difference was the stage with the privacy section. what happened was initially we had a separate section that was a bit too encompass the civil liberties and we did that not only as we have heard as a key part of the executive order but that the stake holders passed for going back to the questions february 2013 people identified as civil liberties and specifically for this effort with the privacy and civil liberties considerations building strong cybersecurity programs? id at the session's leading up to that we had a panel at the last workshop with my colleague with harriet

pearson it was about the topic what we did for the final version instead of separate attendance stakeholders from the private and business communities given that mandate it would be better if this was clearly about their privacy considerations . . "washington journal"

continues. host: joining us from austin, texas is dr. deborah peel, founder and chairman of the board of a group called patient privacy. what is that group? guest: we are fighting to put americans back in control of their health information. we cannot control it anymore. callerhost: what does that mean? guest: i have been a physician

for a long time. that's why i found it patient privacy rights. vacuum the agent age of paper, before any information about you was moved from one doctor to another, you had to be asked your permission to send the information. today, with the new technology system, electronic health records, health information exchanges, everyone else, everyone that holds their data controls it and moves it. we don't know where it goes. that -- ofve a chain custody and we cannot prevent their information from flowing to thousands, literally thousands of users and data sellers. the problem is health aid in the digital age is the most valuable information about you, anything about your health.

patient privacy rights aims to put everybody back in control of their own very personal health records. efforts off the long a lot of health-care reform has been the electronic records act. is this something you do not support? o, we actually do support technology. the problem is, they are putting in the wrong kind. technology could give each of us the kind of control we want over our information. it could work exactly like things did before the electronic age. to a doctor for a broken foot, you did not tell that dr. the same information that you would tell a dr. for your heart or you would not tell a psychiatrist or a mental health professional the same thing you would tell an allergist.

age, we carefully selected what we shared with which physicians. the electronic age and the way the technology we have now works is we cannot select anything. everything is open, every kind of sensitive record is open to people that have no need to see it. damaging to people's trust in doctors when they realize that what they say to one doctor does not stay there. it can get to other people that they would never want or expect to see it. host: you are a psychiatrist? guest: yes, yes. that's where my experience comes from. more than that, freudian psychoanalysis. i work with people and have worked for over 30 years in

long-term treatment. , dealing with your feelings and depression and addiction and child abuse, these are incredibly sensitive issues. no one would talk to me if they thought it was going to be on the internet. that's a deal killer. privacy is absolutely critical to people being able to tell physicians sensitive information that we need to know to help them. that is true not just of psychiatry. it is true of every kind of illness. it is very important to be able to trust that your physician is going to protect your information. today with electronic systems, they cannot. they literally cannot prevent your information from being blown around the world. host: legislatively, what would you like to see done to prevent these electronic medical records from getting out? guest: there is a change that

2002 where it your right to give consent for your information could be disclosed or shared and that was taken out of the hipaa privacy rules. the media did not report it and congress did not notice and the public is not about to read 2000 pages of dense legislative language. nobody knew but those of us who work with people who have sensitive conditions, we were all over that. the first thing that has to happen is your right of consent, your right to control who sees your health information needs to be restored in hipaa. we have strong constitutional rights to privacy and control over our health information. but the technology industry has not paid attention. hospitals, the pharmacies, the

electronic health record vendors , health technology vendors -- all of them use and share our information in ways that we would never agree with. host: from your website, patient you sayhe writes.org, who can use an see your health records, over 4 million businesses including employers, government agencies, insurance companies, billing firms, pharmaceutical companies, pharmacy benefit managers, marketing firms and data miners? records are currently out there for all those people to see? guest: yes, actually they are. the senate is focusing in particular recently on the data brokers. there is a huge hidden industry online of data brokers. the public is just starting to learn about them. collects like axiom

1500 points of data about everyone in the entire united states. there is another company called ims health that is about to sell stock in the filing they sent to the government to be able to sell stock says that they buy our health information, electronic health records, prescriptions, claims data, and they also put in information about our health and social media. they buy this information from 100,000 data suppliers. , covering 780,000 live data feeds and they sell profiles to 5000 clients including the u.s. government. this kind of use of health information, when we cannot even get it, is absolutely appalling.

