Wednesday, January 25, 2012

New Privacy Framework in Europe

European Commission - Press Release

Commission proposes a comprehensive reform of data protection rules to increase users' control of their data and to cut costs for businesses

Brussels, 25 January 2012 – The European Commission has today proposed a comprehensive reform of the EU's 1995 data protection rules to strengthen online privacy rights and boost Europe's digital economy. Technological progress and globalisation have profoundly changed the way our data is collected, accessed and used.

In addition, the 27 EU Member States have implemented the 1995 rules differently, resulting in divergences in enforcement. A single law will do away with the current fragmentation and costly administrative burdens, leading to savings for businesses of around €2.3 billion a year. The initiative will help reinforce consumer confidence in online services, providing a much needed boost to growth, jobs and innovation in Europe.

"17 years ago less than 1% of Europeans used the internet. Today, vast amounts of personal data are transferred and exchanged, across continents and around the globe in fractions of seconds," said EU Justice Commissioner Viviane Reding, the Commission's Vice-President. "The protection of personal data is a fundamental right for all Europeans, but citizens do not always feel in full control of their personal data.

My proposals will help build trust in online services because people will be better informed about their rights and in more control of their information. The reform will accomplish this while making life easier and less costly for businesses. A strong, clear and uniform legal framework at EU level will help to unleash the potential of the Digital Single Market and foster economic growth, innovation and job creation."

The Commission's proposals update and modernise the principles enshrined in the 1995 Data Protection Directive to guarantee privacy rights in the future. They include a policy Communication setting out the Commission's objectives and two legislative proposals: a Regulation setting out a general EU framework for data protection and a Directive on protecting personal data processed for the purposes of prevention, detection, investigation or prosecution of criminal offences and related judicial activities.

Key changes in the reform include:
·       A single set of rules on data protection, valid across the EU. Unnecessary administrative requirements, such as notification requirements for companies, will be removed. This will save businesses around €2.3 billion a year.
·       Instead of the current obligation of all companies to notify all data protection activities to data protection supervisors – a requirement that has led to unnecessary paperwork and costs businesses €130 million per year, the Regulation provides for increased responsibility and accountability for those processing personal data.
·       For example, companies and organisations must notify the national supervisory authority of serious data breaches as soon as possible (if feasible within 24 hours).
·       Organisations will only have to deal with a single national data protection authority in the EU country where they have their main establishment. Likewise, people can refer to the data protection authority in their country, even when their data is processed by a company based outside the EU. Wherever consent is required for data to be processed, it is clarified that it has to be given explicitly, rather than assumed.
·       People will have easier access to their own data and be able to transfer personal data from one service provider to another more easily (right to data portability). This will improve competition among services.
·       A 'right to be forgotten' will help people better manage data protection risks online: people will be able to delete their data if there are no legitimate grounds for retaining it.
·       EU rules must apply if personal data is handled abroad by companies that are active in the EU market and offer their services to EU citizens.
·       Independent national data protection authorities will be strengthened so they can better enforce the EU rules at home. They will be empowered to fine companies that violate EU data protection rules. This can lead to penalties of up to €1 million or up to 2% of the global annual turnover of a company.
·       A new Directive will apply general data protection principles and rules for police and judicial cooperation in criminal matters. The rules will apply to both domestic and cross-border transfers of data.

The Commission's proposals will now be passed on to the European Parliament and EU Member States (meeting in the Council of Ministers) for discussion. They will take effect two years after they have been adopted.

Personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, your posts on social networking websites, your medical information, or your computer's IP address. The EU Charter of Fundamental Rights says that everyone has the right to personal data protection in all aspects of life: at home, at work, whilst shopping, when receiving medical treatment, at a police station or on the Internet.

In the digital age, the collection and storage of personal information are essential. Data is used by all businesses – from insurance firms and banks to social media sites and search engines. In a globalised world, the transfer of data to third countries has become an important factor in daily life. There are no borders online and cloud computing means data may be sent from Berlin to be processed in Boston and stored in Bangalore.

On 4 November 2010, the Commission set out a strategy to strengthen EU data protection rules (IP/10/1462 and MEMO/10/542). The goals were to protect individuals' data in all policy areas, including law enforcement, while reducing red tape for business and guaranteeing the free circulation of data within the EU. The Commission invited reactions to its ideas and also carried out a separate public consultation to revise the EU's 1995 Data Protection Directive (95/46/EC).

EU data protection rules aim to protect the fundamental rights and freedoms of natural persons, and in particular the right to data protection, as well as the free flow of data.

This general Data Protection Directive has been complemented by other legal instruments, such as the e-Privacy Directive for the communications sector. There are also specific rules for the protection of personal data in police and judicial cooperation in criminal matters (Framework Decision 2008/977/JHA).

The right to the protection of personal data is explicitly recognised by Article 8 of the EU's Charter of Fundamental Rights and by the Lisbon Treaty. The Treaty provides a legal basis for rules on data protection for all activities within the scope of EU law under Article 16 of the Treaty on the Functioning of the European Union.

