Your Privacy and Offshore Outsourcing

An anonymous reader sends in a link to this story about medical transcription work and patient privacy. You probably recall the original story (from around October 2003), but the Chronicle here does a great job of tracing the entire chain of sub-sub-sub-sub-sub-contracting.

Transcriptionist

[students]

All docters should have their computers transcribe their dictations like my father does.

Re:Transcriptionist

[mandalayx]

All docters should have their computers transcribe their dictations like my father does.

Well, hope God helps you when you get "an a cute case of men in vaginas".

Seriously, I haven't seen any natural-language software reach the point where I would trust it with medical information. I would rather get the right treatment than someone fucking up my patient records...

Not to mention the cost of a doctor having to sit down and error-check afterwards, etc. If you look at a doctor making $100/hr (hey, they went to 7+ years of school, residency, internship, etc) that would add even more to the current cost of health care.

On an unrelated note, my uncle (who is a doctor), works in the ER. He says that because persons on Medicare don't pay for amublance rides, he sees people in the ER who have cuts on their fingers, minor abrasions, etc, who have their ambulance rides paid for by us, the public. And considering one of my friends got billed $1000+ for a recent ambulance ride, I think we're getting screwed.

Re:Transcriptionist

[SillyNickName4me]

I have been doing technical support for IBMs dictation software for a while in 1996-97 and a substantial part of our customers back then were doctors and lawyers. Both used special purpose dictionaries and reported that it worked quite well. I would be really surprised if this has gotten worse in the last few years.

Things like medical transcriptions are a lot easier then general purpose transcriptions for a computer and can be a lot more accurate due to more specialized and limited dictionaries.

Re:Transcriptionist

[tongue]

Seriously, I haven't seen any natural-language software reach the point where I would trust it with medical information. I would rather get the right treatment than someone fucking up my patient records...


Actually, I used to write medical software that had an autotranscription component using Dragon's software, and given a medical dictionary to select from and a proper training cycle, it was incredibly effective. The physician or a designated individual still had to approve the report, but very rarely were there any problems with transcription (we tracked corrections through the system so we'd know how effective it was, and after a proper training cycle it was better than 96% effective.)

on the subject of the cost of healthcare, doctors using our system loved it specifically because it allowed them to accomplish more work (for a lot of reasons, not just the Dragon software) in the same period of time, which helped the hospital keep costs down. Did that drive down medical costs for everyone? of course not--but not because things were more expensive. Face it, people are greedy. Insurance companies never cut rates, nor do doctors start working for less money. hospitals won't start charging appropriate costs back to the patients until they're forced to through legislation (which should be accompanied by a national healthcare system or a system to provide insurance coverage to the 40 million of us without it, to keep hospitals in business.)

Re:Transcriptionist

[timeOday]

Not to mention the cost of a doctor having to sit down and error-check afterwards, etc.

Are you saying doctors don't proofread their dictation? I agree leaving it to computers is bad, but a low-paid transcriptionist (who might not even speak english) doesn't sound real great either.

If you look at a doctor making $100/hr (hey, they went to 7+ years of school, residency, internship, etc)

The Doctors' Union (AMA) restricting medical school availability and enrollment doesn't hurt either.

Re:Transcriptionist

Just outsource the doctors. Medical procedures and surgeries are an order of magnitude cheaper in countries like Thailand and India even including travel costs. Doctors in these countries are just as qualified as American doctors, and since you would be going to a private hospital you will probably get better treatment than what would be available to you in the US(unless you are wealthy).

the point to be made here

[mandalayx]

Before we get to all the anti-India comments, here is the crux of the problem:

"The problem is not that they're in India," said Chris Hoofnagle, associate director of the Electronic Privacy Information Center in Washington. "The problem is that American laws are not going to be enforced in India."

Does anyone have a free-market solution to this? I would hate to see Democrats legislate this to hell. IMHO overlegislation will solve 1 problem but cause another...

But while the above point is interesting, it's somewhat irrelevant to this case: the breach of contract occured in the US:

A Transcription Stat worker, Dennis Centore, quickly traced the files to a batch of notes that had been subcontracted to a woman in Florida named Sonya Newburn, who typically handled as many as 30 files on individual UCSF patients every day.

"She was quiet until I mentioned Tom Spires," Centore recalled. "Then she said, 'Oh my God,' and said that she had contracted for Tom to do the work."

Neither Transcription Stat nor UCSF knew that Newburn was subcontracting. The outsourcing chain was supposed to end with her, as per Newburn's contract with the Sausalito firm.

