Is Deborah Peel up to her old tricks?

Long time (well very long time) readers of THCB will remember my extreme frustration with Patients Privacyflying cadeucii Rights founder Deborah Peel who as far as I can tell spent the entire 2000s opposing electronic health data in general and commercial EMR vendors in particular. I even wrote a very critical piece about her and the people from the World Privacy Forum who I felt were fellow travelers back in 2008. And perhaps nothing annoyed me more than her consistently claiming that data exchange was illegal and that vendors were selling personally identified health data for marketing and related purposes to non-covered entities (which is illegal under HIPAA).

However, in recent years Deborah has teamed up with Adrian Gropper, whom I respect and seemed to change her tune from “all electronic data violates privacy and is therefore bad”, to “we can do health data in a way that safeguards privacy but achieves the efficiencies of care improvement via electronic data exchange”. But she never really came clean on all those claims about vendors selling personally identified health data, and in a semi-related thread on THCB last week, it all came back. Including some outrageous statements on the extent of, value of, and implications of selling personally identified health data. So I’ve decided to move all the relevant comments to this blog post and let the disagreement continue.

What started the conversation was a throwaway paragraph at the end of a comment I left in which I basically told Adrian to rewrite what he was saying in such a way that normal people could understand it. Here’s my last paragraph

As it is, this is not a helpful open letter, and it makes a bunch of aggressive claims against mostly teeny vendors who have historically been on the patients’ side in terms of accessing data. So Adrian, Deborah & PPR need to do a lot better. Or else they risk being excluded back to the fringes like they were in the days when Deborah & her allies at the World Privacy Forum were making ridiculous statements about the concept of data exchange.

Here’s Deborah’s first comment

Why is it that every other US company or business can connect directly with individuals online except physicians, healthcare and HIT companies? Why isn’t healthIT set up like online banking, where we control our ‘assets’–ie our data? Online banking allows us to set up automatic transfers and to make one-time transfers, we can see/track all transactions in real-time, we can set up alerts for suspicious or unusual activities or transfers, and we can change our preferences at any time or delegate control.

Technology that enables patients to control PHI does exist, in accord with our expectations and rights, but industry and govt instead built HIT systems that violate medical ethics and the laws requiring consent before health information is used. Govt and industry fail to understand that ethics and privacy law is what enables patients to trust doctors and share sensitive information. The practice of Medicine has always required patient control over the disclosure of personal health information (with very rare exceptions).

Health data is now the most valuable digital commodity of all. US industry and govt freely use and sell it without asking us. Our PHI is now held in millions of data bases unknown and inaccessible to us. The systemic hidden use and sale of PHI is the worst data privacy breach you’ve never heard of. Not only is this system of hidden data use a threat to the practice of Medicine, US HIT systems are the most intrusive surveillance systems in the Western world—far worse than the NSA’s spying on cell phones. It is actually a threat to our freedom and our Democracy. How ironic: US surveillance is far more comprehensive and detailed than the worst totalitarian regimes could ever imagine.

Then here’s one she addressed to me (accusing me of getting the facts wrong of course!). Kind of amusing as I hadn’t actually done more than to refer to some issues from more than 5 years ago, and had just said that back then she was making ridiculous statements about the concept of data exchange. Which she was.

Speaking of screeds, I just read yours. I would really appreciate you leaving out the insults and wrong facts–and actually the World Privacy Forum was not an ally that we worked with. When will you stop making things up about PPR and what I think and do?

I have no idea what you referred to when you wrote I made “ridiculous statements about the concept of data exchange”. Please explain.

PPR has always fought for patients’ longstanding rights to control data exchange. It still is our right under US law and medical ethics. FYI–patients controlled information exchange in the paper age, because nothing moved without our consent. That enabled us to trust that our information was only used for purposes we agreed with and prevented the vast hidden health data broker industry (over 880,000 health data suppliers).

PPR’s solutions to fix HIT, to make it trustworthy, are free to download on our website–it’s a short chapter in a book published by HIMSS: Please read what PPR and I actually stand for: realistic solutions that offer all the benefits of HIT and prevent the harms. The chapter is much simpler than our letter, which you found to be incomprehensible.

