All posts by nancy

Privacy Healthcare Privacy Invasion Promoted by the Federal & State Governments – Part VI Preventing Patients from Controlling Access to their Personal Health Information – Addendum added: 02/27/2022

Title II of the Health Information Portability and Accountability Act of 1996 (HIPAA) authorized Health and Human Services to create regulations for “Administrative Simplification”, one of which is the Privacy Rule. The HIPAA privacy rule has been inadequately protecting personal health information since compliance was required on April 14, 2003. It has only failed to an even greater extent since the widespread adoption of electronic health records and the storage and analysis of Big Data.

There are at least two glaring problems. The first is that almost any inspection and use of health data could be justified by “Healthcare Operations” resulting in the sort of exposure of data that has publicized when Google employees raised concerns about the patient data from Ascension. The second is that the provisions for de-identification of personal health information data was known to be inadequate even before they became part of HIPAA regulations. Dr. Letanya Sweeney is a Harvard professor who focuses on privacy and has testified before congress multiple times. In a 2003 publication, , she described what was necessary to de-identify data yet keep it useful for research and other purposes. HIPAA requirements do not meet this standard. If the HIPAA standard is met, medical data is legally de-identified and can be redistributed. The HIPAA standard is described here on this government web site . It was inadequate in 2003 and it is even more so now in this era of big data when many more datasets of information are available that can be mined and compared to allow re-identification.

It is interesting that HHS is making claims data available to the public, and on the same page that description of how this data can be downloaded, is a statement that it is illegal to attempt to de-identify the data. That tells me that HHS knows very well that it can be re-identified and yet posts it here. There are multiple warnings not to attempt to re-identify the data such as below.

I will make no attempts to identify individuals, including by the use of vulnerability analysis or penetration testing. In addition, methods that could be used to identify individuals directly or indirectly shall not be disclosed, released, or published.
I will make no attempts to identify establishments directly or by inference.
I will not use deliberate technical analysis to discover or release information on small numbers of observations ≤10.
I will not attempt to link this information with individually identifiable records from any other source.
I will not attempt to use this information to contact any persons or establishments in the data for any purpose.

Note that at this link there is this paragraph regarding how the data is de-identified.

“The Centers for Medicare & Medicaid Services (CMS) is responsible for administering the Medicare, Medicaid and State Children’s Health Insurance Programs, as well as a number of health oversight programs. CMS gathers and formats data to support the agency’s operations. Information about Medicare beneficiaries, Medicare claims, Medicare providers, clinical data, and Medicaid eligibility and claims are included. These data are made available to the public, subject to privacy release approvals and the availability of computing resources.”

Datasets to use to re-identify data are readily available. reports on findings by Harvard researchers. Adam Tanner wrote the following article discussing how HIPAA does not adequately de-identify data. ” Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization found is here, , is a UCLA Law Review article by Paul Ohm from Georgetown Law.

I have concerns also about the broad sharing of data put into databases without patients permission whether or not the data is slated to be shared. Any time a database is created, it is likely to be hacked especially if it is exposed to the Internet. If the NSA can’t keep data secure, how can we expect other datasets to be secure. Patients should be allowed to determine whether their data is exposed to the Internet or put in registries or other database before it is done. If they want the convenience of Internet access, then they need to be informed of the risks and accept the risks. This helps protect providers from being sued when there is a data breach and improves patients’ chances of keeping their data private.

Patients and their physicians are largely unaware of all of the data sharing being done by government and by private entities. In addition, much of this data sharing is coerced by regulations and not the choice of medical providers, whether or not those providers know it is happening. Prior posts on this site describe how some of that is happening.

Unlike when you visit a lawyer, there does not seem to be any meaningful expectation of privacy when a patient visits a health care provider. Many seem to feel that it is too late to protect privacy now as the “cat is out of the bag”. I feel that we need to push for more protections for ourselves and future generations. Right now, government and businesses are controlling most of our privacy.

Consumer Reports published an article about what data was being shared by GoodRx when you search for coupons and reduced prices for drugs, and Deven McGraw, who previously was responsible for protecting privacy with HHS, confirmed that HIPAA offers no protection.

“If people think that HIPAA protects health data, then they probably believe that any health data in any context is going to be protected. That’s just not the case,” said Deven McGraw, chief regulatory officer at consumer health tech company Citizen and former deputy director of health information privacy at the U.S. Department of Health & Human Services’ Office of Civil Rights. 

However, HIPAA doesn’t apply to GoodRx or many other “direct-to-consumer” websites and apps that provide health and pharmaceutical information. It doesn’t apply to heart-rate data generated by a sports watch or Fitbit, information you enter into period-tracking apps, or running data held by running and cycling apps such as Strava. As far as the law goes, such information has no more protection than your Instagram likes.”

Addendum 02/27/2022: The Department of Veterans Affairs has chosen to replace their electronic health record (EHR), VistA aka CPRS, and its 40 years of patient data with Cerner under a different name. The DOD is using Cerner as MHS Genesis and under the Trump administration the VA was ordered to do the same to facilitate the life long heath records for active duty personnel and veterans. Now, Oracle is set to acquire Cerner for $28 Billion and it is assumed they are most interested in the data they will purchase access to that will fuel their AI programs. This has been articulated here, although similar articles are referred to in other portions of this site about how de-identification is already possible with relatively little difficulty given the lax rules for de-identifiation under HIPAA. Of course, patients with their data stored in Cerner have no say about whether or not Oracle will be able to use their information for training AI, to be “de-identified” and sold, etc.