how can we possibly find out what 100,000 companies are doing with their health information? how can any individual person do that? this complete lack of control of our most sensitive information has to be fixed. it has to be fixed because it is a massive violation of our rights to keep sensitive information private. patient. peel founded rabbits he writes in 2004. what sparked you two found this? how do you protect your own patients information? guest: whoo - well, there are a number of things that caused me to do this. as we have talked about, i practice in one of the most sensitive areas of medicine.

information about peoples minds and bodies, their feelings, their fears, their fantasies -- this information is very sensitive. beginning of my work as a psychiatrist, it was very clear that this information had to be protected. -- and i'm sure your audience knows this -- any kind of mental health diagnosis can ruin your life, frankly. and it does because that gets out to employers. is the situation that recently made so much news when the aol ceo tim armstrong outed families that had distressed families born to them. he stripped away the privacy of that sensitive situation and information and revealed them to the world.

this is the kind of thing that employers -- and the public needs to know this -- employers could get your health information in the paper age. but it was much harder. today, it is incredibly easy for them to get this sensitive information. and we never know. have laws passed, for example, thatan insurer - every time our health information is shared or disclosed or sold, we get notified just like if you do electronic banking. every time there is a transaction, you get an e-mail. we should be notified every time our health information is used and who is using it and why, especially when we cannot control it. we should be able to get all the copies that all of these companies have of our information.

we are the only ones who knows what is right or wrong about our health. it's our health that is at risk. is ifst important thing you cannot trust your physician to keep this information private , it really damages your ability to work with a doctor and get help. americans in eight hides health information or omits it. that's 20-30,000,000 people because they know electronic systems take away privacy. there are millions more that avoid or delay every year treatment for very serious conditions like cancer. avoid earlyle treatment for cancer, putting their lives literally at risk. million,n, another 2

avoid or delay treatment for depression. again, people can die from depression. they can become suicidal and they can kill themselves. this is terrible. treatment for sexually transmitted diseases -- do we really want people not to get treated for those diseases because they are afraid that that information will not stay , so having an electronic record system that reveals everything that -- really causes harm to people. the harm is not just not giving treatment but the worst harm is the violation of the relationship with the doctor. when you are sick, when you are hurting, you need to be able to trust somebody. if that doctor has an electronic record system that sells your data, and many do, then what? who do you trust?

control whole to knows the most sensitive things about you -- that is a human need. that is a human right, to need to be able to decide who knows what about you. that is very important. today's electronic health system completely eliminates our ability to decide who we share things with. and who knows all about us. host: can you choose, as a physician, whether or not you will share patient information and can you choose whether or not to sell patient information? guest: to some degree. for example, some physicians have the ability to choose which electronic health record system they use. others do not if they work for a hospital, for example. many of the major electronic health records systems cell data -- sell data.

many of them, as part of their business practice, sell your data. there are others that don't. that is at least worth asking your doctor. which electronic records system do you have and doesn't sell my data? are you selling my data? you have to ask this of hospitals, two. it depends of a physician has an independent practice. they do not have to even use electronic health records. there are lots of small practitioners and concierge physicians that are sticking with paper, primarily for privacy reasons, to keep people's records private. but the government wants president- this is bush and president obama, both share the same goal. they want each of us to have an electronic health record by this year.

the problem is, most of the electronic health records that are out there to not do anything that we want and that we expect from these systems. they don't allow us or our doctors to hold back any information in violation of the law and in violation of our right to privacy. host: 202 is the area code if you'd like to talk to dr. peel. the first call for dr. peel on patient privacy rights comes from linda in texas. i have to attend the pain clinic because of several painful medical conditions. you are treated like a criminal and your privacy is violated in at least two ways. it is vital in the making you