Basically, while the article brings up the interesting concept of what offshoring information can do, this particular case of offshoring is really not the greatest example, since the breach of contract occured in the US. And yet we have sensationalist newspapers like the Chronicle and opportunistic politicians who call themselves privacy advocates; the current state of affairs is fucked. The comment leads me to believe that he didn't even RTFA:

"We've reached the point where American companies ship personal information outside the country and tell customers to check their privacy at the shore," said Rep. Edward Markey, D-Mass., one of the leading privacy advocates on Capitol Hill.

Re:the point to be made here

That's true of course, but the information was still held hostage by someone who didn't own it, in fact had no right to have it, in another country.

Which is the real point of outsourcing I think. The advantage of cheaper labor is something of a smokescreen. I think it's popularity stems from the diffusion of responsability, and the complications of getting information, and enforcing practices in other countries.

She can go in an say, but I didn't know. I was swamped with work, people deserve to have this thing done, Tom was highly recommended and trustworthy, I can't be blamed for holding information hostage! I'm a good person I never have and never would do that. This other sort of innocuous thing is my fault, and I am SOOOO SORRY.

If we put in a type of liability where the ends don't justify the means, but the means are responsible for the whole end, at every point of failure that by passed the normal protections like bankruptcy and incorporation, it would probably stop, with all business in the US.

Re:the point to be made here

[mandalayx]

She can go in an say, but I didn't know. I was swamped with work, people deserve to have this thing done, Tom was highly recommended and trustworthy, I can't be blamed for holding information hostage! I'm a good person I never have and never would do that. This other sort of innocuous thing is my fault, and I am SOOOO SORRY.

If we put in a type of liability where the ends don't justify the means, but the means are responsible for the whole end, at every point of failure that by passed the normal protections like bankruptcy and incorporation, it would probably stop, with all business in the US.

What you seem to be proposing is some kind of contractural obligation not to outsource to another country.

Fine.

But in the article, the author cites that "The outsourcing chain was supposed to end with her, as per Newburn's contract with the Sausalito firm."

So actually, a protection beyond and above what you proposed was already stipulated in contract.

But sadly, I do see this bitch saying I am SOOOO SORRY and that argument. So you do have a point.

Re:the point to be made here

[pavon]

Does anyone have a free-market solution to this?
Yes, simply make the US companies (and government departments) truely responsible (ie their ass is on the line) for protecting this information. If the cost of failure is higher than other savings, then they themselves will implement strict requirements, and will only want to contract out to groups who have proven themselves to be trustworthy.

Re:the point to be made here

[YU+Nicks+NE+Way]

Actually, you're wrong. India is going through a huge period of economic growth throughout its economy. In this, it is replaying a pattern very like the other industrializing countries of the world. It appears to you and me that India is a shambles, but that isn't because the economy is doing poorly, but because it started out doing so much worse.

Most countries go through an extended mercantilist period during their early mass industrialization. During that period, wages in the industrializing country are typically quite low becuase the coutry's currency is artificially depressed. During that period, the country's industrial production skyrockets. Since consumers in the country buy their own products with their own currency, the irrational pricing structure of their industry's exports doesn't affect them, and they act as an internal gate which forces the quality of their exports up.

Eventually, however, growth leads to major industries being unable to provide for their own production with local acquired raw materials. At that point, prices of locally produced products start to reflect the relative level of the currency: foreign raw materials must be bought in foreign currency, which raises the prices of the finished goods into which they are made. That triggers a sharp round of inflation, which leads to a more restrictive currency policy. The price difference between finished good produced in country and those produced abroad gradually shrinks, due to this pressure.

To see this pattern in action, you can go back to Japan in the fifties through the eighties, S. Korea since the eighties, and India now. Alternatively, you can go back to the United State in the late nineteenth century, or to the great European powers in the early nineteenth century.

Europe and the United States managed to extend the period during which they could pursue a mercantilist policy somewhat longer by maintaining a captive market to which finished goods could be exported and from which raw materials could be imported in the local currency. The European powers did this by maintaining colonial markets in Asia, Africa, and, to a lesser extent, the Americas. The Americans settled our West, which became a huge source of raw materials for our East coast industries. The captive markets allowed the industrial base to continue to acquire raw materials at a disproportionately low price.

Schumpeterian equilibrium may well apply to an economy which is dependent on a influx of externally produced raw materials balanced by an egress of internally produced finished goods. That's not the case for economies in their earlier stages of industrialization and development. I don't know how long it will take for India to reach that state, but given the combination of destitution and size of her population, I wouldn't be inclined to expect her government to adopt less mercantilist policies any time soon. It's not rational to do so.

Re:the point to be made here

[be-fan]

The question is: do you believe it is legitimate to protect people from themselves? I don't believe that it is. Could you imagine if the government passed legislation forcing people to install anti-virus software?

