You Want a Pervy Professor or a Biosurveillance Firm Having Access to Your Health Records? It’s Coming!

cloud_infrastructureFederal ‘Biosurveillance’ Plan Seeking Direct Access to Americans’ Private Medical Records

May 20, 2014 – 9:58 AM
CNS NEWS By Barbara Hollingsworth
Twila BraseTwila Brase, R.N., co-founder of the Citizens Council for Health Freedom. (CCHF)

( – The federal government is piecing together a sweeping national “biosurveillance” system that will give bureaucrats near real-time access to Americans’ private medical information in the name of national security, according to Twila Brase, a public health nurse and co-founder of the Citizens Council for Health Freedom.The Department of Health and Human Services’ (HHS) Office of the Assistant Secretary for Preparedness and Response is currently seeking public comment on a 52-page draft of the proposed “National Health Security Strategy 2015-2018” (NHSS).

The deadline for comment is 5 pm EST on May 21st. (See Draft National Health Security Strategy 2015-2018.pdf)

“Health situational awareness includes biosurveillance and other health and non-health inputs (e.g., lab/diagnostics, health service utilization, active intelligence, and supply chain information), as well as systems and processes for effective communication among responders and critical health resource monitoring and allocation,” the draft states.

But Brase warns that the NHSS proposal would allow the federal government to monitor an individual’s behavior before, during and after any government-defined health “incident” – which could be anything from a local outbreak of the flu to a terrorist anthrax attack.

“It’s very broad. It doesn’t seem to have any limits, except they say something about, you know, properly protecting the data. But from our perspective, if the government gets access to this kind of data, [and] is allowed to do research with the data…then our privacy has already been compromised. The government has already said that our data is their data for their purposes of national health security,” Brase told

“It’s very clear to us that really the government is moving toward real-time access, toward close collaboration of government and doctors for ready access to the electronic medical record and then to conduct research and analysis.”

“I don’t think they ever mentioned the word merging, but this is a very close connection they want between public health, which is the government, and clinical health, which is your doctor’s office and the hospital, for whatever diseases they choose to have reported,” she added.

Brase noted that the information collected by the government will be “all-encompassing” and include “what our health status is, whether we exercise, how often we get a cold, or what kind of medications we’re taking. They’re also looking at the climate, and the economic condition of the country, as all being a party of this National Health Security Strategy.”

“In other words, anything and everything could become a health threat by the government’s standards,” she said.

According to the draft proposal, NHSS will create “health situational awareness” by “collecting, aggregating and processing data from both traditional and nontraditional sources (such as social media) and from various governmental and nongovernmental stakeholders….Decision-makers will have the capability to visualize and manipulate data from many sources to create an operational picture suited to the specific situation and the decisions before them.”

But Brase warns that the government’s biosurveillance plan is much more intrusive than the data collection currently being done by the Centers for Disease Control and Prevention (CDC).

“We’re of the mind that the Fourth Amendment actually means something, so you can’t access everybody’s patient’s medical record just because you say there is a security threat or just because you say it’s good for the American public,” she told

“But the fact of the matter is that [the Health Insurance Portability and Accountability Act] HIPPA already allows the federal government and the state government and the local government and anyone who is a public health agency to have access to our medical records – identifiable medical records – without our consent. It’s in the HIPPA Privacy Rule, which has the full force and effect of law. But that wasn’t actually put in by Congress. It was put in by the Department of Health and Human Services.” (SeeHIPAAPrivacyRegs_EconomicStimulusChanges.pdf)

One of the dangers, Brase pointed out, is that this vast amount of medical data warehoused in a giant electronic database will only be available to government-approved researchers.

“Now, it could be the entire electronic medical record, it could be that they just have ready access to the electronic medical records because it’s on a state health information exchange, for instance, and if they are one of the partners in the state health information exchange, they can start this data draw.

“One of the things we look at is how research can be done in a way to push policies that we disagree with. They come up with findings that nobody else can validate because nobody else has access to all that data the way the government has, and nobody can ever counter it,” Brase told

According to “National Biosurveillance Science and Technology Roadmap” written last June, “effectively, appropriately, and securely sharing health event data, including parts of electronic patient records and laboratory data, has significant potential to improve national awareness of incidents that could progress to impact national security.”

The NHSS is part of what President Obama called “the first-ever National Strategy for Biosurveillance” which was announced by the White House in July 2012 as “a top national security policy.” (SeeNational_Strategy_for_Biosurveillance_July_2012.pdf)

Twila Brase, Rand Paul

Twila Brase (right)  with Sen. Rand Paul (R-Ken.) in Washington in 2012. (CCHF)

Biosurveillance is defined as “the process of active data-gathering with appropriate analysis and interpretation of biosphere data that might relate to disease activity and threats to human or animal health – whether infectious, toxic, metabolic, or otherwise, and regardless of intentional or natural origin – in order to achieve early warning of health threats, early detection of health events, and overall situational awareness of disease activity.”