take a urine test to prove that you're not a drug addict and that you are taking your medications. , they turn over your information to the department of public safety to make sure that you are not shopping for drugs and doctors. they do that by tying together pharmacies instead of turning it over the the department of public safety, the police force. i am very distressed by that. that is a big violation of our constitutional rights. guest: absolutely, i could not agree more. i am a psychiatrist, and adult psychiatrist, i have long worked with people with addictions. addictionalization of and people with chronic pain who made these medicines is an outrage. , in mys no reason opinion, that law enforcement should have databases of everyone who is on a painkiller

or on certain other substances and sotalin for adhd forth as well as certain sensitive hormonal medicines. in these databases that law enforcement has. it should never have worked that way. never. if anything, the information from the pharmacies, if you get a second prescription for a pain payinge, you should be the doctors that prescribe the second medicine, and both doctors should be pinged so you can get together with the doctors and figure out what the problem is. i am outraged as you are. medicinese need these for genuine medical conditions and sometimes, if the medicine does not work, you go to a different doctor to get a prescription.

many people are reluctant to say to their doctor that you prescribe something that does not work so well for me. if there is a second prescription or a second dr., the technology system could connect everyone back together. it would say this is a medical problem. why don't you work it out with these two doctors? there really is no reason for this to be sent to the criminal justice system. i think it's an outrage. it causes people to be afraid to take pain medicine and a causes doctors to be afraid to prescribe them. sorry, these are legitimate and important medicines. i am completely with you about that. the technology, again, could be redesigned. it could keep the information with the people that are actually treating you. here is a tweet --

guest: that's almost true. thes true that many of health insurance companies also sell data. blue cross clue shield sells the data -- maybe 53 million people -- they are not the only ones. yes, you are absolutely right. one of the things that we were to get into the stimulus bill -- there was a technology portion of the 2009 stimulus bill -- if you pay cash for something, some health care treatment, dr. or a medicine, the technology system is supposed to allow you to block that information from going to your health plan. the technology companies have fought this. they say it's too expensive and we cannot do it. they have been stalling ever

since 2009. they say that we cannot revamp the flow of that information. -- revamp the flow of that information. you are supposed to be able to thatevent the flow of information. in practice, systems don't allow that to happen. it is very disturbing. that is a federal right. that's a federal law. we cannot exercise because the technology companies to not want to build in patient protection. ont: we invited dr. peel after tim armstrong made this statement regarding health care costs at his company. ershave had two aol two questions -- should somebody who is fiscally in charge of making sure that value is given

shareholders, that benefits are available to the company, should that person know about distressed babies and know about extraordinary medical or should he or she not be aware of personal situations like this? guest: i believe there should be an absolute ban on employers knowing anything about employee's health, at least as much is possible. it gets difficult and small businesses but it can be done. the only thing relevant to the employer should be is the person doing the job. that's what's relevant. is doingrong of aol this in a really bad way. all, most of your

audience would be surprised to know that pretty much any employer can get your health information whether they are self-insured or not. it's available. it is sold so they can get it. that is incredibly distressing. there are better ways to do this. for example, there are companies that are self-insured like ibm, that put all kinds of firewalls between health information and management. ibm tells everyone -- they announced publicly that our company will never, ever look at your health information. and guess what, they seem to be able to manage the benefits just fine. they let another company do it and they don't look for it it's not necessary to look. the thing that tim armstrong and the rest of the ceos need to look at is what is the real cause of america's health cost? about it for a second, it's pretty simple.

it's not sick people. sick people in europe do not cost what they cost in this country. at ceos should be looking the people who are the drivers, the companies that drive these accepted health costs we have in our nation. i would suggest that probably most people saw the issue in "time magazine" from last year -- stephen brill spent a year or two looking at what is causing the high cost for american health care. he found four things -- costs, hiddenl excess of hospital costs, massively inflated drug costs, high hidden costs for freestanding surgical clinics, and the cost of lobbying for the other three issues in washington. i'm sorry but none of those things are caused by people being sick or having a preemie

baby born. they are not caused by people. the costs are caused by other corporations that have figured out ways to charge outrageous amounts of money for services that can be delivered in much more efficient and cheaper ways throughout the rest of the world. ofare being taken advantage by the health care industry. host:. is another tweet -- what is an roi form? guest: i'm not sure what she means. it usually means return on investment, doesn't it? guesthost: as far as medically? guest: if you give a consent,