There are situations where the government should intervene to protect the population. The vast majority of these cases are:

- Where one person's failure affects everyone. For example, automotive regulations exist because if you crash your car, you could hurt other people. Laws against smoking in certain areas exist because of the dangers of second-hand smoke. Etc, etc.

- Where it is too onerous for a an individual to conduct sufficient research to make an informed decision. The FDA, for example, exists because it would be out of the capacity for an individual to do their own drug-safety testing.

I would argue that neither of these cases are true for privacy protection. A breech of your violation does not affect me. You choosing to do business with a firm that cannot properly manage your privacy does not affect my choosing to do business with a firm you can properly manage mine. Certainly, I would argue that it is not out of the capacity of individuals to research and see which companies can be trusted with privacy and which cannot.

No news

[Davak]

Most transciption services are now computer-transcription now anyway.

You speak. Human transcribes. Computer learns. Human error checks... eventually the computer is good enough that the human is not needed at all.

We are using this system now. It, of course, sucks compared to a real transciptionist... but it is 10 times cheaper.

Davak

Re:HIPPA Violation ?

[Davak]

HIPPA stresses patient privacy--and goes way overboard. But that's a different discussion.

The question is not if this is a HIPPA violation... which it clearly is. But is it a violation of US law at all?

If the presidental candidates want to win over the working class, make companies that send jobs overseas follow the same rules we do. Pay taxes, not pollute, no child labor, and even HIPPA -- why should they get to drop the US rules just because they cross the border?

If I get a ticket in Texas, points still go against my license here at home.

Why should a big company be treated any differently?

Davak

The free market solution

[EmbeddedJanitor]

According to free market theory, if there is a perceived value for a service, then it will come into existence and people will pay for it.

If people perceive the offshoring to give some privacy risk then they will perhaps be prepared to pay an extra $5 or $10 or whatever each month to a service that guarantees your case will be handled by an American. Alternatively, a company that advertises that they guarantee American processing will get a competitive advantage over their offshoring competition.

It seems hypocracy to me that those that bitch about losing their jobs to India don't seem to mind wearing Nikes made in Philipines and having Korean RAM in their PCs.

Free market means paying for things you value, not just bitching about things.

Re:The free market solution

[mandalayx]

According to free market theory, if there is a perceived value for a service, then it will come into existence and people will pay for it.

If people perceive the offshoring to give some privacy risk then they will perhaps be prepared to pay an extra $5 or $10 or whatever each month to a service that guarantees your case will be handled by an American. Alternatively, a company that advertises that they guarantee American processing will get a competitive advantage over their offshoring competition.

Interesting. I see a business opportunity.

Perhaps the next time you go to UCSF Medical Center, you can fill out a check box saying:

[ ] I want all my medical transcription done in the US, certified by blahblah for $5 extra. Disclaimer: Transcription in the US has not been shown to be better or worse than offshored transcription.

I think that would be kind of cool. simple and elegant.

Re:The free market solution

[f0rt0r]

Hate to say it, I bitch about losing jobs to other countries, don't wear Nikes,and use RAM made in Boise, Idaho. It's about putting your money where your mouth is, as much as is possible.

Oh well, I am sure there some people out there that match the stereotype you gave, but I wanted to make sure people knew there were also some who don't.

Bottom Line ... Americans Don't Care

[Average_Joe_Sixpack]

Well at least the majority of Americans are not raising the issue to either companies or their representatives. For the past few months, e-loan has been giving it's customers a choice of where their loan applications are processed (India vs US). Even though these customers knew their private info was going to be shipped overseas, 86% chose India because the processing time was 2 days shorter. Bottom line, American's have a fast food mentality ... ie the cheapest, quickest way will always win.

As for the story, I work as a consultant in the Health IT arena, and have all too often seen private data mishandled. However standards are greatly improving in the US, but this is only due to the threat imposed by legislation and civil lawsuits. Will 3rd party companies overseas have the same incentive if they are outside of US jurisdiction? Probably not

Re:Bottom Line ... Americans Don't Care

[Platinum+Dragon]

Why is overseas processing two days faster? Does e-Loan not have sufficient staff in the US? Are the computers faster in India? Is the company unwilling to pay for a 2nd and 3rd shift to facilitate domestic production around the clock?

Are the loans really being processed faster, or is eLoan simply giving that impression for some kind of testing purposes? Does any objective evidence exist that the loans supposedly processed in India are really being finished two days earlier? Is eLoan really sending data to be processed where the customer requests it, or simply making it seem that way to test customer behaviour? I would be very interested to find out the answers to these questions, as well as the parent's.

Re:HIPPA Violation ?

[be-fan]

So basically, what you are saying, is that if you want to do business in the US, you have to follow US laws all over the world? That smacks of cultural imperialism if you ask me! The US can keep its laws in its own damn country. Certainly, I'd hate to see anything like PATRIOT or DMCA get spread any further than it already has!