She asked me what her ridiculous statements were, so (adopt Barney Stinson voice) Challenge Accepted! Here’s what I wrote actually citing several things she’d said that weren’t true.

Dr Peel, Exhbit A on data exchangeIn which athenahealth suggested that providers paying each other for data exchange would speed it up, and you said that they wanted to sell patient data when they were instead suggesting paying for data that was ALREADY being exchanged (just not enough of it or in efficient manner) just as the national HIE program is trying (albeit not trying hard enough) to do. At the least your words are a complete distortion of what athenahealth was suggesting. The careless reader may have thought you were accusing them of selling patient data to any buyer, when they were trying to prevent a patient having to fill in the damn clipboard one more time when they move from one doctor to another (or to a hospital)

Exhibit 2, your comment above
1/ “Why isn’t healthIT set up like online banking, where we control our ‘assets’–ie our data?”
2/ Health data is now the most valuable digital commodity of all. US industry and govt freely use and sell it without asking us.”

You don’t think banks and absolutely everyone else in the financial chain sell & trade our data? How do credit bureaus operate if not?

You still have never cited an example I’m aware–despite me offering you the forum many times–of where a HIT vendor has sold or traded identified patient data outside of HIPAA regulations. Yet in 2008 you were quoted in the WaPo thus “Many online PHR firms share information with data-mining companies, which then sell it to insurers and other interested parties, Peel said.” As far as I recall you always fall back on the remote possibility that data might be re-identified after it’s been sold. I still wait to be convinced on what might then happen with it. Easier for a hacker to break into Target and steal credit cards and a lot more valuable

My hope was that working with Adrian you had moved over to the idea that exchange data electronically would improve the patient care experience, and that we’d all work together to make sure it happens safely. But going off on the state of HIT and comparing it to totalitarian states reminds me of what John Lennon said in Revolution about carrying pictures of Chairman Mao.

I apologize for conflating PPR with the World Privacy Forum. I thought you and Gellman worked together & his report on PHRs referenced PPR and you extensively if I recall. Although that was 8 years ago so much has changed including my memory’s capacity…

Then it gets really good, and we get to Deborah’s real understanding of the business model  of health IT. (Hint, it’s not the same as many other people’s understanding of the business model  of health IT).

Hi Matthew: Thanks for pointing out the articles where you think I was distorting the major business model of the Digital Age: selling pii.

Some key points:
1) You imagine re-identification and aggregation of health data is not happening, when it is rampant. The business model of big data requires the massive collection and aggregation of all pii about you in order to combine it into very detailed profiles of you and millions of other individuals over time. “De-identification” and “anonymization” are processes that simply do not deliver what the words describe. But Congress, courts, and the public don’t know this yet.

2) Longitudinal real-time profiles of patients, which many entities sell, require re-identification in order to aggregate info about each individual–if they can’t link yesterday’s data about you with today’s data, they could not create longitudinal profiles.

3) Check out the 3 page paper by Narayanan and Shmatikov that states it’s now easy to re-identify data because there are so many public data sets that can be used to match people with their data. The ease of re-identification has been well -known to computer scientists for years.

How do you justify ignoring computer science? Here is the link: It’s written for general audiences by the guys who re-identified the AOL and Netflix research data bases.

4) Please look at the IPO filed by the world’s “leading information, services and technology company”. (Editorial note, she’s referring to IMS) It describes how the company aggregates longitudinal “anonymous” profiles of 500M people daily by adding new info from “EHRs, claims data, prescription records, and social media”. The company sells health data profiles to “5,000 customers” including the US government. The company will identify patients that customers seek for clinical trials, for example. That means this company is identifying and targeting specific people without their knowledge or consent.

This company buys, sells, and trades pii with “100,000 health data suppliers covering 780,000 live daily health data feeds”.

Finally, why would athenahealth charge doctors less for using their EHR if they agree to allow athenahealth to use and sell patient data–unless they derive profit from the use of the data? As a corporation their legal duty is to deliver profits to shareholders, not transfer data to help patients. Do you believe athenahealth would transfer data if it lowered annual revenue?

