Electronic Health Record Security Concerns Are Global

As I mentioned in a recent post, nearly half of Australians may end up boycotting the new voluntary electronic health record (EHR) system when it launches next year because they believe the government can’t provide guarantees that their private medical details will remain private. A new Harris survey sponsored by the identity management company Sailpoint highlights EHR privacy concerns not only in Australia, but also in the United Kingdom and the United States.

According to the survey findings, some 83 percent of Australians, 81 percent of Britons, and 80 percent of Americans express some level of concern about moving their personal medical information to an electronic form…

…For example, since September 2009, at least 9.8 million instances of improper disclosure of medical information have been recorded in the United States. Earlier this month, the renowned Stanford Hospital & Clinics in California added to the total when it announced that the electronic health records of 20 000 of its emergency room patients seen between March 1st and August 31st of 2009, including their names, diagnostic codes, medical record numbers, hospital account numbers, billing charges, and emergency room admission and discharge dates, had been posted for nearly a year (Sept. 9, 2010, to Aug. 23, 2011) on a commercial Web site called Student of Fortune.

Data-mining: Australia Just Calls It Something Else

In Australia, the data mining industry pays doctors to sell patients’ prescription records. In the US they pay pharmacies, hospitals, and PBMs. See Article.

A complaint to the Australian Privacy Commissioner was dismissed because the data miners claimed that patients and doctors were “de-identified”. But it is very difficult to fully de-identify personal health data so that re-identification is impossible. If true, the industry should have offered proof that their methods actually work and that the data cannot be re-identified.

As in the US, the theft and sale of personal prescription records is rationalized with claims that it can be used to “provide valuable insight into healthcare trends– including the spread of infectious diseases”. The word that describes using data to provide “valuable insights” is “research”. It happens to be both illegal and unethical to do research without informed consent.