Defanging HIPAA: How Your De-identified Data Was Re-identified For Profit.


Arthur Sackler continues to demonstrate just how wealthy one can become by advantaging patients and their diseases.

He’s been dead since 1987, but his ghost continues to access your personal health data, pushes medical consumption and over-utilization, and expands profits exponentially for data abusers well beyond his wildest dreams. Back in 1954, he and his friend and secret business partner, Bill Frohlich, were the first to realize that individual health data could be a goldmine. That relationship would still be a secret had it not been exposed in a messy family inheritance feud unleashed by his third wife after Sackler’s death.

That company, IMS Health, was taken public and listed on the NYSE on April 4, 2014, transferring $1.3 billion in stock. I’ll come back to that in a moment. But in the early years, the pair realized that the data they were collecting would multiply in value if it could be correlated with a second data set. That dataset was the AMA’s Physician Masterfile which tracked the identity and location of all physicians in America from the time they entered medical school. 

Those doctors were largely unaware that they had been assigned an identifier number early in their career, or that they were being tracked, or that the AMA was profiting from the sales of their information. With this additional information, IMS information products helped inform companies’ commercialization plans, their pharmaceutical marketing and sales, and eventually the targeting of physicians most likely to overprescribe Oxycontin.

After Arthur Sackler’s death, the company was sliced and diced, sold and resold, merged and divested. In May 2016, IMS merged with Quintiles with ownership at 51.4% IMS and 48.6% Quintiles. The resulting company was valued at  $17.6 billion and called QuintilesIMS. On November 6, 2017, it was renamed IQVIA. 

Two decades earlier,  Congress had passed HIPAA , designed to protect patients’ personal health information, but leaving health care organizations (not patients) in control of that data. In a compromise, those organizations were permitted to sell and mine aggregate data as long as it was detached from personal identifiers such as names, birthdates, and ZIP codes.

Under the mantra of “de-identification,” the Medical-Industrial Complex went to work. One of the most successful of the lot was a West Coast start-up, MedicaLogic, which created a shared patient case database fed by thousands of doctors nationwide.  The doctors were assured that the data housed in their proprietary medical record system was de-identified and intended for altruistic purposes. But its commercial worth quickly became evident resulting in a sale to GE Health in 2002, becoming their “must-have” MQIC database

By 2013, it had been six-figure licensed to over 500 corporate clients and included focused marketing and sales insights from data mining the records of 25 million de-identified Americans over a 15 year span. Its premier customer was QuintilesIMS, now generating $4 billion in annual revenue, employing 33,000 employees and running the clinical research (largely overseas) operations for 20 of the largest pharmaceutical companies.

QuintilesIMS, now IQVIA, was the owner of MarketScan, the domicile for a 270 million Americans-strong health insurance claims repository. The original creator of MarketScan was Truven Health Analytics. IQVIA took the data from GE’s MQIC database and merged it with Truven’s MarketScan with an aim of re-identifying your health data, thus vastly expanding its commercial value. The results were alarming. As an internal GE memo later revealed, the cross-reference with Tureen data allowed re-identification of the original patient source with “95% accuracy.”As one investigative report noted, “The unsettling part was how precisely the patients were flagged in another dataset, with near perfect accuracy…”

GE’s internal investigation caused some consternation in the firms legal wing, but they eventually concluded they had not technically violated HIPAA because the manipulations were one step removed from direct patient data collection. GE’s finance department was much relieved. GE’s health database and proprietary software was sold to New York private equity firm Veritas Capital, (who in the past had also bought and sold Truven) which in turn resold the entire medical records business for $17 billion on the open market.

Channeling their inner Arthur Sackler, IQVIA (formerly Quintiles, formerly IMS) justified their actions, saying they are all about improving patient outcomes by identifying what treatments work best for what diseases. What all now admit behind closed doors is that HIPAA is hopelessly outdated, and that the glaring loopholes have been identified and commercially advantaged. 

In many respects, this is old news. When Arthur Sackler appeared under oath before the Kefauver Commission in January 1962, he lied through his teeth, denying his ownership of IMS. Now 35 years later, his ghost and the IMS progeny continue to haunt our personal health data.

Mike Magee, MD is a Medical Historian and author of  CodeBlue: Inside the Medical Industrial Complex”.