Kaye Beach
April 24, 2013
Almost no one would disagree that our government aided by its corporate partners, has become increasingly intrusive and data hungry. At every turn it seems we are being measured, monitored, tracked or surveyed in some way. (If you are one of those who doesn’t care if you are constantly scrutinized by governments and corporations, you can stop reading now. I have no advice to offer you for your broken survival instinct.)
The level of surveillance of a population that will be achieved is predicated on four simple elements; 1) Money 2) Man power (or technology) 3) Political will 4) public acceptance of the surveillance.
For ordinary citizens who are alarmed about the implications of living in a pervasive surveillance state, element four, public acceptance, is the arena where we live or die and we know it. This is why I want to share with you one example of an ordinary citizen who has taken a stand in that arena.
Until yesterday, Maggie was a full time employee of INTEGRIS Hospital in Grove Oklahoma working in the patient registration department but the addition of a new biometric patient identification system at INTEGRIS has caused her to do some soul searching.
The use of biometrics in health care will likely increase in the coming years as the industry shifts toward electronic medical records and other health information technologies as required under both the American Recovery and Reinvestment Act of 2009 and the Patient Protection and Affordable Care Act of 2010 http://leg2.state.va.us/dls/h&sdocs.nsf/By+Year/HD102010/$file/HD10.pdf
(Backgrounder-Find out what Health Care Reform is really about here)
Biometrics just means measurement of the body and refers to technology that is used to take these measurements and convert them to digital code for the purpose of identification. When it comes to tracking, tracing, surveillance and control of the population, biometric identification is the ultimate tool for control and so we should be especially wary about the collecting of our biometric data.
Maggie is wary and has taken a stand against it. She is suffering the consequences of doing so.
PatientSecure Palm Vein Biometric Identification System
Back in Dec. of 2012 INTEGRIS began installing and started training using the PatientSecure Palm Vein Biometric Identification System in the registration departments. PatientSecure uses infrared light to scan and map the veins in the right palm of patients for identification purposes. When PatientSecure was introduced there was no requirement for employees to enroll patients but according to Maggie, they were encouraged to do so. Before long, pressure by INTEGRIS to enroll all patients into the PatientSecure system mounted as did Maggie’s concerns about the system.
Her objections to performing the biometric enrolment are twofold.
1) Maggie believes that the information given to patients about the benefits of PatientSecure is misleading.
2) Biometrically enrolling patients is a violation of her religious convictions.
I think it is important to point out that while biometric ID is often pitched as the way to irrefutably prove that you are who you say you are but that is not true. Biometrics do not prove your identity. Think about it. The biometric data collected is attributed to the identity documents that a person provides. If those identity documents are fraudulent, the addition of biometrics only reinforces the fraudulent identity. In other words, garbage in, garbage out.
Maggie writes, “We were told to inform patients that enrollment in the system would help prevent identify theft and insurance fraud on their accounts.” Maggie doesn’t think that PatientSecure lives up to it’s own hype.
She is not alone.
PateintSecure – Inflated Claims
Experts in biometric systems have also pointed out that PatientSecure does not prevent identity fraud or theft.
Speaking specifically about Florida’s Baptist Health center’s new patient identification system, (which is PatientSecure, the same system used by Oklahoma’s INTEGRIS) a biometric technology professional points out that the system does not “stop identify theft” as claimed because the system can be easily circumvented at the time of enrollment.
To state the problem simply, PatientSecure uses a type of verification that “will not prevent a duplicate record from being created and opens the door for patients to enroll under multiple identities and commit fraud.”
(Source: M2sysy, ‘Biometric Patient Identification Technology Should Prevent Medical Identity Theft at the Point of Enrollment’ Dec. 18, 2012 http://blog.m2sys.com/comments-on-recent-biometric-news-stories/biometric-patient-identification-technology-should-prevent-medical-identity-theft-at-the-point-of-enrollment/)
A recent article posted at idRADAR, a privacy and identity security specific organization, makes a good point about the overselling of PatientSecure as a tool to prevent identity fraud;
“The palm scanner from PatientSecure has been adopted at numerous hospitals across the country.
As a tool to tackle medical identity theft and the theft of insurance benefits, palm scanner advocates argue that they’re a boost but an inquiring mind can see a number of other issues. What happens if someone has already stolen your medical data and their palm is the one scanned into the system? What would this mean if you had an emergency? Would you be denied care?”
(Source: idRADAR, ‘High Fives or Thumbs Down?’ Jan. 10, 2013 https://idradar.com/news-stories/technology/High-Fives-or-Thumbs-Down%3F)
PatientSecure suggests telling patients that “The next time you come in, you just give us your date of birth, we scan you hand and your record comes right up.” (Source: PatientSecure User Manual For INTEGRIS Health Sep 13, 2012)
But in reality, it doesn’t necessarily work so smoothly. Maggie says that “. . .patients who had previously enrolled would often not properly pull up an account when presenting their palm for scan.”
