Wednesday, August 6, 2014

No On 46: A Threat to my Privacy

A while back, I was asked to like a Facebook page, No On 46. Being that I live in California, I figured some friends of mine felt it might apply to me and thought I might be interested in what the Political Organization behind this page had to say.  Not one to blindly follow, I began some research.  

Of course, it was easy to find the “No On 46” info because it was connected to their Facebook Page. If you go to NoOn46.com, you can easily navigate their site to “Get the Facts,” see what’s “In the News,” and find ways to “Take Action.”

My eyes were drawn immediately to “Threats to Personal Privacy,” which can be found here, under Get the Facts. Being that I work in high tech, I am constantly questioning how my use of tech devices, social media, and cellular technology impacts my right to privacy...it's often a question that our customers ask and so it is an answer that I grapple with daily.

I wanted to begin with a fair investigation. So, instead of presenting the information I found on No On 46's website, I will share the info I have discovered on the State of California's Department of Justice website (here):
The Department of Justice (DOJ) limits access and dissemination of this information to licensed prescribers, licensed pharmacists, law enforcement personnel, and regulatory board personnel strictly for patient care or official investigatory/regulatory purposes.
This sounds great, right? It even goes on to say, hey, we have to follow HIPPA regulations. However, a deeper dive into Lewis v The Superior Court of the State of California, we can see that, we, as patients, 
...do not have a reasonable expectation of privacy in their prescription records vis-a-vis the Board's limited data in CURES, and such access does not amount to conduct constituting a serious invasion of privacy...
AND
the government may see and use information covered by the right to privacy if it can show that its use of the information would advance a legitimate state interest... [use of bold is mine]

So what does this mean? The CURES database even as it exists today does not protect our information from being used by the Department of Justice or any branch of the government for that matter despite our assumption that our medical information is protected by HIPPA.

We have a diminished expectation of privacy. Because of CURES.

CURES is currently a voluntary database, of which a small group of doctors are using. It is voluntary for doctors to use it EVEN after January 1, 2016, once they are all required to register to use it (this was enacted last year in Senate Bill 809).

Why would I agree to this mandatory reporting?

What is at risk... and I agree having found this on the NoOn46.com site...
The ballot measure contains no provisions and no funding to upgrade the database with increased security standards to protect personal prescription information from government intrusion, hacking, theft or improper access by non-medical professionals.
Am I saying that this is not a worth while venture? Am I a vicious liberal who is putting my own privacy above the value of the lives of those lost because of doctor shopping and a lack of accountability for how to dispense addictive drugs to patients?

No. What I am saying is there has to be a thoughtful conversation about a law that can do just that-- add accountability-- while protecting the general population. We cannot remove our doctors' ability to practice discretion. We cannot remove our doctors' ability to exercise compassion. We cannot allow mandatory reporting of medical information that can be used at the discretion of the state for ANY STATE INTEREST. We cannot use our fear of pill popping drug addicts to drive our desire for fair laws.

I have discovered through my investigation that there are many other reasons why Prop 46 is not the right way to enact the laws and protection that we crave.

But this? The threat to our privacy? Is what has motivated me to share my perspective on why I'm No On 46.

6 comments:

  1. Boy, that is a hodgepodge investigation and piecing together of specific bits and pieces of information to come to a conclusion you clearly wanted to come to!

    First, let me ask you, do you even know what data is included in a CURES report? Do you think it has a patient’s medical history? Financial Data? Did you research to see that it only includes the patient’s, doctor’s and pharmacy names, date of birth as well as the name of the prescription and strength? Do you also know that the CURES Database only records Schedule II through IV drugs (mostly pain relieving narcotics and opioids)…not every prescription a patient takes is recorded in the database? Examples of Schedule II drugs include: Ritalin, Methadone and Morphine. Some Schedule III drugs include: Vicodin, Katamine and Anabolic steroids. Valium, Ambien and Clonazepam are examples of Schedule IV drugs.

    Further, the “privacy” issues you bring up aren’t changed with Prop 46, so “privacy” issues have nothing to do with Prop 46. If you have issues with the privacy issues of the CURES Database, you need to take that up with the legislature. Prop 46 only requires its use by doctors; it does not change its structure. Even if the CURES Database didn’t exist, law enforcement and other drug related industries have the lawful right to access controlled substance prescription information in order to keep the public safe.

