Long time (well very long time) readers of THCB will remember my extreme frustration with Patients Privacy Rights founder Deborah Peel who as far as I can tell spent the entire 2000s opposing electronic health data in general and commercial EMR vendors in particular. I even wrote a very critical piece about her and the people from the World Privacy Forum who I felt were fellow travelers back in 2008. And perhaps nothing annoyed me more than her consistently claiming that data exchange was illegal and that vendors were selling personally identified health data for marketing and related purposes to non-covered entities (which is illegal under HIPAA).
However, in recent years Deborah has teamed up with Adrian Gropper, whom I respect and seemed to change her tune from “all electronic data violates privacy and is therefore bad”, to “we can do health data in a way that safeguards privacy but achieves the efficiencies of care improvement via electronic data exchange”. But she never really came clean on all those claims about vendors selling personally identified health data, and in a semi-related thread on THCB last week, it all came back. Including some outrageous statements on the extent of, value of, and implications of selling personally identified health data. So I’ve decided to move all the relevant comments to this blog post and let the disagreement continue.
What started the conversation was a throwaway paragraph at the end of a comment I left in which I basically told Adrian to rewrite what he was saying in such a way that normal people could understand it. Here’s my last paragraph
As it is, this is not a helpful open letter, and it makes a bunch of aggressive claims against mostly teeny vendors who have historically been on the patients’ side in terms of accessing data. So Adrian, Deborah & PPR need to do a lot better. Or else they risk being excluded back to the fringes like they were in the days when Deborah & her allies at the World Privacy Forum were making ridiculous statements about the concept of data exchange.
Here’s Deborah’s first comment
Why is it that every other US company or business can connect directly with individuals online except physicians, healthcare and HIT companies? Why isn’t healthIT set up like online banking, where we control our ‘assets’–ie our data? Online banking allows us to set up automatic transfers and to make one-time transfers, we can see/track all transactions in real-time, we can set up alerts for suspicious or unusual activities or transfers, and we can change our preferences at any time or delegate control.
Technology that enables patients to control PHI does exist, in accord with our expectations and rights, but industry and govt instead built HIT systems that violate medical ethics and the laws requiring consent before health information is used. Govt and industry fail to understand that ethics and privacy law is what enables patients to trust doctors and share sensitive information. The practice of Medicine has always required patient control over the disclosure of personal health information (with very rare exceptions).
Health data is now the most valuable digital commodity of all. US industry and govt freely use and sell it without asking us. Our PHI is now held in millions of data bases unknown and inaccessible to us. The systemic hidden use and sale of PHI is the worst data privacy breach you’ve never heard of. Not only is this system of hidden data use a threat to the practice of Medicine, US HIT systems are the most intrusive surveillance systems in the Western world—far worse than the NSA’s spying on cell phones. It is actually a threat to our freedom and our Democracy. How ironic: US surveillance is far more comprehensive and detailed than the worst totalitarian regimes could ever imagine.
Then here’s one she addressed to me (accusing me of getting the facts wrong of course!). Kind of amusing as I hadn’t actually done more than to refer to some issues from more than 5 years ago, and had just said that back then she was making ridiculous statements about the concept of data exchange. Which she was.
Speaking of screeds, I just read yours. I would really appreciate you leaving out the insults and wrong facts–and actually the World Privacy Forum was not an ally that we worked with. When will you stop making things up about PPR and what I think and do?
I have no idea what you referred to when you wrote I made “ridiculous statements about the concept of data exchange”. Please explain.
PPR has always fought for patients’ longstanding rights to control data exchange. It still is our right under US law and medical ethics. FYI–patients controlled information exchange in the paper age, because nothing moved without our consent. That enabled us to trust that our information was only used for purposes we agreed with and prevented the vast hidden health data broker industry (over 880,000 health data suppliers).
PPR’s solutions to fix HIT, to make it trustworthy, are free to download on our website–it’s a short chapter in a book published by HIMSS: Please read what PPR and I actually stand for: realistic solutions that offer all the benefits of HIT and prevent the harms. The chapter is much simpler than our letter, which you found to be incomprehensible.
She asked me what her ridiculous statements were, so (adopt Barney Stinson voice) Challenge Accepted! Here’s what I wrote actually citing several things she’d said that weren’t true.
