Please see the article “Privacy advocates fear massive fed health database” in Computer World, by Jaikumar Vijayan.
Many state and federal agencies either release or will soon release massive free or low cost “public use data files” without testing to make sure that our sensitive personal health information cannot be re-identified or obtaining our consent to use our health information.
Describing data bases as “anonymized” or “de-identified” lulls the public into thinking that their health records are safe and cannot be re-identified. But that isn’t true. Every method to prevent data from being re-identified should first be tested and proven.
Patient Privacy Rights recommends that any health data set should be subject to “adversarial challenge criteria” to assess the actual threats/risks of re-identification of the data before release. See “Notes About Anonymizing Data For Public Release” by Andrew Blumberg PhD at: http://patientprivacyrights.org/wp-content/uploads/2010/10/ABlumberg-anonymization-memo.pdf
After the challenge criteria are used to test the data, patients should be informed of the risk of re-identification and asked for consent to include their data.
Even the NIH had to close down a database of genetic information that was supposedly de-identified after the 141st researchers who downloaded the data base reported that they could re-identify actual patients.
It’s extremely hard to create health data sets that cannot be re-identified. Given that fact, patient consent should be required for the use of health data and patients should be informed of the risks of re-identification BEFORE their data is included in public use data sets.
Without basic protections, i.e., requiring informed consent and adversarial challenges, our health data will be used to create valuable, detailed profiles of each of us—and our own health records will be sold and used to discriminate against us in employment, credit, and other opportunities in life–not for research to improve our health and improve treatment.