Patient Healthcare Privacy Invasion Promoted by the Federal Government – Part V – Privacy Invasion by Health Information Exchanges – Addendum added 12/20/2017

Some Background on Health Information Exchanges

Private, federal and state Health Information Exchanges (HIEs) have been evolving for over 20 years. Initially there were not many of them, and they were often given seed money by the federal government  and they often failed, but now, most are holding on if not thriving. There are usually two basic HIE types. One type is like a telephone book, which will tell you where you can find information about a patient, and the other type is a  data repository that contain the healthcare information about a patient in a database.

The National Health Information Network

There is a federal health information exchange network called the NHIN (National Health Information Network) that generally connects those seeking information about patients to resources both types of exchanges, hospital systems and even some physicians offices. The NHIN itself currently does not store patient health information other than what providers they have seen where their data may be found if the patient provides permission for that information to be revealed.  Also, the entities that have gone through the arduous process of joining the NHIN are generally large organizations like the Department of Veterans Affairs and Kaiser Permanente.

How are Health Information Exchanges Funded

Many exchanges that have been set up by states are at least partially funded by states and both state HIEs and others have developed creative ways to fund themselves. This includes at least one state with an HIE that is partially funded by insurance companies. Although health insurers generally do not have access to the results of tests, only the claims data, the Kansas state HIE, called a “Patient Portal”, grants access to everything stored on a patient, justifying it by saying “Because payers have access to the health information of their members, they also pay to support it”.  ( ) Also in Kansas, “Blue Cross Blue Shield provides a 6% incentive payment to any doctor or hospital on any claim they make if they are contributing data to the health-information exchange”.  Kansas also charges a subscription fee.   ( ) Many HIEs sell “de-identified” data to researchers and commercial entities. Maryland does not sell patient data but does charge a fee for evaluating requests.

Why HIEs are a threat to Privacy

As previously discussed, there are standards for de-identification of data that are controlled by HIPAA specified in the early 2000s. There were protests that the de-identification was not sufficient, most notably by Latanya Sweeney from Harvard, that resulted in the de-identification being made a little better, but there is still sufficient data in this era of big data to re-identify most information.

At least one state makes the de-identified data available for anyone to see online. Harvard students Becina Ganther, Harshita Gupta and Alexandra Thaler, working with research assisteant Ji Su Yoo, recently demonstrated that by using just newspaper articles and an open Vermont database, they were able to re-identify patients. Compared to what data is available to insurers and data aggregators, there had very little information to work with yet they were able to re-identify patients. There is a video of their talk given at the 2017 Patient Privacy Rights summit here:

Can patients Opt-Out of having their data in an HIE?

This varies from HIE to HIE.  Maryland is proud that it allows patients to opt out of giving physicians access to review their data. However, patients have no control over whether their data is uploaded by their physicians to the HIE. If Maryland physicians wish to view data on any patient, as requested by their patients, in the state HIE, they can only get permission to view any data at all if they agree to upload the data on ALL of their patients to the state HIE. All hospitals are required to upload their patients’ data to the HIE by state law. In addition, to the best of my knowledge, patients who exclude their data from being reviewed by physicians cannot exclude their data from that released for research purposes.  Correction: I spoke to someone at a recent Maryland state medical society meeting (MedChi)  I attended and was told that if a patient opts-out of making their data available to physicians on the HIE, that their data becomes invisible, even for release for research.

In short …

In short, most HIEs are a significant threat to the privacy of those who do not wish to share their health information as the data will be shared “de-identified” with a very high probability it can be re-identified.

Nancy Anthracite, MD



Here is a link where the Aussies figured out how big data was being used to re-identify de-identified data that was released by the government and they decided to do something about it.  Here in the US, for the most part, there are very few people talking about it or doing anything about it even though it is going on behind closed doors and making companies and undoubtedly the politicians coffers lots of money.   The so called “promise of big data” is so attractive that nobody wants to take a chance the public will get up in arms about this and stop the flow.  Health Information Exchanges and Health & Human Services release of data is essentially the same.  So is all of the release of data mentioned in all of the posts.

Patient Healthcare Privacy Invasion Promoted by the Federal Government – Part IV – Syndromic Surveillance

Part IV – Syndromic Surveillance

 As previously mentioned, Meaningful Use is administered by the Office for the National Coordinator for Health IT and sets the criteria for Electronic Health Records.  This criteria was set as of April 2015.

Previous requirements for Syndromic Surveillance

Previously, syndromic surveillance was done looking for large numbers of people with similar symptoms in order to be able to rapidly identify an outbreak, such as anthrax, should there be a terrorist attack, or perhaps a rise in people presenting with flu symptoms.  The main presenting complaint would be sent without any identifying information.  Should the CDC or other entity wish to pinpoint a particular patient, they would contact the transmitting organization and discuss the method by which they could contact the patient.  Privacy was not entirely assured, but at least it was relatively well protected.

New Guidelines for Syndromic Surveillance

Now the guidelines have changed.  Providers are advised that they need not ask patients’ permission to transmit syndromic surveillance information and demographic information because it is a public health matter.  Under HIPAA, it is not necessary to ask permission for sharing Public Health data.

This is a link to the guide for syndromic surveillance for Meaningful Use as of April, 2015.  Reporting is currently optional, but clearly, this is not the intent for the future.

This information in red is taken from the guide.  It details what information is supposed to be transmitted by electronic health records.  Recall that this is without the need for any patient permission.

This Guide is intended to facilitate the exchange of patient clinical encounter records for syndromic surveillance purposes between different systems. This includes:

Sending for all patient encounters
Treatment facility information
Limited personal identifiable information
Demographic information about patients
Visit information
Diagnostic and pre-diagnostic information
Vital measurement information
Risk factor and other information
Acknowledging message receipt

Transmission of all of this information leaves little left to need to protect for patient privacy

As previously mentioned, all of this detailed information only makes it more and more likely that all healthcare information about a patient will be fully identified using Big Data techniques and be available for the taking.

