Complain about a product or service

For Sale: Your Health Care Records

By Martin H. Bosworth
ConsumerAffairs.com

September 13, 2006

• RFID Eyed as Anti-Shoplifting Tool • Internet Providers Admit to Monitoring Customers' Web Surfing • Big Brother Hitching A Ride in California? • GAO: Government Can Do More to Protect Personal Data • US Search Agrees to Stop Selling Private Credit Data • TSA Site Left Passenger Data Exposed To ID Theft • Connecticut Governor Wants 'Opt Out' For Online Directories • Verizon Gave Customer Data To Government Without Court Orders • House Democrats Probe Warrantless Surveillance --- • More Privacy News ...

Going to the doctor has never been high on the list of good times, but you could at least get through the examination with the knowledge that whatever you and your doctor discuss is kept safe and confidential. Until now, that is.

A new report commissioned by major players in the health care industry has found that not only is collection and control of individuals' health data by providers accelerating, but that the data is extensively traded and resold for other purposes.

Even worse, there are gaps in the laws designed to govern and restrict the trading of personal information.

The report, commissioned by the American Medical Informatics Association (AMIA), found that although the Health Insurance Portability and Accountability Act (HIPAA) has strict rules governing the sharing of information by direct health care providers and insurers, it has no protection for the "secondary" market. The "secondary" market includes provider training, research, and commercial vendors.

The report also cited Congress' demands for the collection of health records in case of national emergencies such as terrorist attacks or viral outbreaks.

"The lack of coherent policies and practices for the secondary use of health data presents a significant impediment to the goal of strengthening the U.S. health care system," the report stated.

Among the report's findings:

• The sale and resale of medical data to third parties is a multimillion-dollar industry, much of which takes place without explicit consent or knowledge of patients or doctors. The report cited instances of patients being pressured to waive their privacy rights in order for providers to use their data, or the abuse of health care data by third parties.

• Entities using patients' data need to put more focus on building strong privacy safeguards and less time maintaining "ownership" of the data.

• There needs to be much more transparency and accuracy in providing patients information on how their medical data may or may not be used, as well as stronger national frameworks for privacy safeguards and controls on sharing the data between different providers.

The report was commissioned by an expert panel that included pharmaceutical heavyweights GlaxoSmithKline and Pfizer, medical experts and academics, and representatives from government agencies such as the Department of Health and Human Services (HHS) and the Centers for Disease Control (CDC).

The report on medical data reselling comes at a time when the government is strongly advocating more sharing of electronic health records to speed up treatment procedures and protect information against potential disasters.

Congress is considering legislation to build standards for data sharing, which has privacy advocates concerned about the potential for data breaches.

One major concern was that the continual collection of medical data would lead to not only identity theft, but medical fraud, as thieves would use stolen patient information to get themselves prescription drugs and expensive treatments. The victims would not only have their data stolen, but could end up tens of thousands of dollars in debt as well.

Commercial uses of health care data include marketing specific products to people with particular ailments, sharing the data with credit bureaus to find possible medical debt, and selling it to employers who may not want to take a risk on a new hire with a history of medical problems.

Sales of medical data could also figure into new "consumer-driven health care" products such as Health Savings Accounts (HSA's), as at least one company has developed "medical credit scores" designed to parse the risk of borrowers looking for price comparisons on potential accounts.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

Follow us on Twitter.