Data Re-identification

I have spoken about how important the selling of data is to third parties. It’s called money. From a colleague of mine:

I am not inherently opposed to analyzing my practice (population) as a whole — on terms that are actually helpful to me and not overly burdensome. In fact, I think it would be helpful to me and my patients. But, whenever third-parties demand data that we all know cannot possibly improve the care of our patients/practice, this type of stuff makes me wonder “what’s their real motivation?”.

This article goes into more detail about that.  Some highlights:

  • Americans’ medical data are regularly sold — often without the knowledge of patients. It’s part of a trade worth billions of dollars.
  • HIPAA only governs named data.
  • After a person gets medical care,” Tanner writes, “pharmacies, insurers, labs, electronic record systems and the middlemen connecting all these entities automatically transmit patient data directly to what is, in effect, a big health data bazaar.”
  • Advertisers can use this to target likely customers.

The article also talks about another dimension to the problem. It’s called “re-identification” and as the article states:

  • Re-identification of anonymous files is not illegal: It is legal to use all the data available to figure out which patient file belongs to whom.

Holy crap.  As my colleague went on to say, “So HIPAA is used a bludgeon to “protect privacy”, but it’s fully okay to do a high-tech jigsaw puzzle after the fact to figure out who’s who?!?!”

Yup. 

As far as DPC clinics go, I work with Atlas MD software, which does not sell any data.  Actually, there are no bogus quality metrics in there to sell.