If you find this unacceptable, like I do, please contact your Representative and Senators and ask them to insist on reverting to de-identified reporting with very little detail provided or to ASK permission to provide more detail about you and your complaints before transmitting it to others.

Here is a link to help you find the address and telephone number of your Representative or Senators and contact Tom Price.

Thomas E. Price, MD
HHS Secretary
HHS Office of the Secretary
E-mail Address:
Phone Number:


Nancy Anthracite, MD


Patient Privacy Invasion Promoted by the Federal Government – Part III – Patient Registries Addendums added 3/30/2019 and 12/4/2019

Part III – Disease Registries

What is a Registry?

Registries are collections of patient data usually focused around a particular disease.  Cancer have been mandated by law in most states and some cites for many years.  If you have cancer and a pathologist reads the slide of a specimen that turns out to be cancer, your name and varying amounts of data about you and your cancer are reported to one or more cancer registries.  This can include the genome of the tumor which, of course, will include some of your genome.  You have probably heard a lot about these registries lately because of former Vice President Biden’s “Cancer Moon Shot” which seeks to collect extensive genomic data about cancer and the people who have developed cancer.

What is Meaningful Use?

The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009,  put incentives in place to encourage the use of electronic health records (EHRs).  Shortly after that, there came regulations to encourage the use of those EHRs “Meaningfully” which is where a program called “Meaningful Use”  began.  This program is administered by the Office of the National Coordinator for Health IT (ONC) which is part of Health and Human Services (HHS).  There are, so far, three stages to Meaningful Use.  The first was relatively simple for most EHRs to achieve, the second much more difficult and the third is just now in progress.

Meaningful Use and Exchange of Data

A large element of Meaningful Use revolves around gathering and exchanging data.  In fact, exchanging data is probably the most important element and yet, as of right now, the goal of easing the exchange of data has not been met despite the expenditure of $36 Billion in incentive payments for installing Meaningful Use Certified EHRs and using them “meaningfully”.

Most patients would like it to be much easier to have their data exchanged and be able to get it themselves.  What they often don’t realize is that there is a lot of data being released about them without their permission and that this exchange of data without permission is exploding.  We discussed one very important way in part I, the Quality Measure Reporting.

The push to Create New Registries and Submit Data

One method of providing data without the patient’s permission being promoted by Meaningful Use and even outside of Meaningful Use is submitting data to patient registries.  Not all registries will take data without permission, but the creation of registries and submission of data to them without patient permission seems to be on a fast track right now with HHS and the health committees in Congress such as the Senate HELP Committee.

A typical patient registry being promoted is a diabetes patient registry.  These registries are felt to be important for research and the “greater good” so you will almost never hear of anyone from Congress or HHS voicing any concern for patient privacy.  Many are hoping that a plethora of patient registries will be created and that data will be submitted to all of them.

Would you agree with sharing your medical data with registries?

 I believe 85 percent or more of patients would be willing to fully share their health records, but I don’t believe that those who want their privacy protected should be forced into giving up what should be their right to decide.  I also believe that patients should have the option of withdrawing  permission if they wish.

There are significant concerns for some who might otherwise be willing to share their data that have nothing to do with their own privacy, but have to do with the implications of how sharing the data might affect their relatives.  It might also affect their relationships with others with whom they work or have significant contact if it were known what ailments they were suffering from.

To me it is simple, patients should be ASKED and health care providers should not be asked to share personal patient data without their permission.  In this era of Big Data, this also includes most de-identified patient data.

Now is the time to protect your privacy!

Let your Representative, Senators and Tom Price know you want to have a say sharing your healthcare information about you!

HHS Secretary
HHS Office of the Secretary
E-mail Address:
Phone Number:

Addendum Added 3/30/2019

California may be trying to stand up for its citizens against Google and Facebook, but it is seriously invading patient privacy by mandating that anyone with Parkinsons Disease must have their information entered into a Parkinsons Disease registry maintained by the the California Department of  Public Health.  Below is the notice sent to physicians with California Licenses on March 12.  Note that persons with Parkinson’s disease often develop dementia in the late stages of Parkinson’s disease and thus would likely want to keep the diagnosis between themselves and their doctors in the early stages.

March 12, 2019

Dear Health Care Provider:

In accordance with Health and Safety Code Section 103870, health care providers diagnosing or providing treatment to Parkinson’s disease patients are now required to report each case of Parkinson’s disease to the California Department of Public Health (CDPH).

Senate Bill (SB) 97 created the Richard Paul Hemann Parkinson’s Disease Program of the California Parkinson’s Disease Registry (CPDR). CPDR is a statewide population-based registry that will be used to measure the incidence and prevalence of Parkinson’s disease. California’s large and diverse population makes it ideal for expanding the understanding of this disease to improve the lives of Parkinson’s disease patients.

The first deadline for submitting case information to CPDR is March 29, 2019, for all reportable patient encounters from July 1 – December 31, 2018.

Health Care Providers: If you are a health care provider and wish to report via manual data entry (i.e., using the CalREDIE direct data entry web portal), you must:
1. Register on the CDPH Health Information Exchange (HIE) Gateway (
2. After registering on the HIE Gateway, you will be sent a CalREDIE Account Request and User Authorization form which must be completed and returned to CPDR.

Once your account has been created you will receive your CalREDIE account login information, and you will be able to submit Parkinson’s disease case information to the registry.

Reporting Facilities: Health care systems implementing an electronic interface connection with the registry using a Health Level Seven International (HL7) formatted message should already be in the testing stages. If your facility has not initiated testing of the electronic interface, please contact the registry right away at<> to begin the on-boarding process. (Note: Information on acceptable HL7 message formats can be found in the CPDR Implementation Guide [version 3, August 2018], available for download from the CPDR website:<>.)