The business model of many EHRs is in fact selling patient data.

The man who most blatantly explained the model of selling patient data is Ryan Howard, CEO of Practice Fusion–PF’s EHR is FREE to the doctor because Practice Fusion sells patient data. Howard has been quoted in books and articles saying this. Two quotes: “Practice fusion subsidizes its free EMRs by selling de-identified data to insurance groups, clinical researchers and pharmaceutical companies” and “Every healthcare vendor is selling data. Everyone has this data, but we’ll have more of it and it will be real-time and aggregated,” Howard said. The URL is:

Chris Anderson’s 2009 book called “Free” features a graph about Practice Fusion’s business model that shows if they license the software they would make $100M, but if they sell patient data they make $250M. See page 104. The page is titled “How can healthcare software be free? (Hyperion is the publisher).

Now that I have written this out for you, it astounds me that you—a very, very smart man—are seemingly not aware that selling pii is the major business model of the Digital Age: it’s the business model of Google, of Facebook, etc, etc.

Either you are in denial of reality (which seems unlikely) or you truly believe the hype and propaganda of the government and industry: that business that collect, aggregate, and sell PHI and pii will ONLY use our pii for good. It’s not an accident that the army of health data brokers that collect, aggregate and sell personal health data claim they are only helping us. The problem is, if they use it for good, why is what they do totally hidden from us: the collection, sale, and what they use the data to do can’t be discovered. How can we find the 880,000 companies that buy, sell, and trade information about our minds and bodies?

If the health data broker industry really wants to ‘do good’ with our data, why don’t they just ask us first? And why did this industry fight the ban on the sale of PHI in HITECH? The Omnibus Privacy Rule regs grandfathered in all sales of PHI, which just happens to benefit the health data broker industry. Virtually every company that touches our PHI treats it as a corporate asset and sells it. Even states sell patient data

You and THCB should support examining facts about the health data broker industry and promote HIT that enables the benefits of technology and prevents the massive harms: #1 violating patients’ rights to privacy and control over PHI and #2 the distrust of physicians and the healthcare system caused by today’s poorly designed HIT.

If THCB does not look at facts or at what the vast majority of public wants and expects (ie control over PHI, with rare exceptions), it will remain just an industry shill.

I thought inviting me to participate meant you were finally willing to acknowledge the critical importance of human and civil right to privacy.

Which was a red rag to a bull, and this bull explained where I thought she was totally wrong

Deborah–I understand that with enough computing power and probabilistic matching you could re-identify data if you really wanted to but as you know it’s illegal which makes it kind of unlikely that a large publicly traded company would do it as openly as you think they are doing it. My understanding is that IMS gets given connected data by organizations that are allowed to connect it (covered entities) who strip the identifiers from it, or at least that was what they were doing back when I knew the company that does that for them (Pharmetrics) well. Most of the data IMS receives BTW is prescription data which has the physician identifier on it but not the patient. You may not like that but it’s not illegal.

Practice Fusion claims it sells de-identified aggregated data. And so far not too successfully if what’s said about them on Secret and by various VCs off the record is to be believed. Certainly not $250m worth, and maybe not a teeny percentage of that. Why you think they are selling identified data when again it’s illegal, I’m not sure, but perhaps they’ll clarify. And yes several others (inc GE) try to sell de-identified data. again not too too successfully. The $$ value of the EMR software and services market is far far greater than the size of the data sold from it

athenahealth was not looking to sell the data they collect in the example you discussed. They were trying to get it transferred from one provider to another to increase the efficiency of the referral and check in process. That’s “selling” data exchange between 2 covered entities. BTW I’m not sure they ever got it done

In all these cases you say they are doing something the companies say they are not doing, and you never cite any proof. Sure, they could do that, but the risks to their business are huge and I struggle to see the upside. You may well be better informed than me, and perhaps we can get some of these companies to comment.

If you think all data sales of any type (or for that matter all data collection for secondary uses) should be illegal, you are entitled to your view. Apparently it’s a view your colleague Adrian doesnt share because he thinks that this should all be collected in a public database. I actually agree with him but that data too would be funded (in this case by the taxpayer or user fees I assume) and would also be subject to re-use by thrid parties.