For more information
Press pack: data protection reform:
Homepage of Vice-President Viviane Reding, EU Justice Commissioner:
European Commission – data protection:
Justice Directorate General Newsroom:

Monday, January 23, 2012

Unique ID Debate at WSJ

Should Every Patient Have a Unique ID Number for All Medical Records?
The WSJ Debate

·       Yes: It means better care, says Michael F. Collins.
·       No: Privacy would suffer, says Deborah C. Peel.
·       Read the complete Big Issues: Health Care report .

As the U.S. invests billions of dollars to convert from paper-based medical records to electronic ones, has the time come to offer everyone a unique health-care identification number?

Proponents say universal patient identifiers, or UPIs, deserve a serious look because they are the most efficient way to connect patients to their medical data. They say UPIs not only facilitate information sharing among doctors and guard against needless medical errors, but may also offer a safety advantage in that health records would never again need to be stored alongside financial data like Social Security numbers. UPIs, they say, would both improve care and lower costs.

Privacy activists aren't buying it. They say that information from medical records already is routinely collected and sold for commercial gain without patient consent and that a health-care ID system would only encourage more of the same. The result, they say, will be more patients losing trust in the system and hiding things from their doctors, resulting in a deterioration in care. They agree that it's crucial to move medical records into the digital age. But they say it can be done without resorting to universal health IDs.

Yes: It Means Better Care
By Michael F. Collins
The U.S. health-care industry has an identity crisis.

Lacking an easy, uniform way to identify patients and link them to their health data, doctors, hospitals, pharmacies, insurance plans and others throughout health care have created a sea of unrelated patient-identity numbers that are bogging down our medical-records system.

'An ID system 'could be the safest and most efficient way to manage health-care data.' -- MICHAEL F. COLLINS

Indeed, in an age when it's possible to pay for a cup of coffee using a cellphone, transferring a single patient's medical data from one health provider to another is often a struggle, sometimes resulting in treatment delays and even needless medical errors.

That is why, as the nation invests billions of dollars to convert from paper-based medical records to an electronic system, the time has come to offer everyone a universal patient identifier, or UPI.

A UPI system, using one number that seamlessly connects a person to all of his or her records, could be the safest and most efficient way to manage health-care data. It would guard against misidentification and make it much easier to pull together a patient's records from disparate providers. Using today's best technologies and practices, UPIs could help dramatically improve the quality of health care, lower costs, accelerate medical discovery and better preserve privacy.

That last point is by far the most contentious. It was privacy advocates who stopped the move toward UPIs more than a decade ago, leading to a ban on the use of federal funds just to study this approach. Enough has changed that UPIs deserve another look.

Cases of Mistaken Identity
In the 2010 federal health-care law, substantial resources are dedicated to promoting technology in medicine. We are investing billions of dollars to convert from paper to electronic health records, and to connect health-information hubs across the nation.

UPIs could make such systems more efficient. Currently, health-care providers and administrators struggle daily to match patients to records organized by disparate systems that rely on names, addresses, birth dates and sometimes Social Security numbers. Names can be presented in numerous formats, leading to duplicative records that cost money and lead to errors. As our population grows, the number of people with the same name and other similar personal data multiplies. Research cited by RAND Corp. indicates patients are misidentified at a rate of about 7% to more than 10% during record searches. As databases grow, the problem will only worsen. UPIs can correct this situation.

What about data security? It is difficult—especially without being able to study UPIs—to know what the safest approach is. Admittedly, no IT system is immune to breaches.
That said, patients with UPIs hold a distinct and important advantage in that their medical information is compiled and stored according to that unique identifier, separate from financial data typically coveted by thieves. UPIs can even be set up so that patients could choose to have no identifying data in their record, making it completely anonymous UPIs can be created with built-in checks against typing errors and counterfeiting, and if a UPI is compromised, patients can "retire" it and obtain a new one. Without a UPI, one can only regain medical privacy by changing one's identity, not dissimilar from participation in a witness-protection program!

Could the UPI be co-opted, the way the Social Security number has been, and used for other things? That's something we must guard against. By establishing a system where patients request the number through their doctor's office, and from a third party, not the government, we can help keep the UPI associated with medical data only.

Gaining Patients' Trust
Critics contend that UPIs will only make it easier for companies and others to use medical data for commercial purposes. To protect against this, they say, we need a system where physicians have to ask patients for permission to access their information. Because there has been so little study of UPIs, it's difficult to say whether those fears are valid. But having patients decide which doctor gets which data is the wrong choice. Doctors need full access to all of a patient's data, so they can deliver the appropriate care. That is the essence of the doctor-patient covenant. Furthermore, in critical-care situations, the patient might be unconscious and, therefore, unable to grant access to essential health information.

While narrowing access isn't optimal for patient care, new UPI technology does make it possible. For example, one type of UPI could be used for patients who want all of their physicians to have broad access to their medical data, while another would indicate the patient must first authorize access. Patients get to choose.