Resources: CDPH has developed several implementation resources that are available for download from the CPDR website (<>). These include:
· The CPDR Implementation Guide (Version 3, August 2018)
· Webinar: Reporting Data to CPDR (December 2018)
· HL7 Specification Documents
· Answers to Frequently Asked Questions
· Patient Information brochures

If you need assistance submitting Parkinson’s disease case information to the registry, please contact us at<> or (916) 731-2500. For additional information and program updates, visit the CPDR website at<> and join our listserv.


Note that this provision for a registry was supposed to sunset in January 1, 2020 but now has been reauthorized until 2021.  Physicians who do not submit their patient’s data to the registry will be fined up to $500 a day that the data is not provided.  See 103870 (f) at this link.  Also see the FAQs at the second link making it clear that patients may not choose to opt-out of having their information entered in this registry.

Nancy Anthracite, MD

Privacy Healthcare Privacy Invasion Promoted by the Federal Government – Part II: Wellness Exception to HIPAA – 3/11, 3/12, 3/13. 5/23, 7/15, 7/19, 8/25, 10/26, 12/21/2017, 2/8/2018, 2/17/2018, 9/22/2018, 11/7/2018 and 12/4/2019 Addendums Added

Part II – The Wellness Exception to HIPAA

What is the Wellness Exception to HIPAA?

There is a little recognized provision of the Affordable Care Act called, in brief, the Wellness Exception to HIPAA.  The full name of the section is Incentives for Nondiscriminatory Wellness Programs in Group Health Plans.  Those subjected to parts of it may certainly be suffering from its provisions, and object strongly to it,  but they do not know why they can be subjected to the invasion of privacy.  This is a link to the text of the section:  Ctrl-Click to access the link.

How do Wellness Programs Work?

Although some employers use a carrot approach with free or subsidized access to fitness facilities, etc, there are others that rely on the stick.  Under the guise of promotion of Wellness, many people who have insurance with employers are being required to provide their blood pressure, low density cholesterol (LDL), body mass index (BMI- a measuring appropriate weight for someones height) and waist circumference plus submit answers to extensive questionnaires or pay a stiff financial penalty in the order of several hundred to several thousand dollars.  The law allows a penalty of up to up to 30% of their  health insurance premium in general if they don’t comply and 50% if the employee smokes or perhaps, won’t provide proof that they don’t.  If they do comply, and they do not meet the wellness benchmarks, they may still be subjected to a penalty.

Physicians are usually required to either provide or sign off on the accuracy of the height, weight, LDL, fasting glucose, blood pressure report, and whether or not a physical examination was done.  Alternatively,  official copies of lab reports must be submitted to the wellness program. None of the information that either the patients or the physicians are submitting is protected by HIPAA ( not that HIPAA would provide much protection if it were as mentioned in Part I of this series).  This lack of protection by HIPAA was confirmed by Devin McGraw, Deputy Director for Health Information Privacy for HHS at the 2016 Patient Privacy Rights Summit. If employees do not answer these questions truthfully, they may be subject to termination of employment. In some cases, employer provided health insurance will be denied if the employee does not participate.

What is in those questionnaires?

The questionnaires can be an extreme invasion of privacy.  There is often a provision to notify the wellness program of a pregnancy as soon as it is known, whether or not a woman intends to become pregnant, a complete review of medical symptoms and problems, questions that have to do with mental health, causes of stress in the person’s life, their work performance, why they took time off from work, relationships with family and anticipated household income.  Here are some links to articles about these wellness programs.

Use Ctrl-Click to follow the links.

Wellness Programs, the American with Disabilities Act and the AARP Lawsuit

The Equal Employment Opportunity Commission (EEOC) published an advisory about this regulation in 2016 because of concerns related to the financial compulsion to provide information for those with disabilities.  The AARP is now suing the EEOC over this by using the American with Disabilities Act as a possible wedge to stopping this practice. Prior lawsuits that have attempted to stop it on a different basis have been dismissed by the courts. 

Are our Lawmakers aware of what is going on?

I find it interesting that I have not found any evidence that Senators and Representatives have been subjected to these questionnaires.  I wonder if it is because the federal government knows these tactics will not be tolerated despite the fact it was a federal law that is allowing this to happen and that the wellness industry does not want them to see what these questionnaires have in them?  The Wellness Industry is very big industry and they would not want to lose this part of their business.  I have had it suggested to me that this program was a bone thrown to the insurance industry because the Affordable Care Act would not allow them to rate patients for pre-existing conditions, so this was added to the law as another way to do something similar and to entice them to cooperate with the insurance exchanges.

The Affordable Care Act is up for Revision – Now is the Time to ACT!   (SEE ADDENDUMS BELOW)

Please call or write your Representative and Senators and Tom Price, MD, head of HHS, to protest these intrusive questionnaires and your health data collection.  Here is a link to help you find the address and telephone number of your Representative or Senators and contact Tom Price.

Thomas E. Price, MD

HHS Secretary

HHS Office of the Secretary

E-mail Address:

Phone Number:


Nancy Anthracite, MD

ADDENDUM – 3-11-2017 & 3-12-2017,  7-15-2017, 7-19-2017, 8-25-2017,  10/26/2017 and 12/21/2017


As offensive and invasive as some of the questionnaires and testing that are required now, proposed bill HR 1313 is going in a direction I did not think anyone would EVER consider acceptable.   Genetic testing could actually be required as part of the Wellness program!  I expect this was conceived of as a way around the AARP suing the EEOC, but the ramifications for everyone are disastrous.  As I read this, all employers, not just those offering health insurance to their employees, could get away with this.  Although the amount of money associated with this is called an “incentive”, it is so significant that only those who are very well off financially could realistically be expected to refuse to submit to these exams, blood tests and questionnaires.  I also expect Wellness companies to contract with employers to guarantee a profit to companies who subject their employees to this because the information is very valuable.

