Long time (well very long time) readers of THCB will remember my extreme frustration with Patients Privacy Rights founder Deborah Peel who as far as I can tell spent the entire 2000s opposing electronic health data in general and commercial EMR vendors in particular. I even wrote a very critical piece about her and the people from the World Privacy Forum who I felt were fellow travelers back in 2008. And perhaps nothing annoyed me more than her consistently claiming that data exchange was illegal and that vendors were selling personally identified health data for marketing and related purposes to non-covered entities (which is illegal under HIPAA).
However, in recent years Deborah has teamed up with Adrian Gropper, whom I respect and seemed to change her tune from “all electronic data violates privacy and is therefore bad”, to “we can do health data in a way that safeguards privacy but achieves the efficiencies of care improvement via electronic data exchange”. But she never really came clean on all those claims about vendors selling personally identified health data, and in a semi-related thread on THCB last week, it all came back. Including some outrageous statements on the extent of, value of, and implications of selling personally identified health data. So I’ve decided to move all the relevant comments to this blog post and let the disagreement continue.
What started the conversation was a throwaway paragraph at the end of a comment I left in which I basically told Adrian to rewrite what he was saying in such a way that normal people could understand it. Here’s my last paragraph
As it is, this is not a helpful open letter, and it makes a bunch of aggressive claims against mostly teeny vendors who have historically been on the patients’ side in terms of accessing data. So Adrian, Deborah & PPR need to do a lot better. Or else they risk being excluded back to the fringes like they were in the days when Deborah & her allies at the World Privacy Forum were making ridiculous statements about the concept of data exchange.
Here’s Deborah’s first comment
Why is it that every other US company or business can connect directly with individuals online except physicians, healthcare and HIT companies? Why isn’t healthIT set up like online banking, where we control our ‘assets’–ie our data? Online banking allows us to set up automatic transfers and to make one-time transfers, we can see/track all transactions in real-time, we can set up alerts for suspicious or unusual activities or transfers, and we can change our preferences at any time or delegate control.
Technology that enables patients to control PHI does exist, in accord with our expectations and rights, but industry and govt instead built HIT systems that violate medical ethics and the laws requiring consent before health information is used. Govt and industry fail to understand that ethics and privacy law is what enables patients to trust doctors and share sensitive information. The practice of Medicine has always required patient control over the disclosure of personal health information (with very rare exceptions).
Health data is now the most valuable digital commodity of all. US industry and govt freely use and sell it without asking us. Our PHI is now held in millions of data bases unknown and inaccessible to us. The systemic hidden use and sale of PHI is the worst data privacy breach you’ve never heard of. Not only is this system of hidden data use a threat to the practice of Medicine, US HIT systems are the most intrusive surveillance systems in the Western world—far worse than the NSA’s spying on cell phones. It is actually a threat to our freedom and our Democracy. How ironic: US surveillance is far more comprehensive and detailed than the worst totalitarian regimes could ever imagine.
Then here’s one she addressed to me (accusing me of getting the facts wrong of course!). Kind of amusing as I hadn’t actually done more than to refer to some issues from more than 5 years ago, and had just said that back then she was making ridiculous statements about the concept of data exchange. Which she was.
Speaking of screeds, I just read yours. I would really appreciate you leaving out the insults and wrong facts–and actually the World Privacy Forum was not an ally that we worked with. When will you stop making things up about PPR and what I think and do?
I have no idea what you referred to when you wrote I made “ridiculous statements about the concept of data exchange”. Please explain.
PPR has always fought for patients’ longstanding rights to control data exchange. It still is our right under US law and medical ethics. FYI–patients controlled information exchange in the paper age, because nothing moved without our consent. That enabled us to trust that our information was only used for purposes we agreed with and prevented the vast hidden health data broker industry (over 880,000 health data suppliers).
PPR’s solutions to fix HIT, to make it trustworthy, are free to download on our website–it’s a short chapter in a book published by HIMSS: Please read what PPR and I actually stand for: realistic solutions that offer all the benefits of HIT and prevent the harms. The chapter is much simpler than our letter, which you found to be incomprehensible.
She asked me what her ridiculous statements were, so (adopt Barney Stinson voice) Challenge Accepted! Here’s what I wrote actually citing several things she’d said that weren’t true.
