Convergence Highly Likely for Online Banking and eHealth

The MEDICAL BANKING REPORT, July/August 2007, Vol. 4, No.3

When it comes to the growth of online banking there is one factor that stands above all the others: Public Trust. According to a survey by Ponemon Institute, a think tank that advances responsible information management practices in business and government, 57% of consumers said if there was one privacy breach at their bank, they’d stop all online services. That’s a pretty small margin for error.

The survey (sponsored by Watchfire in April 2005) had 2,328 responses (17.2% response rate) and was conducted with a cross segment of customers from Wachovia, PNC, US Bank, Washington Mutual, National City and Citigroup.

The statistic isn’t entirely surprising. What banking service isn’t inextricably bound to Public Trust? It is much like the air that a banker breathes. Without Public Trust all bets are off that a bank will succeed.

This is one reason why banks today are locked into an Identity Theft Arms Race. No one likes to be compromised.

September 15, 2007 in Privacy | Permalink | Comments (0) | TrackBack

Privacy vs safety a paramount concern

Posted by ED for JC

The referenced TriCities.com article articulates with great clarity where the focus of the privacy debate should be: Privacy vs. Safety. We should expect our health data to be treated with the utmost of privacy and confidentiality...but to the detriment of our own safety? Some privacy wonks say that HIPAA protects no one. Really?

Yes, HIPAA permits covered entities to use our data without authorization for "TPO" - treatment, payment and operations. Thus if one is unconscious and can't sign a consent form, its ok to look at that person's record. If a third party (payor) is responsible for payment, its ok to send a claim without patient consent. This seems safe to me, especially because HIPAA has mechanisms in place (through BAA contract) that requires that any entity receiving the data use it for the specific purpose intended (payment of a claim, for instance). It also requires a minimum necessary standard. Only the minimum amount of data (not the 130 page medical record) can be supplied for payment of a claim, unless required.

Some privacy groups say this standard isn't adequate. They say that anytime anyone accesses our data it must be accompanied with a signed consent form. Even in the area of public health, where breakouts are monitored and patient data must be accessed quickly, some privacy groups contend that if a person doesn't want their data shared, it shouldn't. Should privacy be placed above public safety? Isn't this the key question? Within this context, what does VA Tech teach us?

This is a difficult debate but simple common sense can get us beyond many issues. Its easy to crusade behind an "I'm-for-the-small-guy" mask. I identify with the underdog too. I just want that underdog to be safe. I want to be safe. And by the way, I AM the underdog. Aren't most of us?

I'm ok with hospitals having my data for TPO, but the privacy groups want to force hospitals and others to go through hoops when my life is in danger. They want me to get behind the idea that HIPAA doesn't go far enough. Perhaps there are changes that could be made and as an underdog, I'm open to that possibility. But we must be careful not to create an environment that makes all of us less safe, shouldn't we?

There is a delicate balance between privacy and safety. Perhaps we should err on the side of safety. I'm interested in how some privacy groups justify their position in light of VA Tech. This is an acid test. To use VA Tech for political purposes is immoral, to be sure, but for testing standards it provides a meaningful and absolutely necessary exercise.

---
John Casillas
Chair, Medical Banking Institute
Executive Director, Medical Banking Project
320 Main St., Ste. 230
Franklin, TN 37064
v: 615.794.2009, ext. 3
f: 615.794.1481
https://www.mbproject.org

September 7, 2007 in Privacy | Permalink | Comments (0) | TrackBack