Dr Peel, Exhbit A on data exchange—In which athenahealth suggested that providers paying each other for data exchange would speed it up, and you said that they wanted to sell patient data when they were instead suggesting paying for data that was ALREADY being exchanged (just not enough of it or in efficient manner) just as the national HIE program is trying (albeit not trying hard enough) to do. At the least your words are a complete distortion of what athenahealth was suggesting. The careless reader may have thought you were accusing them of selling patient data to any buyer, when they were trying to prevent a patient having to fill in the damn clipboard one more time when they move from one doctor to another (or to a hospital)
Exhibit 2, your comment above
1/ “Why isn’t healthIT set up like online banking, where we control our ‘assets’–ie our data?”
2/ Health data is now the most valuable digital commodity of all. US industry and govt freely use and sell it without asking us.”
You don’t think banks and absolutely everyone else in the financial chain sell & trade our data? How do credit bureaus operate if not?
You still have never cited an example I’m aware–despite me offering you the forum many times–of where a HIT vendor has sold or traded identified patient data outside of HIPAA regulations. Yet in 2008 you were quoted in the WaPo thus “Many online PHR firms share information with data-mining companies, which then sell it to insurers and other interested parties, Peel said.” As far as I recall you always fall back on the remote possibility that data might be re-identified after it’s been sold. I still wait to be convinced on what might then happen with it. Easier for a hacker to break into Target and steal credit cards and a lot more valuable
My hope was that working with Adrian you had moved over to the idea that exchange data electronically would improve the patient care experience, and that we’d all work together to make sure it happens safely. But going off on the state of HIT and comparing it to totalitarian states reminds me of what John Lennon said in Revolution about carrying pictures of Chairman Mao.
I apologize for conflating PPR with the World Privacy Forum. I thought you and Gellman worked together & his report on PHRs referenced PPR and you extensively if I recall. Although that was 8 years ago so much has changed including my memory’s capacity…
Then it gets really good, and we get to Deborah’s real understanding of the business model of health IT. (Hint, it’s not the same as many other people’s understanding of the business model of health IT).
Hi Matthew: Thanks for pointing out the articles where you think I was distorting the major business model of the Digital Age: selling pii.
Some key points:
1) You imagine re-identification and aggregation of health data is not happening, when it is rampant. The business model of big data requires the massive collection and aggregation of all pii about you in order to combine it into very detailed profiles of you and millions of other individuals over time. “De-identification” and “anonymization” are processes that simply do not deliver what the words describe. But Congress, courts, and the public don’t know this yet.
2) Longitudinal real-time profiles of patients, which many entities sell, require re-identification in order to aggregate info about each individual–if they can’t link yesterday’s data about you with today’s data, they could not create longitudinal profiles.
3) Check out the 3 page paper by Narayanan and Shmatikov that states it’s now easy to re-identify data because there are so many public data sets that can be used to match people with their data. The ease of re-identification has been well -known to computer scientists for years.
How do you justify ignoring computer science? Here is the link: It’s written for general audiences by the guys who re-identified the AOL and Netflix research data bases.
4) Please look at the IPO filed by the world’s “leading information, services and technology company”. (Editorial note, she’s referring to IMS) It describes how the company aggregates longitudinal “anonymous” profiles of 500M people daily by adding new info from “EHRs, claims data, prescription records, and social media”. The company sells health data profiles to “5,000 customers” including the US government. The company will identify patients that customers seek for clinical trials, for example. That means this company is identifying and targeting specific people without their knowledge or consent.
This company buys, sells, and trades pii with “100,000 health data suppliers covering 780,000 live daily health data feeds”.
Finally, why would athenahealth charge doctors less for using their EHR if they agree to allow athenahealth to use and sell patient data–unless they derive profit from the use of the data? As a corporation their legal duty is to deliver profits to shareholders, not transfer data to help patients. Do you believe athenahealth would transfer data if it lowered annual revenue?
The business model of many EHRs is in fact selling patient data.
The man who most blatantly explained the model of selling patient data is Ryan Howard, CEO of Practice Fusion–PF’s EHR is FREE to the doctor because Practice Fusion sells patient data. Howard has been quoted in books and articles saying this. Two quotes: “Practice fusion subsidizes its free EMRs by selling de-identified data to insurance groups, clinical researchers and pharmaceutical companies” and “Every healthcare vendor is selling data. Everyone has this data, but we’ll have more of it and it will be real-time and aggregated,” Howard said. The URL is:
Chris Anderson’s 2009 book called “Free” features a graph about Practice Fusion’s business model that shows if they license the software they would make $100M, but if they sell patient data they make $250M. See page 104. The page is titled “How can healthcare software be free? (Hyperion is the publisher).