Please see the following two links

There is also more news on the AARP suit against EEOC.  The government is trying to claim that AARP does not have standing.


I am thrilled to have found this and find that it has a lot of opposition. I apparently was late in finding out about this. This gives me some real hope that the backlash might put an end to the privacy invasion associated with Wellness, although the very fact this outrageous bill got out of a committee is, I think, a testament to the power of the wellness industry which will be difficult to oppose.


Politico this AM posted that Tom Price was not thrilled with this proposed legislation and that the Senate would be unlikely to pass it.  Let’s hope they are right.  They pointed out that “Federal anti-discrimination law prohibits employers from asking employees about non-job-related health information, but employer-sponsored wellness programs are an exception – if they are “voluntary.” But what’s voluntary about a choice that might affect half your health insurance payment?”


Here is another excellent article about the problems, fallacies and privacy invasion of workplace wellness.


Although HR 1313 has slipped out of the news (see 3 12-2017 addendum), from my queries and reading about the replacement plans for the Affordable Care Act, there is no evidence that the Wellness provisions will be watered down nor have the plans for the content of HR 1313 to eventually be part of  Workplace Wellness been scrapped.  The AARP is pressing on to block the onerous provisions of Workplace Wellness but some law makers are working on making Wellness an exception to the protection provided by the American with Disabilities Act.

This wonderful Op-Ed points out how valuable genetic data is to businesses and why they are lobbying to get their hands on it and why Americans need to be very careful where their genetic testing results are available.  The cancer research databases are not mentioned here, but they, too, are a potential source of genetic information that can be mined for other purposes.  Cancer patients have very little if any control about what information about them is given to cancer registries.


This editorial about HR. 1313 was published in the July 6th New England Journal of Medicine.  Rumors that I am hearing indicate that HR. 1313 is still very much alive and likely to be passed in this form or some other because of pressure from the business community.


AARP prevailed in court in its suit against EEOC.  However, it is not over yet because the judge gave the EEOC a second chance to provide sufficient data to justify their position that imposing a 30% penalty or incentive premium is not coercive for providing genetic or private information as part of a wellness program.  The Judge failed to void the rules completely giving the EEOC time to try again because to justify their position in court.

Here is a link to the AARP press release:

And a link to Judge Bates written decision:


It seems that Wellness programs have may have figured a way around the restriction that the AARP decision seemed to impose.  The latest test I have seen no longer requires that a number of questions about physical health and abilities be answered to avoid a financial penalty,  but now the questions are a rather comprehensive psychological test!  Also, I have not seen any evidence that the plan for HR1313 to ultimately be passed has been abandoned.  That contains language to void the American with Disabilities Act for the Wellness programs.

The HR1313 Summary states:

Preserving Employee Wellness Programs Act

This bill exempts workplace wellness programs from: (1) limitations under the Americans with Disabilities Act of 1990 on medical examinations and inquiries of employees, (2) the prohibition on collecting genetic information in connection with issuing health insurance, and (3) limitations under the Genetic Information Nondiscrimination Act of 2008 on collecting the genetic information of employees or family members of employees. This exemption applies to workplace wellness programs that comply with limits on rewards for employees participating in the program.

Workplace wellness programs may provide for more favorable treatment of individuals with adverse health factors, such as a disability.

Collection of information about a disease or disorder of a family member as part of a workplace wellness program is not an unlawful acquisition of genetic information about another family member.


Classic Good News and Bad News

Good new is that the AARP won in court again and in January of 2019 the, Wellness questions about our physical health should go away.  However, I still don’t know it that will stop the psychological test questionnaires.  I hope to learn more about that in the new year.

Now here is some bad news.  Congress, who cooked up HR1313 has now cooked out  new bills, H.R. 4805 (114) [] and  S. 3530 (114)  []  that were, thankfully, brought to light by POLITICO and reported in their eHealth newsletter this AM.  Since the link to the news letter has a new story every day, I have pasted this section in below.  The link to the daily news is:

********From POLITICO Morning eHealth today********

Stealthy bill:  A bill submitted Dec. 11 that just came to our [POLITICO’s ] attention would create a major new role in health care for data brokers like Experian and Availity. The Ensuring Patient Access to Healthcare Records Act, introduced by Rep. Cathy McMorris Rodgers, gives clearinghouses the right to share and sell health data and analysis to patients, provider organizations, public health agencies, drug companies and others.

The companies already process hundreds of millions of health-related transactions, but can’t share data widely due to HIPAA restrictions. They are sometimes classified as business associates. So the companies want to be able to combine data from multiple sources into longitudinal records that can be provided directly to patients and used to prepare analysis and reports for health care companies.

The legislation has been percolating in Capitol Hill for a while. A previous version – which appears to have arisen from a lobbying campaign backed by Experian, The SSI Group and Availity – was first introduced in March 2016 as H.R. 4805 (114). A Senate version (S. 3530 (114)) was introduced last December by Bill Cassidy.

Some of the lobbyists behind the bill have connections with the co-sponsors. Keith Studdard, a lobbyist from Jeffrey J. Kimbell and Associates, used to work for co-sponsor Marcia Blackburn. Another lobbyist from the same firm, John Ray, worked for co-sponsor Mike Kelly.

At least one data transparency advocate is not a fan of the bill. “I don’t think their intentions are pure,” said former CMS data officer Niall Brennan, now CEO of the Health Care Cost Institute. “They want to sell patients own data back to patients – they should be able to get it for free.”



Hopefully, one more bit of information to help deep 6 this program was cited in this Federal Soup article.  A study of a workplace wellness in Illinois program showed it did not help!



No wonder EEOC is not bothering to rewrite the rules since the success of the AARP court case against the Wellness section of the Affordable Care Act with this bill still in the works!

