The UK government has been debating illegal disclosures of patient health data: “The issue of which organisations have acquired medical records has been at the centre of political debate in the past few weeks, following reports that actuaries, pharmaceutical firms, government departments and private health providers had either attempted or obtained patient data.”
The article closes with quotes from Phil Booth of medConfidential:
- “Every day another instance of whole population level data being sold emerges which had been previously denied”.
- “There is no way for the public to tell that this data has left the HSCIC. The government and NHS England must now come completely clean. Anything less than full disclosure would be a complete betrayal of trust.”
Far worse privacy violations are the norm in the US, yet our government won’t acknowledge that US health IT systems enable hidden sales and sharing of patients’ health data. US patients are prevented from controlling who sees their health records and can’t obtain real-time lists of who has seen and used personal health data.
Learn how the data broker industry violates Americans’ strong rights to control the use of personal health information in IMS Health Holdings’ SEC filing for an IPO:
- IMS buys and aggregates sensitive “prescription and promotional” records, “electronic medical records,” “claims data,” “social media” and more to create “comprehensive,” “longitudinal” health records on “400 million” patients.
- All purchases and subsequent sales of personal health records are hidden from patients. Patients are not asked for informed consent or given meaningful notice.
- IMS Health Holdings sells health data to “5,000 clients,” including the US Government.
- IMS buys “proprietary data sourced from over 100,000 data suppliers covering over 780,000 data feeds globally.”
Data brokers claim they don’t violate our rights to health information privacy because our data are “de-identified” or “anonymized”—-but computer scientists have proven it’s easy to re-identify aggregated, longitudinal data sets:
- See brief 3-page paper by Narayanan and Shmatikov at: http://www.cs.utexas.edu/~shmat/shmat_cacm10.pdf)
- See Prof. Sweeney’s paper on re-identifying patient data sold by states like WA at: http://thedatamap.org/risks.html
This blog was written in response to the following article: NHS England patient data ‘uploaded to Google servers’, Tory MP says