Going to the doctor has never been high on the list of good times, but you could at least get through the examination with the knowledge that whatever you and your doctor discuss is kept safe and confidential. Until now, that is.
A new report commissioned by major players in the health care industry has found that not only is collection and control of individuals' health data by providers accelerating, but that the data is extensively traded and resold for other purposes.
Even worse, there are gaps in the laws designed to govern and restrict the trading of personal information.
The report, commissioned by the American Medical Informatics Association (AMIA), found that although the Health Insurance Portability and Accountability Act (HIPAA) has strict rules governing the sharing of information by direct health care providers and insurers, it has no protection for the "secondary" market. The "secondary" market includes provider training, research, and commercial vendors.
The report also cited Congress' demands for the collection of health records in case of national emergencies such as terrorist attacks or viral outbreaks.
"The lack of coherent policies and practices for the secondary use of health data presents a significant impediment to the goal of strengthening the U.S. health care system," the report stated.
Among the report's findings:
• The sale and resale of medical data to third parties is a
multimillion-dollar industry, much of which takes place without
explicit consent or knowledge of patients or doctors. The report cited
instances of patients being pressured to waive their privacy rights in
order for providers to use their data, or the abuse of health care
data by third parties.
• Entities using patients' data need to put more focus on building
strong privacy safeguards and less time maintaining "ownership" of the
data.
• There needs to be much more transparency and accuracy in providing
patients information on how their medical data may or may not be used,
as well as stronger national frameworks for privacy safeguards and
controls on sharing the data between different providers.
The report was commissioned by an expert panel that included pharmaceutical heavyweights GlaxoSmithKline and Pfizer, medical experts and academics, and representatives from government agencies such as the Department of Health and Human Services (HHS) and the Centers for Disease Control (CDC).
The report on medical data reselling comes at a time when the government is strongly advocating more sharing of electronic health records to speed up treatment procedures and protect information against potential disasters.
Congress is considering legislation to build standards for data sharing, which has privacy advocates concerned about the potential for data breaches.
One major concern was that the continual collection of medical data would lead to not only identity theft, but medical fraud, as thieves would use stolen patient information to get themselves prescription drugs and expensive treatments. The victims would not only have their data stolen, but could end up tens of thousands of dollars in debt as well.
Commercial uses of health care data include marketing specific products to people with particular ailments, sharing the data with credit bureaus to find possible medical debt, and selling it to employers who may not want to take a risk on a new hire with a history of medical problems.
Sales of medical data could also figure into new "consumer-driven health care" products such as Health Savings Accounts (HSA's), as at least one company has developed "medical credit scores" designed to parse the risk of borrowers looking for price comparisons on potential accounts.