    It has long been known that prescriptions for narcotics are heavily controlled and supervised…the CURES database has been recording them since 1940…that’s 74 years! And you’re complaining about “privacy" now?? LOL

    The lawsuit you attempted to quote clearly states:

    A REASONABLE PATIENT FILLING A PRESCRIPTION FOR A CONTROLLED SUBSTANCE KNOWS OR SHOULD KNOW THAT THE STATE, WHICH PROHIBITS THE DISTRIBUTION AND USE OF SUCH DRUGS WITHOUT A PRESCRIPTION, WILL MONITOR THE FLOW OF THESE DRUGS FROM PHARMACIES TO PATIENTS.

    THIS WELL-KNOWN AND LONG-ESTABLISHED REGULATORY HISTORY SIGNIFICANTLY DIMINISHES ANY REASONABLE EXPECTATION OF PRIVACY AGAINST THE RELEASE OF CONTROLLED SUBSTANCES PRESCRIPTION RECORDS TO THE STATE, LOCAL, OR FEDERAL AGENCIES FOR PURPOSES OF CRIMINAL, CIVIL OR DISCIPLINARY INVESTIGATIONS.

    The Legislature has determined that CURES may be accessed as a tool to monitor abuse and diversion of controlled substances. [Delays] the legislative purpose of CURES. One of the real-time benefits of access to CURES is to permit a physician, who is authorized to prescribe or dispense a controlled substance, to instantly look up a new patient’s controlled substances history to determine whether the patient legitimately needs pain medicine or is “doctor shopping.” Real-time access to CURES also protects patients from incompetent and unprofessional doctors.

    Balancing the state’s substantial interest in preventing the abuse and diversion of controlled substances and protecting the public health against the minor intrusion upon a patient’s informational…we conclude the Board’s actions here in accessing and compiling data from CURES did not violate [the] Constitution.

    THERE ARE SUFFICIENT SAFEGUARDS IN THE CURES STATUTE AND OTHER REGULATORY DUTIES TO PROTECT PATIENTS’ INFORMATIONAL PRIVACY AND CONFIDENTIALITY FROM UNWARRANTED PUBLIC DISCLOSURE AND UNFETTERED ACCESS TO CURES DATA. THUS, WE CONCLUDE THE BOARD’S ACCESS TO CURES WHILE INVESTIGATING A CONSUMER COMPLAINT AGAINST LEWIS THAT WAS UNRELATED TO HIS PRESCRIPTION PRACTICES DID NOT VIOLATE HIS PATIENTS’ STATE CONSTITUTIONAL RIGHT TO PRIVACY IN THEIR CONTROLLED SUBSTANCES PRESCRIPTION RECORDS. ACCORDINGLY, THE TRIAL COURT DID NOT ERR IN DENYING LEWIS’S PETITION TO SET ASIDE THE BOARD’S DISCIPLINARY ACTION AGAINST HIM.

    ReplyDelete
    Replies
    1. Hi Eric. Yes, I am well aware of what information is in the CURES database. It includes, among other things, a patient’s name, date of birth and prescription info for schedule II, III and IV drugs – data that can not only pinpoint the identity of a patient, but also what medical conditions they may have. Anyone who knows anything about medicines knows that you can tell a LOT about a person’s health by the medicines they’re taking. Ask a cancer or HIV patient. Or ask me – the mother of a son with attention issues. What public benefit is being met by having an 11 year old’s ADHD meds in a state-run database that is already vulnerable to breach?



      Every day there is another case of databases – those run by governments as well as those run by private corporations with MUCH more technical knowledge than California’s Department of Justice – getting hacked. EVERY. SINGLE. DAY. I work in high tech. I am well aware of the risks of massive amounts of very personal data floating around the internet. CURES is already unwieldy. The DOJ has admitted as such.



      Yet Prop 46 will force more inquiries into an already slow, hackable, state-run system that is understaffed and underfunded. And yes, I am aware that there was more funding provided to CURES last year but that wasn’t to fulfill the requirements of Prop 46. It was only to make sure doctors could even register for CURES. It did nothing to make sure the system can actually be used (as mandated in Prop 46) and it sure as heck didn’t provide enough funding to deploy the kind of data security strategies that are needed in this day and age to protect that data from theft, hacking, etc.



      And even with all of that, the LAO has acknowledged the upgrades needed just to get doctors registered for CURES (not even to get them using it as Prop 46 would mandate!) won’t be ready until sometime in the second half of next year. So when, on the day after the election THIS YEAR and Prop 46 (if it passes) goes into effect, my son is given a script for medicines that help him learn in school and his doctor isn’t registered or can’t access CURES or my pharmacists gets kicked out because the system itself is that bad, my son won’t be able to get his medicines. That is absolutely unacceptable.