Even with all these protections, not every person will trust the system. Studies show that many people already refuse testing and treatment because they are worried it could be used to discriminate against them. UPI critics say a universal health-care ID system will only undermine trust further, but I would argue the opposite is true. Problems related to misidentifying patients and accessing their health information in a timely manner have eroded trust in the current low-tech system, which is why we need a new approach. Building an efficient records system that is more secure and offers better coordinated care can only enhance trust between patients and providers.

Congress should lift the ban on federal funding for UPI research, and we should better inform patients about the benefits of UPIs. No one wants medical data to fall into the wrong hands, but neither do we want patients to suffer because their medical information cannot be accessed.

Dr. Collins, a board-certified physician in internal medicine, is chancellor of the University of Massachusetts Medical School in Worcester, Mass. He can be reached at

No: Privacy Would Suffer
By Deborah C. Peel

Doctors and patients need to find a better way to collect and share personal medical records from the innumerable places health data are collected and stored. But linking people to their health data via a unique identifying number isn't the answer.

'History shows that universal IDs are always used in unintended ways.' -- DEBORAH C. PEEL

Yes, assigning everyone a universal patient identifier, or UPI, would improve doctors' ability to share information and make it easier for hospitals to differentiate one John Smith from another. But a universal health ID system would empower government and corporations to exploit the single biggest flaw in health-care technology today: Patients can't control who sees, uses and sells their sensitive health data.

Searching for sensitive patient information would take just one number, not dozens of account numbers at professional offices, hospitals, pharmacies, labs, treatment facilities, government agencies and health plans. UPIs would make it vastly easier for government, corporations and others to use the nation's health information for their own gain without patients even knowing it.

What's more, any benefits associated with UPIs would be erased when patients, knowing their doctors have no control over where health-care data go, refuse to share sensitive information about their minds and bodies. This is a very real issue: Without privacy, patients won't trust doctors. In 2005, a California Healthcare Foundation survey found that due to the lack of privacy, one in eight patients lies, omits critical details, refuses tests or otherwise keeps sensitive health information private. Six hundred thousand people per year avoid early diagnosis for cancer alone.

Invitation to Snoop
We are in the midst of an unprecedented data-privacy crisis. Changes to federal regulations in 2002 eliminated patient control over who sees personal health information and led to explosive growth in the data-mining industry. Pharmacies, health-care IT vendors, insurers and others routinely sell and commercialize prescription records, genetic tests, hospital and office records, and claims data to drug companies and any willing purchasers. Even with names and key identifiers stripped off, it's simple to reidentify patients. Under the guise of improving health, lowering costs or promoting innovation, even government agencies sell and give away large databases of patient records.

Universal health-care IDs would only exacerbate such practices.

Further, UPIs would encourage the government and corporations to build massive, centralized databases of health information, rich targets for data theft and abuse. UPIs would become a de facto universal identification system far more harmful than Social Security numbers, enabling millions of government and corporate workers to snoop into anyone's medical records.

But concerns about health IDs go much deeper. UPIs exacerbate the commoditization of patients by encouraging the perspective that government agencies and corporations have superior rights to decide and control core aspects of who we are. A unique ID system is like giving master keys to millions who work in health care—they no longer need to ask patients to see records.

In the end, cutting out the patient will mean the erosion of patient trust. And the less we trust the system, the more patients will put health and life at risk to protect their privacy.
Such an obvious outcome makes a mockery of claims that UPIs would "reduce errors" and improve "patient safety." Similarly, claims that UPIs will be kept separate from personal and financial IDs are wishful thinking. All health records have financial records attached. But more important, history shows that universal IDs are always used in unintended ways. Social Security numbers were to be used only for payroll taxes, but morphed into universal IDs for health and commerce. UPIs will share the same fate.

Patients in Control
If a single ID number isn't the answer, what is? The best way to share sensitive health information is to build electronic-records systems where patients are in control of their own medical records, not government and industry. Health professionals should seek permission to see personal data, but only patients should release or link it. This is how it works with paper records systems, and there's no reason we should be less concerned about privacy in the digital age.

Existing technologies can allow patients to set default rules to govern data exchanges electronically, such as: "In emergencies, treating physicians may access my entire medical record" or "Anytime I receive health treatment, send copies to my family doctor." Consent rules can be changed instantly online, and sensitive information can be selectively withheld at the patient's discretion.

Unique patient IDs are unnecessary for this system. Much like using online banking to pay bills, patients can use online health systems to send encrypted information from medical accounts to whomever they choose.

Decentralized systems with smaller data sets protect privacy because if any account is broken into, only some information is compromised. More important, they require mediation by the patient. Imagine a universal ID system for all financial transactions where all retailers had our IDs. Commercial transactions would be more efficient if retailers could see and debit our accounts without consent. But it would be unacceptable—and it should also be unacceptable for others to use your health records without permission.

I agree that we need to transform the health-IT system so health professionals and researchers can electronically tap into complete and accurate health information. But any such technology should allow professionals to treat patients as individuals whose needs come first. That won't happen if we create an electronic medical-record system that no one trusts.

Dr. Peel, a psychiatrist and health-privacy expert in Austin, Texas, is the founder of Patient Privacy Rights and leader of the bipartisan Coalition for Patient Privacy. She can be reached at