“Extending electronic reporting of health information, including laboratory results, to public health serves as an example of rapidly communicating useful information….Routine, daily use of such capabilities may be leveraged to address critical requirements in the context of an emergency,” the White House document said.

Brase pointed out that much of the architecture for the government’s biosurveillance plan is already in place.

“The Obama administration in the [American] Recovery and Reinvestment Act [of 2009] forces every doctor to have interoperable electronic medical records by January 1, 2015 or face penalties from Medicare, financial reductions in their payments. So that’s one thing that’s happening,” she told

“A second thing that’s happening is that the federal government has been funding the creation of state health information exchanges (HIEs) with the purpose of creating a national health information network. And they’re interoperable, which means they’re accessible to government and others, because they have to follow certain protocols and data standards that the government sets. So that’s another thing that’s happening.

“And the third thing that’s happening is that the health plans often require, may require with their contracts with doctors, that they submit their bills electronically. So all this is forcing everybody’s medical records online,” she explained.

“It’s not clear exactly how the federal government plans to get access” to these online records, Brase said, but it could include requiring health insurers to send all claims data to the government, forcing state insurance exchanges to open a special portal specifically for federal bureaucrats, or demanding that hospitals and clinics report directly to the feds.

“Is this a juggernaut that’s unstoppable at this point” asked Brase.

“It is not unstoppable,” she replied. “HIPPA is a data-sharing law. It has noting to do with privacy. HIPPA and the HITECH Act (part of the 2009 stimulus bill) together already allow 2.2 million entities to have legal access to your private medical records without your consent, and that is a federal number in the 2010 federal regulation.”

Those entities include hospitals, pharmacies, physicians’ offices, diagnostic imaging centers, medical equipment suppliers, home health services, outpatient care centers, health insurers, third-party administrators and any of their business associates.

“But the one thing that HIPPA says is that if the states create a stronger privacy law, then  everyone in that state must conform. Minnesota and Iowaare two of the states that have stronger privacy laws with more restrictions on access. And every state could do that and make it difficult for the federal government to implement this entire thing.

“For instance, they’d have to get your consent before they put you in a health information exchange. They could require consent for any kind of public health purpose, and therefore challenge the federal government to tell them exactly where the federal government thinks they have a right to gather all this information for public health purposes,” Brase told “There’s all sorts of things states could do if they had a mind to do it.”

“I think people are worried about things like HIV or something stigmatizing or embarrassing. But they should be very concerned about the fact that this is really a sweeping strategy to oversee your entire life with the intention of keeping you, and making you keep yourself, healthy,” she continued.

“And that is a government that is too big. That is a government that says you have no freedom, because if you are not free from surveillance, you are not free.” is not funded by the government like NPR. is not funded by the government like PBS. 

Under Draft Bill, ‘Authorized Users’ Would Get ‘Complete Access’ to Patient Health Records

March 23, 2015 – 4:38 PM
By Barbara HollingsworthRep. Michael Burgess

Rep. Michael Burgess (R-TX) (AP photo)

( –  Rep. Michael Burgess (R-TX) has drafted “interoperability” legislation that would require private electronic healthcare record (EHR) companies to provide unrestricted, one-stop access to patient medical records. Burgess, a physician, released a draft version of his bill on March 9 to solicit comments by March 13.

It would give “authorized users access to the entirety of a patient’s data from any and all qualified electronic health records (EHR) without restriction” – including “complete access” to health data “in one location, without the need for multiple interfaces (such as sign on systems).”

“Authorized users” include government officials, academic researchers, insurance companies and others besides health care providers.

Under his proposal, the secretary of Health and Human Services would establish a “Charter Organization” made up of representatives of standards development groups, health care providers, electronic record-keeping companies, insurers and group plans appointed by Congress to propose new interoperability rules.

The draft provides “incentives” for practitioners and hospitals that comply, and “penalties” for those who do not, including the loss of federal certification. The HHS secretary would also be required to report “any barriers that are preventing widespread interoperability” to Congress and document “specific steps” taken to overcome the barriers by July 1, 2016.

Although granting widespread accessibility to millions and millions of confidential medical records is supposed to guarantee better patient care and lower costs, there are fears that it would have negative consequences.

Twila Brase, president of the Citizen’s Council for Health Freedom (CCHF), pointed out that Burgess’ interoperability proposal would not only turn private EHR companies into public utilities, it would also eliminate the last remaining vestiges of patient privacy.

“All these electronic health records are now being used across the country, but they aren’t connected. They are proprietary systems owned by private companies,” Brase told “The fact that they can’t all talk together is our only protection against the broad, sweeping data sharing that Rep. Burgess appears to be looking for.

“Once that is mandated, we will have a national medical records system, and no patient consent over how their data is used, who sees it, or what’s done with it,” she said.

Under the HITECH Act, part of the 2009 stimulus bill, every health care provider reimbursed by Medicare was required to switch to an EHR system by January 1, 2015. The government spent $30 billion to help them implement the switch. But the law did not require that the EHRs be linked together.