Now that I have written this out for you, it astounds me that you—a very, very smart man—are seemingly not aware that selling pii is the major business model of the Digital Age: it’s the business model of Google, of Facebook, etc, etc.
Either you are in denial of reality (which seems unlikely) or you truly believe the hype and propaganda of the government and industry: that business that collect, aggregate, and sell PHI and pii will ONLY use our pii for good. It’s not an accident that the army of health data brokers that collect, aggregate and sell personal health data claim they are only helping us. The problem is, if they use it for good, why is what they do totally hidden from us: the collection, sale, and what they use the data to do can’t be discovered. How can we find the 880,000 companies that buy, sell, and trade information about our minds and bodies?
If the health data broker industry really wants to ‘do good’ with our data, why don’t they just ask us first? And why did this industry fight the ban on the sale of PHI in HITECH? The Omnibus Privacy Rule regs grandfathered in all sales of PHI, which just happens to benefit the health data broker industry. Virtually every company that touches our PHI treats it as a corporate asset and sells it. Even states sell patient data.
You and THCB should support examining facts about the health data broker industry and promote HIT that enables the benefits of technology and prevents the massive harms: #1 violating patients’ rights to privacy and control over PHI and #2 the distrust of physicians and the healthcare system caused by today’s poorly designed HIT.
If THCB does not look at facts or at what the vast majority of public wants and expects (ie control over PHI, with rare exceptions), it will remain just an industry shill.
I thought inviting me to participate meant you were finally willing to acknowledge the critical importance of human and civil right to privacy.
Which was a red rag to a bull, and this bull explained where I thought she was totally wrong
Deborah–I understand that with enough computing power and probabilistic matching you could re-identify data if you really wanted to but as you know it’s illegal which makes it kind of unlikely that a large publicly traded company would do it as openly as you think they are doing it. My understanding is that IMS gets given connected data by organizations that are allowed to connect it (covered entities) who strip the identifiers from it, or at least that was what they were doing back when I knew the company that does that for them (Pharmetrics) well. Most of the data IMS receives BTW is prescription data which has the physician identifier on it but not the patient. You may not like that but it’s not illegal.
Practice Fusion claims it sells de-identified aggregated data. And so far not too successfully if what’s said about them on Secret and by various VCs off the record is to be believed. Certainly not $250m worth, and maybe not a teeny percentage of that. Why you think they are selling identified data when again it’s illegal, I’m not sure, but perhaps they’ll clarify. And yes several others (inc GE) try to sell de-identified data. again not too too successfully. The $$ value of the EMR software and services market is far far greater than the size of the data sold from it
athenahealth was not looking to sell the data they collect in the example you discussed. They were trying to get it transferred from one provider to another to increase the efficiency of the referral and check in process. That’s “selling” data exchange between 2 covered entities. BTW I’m not sure they ever got it done
In all these cases you say they are doing something the companies say they are not doing, and you never cite any proof. Sure, they could do that, but the risks to their business are huge and I struggle to see the upside. You may well be better informed than me, and perhaps we can get some of these companies to comment.
If you think all data sales of any type (or for that matter all data collection for secondary uses) should be illegal, you are entitled to your view. Apparently it’s a view your colleague Adrian doesnt share because he thinks that this should all be collected in a public database. I actually agree with him but that data too would be funded (in this case by the taxpayer or user fees I assume) and would also be subject to re-use by thrid parties.
My final conclusion for you is that if the major business model of health IT is de-identifying and re-identifying data, the business is in very, very sad shape. Luckily for most of the major players in that business, they make money selling software or online services–a revenue stream many times that of data sales of any kind.
PS THCB doesn’t have opinions or support anything. I own it but I’m not the editorial director, have no control and barely even write any more. If I did exercise control and only had people I agreed with on it, do you think your name would be in a by-line?
Finally I reached out to IMS, Practice Fusion and athenahealth to get their input, and Holly Spring (who runs communications at athenahealth) basically said I was right and Deborah was wrong.
athenahealth does not sell patient data. Please see here for our views regarding an economic model for health information exchange: http://www.athenahealth.com/blog/2014/04/08/a-walk-back-and-setback-for-sustainable-hie/ Also, it’s worth mentioning that athenahealth treats interoperability as part of its service — not a separate invoice of add-ons. In fact, this week athenahealth announced CommonWell interoperability services will be offered to its 59,000+ providers services for free.