Dr Peel, Exhbit A on data exchange—In which athenahealth suggested that providers paying each other for data exchange would speed it up, and you said that they wanted to sell patient data when they were instead suggesting paying for data that was ALREADY being exchanged (just not enough of it or in efficient manner) just as the national HIE program is trying (albeit not trying hard enough) to do. At the least your words are a complete distortion of what athenahealth was suggesting. The careless reader may have thought you were accusing them of selling patient data to any buyer, when they were trying to prevent a patient having to fill in the damn clipboard one more time when they move from one doctor to another (or to a hospital)
Exhibit 2, your comment above
1/ “Why isn’t healthIT set up like online banking, where we control our ‘assets’–ie our data?”
2/ Health data is now the most valuable digital commodity of all. US industry and govt freely use and sell it without asking us.”
You don’t think banks and absolutely everyone else in the financial chain sell & trade our data? How do credit bureaus operate if not?
You still have never cited an example I’m aware–despite me offering you the forum many times–of where a HIT vendor has sold or traded identified patient data outside of HIPAA regulations. Yet in 2008 you were quoted in the WaPo thus “Many online PHR firms share information with data-mining companies, which then sell it to insurers and other interested parties, Peel said.” As far as I recall you always fall back on the remote possibility that data might be re-identified after it’s been sold. I still wait to be convinced on what might then happen with it. Easier for a hacker to break into Target and steal credit cards and a lot more valuable
My hope was that working with Adrian you had moved over to the idea that exchange data electronically would improve the patient care experience, and that we’d all work together to make sure it happens safely. But going off on the state of HIT and comparing it to totalitarian states reminds me of what John Lennon said in Revolution about carrying pictures of Chairman Mao.
I apologize for conflating PPR with the World Privacy Forum. I thought you and Gellman worked together & his report on PHRs referenced PPR and you extensively if I recall. Although that was 8 years ago so much has changed including my memory’s capacity…
Then it gets really good, and we get to Deborah’s real understanding of the business model of health IT. (Hint, it’s not the same as many other people’s understanding of the business model of health IT).
Hi Matthew: Thanks for pointing out the articles where you think I was distorting the major business model of the Digital Age: selling pii.
Some key points:
1) You imagine re-identification and aggregation of health data is not happening, when it is rampant. The business model of big data requires the massive collection and aggregation of all pii about you in order to combine it into very detailed profiles of you and millions of other individuals over time. “De-identification” and “anonymization” are processes that simply do not deliver what the words describe. But Congress, courts, and the public don’t know this yet.
2) Longitudinal real-time profiles of patients, which many entities sell, require re-identification in order to aggregate info about each individual–if they can’t link yesterday’s data about you with today’s data, they could not create longitudinal profiles.
3) Check out the 3 page paper by Narayanan and Shmatikov that states it’s now easy to re-identify data because there are so many public data sets that can be used to match people with their data. The ease of re-identification has been well -known to computer scientists for years.
How do you justify ignoring computer science? Here is the link: It’s written for general audiences by the guys who re-identified the AOL and Netflix research data bases.
4) Please look at the IPO filed by the world’s “leading information, services and technology company”. (Editorial note, she’s referring to IMS) It describes how the company aggregates longitudinal “anonymous” profiles of 500M people daily by adding new info from “EHRs, claims data, prescription records, and social media”. The company sells health data profiles to “5,000 customers” including the US government. The company will identify patients that customers seek for clinical trials, for example. That means this company is identifying and targeting specific people without their knowledge or consent.
This company buys, sells, and trades pii with “100,000 health data suppliers covering 780,000 live daily health data feeds”.
Finally, why would athenahealth charge doctors less for using their EHR if they agree to allow athenahealth to use and sell patient data–unless they derive profit from the use of the data? As a corporation their legal duty is to deliver profits to shareholders, not transfer data to help patients. Do you believe athenahealth would transfer data if it lowered annual revenue?
The business model of many EHRs is in fact selling patient data.
The man who most blatantly explained the model of selling patient data is Ryan Howard, CEO of Practice Fusion–PF’s EHR is FREE to the doctor because Practice Fusion sells patient data. Howard has been quoted in books and articles saying this. Two quotes: “Practice fusion subsidizes its free EMRs by selling de-identified data to insurance groups, clinical researchers and pharmaceutical companies” and “Every healthcare vendor is selling data. Everyone has this data, but we’ll have more of it and it will be real-time and aggregated,” Howard said. The URL is:
Chris Anderson’s 2009 book called “Free” features a graph about Practice Fusion’s business model that shows if they license the software they would make $100M, but if they sell patient data they make $250M. See page 104. The page is titled “How can healthcare software be free? (Hyperion is the publisher).
Now that I have written this out for you, it astounds me that you—a very, very smart man—are seemingly not aware that selling pii is the major business model of the Digital Age: it’s the business model of Google, of Facebook, etc, etc.