I was digging up the URL for the proposed legislation, HR 1313, to send to someone and found that they amended the proposed legislation on December 11, 2017.  It appears they are again trying to get around the court ruling and keep the ability for companies to demand personal information and collect employees genomes under threat of an up to 50% increase in their health insurance premium alive and well!

This is the amended part at the above URL:

(Sec. 3) This bill exempts workplace wellness programs from: (1) limitations under the Americans with Disabilities Act of 1990 on medical examinations and inquiries of employees, (2) the prohibition on collecting genetic information in connection with issuing health insurance, and (3) limitations under the Genetic Information Nondiscrimination Act of 2008 on collecting the genetic information of employees or family members of employees. This exemption applies to workplace wellness programs that comply with limits on rewards for employees participating in the program.

Workplace wellness programs may provide for more favorable treatment of individuals with adverse health factors, such as a disability.

Collection of information about a disease or disorder of a family member as part of a workplace wellness program is not an unlawful acquisition of genetic information about another family member.

I also found that HR 4805 is back as HR 4613

giving clearinghouses the right to share and sell health data and analysis to patients, provider organizations, public health agencies, drug companies and others.



I think I see one of the ways that the court ruling on the Wellness Exceptions to HIPAA will be circumvented.  Once again we are seeing the pattern of financial penalties if you don’t provide private information.  Again it is being called a reward.  Please see this page which describes what the John Hancock company wants to do with wearables.

I am waiting to see what other schemes surface as companies put their heads together with their lawyers to see what they can get away with in financially coercing people to provide them private information.

If you are thinking, “Oh, this is just a Fitbit”, let me point you to these two links:

John Hancock does not require you have your Fitbit give them data directly, but it would be easiest to do it that way and for them, it will give them access to much more data about you.  Even if only user recorded information about activities is provided, users need to think carefully about what they are revealing and the unintended consequences before they decide this is a “good deal”.

Nancy Anthracite


I am delighted to see that the NEJM contained an editorial about the ethical conflict physicians have with the wellness programs and today there is an open article that discusses it.  For those of you who have access to the New England Journal of Medicine, this is the link for you: Lamkin M. The physician as double agent—conflicting duties arising from employer-sponsored wellness programs. N Engl J Med. 2018;379:1297-1299

And this is the link to an article I think anyone can read about it:

I am sorry to say that all of what I see strongly suggests that the lawyers have been busy working on ways to get around the court ruling on the wellness questionnaires and companies are coming up with even more invasive ways of gathering information and continuing to charge customers who don’t agree to providing it.


Wellness programs ineffective

On April 16, 2019, the Journal of the American Medical Association (JAMA) published a Harvard study entitled “Effect of a Workplace Wellness Program on Employee Health and Economic Outcomes”.  The results showed, despite employees engaging in more healthful activities, “there were no significant effects on clinical measures of health, health care spending and utilization, or employment outcomes after 18 months”. This program, as most wellness programs, did not just provide services to the employees, but collected private information about patients activities and health in the process.  You can read the study here:   An article commenting on the $8B Wellness Industry ineffectiveness  is here:

Wellness Questionnaires after your mental health and financial wellness

In January of 2019, Judge Bates ruling was to take effect prohibiting Wellness questions about health that would violate the American with Disabilities Act.  Even before that happened, I found the Wellness industry  switched their tactics to submitting those who did not want to pay extra for their insurance to answering hundreds mental and financial well being questions with optional physical health questions and this has persisted after the January 2019 deadline.   This change in questionnaire tactics is coupled with additional “activities”  that are tracked, sometimes with Fitbit like devices and sometimes with online reporing,  that are required to receive the  “incentives”.   This tactic has persisted after January 2019 even though the American with Disabilities Act protects persons with mental as well as physical illness.  I have no information to indicate that the AARP is intending to pursue this further in  court or that there is any interest in Congress in stopping this practice.  Note that whether you call these financial burdens “incentives” or “penalties” is of little consequence as they are all coercive as Judge Bates pointed out in his decision.

Google and Project Nightingale

Google’s announcement of the intention to purchase Fitbit almost at the same time Project Nightingale was exposed by the Wall Street Journal (WSJ) caused an uproar and is bringing more attention to healthcare privacy.   Project Nightingale is a collaboration between the Ascension and Google where Google is receiving and analyzing data, that has not been de-identified, on millions of Ascension patients.  The WSJ article is closed to non-subscribers, but this link is to one of many articles discussing what was in the WSJ and pointing out that this is only one of many similar collaborations going on throughout industry. 

Google and Ascension are vigorously defending themselves by pointing out they are doing nothing illegal according to HIPAA.  As a result,  there seem to be some lawmakers, particularly in the Senate, who are finally making public comments that HIPAA needs “updating” to protect patients in this era of Big Data.  The Department of Health & Human Service’s Office of Civil Rights is investigating to see if there were any HIPAA violations but does not expect to find any.  For the most part, Congress has recently been passing legislation that weakens the already insufficient previsions of HIPAA, not trying to strengthen or update it.  HHS itself is engaged in gathering data and redistributing healthcare data and has shown no interest in doing anything of consequence to update HIPAA, HHS tells users of the data they  redistribute to police themselves and not attempt to re-identify data.

Like the other privacy protection movements currently in the House and Senate, things are bogged down and nothing is likely to change to improve HIPAA in favor of patient’s rights.  Industry is rapidly putting privacy “protections” in place  assuage lawmakers but keep their options to collect and analyze data wide open.  Lobbyists are pushing to have federal legislation enacted that will block states from enacting more stringent privacy legislation such as California is doing.

