Data Re-identification
I have spoken about how important the selling of data is to third parties. It’s called money. From a colleague of mine:
I am not inherently opposed to analyzing my practice (population) as a whole — on terms that are actually helpful to me and not overly burdensome. In fact, I think it would be helpful to me and my patients. But, whenever third-parties demand data that we all know cannot possibly improve the care of our patients/practice, this type of stuff makes me wonder “what’s their real motivation?”.
This article goes into more detail about that. Some highlights:
- Americans’ medical data are regularly sold — often without the knowledge of patients. It’s part of a trade worth billions of dollars.
- HIPAA only governs named data.
- After a person gets medical care,” Tanner writes, “pharmacies, insurers, labs, electronic record systems and the middlemen connecting all these entities automatically transmit patient data directly to what is, in effect, a big health data bazaar.”
- Advertisers can use this to target likely customers.
The article also talks about another dimension to the problem. It’s called “re-identification” and as the article states:
- Re-identification of anonymous files is not illegal: It is legal to use all the data available to figure out which patient file belongs to whom.
Holy crap. As my colleague went on to say, “So HIPAA is used a bludgeon to “protect privacy”, but it’s fully okay to do a high-tech jigsaw puzzle after the fact to figure out who’s who?!?!”
As far as DPC clinics go, I work with Atlas MD software, which does not sell any data. Actually, there are no bogus quality metrics in there to sell.
This is the explanation behind the movement to turn MDs into data entry clerks, and makes the joyful participation of our medical societies in the process all the more despicable.