It’s now put up or shut up time. Are personal health data resales a bigger industry than health IT? Are vendors really illegally selling identified health data? Is Deborah going to retract her statements? Or at least explain what she knows–with evidence please–that I’m missing?
The floor is open.
Matthew Holt is the owner/publisher of and occasionally writer on The Health Care Blog.
This might be too simplistic, but I’m not sure that anyone has the rights to my data in any form. That would be pre, post or in the act of. It’s not your ‘right’ to have anyone else’s data at all. If so, then what you should do is pay a recurring fee for such data since it will be used for years to come!
This thread really IS about Matthew Holt and everyone that frames privacy as a compromise. Privacy vs. Research. Privacy vs. Progress. Privacy vs. Open Data. Privacy vs. Terrorism. Privacy vs. Freedom. In my experience, all such framing says more about the proponent than it does about the subject.
Almost always, the framing of privacy as a compromise is a cover for lack of transparency and an economic foundation that benefits from externalities. The best-known example in health care is people being denied access to our own health records “because of HIPAA”. The clearest example of hiding costly externalities is the lack of accounting for disclosures by declaring that a pseudonym is equivalent to de-identification and thereby eliminating the right of patient consent. (My point in the comment at 12:54 PM).
I will be amazed and delighted if you and THCB can actually get some of the data brokers and other hidden data businesses to join this thread and explain how they get to have personal data about us that we ourselves have a hard time getting.
Adrian–this thread isn’t about me (or you for that matter) advocating anything. It’s about whether the HIPAA CEs are in fact sharing IDENTIFIED data with the data brokers they do business with, as Deborah claims. Or at last as I think she claims–cant be too careful when I surmise her position lest TCHB editors get another email from her!
I have no idea how the “is that data you are sharing really deidentified” position is enforced, other than as you say both sides saying “trust us” so I will ask some more informed people and revert back.
Matthew: The current HIPAA situation is illogical:
– a service provider can claim they are sharing de-identified data
– this exempts the service provider form both consent and accounting for disclosures
Is this what you’re advocating?
The only use of patient data obtained during the course of treatment shoul be tor research by the staff of the hospital. Sales of said data should be banned.
The bipartisan Coalition for Patient Privacy worked with Congress to ban health data sales in HITECH/ARRA. But it was eliminated during the regulatory process. The regulations issued by HHS allow the sale of PHI to continue, all the current uses were deemed to be exceptions. Congressman Joe Barton of Texas championed the ban on sales of PHI.
Suggested reading: JASON Report, Section 6.3, pp 51-54
“JASON finds that de-ID is not a viable approach for ensuring patient privacy going forward.”
…. and other illuminating insights…..
This he said, she said stuff is rather unproductive.
Some feel that we have a privacy and PHI issue, some don’t. As an average joe, I am concerned about my information being sold, shared, released, whatever you want to call it. I know it’s done in this and other markets, that still does not make me comfortable.
It’s called “surveillant anxiety.”
Holt and Peel should wager in an electronic futures market and put some skin in. “Will PHI be sold in a one billion dollar a year illegal marketplace in the US within five years time?”
If we can control centrifuges in Iran we can find your MRI diagnosis. Alas,
Stuxnet has now been succeeded by a better product, “Regin”. .
Prof Latanya Sweeney weighs in on these issues.
There needs to be a hard stop on vendors selling the data that their devices gather when the intended purposes for their devices are for mitigating disease.
This was in Science Jan.18, 2013.
Identifying Personal Genomes by Surname Inference
Amy L. McGuire5,
+ Author Affiliations
1Whitehead Institute for Biomedical Research, 9 Cambridge Center, Cambridge, MA 02142, USA.
2Harvard–Massachusetts Institute of Technology (MIT) Division of Health Sciences and Technology, MIT, Cambridge, MA 02139, USA.
3Program in Medical and Population Genetics, Broad Institute of MIT and Harvard, Cambridge, MA 02142, USA.
4Department of Molecular Biology and Diabetes Unit, Massachusetts General Hospital, Boston, MA 02114, USA.
5Center for Medical Ethics and Health Policy, Baylor College of Medicine, Houston, TX 77030, USA.
6Department of Statistics and Operations Research, Tel Aviv University, Tel Aviv 69978, Israel.
7School of Computer Science, Tel Aviv University, Tel Aviv 69978, Israel.
8Department of Molecular Microbiology and Biotechnology, Tel-Aviv University, Tel Aviv 69978, Israel.
9The International Computer Science Institute, Berkeley, CA 94704, USA.