“Because HITECH was the foundation of Obamacare, they had to get that in place first. So if this [bill] would pass, they would be strengthening the foundation upon which Obamacare, or any other national healthcare system, is created. If you create a national healthcare data system, you are well are your way to a national healthcare system because you give all sorts of outsiders control over what happens in the privacy of the exam room. It’s no longer private,” Brase told

HITECH also gave 2.2 million non-government entities access to patients’ health records – without their consent – under the Health Insurance Portability and Accountability Act of 1996 (HIPPA).

“The purpose of HIPPA was that it would allow the broad sharing of data. But they attached the word privacy to it, we believe, as a way to convince or deceive the American public that they have privacy when actually all their privacy was being taken away,” Brase said.

“HIPPA has nothing to do with privacy and everything to do with opening up our medical records and getting us to the point where we have a national medical records system where our data is shared without our consent broadly nationwide,” she added.

Brase says that typical “HIPPA hassles” – when the pharmacist tells you to stand back 10 feet so you don’t overhear the previous customer’s prescription, or when the hospital won’t tell you that a family member has been admitted – are “meant to convince you that you have privacy, but the whole thing is a farce.

“What people really care about is where the details of their lives – their medical conditions, their behaviors, their fears, their thoughts – go. There’s no privacy there,” she told

“People have to see the truth about HIPPA. There’s no privacy….Whether you sign the form or you don’t sign the form, they can continue to share the data. The form, in our opinion, was simply meant to convince people that they have privacy, and it has been very successful. It’s called the HIPPA Privacy Form, people sign it, people tell me that ‘my data is between me and my doctor.’

And I tell them ‘you have not read it. What you’re saying is that you’ve received a notice of privacy practices, which is really a notice of disclosure practices, which really tells you how little privacy you have.’ But most people just take those words ‘privacy form’ and believe them.”

Brase noted that the inability of many EHR companies to share data is the only thing protecting patient privacy today.

“And so if you lose the obstructions of today and you have nationwide widespread interoperability, then all privacy is gone and everybody essentially owns your data except you. Because acknowledging someone’s ownership means you have to ask them [for their] consent. And neither HIPPA nor HITECH have consent requirements.

“And Rep. Burgess may be under the same deception of what HIPPA is and therefore doesn’t know that the only way that he should even try to move forward into interoperability, if we even wanted to go there, would be to require informed written patient consent – with no coercion, completely voluntary,” she added

The main purpose of linking all patient records together is to “implement a national healthcare system,” she added. “That’s the whole purpose here. They needed it for Obamacare. Without HITECH and the EHR mandate, there would be no way to implement everything that is in Obamacare because there would be no data and payment systems that can be controlled at the federal level. Once you have everything electronic, it can all be changed.”

“And the funny thing, of course, is that when the Obama administration put this into law, they didn’t force the issue. They just wanted to get it all up and running. And now the Republicans are trying to force the issue to make what Obama started into a reality

“So here we have an opportunity to stop what President Obama planned, and yet we’re seeing Congress decide we’ve spent all this money, so we should actually make it work. I don’t know if members of Congress don’t actually see what is happening here, but the national medical records system is essential to the controls needed for a national healthcare system.

“So Rep. Burgess’ interoperability bill will lead us towards a more fully functioning national healthcare system. Somehow I think that’s not where a substantial number of members of Congress want to go.”

Brase also pointed out that “he who holds the data makes the rules.”

“When you have no control over who has access to your medical records, including in the future your genetic information, all sorts of assessments can be made on you,” the former emergency room nurse told

“You won’t ever be able to have a fresh second opinion from somebody who has never seen you before. Whatever one doctor said about you, every doctor, every nurse, every authorized user will be able to see even if it was a biased opinion.

“There are health plans that want access to all the data on the patients and the doctors to create treatment protocols so they can then say they have science to back them up. But those will be restrictive protocols, telling the doctors how to practice medicine,” Brase predicted.

“So for instance, if you had some mental health issue, if you had a sexually transmitted disease or a cancer you didn’t want anybody to know about, there just would be nowhere to hide because all your health data, including your behaviors and your thoughts and whatever somebody else chooses to put in the system, will all be on the grid. It will completely eliminate privacy forever.”

Paper medical records, on the other hand, are hard to access and even harder to share, she pointed out. “But when it’s electronic, all you have to do is sit at a computer wherever you are in the hospital, in the clinic system. And if you have a ‘need to know,’ or even if you don’t and you’re just gonna risk it, it’s available.”

Brase says it hard for an individual to do anything about maintaining their medical privacy short of paying cash to a physician who maintains paper records that stay in his office. But states have more leeway.

“States under HIPPA can pass a real privacy law, so they could actually prohibit anybody from sharing data or letting data out of the state’s health information exchange without express patient consent. Legislators could actually do that because HIPPA says that stronger privacy protections rule the day and have to be followed.

“So people can talk to their state legislators and say: ‘Hey, give me my privacy back.’”

Related: Health Care Group Offers ‘7 Reasons Not to Enroll’ in Obamacare

Related: Federal ‘Biosurveillance’ Plan Seeking Direct Access to Americans’ Private Medical Records