in rehab or you’ve got spies after you, what’s the point? It’s not like your credit card info, it’s more insidious.
The issue is data aggregation and sharing. You’re spot-on when you mention insurance companies, and they are the second gravest risk to your privacy below the government. Or, maybe the first. It depends on whether or not socialized health care is imposed.
The problem is that medical data aggregators can be far more harmful than commercial data aggregators both to your privacy, and to your health. Insurance companies share data frequently. Ostensibly it’s to prevent fraud, but it’s also used for cherry-picking clients and discriminating against those who are thought to be poor risks, either medically or, for example, when it comes to auto or homeowner’s insurance.
It used to be that insurance was about pooled risk, but more and more it’s about risk reduction.
More alarming than one’s ability to get insurance is the potential for job discrimination based on one’s health. Employers are trying to cut costs everywhere, and they would very much like to be able to screen out applicants and employees who are likely to use a disproportionate share of company-provided medical benefits.
The more information that goes into the system, the more likely it is to be misused. Thus, the goal is to determine what the MINIMUM amount of information the insurance company actually legally requires in order to process your claim is, and to restrict your doctor from providing any additional information that the insurer might be salivating to have, but has no actual contractual right or need to know. It’s all part of being informed about the process and taking control of your health care information, not simply submitting to whatever the provider or insurance company chooses to foist upon you.
You make a valid point about the usual reasons for data loss, and there are substantial benefits to computerized records, but there are also risks, including public policy risks, that need consideration. Consumers need to weigh the risks and benefits and make an informed choice, not be pushed into something by the government.
As I said, whoever has access to my medical records, the very last entity I want to know anything about me is the government, because government is demonstrably uninterested in my well-being. It’s only interested it it’s own well-being, particularly under Obama, so I’m more than a little skeptical when it purports to need more information about citizens.
The only thing Obama legitimately needs to know about me is the status of my tax return. Nothing else.
Seth said: “They write stuff in the chart, and it resides only in that file, secured in their records room.”
Seth, you are a rara avis, indeed. First of all, in order for the “stuff” to reside solely on paper and solely in that room, you must not have any insurance coverage. In order to file an insurance claim, the info has to be digitized, stored and transmitted by computer. Your suggestion that you have somehow found a way to keep your information secret from the insurance companies (or Medicare) and still get them to pay your claims is ludicrous. Second, the vast majority of medical practices I’ve visited, and I’ve visited dozens, keep the paper records in an area that is, during office hours, close to and easily accessed by, both authorized and unauthorized people. Outside office hours, most medical offices have minimal security, and maintenance personnel, many of unverified background, have easy access to the document area. Third, unless you refused to agree to the standard request to allow your doctor to share your data for purposes of payment and medical treatment, for all but the most minor ailment your info is going to make the rounds. Fourth, if you did refuse, and/or if the info is kept on paper, you run an enormous medical risk of having missing info compromise your treatment as you go from specialist to specialist, or are in a medical facility through more than one shift. And finally, although there have been well publicized incidents of hacking, any professional IT security professional will tell you that “the 3d shift janitor” is by far the biggest risk – i.e. mistakes, not villainy, account for the overwhelming bulk of data loss. Our best way forward lies not with hiding in corners with other Luddites, but with demanding really good technology. That will give us the best security and the best medical results.
Bob, I understand the drive to computerize, but it’s worthwhile remembering that you, the consumer, have a right to negotiate the contract terms under which you will do business with someone.
Just today I went to a medical appointment and I made sure to discuss medical privacy with my provider. They do things the old-fashioned way. They write stuff in the chart, and it resides only in that file, secured in their records room.
I’d rather keep government’s prying eyes off of my medical records than enjoy the dubious and slight chance that having them computerized will prevent a medical mistake. Frankly, it’s up to my doctors to avoid such mistakes, and if they make one, I’ll sue them.
I would not object to the use of computers merely for data entry and storage if it were not for the enormous security implications. We’ve seen event after event of hacked computer files, and even banks seem helpless to prevent it.
The main benefit of computerized records accrues to the insurance company or paying entity, because it allows them easy access to your records so that they can look for ways not to pay your claim. I prefer to make this difficult for them do to.
The benefit of a paper system in preventing wholesale breaches of security are obvious. We rarely if ever heard of such breaches before computer systems, and even when it happened, it was one individual, or perhaps a small group if some officer manager mishandled a box full of files.
I don’t have a problem with individuals making informed choices and contractual obligations with their medical care providers, but there is absolutely no reason whatsoever for the federal government to be involved in any way, particularly when it comes to accessing the data. That simply cannot be allowed.
Most medical diagnostic test data is now digital and stored on computers. Medicare already has all the info computerized. Same with the health insurance companies and HMOs. As far as I know, only older doctors are resisting digital diagnosis entry. I’m pretty sure we are going to expand the computer approach, not roll it back. I know of numerous adverse medical events caused by lack of standardization of medical information forms, mishandling of hard copy personal medical information and lack of moving it quickly from one provider to another, even within the same medical facility. So it seems to me that our energies are best spent making the systems as reliable and safe and private as possible, rather than whining into the wind.
“You should read it carefully.” Done. It’s chock full of loopholes. EVERYONE should read it carefully.
Thanks for the heads-up, Seth.
Guffman, Thanks for the comment. Here’s the salient statement from the Gazette’s privacy policy, a link to which is found at the bottom of each page, or here:
http://www.freedom.com/privacy.html
“We will not sell, share, or rent personal information to third parties, and we will not otherwise disclose personal information to third parties, without your permission, except as disclosed in this Privacy Policy.”
You should read it carefully.
However, as Jack will tell you, you should NEVER use a private email address on the web. Always establish an email address for web use that you can throw away at need, because no matter how strict the privacy policy, web crawlers and other automated systems can extract your email address without the Gazette’s knowledge or cooperation.
I’ve found that using a single word before the “@” sign inevitably leads to spam, but that if you use “word.word@wherever.com” form, the web crawlers seem to have much more difficulty in extracting that address. Also, using unusual words or numbers and letters helps foil systems that extract the domain name and then spam to a huge list of common first names.
Computerized medical records are an invitation to hacking & fraud. If the system cannot be made bulletproof in terms of security, it’s an invitation to catastrophic failure. If it can, the advantages are attractive.
My family was a victim of identity theft a few years ago. We didn’t know we’d been hit until the police (read: “government agents”) called us after they arrested the perp. Scary.
The information Seth provides is a valuable aide to evading businesses, data aggregators, car-wash guys, identity thieves, credit-card outfits, cable TV providers and other laissez-faire capitalist/criminal greedheads. Well done. (It does however make me wonder how safe my e-mail address is on the Gazette’s comments threads? Does the paper “aggregate” subscriber/poster info to data corporations?)
“The government” is buying info from data aggregators? I didn’t know that. Links, stats, sources?
This is an important issue and one that deserves, eventually, to be depoliticized.
Disclosure: Jack Luna is the author of “How to be invisible” and other books about privacy and off-the-radar living. I sent him a copy of the article as a courtesy, and I’m please to have his response here.
I’m sure that he would be willing to offer some further insights in response to reader’s inquiries.
Jack?
Seth Richardson is right on the mark. Other than on my tax return and when opening a bank account, I never give my SSN to anyone. It is simply NOT required!
On a related note, I never use my Driver’s licence for ID. Passport only, which does not list your address.