My final conclusion for you is that if the major business model of health IT is de-identifying and re-identifying data, the business is in very, very sad shape. Luckily for most of the major players in that business, they make money selling software or online services–a revenue stream many times that of data sales of any kind.

PS THCB doesn’t have opinions or support anything. I own it but I’m not the editorial director, have no control and barely even write any more. If I did exercise control and only had people I agreed with on it, do you think your name would be in a by-line? :)

Finally I reached out to IMS, Practice Fusion and athenahealth to get their input, and Holly Spring (who runs communications at athenahealth) basically said I was right and Deborah was wrong.

athenahealth does not sell patient data. Please see here for our views regarding an economic model for health information exchange: Also, it’s worth mentioning that athenahealth treats interoperability as part of its service — not a separate invoice of add-ons. In fact, this week athenahealth announced CommonWell interoperability services will be offered to its 59,000+ providers services for free.

It’s now put up or shut up time. Are personal health data resales a bigger industry than health IT? Are vendors really illegally selling identified health data? Is Deborah going to retract her statements? Or at least explain what she knows–with evidence please–that I’m missing?

The floor is open.

Matthew Holt is the owner/publisher of and occasionally writer on The Health Care Blog.

Livongo’s Post Ad Banner 728*90

Leave a Reply

18 Comment threads
20 Thread replies
Most reacted comment
Hottest comment thread
14 Comment authors
lewWhatsen WilliamsMatthew HoltMargalit Gur-ArieDean Recent comment authors
newest oldest most voted

This might be too simplistic, but I’m not sure that anyone has the rights to my data in any form. That would be pre, post or in the act of. It’s not your ‘right’ to have anyone else’s data at all. If so, then what you should do is pay a recurring fee for such data since it will be used for years to come!

Adrian Gropper MD

This thread really IS about Matthew Holt and everyone that frames privacy as a compromise. Privacy vs. Research. Privacy vs. Progress. Privacy vs. Open Data. Privacy vs. Terrorism. Privacy vs. Freedom. In my experience, all such framing says more about the proponent than it does about the subject. Almost always, the framing of privacy as a compromise is a cover for lack of transparency and an economic foundation that benefits from externalities. The best-known example in health care is people being denied access to our own health records “because of HIPAA”. The clearest example of hiding costly externalities is the… Read more »

Adrian Gropper MD

Matthew: The current HIPAA situation is illogical:

– a service provider can claim they are sharing de-identified data
– this exempts the service provider form both consent and accounting for disclosures
What recourse does society or a patient have to seek transparency with this kind of regulation? In the limit, this makes all HIPAA CEs self-policed with only whistleblowers to fear. The HIPAA CE doesn’t even need a published privacy policy the way non HIPAA regulated services do. In the limit, Health 2.0 companies will need to buy the patient data from the HIPAA CE.

Is this what you’re advocating?

Whatsen Williams
Whatsen Williams

The only use of patient data obtained during the course of treatment shoul be tor research by the staff of the hospital. Sales of said data should be banned.

Deborah C. Peel, MD

The bipartisan Coalition for Patient Privacy worked with Congress to ban health data sales in HITECH/ARRA. But it was eliminated during the regulatory process. The regulations issued by HHS allow the sale of PHI to continue, all the current uses were deemed to be exceptions. Congressman Joe Barton of Texas championed the ban on sales of PHI.

Margalit Gur-Arie

Suggested reading: JASON Report, Section 6.3, pp 51-54

“JASON finds that de-ID is not a viable approach for ensuring patient privacy going forward.”
…. and other illuminating insights…..


This he said, she said stuff is rather unproductive.

Some feel that we have a privacy and PHI issue, some don’t. As an average joe, I am concerned about my information being sold, shared, released, whatever you want to call it. I know it’s done in this and other markets, that still does not make me comfortable.


It’s called “surveillant anxiety.”

William Palmer MD
William Palmer MD

Holt and Peel should wager in an electronic futures market and put some skin in. “Will PHI be sold in a one billion dollar a year illegal marketplace in the US within five years time?”

