Your Medical Records Are for Sale

Posted on Monday, 12th August 2013 @ 10:24 AM by Text Size A | A | A

Spread the love

te health agencies, which in turn sell the information to private data-mining companies. The records are stripped of names and addresses, and there’s no evidence that data miners are doing the legwork to identify individual patients. Yet the records often contain patients’ ages, Zip Codes, and treatment dates—enough metadata for an inquiring mind to match names to files or for aggressive companies to target ads or hike insurance premiums.

Latanya Sweeney, the director of Harvard University’s Data Privacy Lab, identified 35 patients from a Washington database by buying state medical data and creating a simple software program to cross-reference that information with news reports and other public records. “All I have to know is a little bit about a person and when they went to a hospital, and I can find their medical record in this kind of data,” Sweeney says. She says data in 25 other states are just as vulnerable.

From a brief local-news story on a motorcycle crash, she matched retired Vietnam veteran Ray Boylston to a patient file documenting a broken pelvis, ruptured spleen, kidney failure, and bladder removal. “I feel I’ve been violated,” says Boylston, 62. “I don’t really feel that the public has a right to read up on my medical history.” Most of the patients whose names Sweeney uncovered asked to remain anonymous, including an executive treated after being assaulted whose medical records say he’s addicted to painkillers. Another businessman, who appeared in a missing-person report, has been diagnosed with pancreatic cancer and attempted suicide by poison, according to his medical records.

Exempt from federal health-privacy laws, states have long sold medical data to help finance public health studies. Demand for the information, which is relatively cheap, has shifted from university research programs to commercial data miners, which incorporate it into reports and databases they sell to direct marketers, insurers, and makers of drugs and medical devices. Twelve of the most populous U.S. states generated $1.91 million from 1,698 data sales in 2011, the latest year for which figures are available, public records show. (The data-mining industry, which buys the information and resells it to medical companies, will top $10 billion in revenue by 2020, McKinsey estimates.) Washington State’s health agency sold its database 95 times that year, collecting a mere $15,950. Donn Moyer, a spokesman for the state’s health department, says it chose to release extra identifying information such as patients’ Zip Codes to make its data more useful.

Companies that buy the state data include IMS Health, a provider of prescription data; OptumInsight, a division of UnitedHealth (UNH), the biggest U.S. health insurer; and WebMD (WBMD). Danbury (Conn.)-based IMS purchased Boylston’s record, as did IVantage Health Analytics, a Portland (Me.)-based evaluator of hospital performance. IMS’s U.S. marketing director, Jody Fisher, says his company, which sells medical data to drug companies for sales pitches to doctors and consumers, maintains a database of 260 million prescription-drug patients but doesn’t try to identify any whose names have been redacted. John Morrow, executive vice president of IVantage, says his company scrubs information like Zip Codes. With that kind of identifier, he says, “You might as well have the patient’s electronic medical record number.”

Jim Pyles, a principal at law firm Powers Pyles Sutter & Verville who specializes in health law and policy, says digitized medical data has the potential to prevent physicians from missing a key element of a patient’s history or to help analysts identify larger health trends, such as hospital costs or the spread of diseases. The sale of that data, though, makes patients even more vulnerable than they already are in an era of increasingly sophisticated hacking, he says. “Electronic health information is like nuclear energy,” Pyles says. “If it’s harnessed and kept under tight control, it has potential for good. But if it gets out of control, the damage is incalculable.”

Health agencies for Washington, Tennessee, Nevada, and Arizona say they have begun reviews of their collection policies following a Bloomberg News story published on June 5 about state health data collection. (Washington now requires buyers to sign a confidentiality agreement, though a full review of the policies will take months, says Moyer.) California, Illinois, New Jersey, Massachusetts, Connecticut, Nebraska, and Alaska already had reviews under way, according to those states’ agencies. “The real takeaway,” says Harvard’s Sweeney, “is we can do better than this.”

Related News On HuffPo Club

  • David Gerard is a Bitcoin Fraud

    Spread the love
    Spread the loveI am calling out so-called bitcoin expert ??? David Gerard for the fraud that he is. . All he does is trash bitcoin, trash ethereum and trash any other blockchain idea on wikipedia,…

  • Last Call to be the World Leader in Outer Space. by Daniel Bruno

    Spread the love
    Spread the loveLast Call to be World Leader First posted: 03/18/2010 at Huffpo “Where is that moon, that leads to your soul?” – Aromabar     Legend has it that Kaguya descended from a race…

  • Electoral Science: The Winner of the 2016 Election Will be a Republican

    Spread the love
    Spread the loveOriginally published at Washington’s Blog in April, 2016   by Daniel Bruno   Electoral Science: The Winner of the 2016 Election Will be a Republican I was the first person in the world…

  • Report from Rio

    Spread the love
    Spread the loveReport from Rio Daniel “No Passport” Bruno, reporting from Rio de Janeiro. Daniel is from Manhattan, is an author, inventor, specialist in 9/11 studies, and the interview host at which publishes over…

Disqus Comments

Specify a Disqus shortname at Social Comments options page in admin panel

Facebook Comments

G+ Comments

Default Comments

  • Hpub asks

    • Sorry, there are no polls available at the moment.