↵*To whom correspondence should be addressed. E-mail: email@example.com
Sharing sequencing data sets without identifiers has become a common practice in genomics. Here, we report that surnames can be recovered from personal genomes by profiling short tandem repeats on the Y chromosome (Y-STRs) and querying recreational genetic genealogy databases. We show that a combination of a surname with other types of metadata, such as age and state, can be used to triangulate the identity of the target. A key feature of this technique is that it entirely relies on free, publicly accessible Internet resources. We quantitatively analyze the probability of identification for U.S. males. We further demonstrate the feasibility of this technique by tracing back with high probability the identities of multiple participants in public sequencing projects.
Hi Mighty Casey:
PPR and I derive no profit from fighting for “patient-controlled digital data exchange”. I am a FT volunteer. Patient Privacy Rights is a small non-profit 501c3 organization I founded in 2004 because there was no national organization fighting up for the privacy rights of the people of this nation–and 95% of the US public wants to control who can see, use, and sell their most sensitive personal information: data about their minds and bodies.
On the other hand, industry profits are in the tens to hundreds of billions of dollars/year from the sale, trade, and exchange of our health information.
“Patient Privacy Rights is a small non-profit 501c3 organization”
This is true. I’ve examined your 990’s. At least YOU, commendably, are not making bank in the high six figures or more. Unlike a lot of other ePHI “non-profit” organizations, like HL7.
Deborah–the entire HIT industry is about $30-40 billion in revenue. How do you get to ” industry profits are in the tens to hundreds of billions of dollars/year from the sale, trade, and exchange of our health information.”
All I’m asking is some level of proof to back up your assertions.
Matthew – US healthcare is wasting over $1,000 Billion per year partly through fraud but mostly through price-fixing. That level of waste requires obfuscation of cost and quality on a scale that only our current system of private data brokers and employer-based health insurance can provide.
The harms of lack of patient and physician access to our own information is that $3 Trillion is being spent in ways that do not effectively reflect the wants and needs of patients. Without effective transparency, our privatized health system appears perfectly designed to give the results we’re getting.
Adrian–I completely agree. But that’s not what I or Deborah is talking about.
Imma come into this swordfight with nothing but a 5 iron, in the form of being a patient/simple-human being solely interested in gaining ACCESS TO my own health data, contained hither and thither across the medical-industrial complex.
I frankly could care less about the sale of my data. Since I can’t full access it without spending hours/days in endless rounds of begging, with robust deployment of face-palm and head-desk when I’m told, “we can’t, because HIPAA.”
I’m very afraid that all the Philadelphia lawyer language that’s been sprayed all over the health data issue have made it impossible for anyone to understand what the rules really are re data access/exchange.
So I’ll ask “qui bono?” [Not a lawyer, just a recovering Catholic.] I’m very afraid that the Arguing Classes have gained ascendancy, much to the detriment of ever having a civil discussion on this topic. Or EVER arriving at a resolution in the form of patient-controlled digital data exchange.
‘Cause the folks that have it, and who are involved in The Argument, are profiting from keeping The Argument going.
Amen Casey. I want full access to all their data for all patients. BUT that’s from the transactional data systems that currently have those records. This Argument is about what happens to that data when it gets passed onto data brokers (and whether it is de-identified or not when it is passed on)
Indeed. However, until my own data is accessible and controllable BY ME, I’m just gon’ be a one-note song.
I’m not thrilled about 3rd parties – brokers or others – having access to my data, de-IDed or not. It’s another example of how money drowns out any logic, or humanity, in the US healthcare system. But I’m a realist, and know that paradigm won’t shift until we start a big enough fire/argument in the PATIENT part of the forest.
Matthew – let’s define de-identification and sale.
For example, consider Foundation Health or CollabRx (purveyors of cancer genome testing services) who get a copy of the patient’s de-identified health record and outcome and then sell their clinical association analysis to the next patient that has a similar genome.
Can the HIPAA CE that sent their patient’s sample and her health record to Foundation Health or CollabRx avoid asking for patient consent by cliaming the information was de-identified?
Is what these companies are doing by treating patient outcome results as their intellectual property and selling the clinical association to other patients not a sale?
Is this kind of de-identification and private sale a vision of Health 2.0 where clinical data is not available for replication and peer review because it’s moved directly from HIPAA CE to unregulated data broker with no patient notice or access?