If we can control centrifuges in Iran we can find your MRI diagnosis. Alas,
Stuxnet has now been succeeded by a better product, “Regin”. .

Doctor Mawrdough
Doctor Mawrdough

Prof Latanya Sweeney weighs in on these issues.

There needs to be a hard stop on vendors selling the data that their devices gather when the intended purposes for their devices are for mitigating disease.

William Palmer MD
William Palmer MD

This was in Science Jan.18, 2013. Identifying Personal Genomes by Surname Inference Melissa Gymrek1,2,3,4, Amy L. McGuire5, David Golan6, Eran Halperin7,8,9, Yaniv Erlich1,* + Author Affiliations 1Whitehead Institute for Biomedical Research, 9 Cambridge Center, Cambridge, MA 02142, USA. 2Harvard–Massachusetts Institute of Technology (MIT) Division of Health Sciences and Technology, MIT, Cambridge, MA 02139, USA. 3Program in Medical and Population Genetics, Broad Institute of MIT and Harvard, Cambridge, MA 02142, USA. 4Department of Molecular Biology and Diabetes Unit, Massachusetts General Hospital, Boston, MA 02114, USA. 5Center for Medical Ethics and Health Policy, Baylor College of Medicine, Houston, TX 77030, USA. 6Department… Read more »

Deborah C. Peel, MD

Hi Mighty Casey: PPR and I derive no profit from fighting for “patient-controlled digital data exchange”. I am a FT volunteer. Patient Privacy Rights is a small non-profit 501c3 organization I founded in 2004 because there was no national organization fighting up for the privacy rights of the people of this nation–and 95% of the US public wants to control who can see, use, and sell their most sensitive personal information: data about their minds and bodies. On the other hand, industry profits are in the tens to hundreds of billions of dollars/year from the sale, trade, and exchange of… Read more »


“Patient Privacy Rights is a small non-profit 501c3 organization”

This is true. I’ve examined your 990’s. At least YOU, commendably, are not making bank in the high six figures or more. Unlike a lot of other ePHI “non-profit” organizations, like HL7.

Mighty Casey

Imma come into this swordfight with nothing but a 5 iron, in the form of being a patient/simple-human being solely interested in gaining ACCESS TO my own health data, contained hither and thither across the medical-industrial complex. I frankly could care less about the sale of my data. Since I can’t full access it without spending hours/days in endless rounds of begging, with robust deployment of face-palm and head-desk when I’m told, “we can’t, because HIPAA.” I’m very afraid that all the Philadelphia lawyer language that’s been sprayed all over the health data issue have made it impossible for anyone… Read more »

Adrian Gropper MD

Matthew – let’s define de-identification and sale. For example, consider Foundation Health or CollabRx (purveyors of cancer genome testing services) who get a copy of the patient’s de-identified health record and outcome and then sell their clinical association analysis to the next patient that has a similar genome. Can the HIPAA CE that sent their patient’s sample and her health record to Foundation Health or CollabRx avoid asking for patient consent by cliaming the information was de-identified? Is what these companies are doing by treating patient outcome results as their intellectual property and selling the clinical association to other patients… Read more »


She’s even gone so far as to recently claim — however vaguely (conveniently) — that PHYSICIANS are selling their patients’ data.

Interestingly, on this topic, ‘Quantified Self-Incrimination?’ “When Fitbit Is the Expert Witness” see

Deborah C. Peel, MD

Practice Fusion does sell patient data–in the earlier thread I posted quotes from the CEO:
“Every healthcare vendor is selling data. Everyone has this data, but we’ll have more of it and it will be real-time and aggregated,” Howard said. ”


Practice Fusion’s business model of selling patient data was also explained by Chris Anderson in his book “Free, the future of a radical price” on page 104 (published by Hyperion in 2009)


Practice Fusion is not a physician. Name some MDs who are allegedly knowlingly and directly selling ePHI.


Ms. Peel, @11:01,

“So, we know, for example, that physicians and their EHRs sell the [ePHI] data…”

Nice conjunctive conflation. Name some physicians who are selling ePHI?