you should always be able to take it back. that should be possible. it's very difficult with electronic information and particularly for what is coming statewidey state now, health information exchanges, where different health care providers in your state are going to share your information. that is very difficult to opt in or out of. in some states, you cannot opt out at all. it's a mandate that everyone's information will be exchanged. host: this is a release of information is what roi stands for. guest: oh and the reader was saying she cannot take it back? host: i think she must work in the health care field because signsys once a patient's and electronic release of information, they cannot take it back and she was on to say that i see anything treated forever.

h, in a way, that person is right. what we should have in the future is one place where we set up all the rules of how our information should be shared. words, in order to control our records, we will have to have one location where everyone that wants our information comes to check and see if they can get it. likeould set up rules anytime i am treated in the health-care system, i want a copy of that information to go a copyedical home and for myself to put my own health bank account. i want information about new medicines or allergies to be sent to all of my doctors. in other words, you should be able to set up the rules of how

you typically operate with doctors and hospitals where you let each one no the things that are relevant to the care they give you. for example, when you break a bone, that doctor does not need to know that you are seeing a psychiatrist or that you have marital problems or that you have a sexually transmitted disease. we should be able to set our rules, broad and narrow, about who can see what for which situation in one place. all of the data holders should ife to check with us first what they want the information for does not fit with our rules, we could easily, with technology, the pinged and asked. dr. jones wants to see your latest let test records, is that ok? forcould be pinged exceptions and set up rules for

which research you want to donate your medical information to contribute to. example, if people in your family have diabetes, you might have a broad rule that says i am willing to have my information used for research into the causes and treatment of diabetes but not some other , but not some bone disease. if you follow me, we should be able to set up with our strong constitutional rights to control health information. we should be able to set up rules about how our data is used and we have to have it in one place. think about it -- if there is 100,000 health data suppliers and you have to give consent for everything they do or you have to go to find different hospitals and change your forms

about what can be disclosed, it's impossible to keep up. the data holders will have to turn around and come to us. we have to have the right to control this information. we have to put our control and rules in one place and everyone that wants her information should have to come to us. call is dave in kingman, arizona. caller: how are you doing? three things real fast -- i apologize, we have moved on any to get to your question. i agree with you, dr., for the most part as far as information availability. i disagree on any medication, any and all medication

prescribed by any doctor anywhere. by anyld be seeable doctor. in a psychiatric situation and giving them an upper or down or, because a doctor breaks a bone, they might give them pain medication. then they may get treated by -- diabetes.r host: i think the dr. gets your point. guest: that's important. the reason you should control your prescription records is there are lots of doctors that discriminate against people because they see that they have a medicine for maybe depression. or that they are taking a medicine for addiction. the doctors to

tell us which of our medicines have conflicts. if we have our own complete list of medications, why couldn't we have an app that tells us which medicines might not work together well? why couldn't we know for ourselves and learn for ourselves which medicines might not work together? it's ridiculous. , aredoctors, as you know not even familiar with all of the drug interactions. it is very complicated. there is no reason, if we have our medicine that we cannot find that out ourselves and let doctors now. here is what has happened throughout my career where people were taking sensitive medication. the vast majority of my patients did not want other doctors to know. this is because doctors, like a lot of the public, really have strong feelings about people ith mental illness

addiction or child abuse and the get very nervous and they do not listen to them. i don't treat them as well for their medical condition. people with heart disease -- i am treating you for depression, this is something that is important for your cardiologist to know. sometimes antidepressants can conflict with cardiac medication. really can patients have that knowledge. we don't need to wait for doctors to tell us how medicines work. the information is out there and the technology and the applications for figuring out drug conflicts -- we can look at that ourselves if we have our own information. after all, who cares the most aret whether your medicine contraindicated or don't work together or might hurt you? who cares the most about your health?