California Legislation, the GDPR, and California’s blatant privacy invasion

Ironically, while California is planning to essentially mirror the European Union’s General Data Privacy Regulation (GDPR) protections (see ),  California itself is broadly invading their own citizens privacy.  California is collecting extensive quality measure data from physicians and hospitals that is personally identified and more extensive than the federal quality measure reporting requirements.   It is also forcing its citizens and physicians to participate in a Parkinson’s disease registry kept by the Department of Health.   This is particularly alarming as this program was the result of legislation enacted as the result of pressure from those seeking the data.  Dementia is one Parkinson’s disease’s late manifestations,  so those with early disease who show few or minimal manifestations are particularly likely to want to keep their disease confidential to prevent adverse consequences for their careers, etc.  Unless their physicians are willing to chance a $500 a day fine (see Section 102870 (f) of California Health & Safety Code, physicians must report their patients to this registry without patient consent.  As the FAQ’s at the web site explain to patients, they have no option to opt out of this reporting before or after their personal demographic and health data is delivered to the registry.’s-Disease-Registry.aspx

More people now subject to Wellness Programs

Previously, those subjected to the Wellness provisions of  the ACA  were limited to those receiving health insurance through their employer.  Now  section 2705(l) of the Public Health Service Act (PHS Act) is allowing Health & Human Services to allow anyone receiving insurance through Health Insurance Exchanges  to be subject to the Wellness provisions of the ACA.

The Wellness Demonstration Projects regulation that allows this can be found at the link that follows.  As a reminder, none of the information collected is protected by the woefully inadequate HIPAA regulations.

Nancy Anthracite, MD

Patient Healthcare Privacy Invasion Promoted by the Federal Government – Part I – Quality Measure Reporting, HIPAA and AI – Addendums added 4/5/2018, 9/22/18, 3/30/2019 and 6/16/2023

Part I – Quality Measure Reporting

Why you should read all of this long post

Just to make you quickly aware of why you should read on, the Federal Department of Health and Human Services (HHS) is collecting, among other things, names, dates of birth and addresses of adults and children who are overweight, smoke, abuse alcohol and drugs or may be depressed as well as other diagnoses, and the amount and variety of what is collected is slated to grow.  This information is being collected from health care providers using Electronic Health Records (EHRs). The information will be stored in a massive HHS database that is  already receiving millions of personally identified reports from EHRs on patients in the name of improving  the quality of healthcare as part of Meaningful Use and Quality Reporting for Medicare and Medicaid.  You cannot prevent your doctor from submitting this information to HHS without stopping HHS from requiring it as things stand now.

Detailed Background:

Why is this happening?

As part of the HITECH Act which is part of the The American Recovery and Reinvestment Act of 2009 (ARRA) (Pub.L. 111-5), eligible healthcare providers and hospitals receive incentive payments to adopt Electronic Health Records and to use them “Meaningfully”. Eventually, most providers will be penalized if they don’t use EHRs “Meaningfully.” The regulations written by HHS that were created to enforce this legislation, require that electronic EHRs have to undergo testing to be sure they are what is called “Meaningful Use Certified” and healthcare providers have to prove they are using them “Meaningfully” in a way that is regulated by the Office of the National Coordinator for Health IT (ONC). ONC is a division of HHS. Part of requirements for Meaningful Use of EHRs is the collecting and reporting of data about patients that is used to calculate the providers performance on clinical quality measures. If doctors and hospitals don’t report and achieve the standards necessary, they will lose the incentive payments that help pay for the EHRs they installed, and they will be financially penalized by cuts in Medicare payments. Medicare is administered by the Center for Medicare and Medicaid Services (CMS) which is part of HHS.

How is it happening?

Quality measure data is reported to HHS using QRDA reports (Quality Reporting Documentation Architecture). There are three types of QRDA reports reports, two of which, the QRDA I and the QRDA III (said Q-R-D-A One and Q-R-D-A Three), are required to be produced by Meaningful Use Stage 2 Certified EHRs. QRDA I reports provide detailed information about patients including names, dates of birth, addresses, race and ethnicity and conditions such as diabetes, drug and alcohol abuse, obesity, depression, etc. QRDA III reports are summary reports which do not contain personal information about patients.

Some of this detailed personal information about patients has already been submitted by many health care providers for a few years through another incentive program called PQRS, or Physicians Quality Reporting System which also uses the QRDA I report format for submitting this information. The PQRS program is administered by CMS. PQRS is a program for Medicare and Medicaid, i.e., the personal information submitted is only about patients over 65, disabled or poor. HHS is planning to require all data to be submitted in a personally identifiable manner with QRDA I reports in the near future for both PQRS and Meaningful Use. Unless HHS is stopped from going ahead with the plans. This year there are approximately 100 measures that may be chosen for reporting. Some are required and some are optional.

What is reported?

This year’s quality measures are enumerated for private physicians and hospitals in the links below. Please review them all and consider whether or not the Federal Government should be collecting this information about anyone individually. You will see a description of numerator and denominator information for these measures. An example would be that all of the patients
that HHS considers as likely to have diabetes in a doctors practice being reported in the denominator and all of those who have a blood test showing poor control of their diabetes being in the numerator. Both numerator and denominator patients would be reported to HHS with fully identified information about who they are.

Outpatient Quality Measures:

Ctrl-Click to open the link
Hospital Quality Measures:

Ctrl-Click to open the link

How do you know this data will be personally identified?

As published in the Federal Register, Volume 80 No. 158 August 17, 2015 page 49759 , (Ctrl-click to follow – begin midway, page 49759 second column)   HHS contends that if it keeps a  database  that holds personal information secure,  that is the same a protecting privacy.  SECURITY is not the same as PRIVACY.   If they hold private information, they have already invaded privacy, whether or not it is secure.  In the document on that same page, at the bottom of the third column,  they state they intend to collect all quality data personally identified.  The number of quality measures they are collecting now has gone down because of the protests about the great difficulty for health care providers collecting all of this data and the adverse effects it has on the usability of electronic health records.  However, in other proposed rules, it is clear that the intent is to have more quality measures each year, all automatically loaded into electronic health records. all automatically reported and all personally identified.  This would affect virtually all people who see healthcare providers in the United States.