Either you are in denial of reality (which seems unlikely) or you truly believe the hype and propaganda of the government and industry: that business that collect, aggregate, and sell PHI and pii will ONLY use our pii for good. It’s not an accident that the army of health data brokers that collect, aggregate and sell personal health data claim they are only helping us. The problem is, if they use it for good, why is what they do totally hidden from us: the collection, sale, and what they use the data to do can’t be discovered. How can we find the 880,000 companies that buy, sell, and trade information about our minds and bodies?
If the health data broker industry really wants to ‘do good’ with our data, why don’t they just ask us first? And why did this industry fight the ban on the sale of PHI in HITECH? The Omnibus Privacy Rule regs grandfathered in all sales of PHI, which just happens to benefit the health data broker industry. Virtually every company that touches our PHI treats it as a corporate asset and sells it. Even states sell patient data.
You and THCB should support examining facts about the health data broker industry and promote HIT that enables the benefits of technology and prevents the massive harms: #1 violating patients’ rights to privacy and control over PHI and #2 the distrust of physicians and the healthcare system caused by today’s poorly designed HIT.
If THCB does not look at facts or at what the vast majority of public wants and expects (ie control over PHI, with rare exceptions), it will remain just an industry shill.
I thought inviting me to participate meant you were finally willing to acknowledge the critical importance of human and civil right to privacy.
Which was a red rag to a bull, and this bull explained where I thought she was totally wrong
Deborah–I understand that with enough computing power and probabilistic matching you could re-identify data if you really wanted to but as you know it’s illegal which makes it kind of unlikely that a large publicly traded company would do it as openly as you think they are doing it. My understanding is that IMS gets given connected data by organizations that are allowed to connect it (covered entities) who strip the identifiers from it, or at least that was what they were doing back when I knew the company that does that for them (Pharmetrics) well. Most of the data IMS receives BTW is prescription data which has the physician identifier on it but not the patient. You may not like that but it’s not illegal.
Practice Fusion claims it sells de-identified aggregated data. And so far not too successfully if what’s said about them on Secret and by various VCs off the record is to be believed. Certainly not $250m worth, and maybe not a teeny percentage of that. Why you think they are selling identified data when again it’s illegal, I’m not sure, but perhaps they’ll clarify. And yes several others (inc GE) try to sell de-identified data. again not too too successfully. The $$ value of the EMR software and services market is far far greater than the size of the data sold from it
athenahealth was not looking to sell the data they collect in the example you discussed. They were trying to get it transferred from one provider to another to increase the efficiency of the referral and check in process. That’s “selling” data exchange between 2 covered entities. BTW I’m not sure they ever got it done
In all these cases you say they are doing something the companies say they are not doing, and you never cite any proof. Sure, they could do that, but the risks to their business are huge and I struggle to see the upside. You may well be better informed than me, and perhaps we can get some of these companies to comment.
If you think all data sales of any type (or for that matter all data collection for secondary uses) should be illegal, you are entitled to your view. Apparently it’s a view your colleague Adrian doesnt share because he thinks that this should all be collected in a public database. I actually agree with him but that data too would be funded (in this case by the taxpayer or user fees I assume) and would also be subject to re-use by thrid parties.
My final conclusion for you is that if the major business model of health IT is de-identifying and re-identifying data, the business is in very, very sad shape. Luckily for most of the major players in that business, they make money selling software or online services–a revenue stream many times that of data sales of any kind.
PS THCB doesn’t have opinions or support anything. I own it but I’m not the editorial director, have no control and barely even write any more. If I did exercise control and only had people I agreed with on it, do you think your name would be in a by-line?
Finally I reached out to IMS, Practice Fusion and athenahealth to get their input, and Holly Spring (who runs communications at athenahealth) basically said I was right and Deborah was wrong.
athenahealth does not sell patient data. Please see here for our views regarding an economic model for health information exchange: http://www.athenahealth.com/blog/2014/04/08/a-walk-back-and-setback-for-sustainable-hie/ Also, it’s worth mentioning that athenahealth treats interoperability as part of its service — not a separate invoice of add-ons. In fact, this week athenahealth announced CommonWell interoperability services will be offered to its 59,000+ providers services for free.
It’s now put up or shut up time. Are personal health data resales a bigger industry than health IT? Are vendors really illegally selling identified health data? Is Deborah going to retract her statements? Or at least explain what she knows–with evidence please–that I’m missing?
The floor is open.
Matthew Holt is the owner/publisher of and occasionally writer on The Health Care Blog.