The joke is that I by and large agree with PPR that we should have more access to and control over our personal health data, so I’m happy to concede that I misunderstood every time I saw Deborah quoted, and that she’s never been opposed to health IT. I also invite Deborah to write a piece in THCB summarizing the chapter in the HIMSS book, as it would be nice for more than the 4 people who bought and read it to know what she really wants.
I think our difference (and BTW the argument I have with Scott Silverstein) is that I start in the real world, and want to move it to a better state, whereas (it appears) Deborah et al just want their ideal state and dont want to work with the current system. But again that’s irrelevant. As my favorite defense secretary said, you go to war with the systems you had not the ones you want. What has happened since the $30 billion HIT stimulus program is that technology outside of Health IT has changed radically, and we need to get that new tech (cloud/tablet/mobile/improved user experience) into the real world of doctors hospitals and patients.
But this thread was not supposed to be about what I said about Deborah or what she said about IT in general, it’s supposed to be about the sale of personally identified data by Health IT vendors and specific accusations Deborah made about athenahealth, IMS and Practice Fusion.. Adrian in his comment added Optum to that list.
I agree that we should break up (as HIPAA does) the use of data for medical purposes versus marketing, and lets have a fact based explanation about what is actually happening in both those sectors, and how personal information is being used. I want vendors and covered entities to comment, but in particular Deborah has the chance to discuss the three specific examples she raised. Will she take it?
“What has happened since the $30 billion HIT stimulus program is that technology outside of Health IT has changed radically, and we need to get that new tech (cloud/tablet/mobile/improved user experience) into the real world of doctors hospitals and patients.”
Indeed. See “EHR Science,” Jerome Carter MD:
She’s even gone so far as to recently claim — however vaguely (conveniently) — that PHYSICIANS are selling their patients’ data.
Interestingly, on this topic, ‘Quantified Self-Incrimination?’ “When Fitbit Is the Expert Witness” see http://www.theatlantic.com/technology/archive/2014/11/when-fitbit-is-the-expert-witness/382936/
Practice Fusion does sell patient data–in the earlier thread I posted quotes from the CEO:
“Every healthcare vendor is selling data. Everyone has this data, but we’ll have more of it and it will be real-time and aggregated,” Howard said. ”
Practice Fusion’s business model of selling patient data was also explained by Chris Anderson in his book “Free, the future of a radical price” on page 104 (published by Hyperion in 2009)
Practice Fusion is not a physician. Name some MDs who are allegedly knowlingly and directly selling ePHI.
Ms. Peel, @11:01,
“So, we know, for example, that physicians and their EHRs sell the [ePHI] data…”
Nice conjunctive conflation. Name some physicians who are selling ePHI?
Matthew, I appreciate your efforts to shine a light on the data practices of our HIPAA “Covered Entities” – the institutions we go to when we’re hurting and the doctors that are manipulated into using technology that our doctors don’t purchase and don’t control. Patient data is strategic in health reform and the physician-patient relationship is collateral damage.
Measuring the quality of health care http://www.nytimes.com/2014/11/19/opinion/how-medical-care-is-being-corrupted.html and http://www.nytimes.com/2014/11/23/upshot/how-to-arrive-at-the-best-health-policies-.html is more important than ever. Who do we want to trust with managing and analyzing all of this digital data? Patients and patient advocates? Physicians and medical societies? No, let’s have the foxes guard the hen-house. The folks that run the institutions, specify the EHRs and move the data around to set and justify the prices have the data and they will tell us what it says.
Ten years and $30 B into a well-intentioned effort to digitize patient data, patients don’t even have visibility, much less control over our own data. The days of paper, when I could ask my doctor for a copy of my health record and get the same handed to me are gone. In the digital EHR data world, my doctor can’t do that any more. That is the point of last-week’s related thread by Deborah and me https://thehealthcareblog.com/blog/2014/11/14/an-open-letter-on-the-nate-trust-community/
As Deborah points out, our patient data is being shared, aggregated, and analyzed at an unprecedented rate. Data brokers assemble profiles of us as patients that span time and service provider institutions. Optum Insight proudly advertizes that they can combine health records and insurance claims for millions of patients. IMS Health also creates longitudinal profiles for analysis on a massive scale.
Here’s an opportunity for THCB readers to suggest how health data brokers assemble these patient profiles if the data they get from our HIPAA Covered Entities is de-identified.
Here’s an opportunity for EHR vendors and their HIPAA Covered Entity customers to shine some light into how our data is sent out for analysis and why it’s too hard, in 2014, for us as patients to have that same feed visible and a copy of that data sent to us.
