Sony Hack Reveals Health Details on Employees and Their Children

The Interview
On top of everything else, the Sony data breach revealed employees’ sensitive health information:  Top Sony executives saw lists of named employees who had costly medical treatments and saw detailed psychiatric treatment records of one employee’s son.

Like last year’s revelation by AOL’s CEO, it shows US corporations look at employees’ health information and costs. By ‘outing’ the fact that 2 of AOL’s 5,000 employees had premature infants whose treatment cost over $1 million each, the CEO violated the employees’ rights to health information privacy.

Trusted relationships simply cannot exist if individuals have no right to decide who to let in and who to keep out of pii. Current US technology systems make it impossible for us to control personal health data, inside or outside of the healthcare system.

Do you trust your employer not to snoop in your personal health information?  How can you trust your employer without a ‘chain of custody’ for  your health data? There is no transparency or accountability for the sale or use of our health data, even though Congress gave us the right to obtain an “Accounting for Disclosures (A4D)” for disclosures of protected health data from EHRs in the 2009 stimulus bill (the regulations have yet to be written).  And we have no complete map that tracks the millions of places US citizens’ health data flows. See: TheDataMap.

There is no way to know who sees, sells, or snoops in our health data unless whistleblowers or hackers expose what’s going on.  Our personal, identifiable health data is in millions of data bases unknown and inaccessible to us.  Both the Bush and Obama Administrations support this privacy-destructive business model on the Internet and in the US health care system.

The US health data broker industry consists of over 100,000 health data suppliers covering 780,000 live daily health data feeds. See: http://patientprivacyrights.org/2014/01/ims-health-files-ipo-legal/ ).


Both Angela Merkel and Jennifer Lawrence spelled out the deep and persistent effects of violating personal boundaries:

Both spoke of the deep emotional pain and costs of betrayal, and of being unable to trust or feel safe following such serious boundary violations. Trust is truly impossible unless individuals can set boundaries. People, companies, and governments must respect and honor individuals’ rights to control access to personal information to be trusted. Violating boundaries destroys trust and relationships between people and between nations.

Sadly, even though the  modern world’s concept of ‘privacy’ comes from our nation, from US Supreme Court Justice Louis D. Brandeis’ concept of privacy, and later in the computer age from Wallis Ware’s concept of Fair Information Practices, the US has lost its way and is destroying both freedom and the right to be let alone.

Among the Western Democracies, has the United States become the world’s most intrusive surveillance state?

Do we have control over any information about ourselves?  Or is every bit or byte of data about us collected, held, and sold by millions of hidden data bases?  Learn more about the “world’s leading” health data broker ..

Deborah C. Peel, MD is the Founder and Chair of Patient Privacy Rights. 

6 replies »

  1. I know it’s not always about me but potential hacking is reason number eleventy zillion not to participate in an employee wellness program.

    Thanks for the posting!

  2. Issues and risks associated with privacy of personal health information in electronic health records is one of the least discussed critically important health care issues today….and the related issue of patients’ reaction to not give their providers sensitive information.

  3. Yesterday PostSecret ( a site that publishes postcards with anonymous secrets written on them) highlights not one but TWO postcards detailing how people who work in the healthcare arena violate personal trust and patient PII. One works at a hospital and has admitted to snooping through records to find out medical gossip on friends/family and the second secret was a person who works (at home I might add) for a medical transcribing company and she looks UP the names on Facebook so she can put a face/details to her “prayers”. These are just a few examples of unacceptable behavior and our personal healthcare data MUST be protected.