Informed Consent or Coercive Consent?
Another big concern here is that INTEGRIS does not gain formal consent from patients and employees are not instructed to tell patients, up-front, that the palm scan is optional.
If you are a patient at INTEGRIS your first introduction to PatientSecure will probably go something like this at the registration desk.
Registrar: “I am now going to link you to your medical record. Please make a “5” with your hand and place it on the hand guide with your middle finger between the finger dividers. Move your hand forward till it stops.”
Then you may be told that, “This is our new system to keep you safe by linking you to your medical record and take the best care of you. It will also speed up your registration process.”
And that, “By linking you to your medical record no one can impersonate you. You are protected against identity theft and we can even identify you in an emergency situation” (Source: PatientSecure User Manual For INTEGRIS Health Sep 13, 2012)
You will probably NOT be told that having your hand scanned for PatientSecure is completely optional.
Joel Reidenberg, a data privacy expert and professor at Fordham University Law School recently chided the vice president of NYU medical center for this exact policy omission when using PatientSecure.
. . . unless patients at N.Y.U. seem uncomfortable with the process, Ms. McClellan said, medical registration staff members don’t inform them that they can opt out of photos and scans.
“We don’t have formal consent,” Ms. McClellan said
Professor Reidenberg states that, “If they are not informing patients it is optional then effectively it is coerced consent.”
(Source: The NY Times, ‘When a Palm Reader Knows More Than Your Life Line,’ Nov. 10, 2012 http://www.nytimes.com/2012/11/11/technology/biometric-data-gathering-sets-off-a-privacy-debate.html?_r=1&)
It is coercive because getting medical care is one of those essential human needs and few are going to do anything that might hinder their access to care.
“I reluctantly stuck my hand on the machine. If I demurred, I thought, perhaps I’d be denied medical care”
(Source: The NY Times, ‘When a Palm Reader Knows More Than Your Life Line,’ Nov. 10, 2012 http://www.nytimes.com/2012/11/11/technology/biometric-data-gathering-sets-off-a-privacy-debate.html?_r=1&)
Patients must be informed that providing their biometric data is OPTIONAL! Formal consent is the most ethical way to handle this.
Taking a stand
In the early weeks of INTEGRIS’ use of PatientSecure, Maggie wrestled with her conscience about doing the scans on patients and since it was not required, she avoided doing them. Maggie also felt certain that it was only a matter of time before she would be called to account for the low number of patients she had palm scanned.
Maggie tells me that “After reflecting and praying, I felt compelled to no longer participate in the convincing and enrolling of patients into the biometrics palm vein system. Not only did I feel that I was misleading the patients regarding the benefits of enrolling, I felt that my participation was a violation of my religious and spiritual beliefs.”
At this point Maggie spoke with her boss about her religious objections concerning the biometric scans and asked that she be exempted from enrolling patients in the PatientSecure biometric system. She was asked to produce some documentation regarding her religious beliefs and Maggie complied by provided a letter from Christian Pastor attesting to the sincerity of her religious convictions.
Consequences
Yesterday Maggie got some bad news.
She was asked to meet with her employer and was given a letter informing her that INTEGRIS could not accommodate her request to be exempted from the requirement of biometrically enrolling patients. Instead INTEGRIS offered Maggie only one possible alternative. She could be reassigned to another position and while the pay stayed the same as her current position the job would require a substantial commute with no travel differential allotted.
Now Maggie has to decide whether or not she will accept this position. She is told she may try to find another position with INTEGRIS on her own but otherwise she will be terminated.
Maggie believes that her request for a religious accommodation is a reasonable one. From her perspective the proffered alternative position seems more like punishment due to the drastic difference in travel time and also the hours and duties.
She notes, “It is also still not a “required” job function to use the palm scanners. There are multiple people in my department that have never participated in the use of the palm scanners even though they register patients. It has never been presented to us as official policy that we must use the palm scanners or that their use is a required function of our job.”
Some of us are wise to the dangers of collecting and sharing this data and we are beginning to see a few people, such as Maggie, that refuse to serve as unquestioning collectors and conduits of others’ personal and private information to the government and their corporate partners.
We will never know the stories of the countless people across this country every day that like Maggie, refuse to just go along with what they know to be dangerous and wrong. But they are out there and each act of courage, each stand matters because they add up.
If we think what we do doesn’t matter, that resistance is futile, then we have already lost. We can’t afford that. Too much depends on the courage of each and every one of us.
Maggie is an example of what that courage looks like.
Resistance is the best tool we have in our arsenal to beat back Big Brother.