“Optum Insight proudly advertizes that they can combine health records and insurance claims for millions of patients.”
And Uber knows if you’ve been naughty.
Again you start by asserting something that is false: I have never opposed health IT. PPR and I are very pro-HIT. I have never been quoted as opposing health IT, because I don’t.
What PPR and I do is press for HIT that complies with longstanding US law, medical ethics, and our constitutional rights to health information privacy. These consensus protections developed over the past 100+ years in state and federal law, and the courts have upheld patients’ rights of consent (with rare exceptions) before personal health information is shared or disclosed.
PPR and I are pro-HIT, but current technology must be fixed so that patients’ rights to privacy are baked in, not eliminated.
I asked you to please read our free chapter in a book published by HIMSS about how HIT can be fixed, so patients can trust HIT, and so that all the benefits of technology can be reaped while preventing harms to patients. It appears that you didn’t read it. Here is the link once again: http://patientprivacyrights.org/wp-content/uploads/2014/06/Peel-chapter-HIMSS-book.pdf
It is very disheartening to read again your misrepresentations of me and PPR.
It’s time for you and the other TCHB editors to retract the erroneous statement above that I oppose health IT on the home page and formally apologize. Again: I’ve never said or written that I oppose HIT.
Technology is amazing, essential, and can provide incredible breakthroughs and benefits to humans and to healthcare systems. Technology is not the problem, the problem is building health technology that complies with US law, medical ethics, human and civil rights to privacy, and the expectations of the public to control who can see and use their most sensitive personal information.
Deborah C. Peel, MD
“our constitutional rights to health information privacy”
Seriously? There IS no such explicit right. 4th Amendment Constitutional rights, to the extent they are clarified at all and fixed over time, pertain to only a very limited subset of government intrusion. Harmful commercial trafficking in your private health information (or ANY kind of personal data, mostly occuring beyond the confines of CE’s and their BA’s, btw) falls under the domain of tort, and is mostly a crazy-quilt state-level jurisdictional matter.
Re: Our constitutional rights to ‘health information privacy’—-Below is a more complete explanation— it’s in the free HIMSS book chapter on the page 1 (the numbers are for the citations listed at the end of the chapter):
“Americans also have strong Constitutional rights to privacy and health information privacy. The Constitutional right to privacy grew from Justice Brandeis’ 1928 dissent in Olmsted.27 He famously wrote, “The right to be let alone is the most comprehensive of rights and the right most valued by civilized men.” The right to privacy of highly personal information is protected under the right to be free of unreasonable searches and seizures under the Fourth Amendment, and the right to liberty under the Fifth and Fourteenth Amendments to the U.S. Constitution.28 The right to privacy of personal information also has been recognized by Congress and by HHS as a fundamental constitutional right.29 The right to “informational privacy,” i.e., the right of an individual to have his personal information kept private, 30 grew from Whalen v Roe in 1977.31 Finally, the U.S. Supreme Court established a psychotherapist-patient privilege in 1996.32 “The mere possibility of disclosure may impede the confidential relationship necessary for successful treatment.”33 Failure to protect the right to health information privacy leads to less health information because communications between practitioners and patients “would surely be chilled.”34
One more time–the chapter is FREE to download because PPR licensed it: http://patientprivacyrights.org/wp-content/uploads/2014/06/Peel-chapter-HIMSS-book.pdf
Sorry some information was left out:
The paragraph is on page 16 of the download = page 91 in the book itself.
Ah, Brandeis. Keyword “dissent.”
From my 1998 grad thesis:
As I have alluded to elsewhere in this thesis, one of the most durably contentious of American Constitutional claims involves the right to privacy. If we are to establish a case for privacy as a fundamental ethical principle that the law ought reflect and administer with vigor, we ought examine a bit of its legal, sociological, and philosophical evolution. In Chapter 4 we began by examining the historical evolution of search-and-seizure restraints that ultimately found their way into our Fourth Amendment, and we ended with a review of the convoluted, often contradictory U.S. Supreme Court case law history and constitutional interpretation theory that undergirds our current legal and political confusion over the role of privacy as it pertains to drug policy. We begin here with some general sociopolitical and legal theory reflections that serve as foundation for and transition into the larger philosophical concepts bearing on privacy discussed in the latter part of this chapter.