i think it's you and me. guest: armand from atlanta, go ahead. glad you are able to be on here today and i appreciate you taking my call. issues. lot of i fell off a two-story shed in a warehouse and it did damage to my mac. it causes me migraine headaches. myfeels like somebody shot rain out of my head with a gun. when i talk about this to these pain doctors, they think i am suicidal and i explained that i am not suicidal. i am only there to get the pain medicine that i need. i don't ask for the shots but they refused to give me the medicine if that -- if i don't take all the medicine they offer. i don't think it's fair they do that. some of this is because of the

other doctors i have had seen. they have given the shots on the don't work and they give me the pain medicine. i know how to take my pain medicine. host: thank you very much. it's true, it's very treat chronic pain. sometimes the doctors are not flexible. there are lots of different ways to treat comic pain -- chronic pain. you need to be offered more than shots or pills. there is also various kinds of yoga, thererapy, are all kinds of other methods to begin to try to bring down the pain. it is really a tough problem. you should have access to a of different kinds of treatment and not be dictated to. host: there is another tweet --

guest: absolutely. peopleow, millions of have access to our records. let me give you a very specific example. i think thesnowden analogy is very apt. it is really a tough in a typical hospital like here in austin, the population is about 2 million people. we have two major hospitals. maybe three. we have a public hospital, a catholic hospital, and then we have a hospital corporation of america hospital. records on most of the 2 million and all of them 5-7000aff, at least doctors and nurses and everyone

of them can see the records of all 2 million people in this area. these are just hospital employees. this does not include insurance notany employees, this does include electronic health records company employees. i also need to tell everyone that a hospital has between 150- 650 different kinds of software that work with your health information. each one of those companies may have the right to use or sell your information. it depends with some the contract. probably millions s who could share millions of records and when we read about reaches of personal information, the most common reaches in this country, the highest frequency, are breaches of health information because it is exposed and stalin because it

is so valuable and has your financial information. it's not a good system. jean is calling from dublin, virginia. go ahead. caller: everything you have been saying about privacy and data i agree with but there is one major flaw in all of this. allowedbalization has sovereignty to become a firewall for these companies. when data has been moved to other countries beyond u.s. sovereignty, there is really nothing you can do about it. guest: that's certainly true about the cloud. sorry, weet, -- i'm would be safer if our data was in europe or in some places in canada. they have much tougher laws that do not permit companies to even collect your data without your

consent. there are other countries that have way tougher privacy laws in line with what americans expect. arkansas, good, morning. what about when somebody goes into the emergency room - [inaudible] drug andt give him a he might be on another drug they don't know about. [inaudible] as a psychiatrist, how do you feel about if you had a cocaine addict as a patient? guest: that's a great question. example of being

unconscious in an emergency room and all your records have to be opened -- as a physician, i ran an emergency room and i guarantee you if you are unconscious in an emergency room, we will pick your pockets and call your mother, we will call anyone we can to get any information about you to save your life. the highest duty of a physician is to save a life. privacy gets pushed aside in that case. but one of the things that is important to understand about somebody unconscious in the emergency room is we should not built a system where everyone's records are open all the time to everyone except to us. . for that rare one and one million cases where you are unconscious, what we need are systems that work for us so that we can protect our information and selectively share it

routinely. that is what most of medicine is about. it is about routine visits that are scheduled where we are awake and conscious and we can decide to share. that is the kind of technology we should have that let each of us make the choices about what is shared. the other thing about the emergency situation is i guarantee you that if you come in their unconscious with no records, we have a protocol. breathe, cardiac -- we know what to do to evaluate how to keep you alive long enough to figure out what is going on. it's very possible when you come in unconscious that you have something that is new that is not in your old records. people forget that records are not everything because your health changes and particularly, there are emergencies. there are new conditions that emerge. they are obviously not in your

old records. that's the point of getting trained in medicine that you diagnose and try to understand things that you don't have all the information about yet. peel is a graduate of the university of texas and the medical rants at galveston. krupa tweets - -i'm a little confused. host: you referred to the fact that medical costs are not because of sick people necessarily. that aaying it's true w