Why should we be concerned?

We already know that health care information is prized by criminals and that the Federal Government cannot keep data in its databases secure.  We already have  examples of breaches of security clearance data from he Office of Personnel Management (  Ctrl-Click to access the link)  to IRS and possible NSA hacks ( In fairness, the only completely safe database at this time is one that does not exist, which should be the case for this database.  (Added 3-1-2017) Here is  a link about persistent security gaps at HHS.

In addition, we know that the HHS itself often makes the decision to distribute information about its citizens’ health and other matters without their express consent ( .  There are numerous web sites already detailing how information about Medicare and Mediaid recipients can be received without the consent of the recipients.  Many times this data is supposedly de-identified, but we know now that the de-identification methods approved under HIPAA are woefully inadequate in this day of Big Data (    

Data is being obtained from many sources and because of weakness in the HIPAA rules for de-identification of data ,   agencies may not be able to deny FOIA requests for legally de-identified data. This would likely include the data in this HHS database.  As an example of data that was released that will almost certainly be re-identified, see .

Adam Tanner has contended in his book, Our Bodies, Our Data, that longitudinal records are being constructed of our personal health data by enterprising data brokers.  Release of this sort of data being collected will greatly enhance the ability of data brokers and hackers to re-identify data.  This is of concern, not only for individual patients, but for those genetically related to them as the assumption will be that if the index person has a particular problem, so may their relative.

There is some protection against using genetic information for determining health insurance premiums and for employment, but it is not air tight and there is no mention of life insurance or long term care insurance.   It would likely be very difficult to prove if genetic information was used to deny insurance as there is no requirement to inform patients about why insurance was denied or why premiums were higher than usual or to prove it was used to not hire an individual.

Given this database of information, can we ever be sure the information will not be used against anyone by the federal government? Will the information from the screening measure that someone may be depressed be used to deny a security clearance?  Sometimes a screening test for a problem such as dementia, alcohol abuse or depression can be just one question.  If providers are being forced to administer these tests, what protection is there for their patients that the results won’t be used against them?

Even if only summary data is allowed, these quality measures are of concern because some require referral for certain conditions or the provider will risk a penalty.  Referrals, such as to a nutritionist for obesity or to a psychiatrist or psychologist because a depression screen was positive, will probably generate a line item in a claim to justify the referral and another to pay for the referral if it is completed.  It may be a provider would prefer not to refer the patient, but he or she is essentially required to show an intervention that will generate a charge because of the quality measure requirements.

We should be concerned about not only Meaningful Use Reporting but also about reporting for Medicare and Medicaid.

Most providers are not aware that the EHR they are using is submitting sensitive information to HHS nor do they even think to question whether or not the federal government should be collecting this information. If they knew, I think they would be outraged as most physicians do care very deeply about protecting their patients’ privacy. Although the legislation set out the overall plan for this program to promote adoption and use of EHRs, it is HHS that wrote the regulations to enforce the legislation.

HHS should also not be collecting  this personal information  about the elderly, disabled and poor as part of the PQRS program just because they administer the Medicare and Medicaid program.  Administering a Health Insurance Program should not mean that the government has a right to collect such extensive, very personal information about its citizens. It is enough of an invasion of privacy that they have claims data.

What can you do about this?

Please call or write your Representative and Senators and Tom Price, MD, head of HHS, to protest the collection of QRDA I reports by HHS and ask that they only allow QRDA III reports. Here is a link to help you find the address and telephone number of your Representative or Senators

HHS Secretary
HHS Office of the Secretary
E-mail Address:
Phone Number:


Nancy Anthracite, MD

Addendum:  4/6/2018

The recent uproar over Facebook has shifted some focus to the aggregation of data that has been without much notice for years.  This story talks about Facebook planning to take deidentified hospital data and matching it up to Facebook users is one that has apparently be thwarted but is just the sort of thing that is done with supposedly deidentified data that meets the HIPAA standard for deidentification but can be easily reidentified by matching up data bits of data from multiple sources to reidentify it.   I am sure these patients would not  have any say in whether or not their supposedly deidentified data was shared much as people have no say on what data is sent to HHS about quality measures and what data from those submissions HHS will share, also supposedly deidentified.

Addendum:  9/22/2018

I am very pleased that the MedChi, the state medical society of the state of Maryland, has passed the following resolution in favor of patient privacy.  This resolution will be presented at a national meeting of the American Medical Association in an effort to get their support to help protect patient privacy by stopping the submission of personally identified information for  quality measure reporting.

Resolved that, to protect patient privacy, MedChi submit a resolution to the American Medical Association to establish regulation and/or legislation that all quality measure data should only be collected in summary format with no personally identified information included.

Addendum: 3/20/2019

An editorial in JAMA pointed out all of the problems with the quality measures for the physicians MIPS program, which is essentially the same as the Meaningful Use quality measure reporting.  54 of 86 quality measures (62.8%) were considered invalid or of uncertain validity.  I am convinced that not only is reporting these measures an invasion of patient privacy, it is a major part of the reason so many physicians hate their electronic health records because they are focused on satisfying the quality measure reporting rather than taking care of the issues the patient has.

The article can be viewed free of charge here:

Adendum: 6/6/2023

As has been explained in this section, HIPAA deidentification has been inadequate since the date the standard was enacted, but with the advent of the latest AI releases, reidentifying it is likely to be done very easily.  Please see this link.

Nancy Anthracite