Some regard privacy as an inseparable aspect of personal autonomy requisite for the very notion of liberty we ostensibly revere as a cardinal element our social and legal order. Critics, on the other hand, either dismiss the notion of a general right to privacy out of hand, or assert that it is a relatively recent, weak, and “derivative” declaration, one inherently inimical to and necessarily deferential to society’s “right-to-know” in the interest of commercial efficiency, public safety, and criminal prosecution. Those holding this latter position view the quest for privacy as a reaction to increasing urbanization and advances in information processing technologies, that the inhabitants of earlier eras and non-industrial cultures had and have little concern with our notions of “privacy.” Critics of the former persuasion who disavow the very notion of a general right to privacy under federal law find the concept adequately accounted for principally in terms of property rights. Libertarian advocate Murray N. Rothbard, for example, argues in The Ethics of Liberty that “there is no such thing as a right to privacy except the right to protect one’s property from invasion.” Rothbard holds that what some regard as an invasion of privacy is more correctly seen as a misappropriation of property, “not some vague and woolly invasion of a “right to privacy.”’”
See also Chapter 4. e.g.,
In his 1991 American Business Law Journal article Workplace Privacy and the Fourth Amendment: An End to Reasonable Expectations?(Vol. 29), legal scholar Don Mayer argues that the major drug testing cases have served a central role in the devaluation the original meaning of “privacy” under the Fourth Amendment. Mayer notes that in Fourth Amendment criminal cases generally, “the Court has generally found individual expectations unreasonable, and in civil cases has generally discarded both probable cause and warrant requirements” and that “ the Court’s contractarian thinking encourages the notion that not only statutory but constitutional rights can be explicitly or implicitly waived by the demands of employers or the ‘operational realities of the workplace’.” (p. 631)
Mayer observes that what was once a constitutional “right” has been downgraded to a mere “interest” in competition with other, more powerful interests: an individual interest whose worth must be calculated on the basis of “reasonable expectations.” What are “reasonable expectations”? Well, whatever society is prepared to accept as “reasonable,” a notion with a charmingly bootstrap quality where drug testing cases are concerned. For example, Mayer cites Willner v. Thornburgh (928 F.2d 1185, D.C. Cir. 1991), wherein the majority wrote that
[m]ore than 85 percent of employers with drug-testing programs tested job applicants . . . Some of the nation’s largest employers, including American Telephone & Telegraph, DuPont, Exxon, Federal Express, Trans World Airlines, and United Airlines . . . What is occurring generally outside government is some indication of what expectations of privacy “society is prepared to accept as reasonable” when the government engages in the hiring process. (Mayer, p. 650)
So, the very fact that private sector corporations, “unguarded” by the Fourth Amendment (recall Ginsberg earlier in Chandler), screen for illegal drugs willy-nilly without cause becomes itself the reference standard for “reasonable expectations” under the Fourth Amendment. How conveniently circular.
In essence, on this line of reasoning the scope of the Fourth Amendment is determined by Disney and its corporate brethren, not by the courts. Whatever is required to meet the “operational realities of the workplace” trumps, by virtue of its mere declaration and enactment, an employee’s puny privacy “interest.”
Again, you have no explicit, uncontested 4th Amendment right to informational privacy. SCOTUS and myriad inferior courts have been all over the map on the issue. Moreover, the ePHI privacy issue PALES in comparison to what the data miners are doing with all of the other digital crumbs of our lives.
None of which is to imply that I’m OK with any of this. Far from it.
I probably should have added that, yes, of course, I know that there are also numerous federal and state criminal laws that might come into play regarding specific privacy violations. Just that they are statutory in nature, not Constitutional.
The 4th Amendment is pretty much on life support, in any event.
Point of fact (which may be irrelevant given the tone of this debate)-
Deborah uses the fact that IMS/SDI have longitudinal records as proof that they must have identifiable information.
In fact they use one-way hash functions to create anonymous but linked (ie pseudonymized) records.
nice description of science: http://datamining.anu.edu.au/talks/2008/ausdm2008-ppdl-tutorial-linkage.pdf
fm – please see my comment @10:39. Does the privatization of medicine by hidden data brokers serve either the patient or the public interest? Is there still a role for open, peer reviewed, and freely teachable research and should patient and research organizations be going to the data brokers to buy back our own health records?
Adrian–You’re arguing about 2 different things. fm is saying that the data brokers do NOT use PHI in the creation of their longitudinal data sets which is absolutely not what Deborah says. I think fm is correct (but perhaps Deborah & you know different)
You are saying that there shouldn’t be a commercial data broking industry but instead should be open data sets for the betterment of scient and society. Which is hard to argue with and seems to be what is happening in the UK.
But these are different arguments