States’ Hospital Data for Sale Puts Privacy in Jeopardy

Before speaking at the 3rd Annual Summit on the Future of Health Privacy, Jordan Robertson did extensive research with Latanya Sweeney, PhD and theDataMap.org team to expose a nationwide privacy problem. MANY states are selling de-identified hospital records, which can be easily re-identified by using your local newspaper. Using other publicly available information makes re-identification even easier.

From Jordan Robertson’s article in Bloomberg News: States’ Hospital Data for Sale Puts Privacy in Jeopardy

Hospitals in the U.S. pledge to keep a patient’s health background confidential. Yet states from Washington to New York are putting privacy at risk by selling records that can be used to link a person’s identity to medical conditions using public information.

Consider Ray Boylston, who went into diabetic shock while riding his motorcycle in rural Washington in 2011. He careened off the road and was thrown into the woods, an accident that was covered only briefly, in the local newspaper. Boylston disclosed his medical condition and history to a handful of loved ones and the hospital that treated him.

After Boylston’s discharge, Washington collected the paperwork of his week-long stay from Providence Sacred Heart Medical Center in Spokane and added it to a database of 650,000 hospitalizations for 2011 available for sale to researchers, companies and other members of the public. The data was supposed to remain anonymous. Yet because of state exemption from federal regulations governing discharge information, Boylston could be identified and his medical background exposed using only publicly available information.