Re:In Europe...

[Kris_J]

In Europe this would have never ever happened:

Because, of course, there aren't any greedy, immoral people in Europe.

This information didn't go out in boxes that customs can search, it was sent down a wire at the speed of light. It went off-shore against the law because someone decided to charge local rates then pay for some under-protected borderline-slave labour person to do it at a fraction of the cost.

The companies involved are dead, destroyed by this act of stupidity. Short of jail time (costly to society and not especially approriate when someone isn't a physical risk to the community) things can't get much worse for the parties involved.

Re:In Europe...

[Brandybuck]

In Europe this would have never ever happened: our laws are very strong regarding to personal data and privacy.

I work for a German company where the personal data of German customers is 100% available to the customer support center in Singapore. There's nothing stopping a similar privacy leak happening to this European company.

This isn't new, just new for you Americans...

[Hanno]

It's funny that the US is getting upset about data processing "beyond the reach of U.S. authorities", because already some years back, it used to be the other way round.

For several years now, some larger German companies used to offshore their customer data processing to the USA. Some claim this is also done because of the USA's less strict privacy laws that allow for far more data profiling than allowed in Germany. There is also growing concern in German media that it will be impossible to control such outsourced data and that there is no way to ensure that customer data will not be used by the American procesing company for other purposes or sold to third parties.

One such example was the Bahncard, a price rebate system for the national railway. For a few years, it came combined with a creditcard option and its data would be shared with an external partner of CitiBank US for customer profiling, including a photograph, a full credit history and all payment data of the user.

Strict Liability

I think it makes a lot of sense to make the US company subject to liability if anything happens to data they ship offshore. I'd prefer some sort of "strict liability" statute where if something happens, the company at the top of the food chain is definitionally liable no matter what. Otherwise you end up having companies hide behind subcontractors like Wal-Mart does with their illegal immigrant labor.

Re:Separate medical data from patients?

[gabbarbhai]

AFAIK, that's already happening for largish transcription jobs.
Even without the patient identities, there are multiple ways to abuse such information, including selling it to drug companies as demographic data ;-)
The problem, as the article pointed out, is that the US laws cannot be used in most cases to control what people abroad do with the data. The solution there is to send out sensitive data only to established corporations, and not cheapen out to such an extent. Wipro or Infosys (two largest oursourcing companies in India) would never dare blackmail their clients or compromise their data, cause their skins would be on the line for other jobs they might want in the future..
Talking about privacy, why do people assume that data in the "third-world" is so insecure? Indians are even afraid of punching in their PINs in the telephone lest someone would decode them by listening to the beeps. Ever wonder about that here in the US? :-)

Re:In Europe...

Is your data available to the customer support center in Singapore, or is the data hosted in the customer support center in Singapore?

If it's the latter, your company probably is breaking privacy laws.

If it's the first one, your company should have informed your Data Protection Agency they are allowing Singapore people access to that data. Of course a case like the one in the article can happen, but then your company would be the one that is responsible. You'd better protect your data well! :-)

Re:Separate medical data from patients?

[fhic]

Separating the data from the patient makes perfect sense. But consider this: someone has to match the data back up with the patient identification again later on. And that has to be *perfect*. Not pretty close, not five-nines close, *absolutely perfect*. One screwup and you've potentially killed someone. Do you trust your outsourced worker not to alter a digit of the patient identifier? Probably not, which means you're going to have to check the data constantly.

Where I work, we've looked at outsourcing our pathology transcription business. We decided against it, because we want to keep control of the entire process.

We keep our costs manageable by a fanatic concentration on efficiency and productivity. The process is as streamlined as it can be, and are constantly vigilant on how we can keep the process running smoothly.

We manage to stay profitable in a business that's as cutthroat as it gets. And we pay a decent salary (even by San Diego standards!) for good transcriptionists who can meet their accuracy and productivity standards.

Re:US Privacy laws are a joke

[rossz]

A big L Libertarian wouldn't have a problem with this as they would argue that the companies involved would suffer when they were sued.

A little l liberarian (such as myself) realizes that the average joe can't afford to go up against a major corporation. Less government is good, no government is bad.

Re:Rather have it offshore

[rodgerd]

Since the US has been attacking the EU over its implementation of precisely the sorts of laws you're talking about the US would be in a poor position negotiating with the EU if it did so.

How long before they'd be attacked as a non-taffic barrier under NAFTA or WTO rules?

Hmmmm, I rule that....

What a non-issue!! Obviously, personnel info is bound to be stolen, here or offshore. Data isnt gonna be useful anywhere else, if its gotta be misused it shud come back here. And well get those rats who do this for a living!!