      (As an aside, I find it incredibly ironic that you suggest I take my problems with CURES up with the legislature. You mean like the proponents of Prop 46 did with doctor drug testing? Oh right, they didn’t do that. But that’s an issue for another post.)

      Delete
  2. But who do you think wants that kind of information?? Why would anyone care what pain medications you're on and how are people outside of law enforcement, medical boards or the judicial system going to get it??

    It's easy to answer your question about public benefit: it prevents doctor shoppers and addicts from being able to get illegal prescriptions! Ritalin for instance is highly abused by teenagers for its stimulant effect. http://abcnews.go.com/GMA/story?id=125327

    Our legislature in 2013 granted $1.9 million immediately and $1.3 million per year thereafter to upgrade CURES and keep it running safely, and it will be fully functional by the time that Prop 46 passes. Even if you want to believe the LAO report, summer of 2015 is only 6 months after Prop 46 will have passed! The LAO doesn't state where he got that information, so why do you believe it blindly? He has already revised his report once because he got it wrong!

    Your son’s prescription is in the database to make sure that it's not being abused. I'm not sure why you’d be concerned about that unless your part of a ring of drug abusers and fear the DEA or law enforcement looking into your son's records.

    As for your son’s prescription the day after Prop 46 goes into effect: Prop 46 only requires doctors to submit NEW prescriptions for patients, not prescriptions they’re already getting. No one is going to be denied medications they need if there by some remote chance happens to be a computer glitch. It’s silly to even think that. As a computer person you should know that there are safeguards in place when computer systems fail. If I go to Walgreens to get a prescription filled and their computer system is down, they’re not going to deny me my medication! I recently had a glitch on a prescription when I switched over to the Affordable Care Act. My pharmacist gave me my medications, which were extremely necessary, even though the insurance was denying it.

    Why should the proponents of Prop 46 take drug testing up with the legislature?? Boy, you are really well versed in the opponent propaganda! There actually were meetings with both the legislature and the California Medical Association to discuss all the aspects of the Troy and Alana Pack Patient Safety Act and the CMA walked out of them…wouldn’t even listen. You can bet that we talked to LOTS of legislators about each and every portion of the proposition before it made it on the ballot. I personally was sent to speak to 8 legislators in my area, and other victims and family members did the same in other areas of California. So you don’t know what you’re talking about.

    Have to do this in two posts since you have such a short limit here.

    ReplyDelete
    Replies
    1. I won't tolerate personal attacks on me or my children. (And no, neither I nor my 11 year old are "part of a ring of drug abusers," thankyouverymuch.) I present my opinions here backed up by facts. Your attacking me won't change my mind.

      Delete
    2. I didn't attack you...it was an example! LOL

      Delete
  3. EVERY database in the world has the capability of being hacked. Are you saying that we should disband all databases? Should we not have a database of sex offenders to protect the public from them? Should we not keep track of terrorists? Murderers? Thieves? Do you think law enforcement should just keep those names and contact information in their heads so as to not have problems with database security? Should we not keep track of California Drivers, or birth and death records? Those are all in online databases and have far more potent information than the CURES database!

    The CURES Database has extremely high security protocols in place:

    The CURES database will be accessible only to authorized medical regulatory boards, law enforcement agencies with active criminal cases, pharmacies and medical practitioners. The California Department of Justice data center, where the CURES database will reside, meets some of the most stringent security and privacy standards established by the Governors Office and mandated by the Healthcare Insurance Portability and Accountability Act or HIPAA. Highlights include:

    • State-of-the-art secure data center with automated redundant control systems, including power, air conditioning and communication for data recovery and backup.

    • Compliance with latest federal security and encryption standards.

    • 24x7 real-time monitoring and protection of the CURES database using refined intrusion detection and prevention tools.

    • Sophisticated redundant network firewalls with real-time network traffic analysis.

    • Advanced encryption of all confidential CURES data both in storage and in transmission for maximum data protection.

    • Automated authentication and authorization systems restricting access only to authorized individuals.

    • Complete logging of all CURES database access and transactions for auditing and traceability.

    • Comprehensive disaster recovery plans and technology to protect CURES in the event of a catastrophic event.

    ReplyDelete