IMS Health Files for IPO – Is It Legal?

On January 2nd, IMS Health Holdings announced it will sell stock on the New York Stock Exchange. IMS joins other major NYSE-listed corporations that derive significant revenue from selling sensitive personal health data, including General Electric, IBM, United Health Group, CVS Caremark, Medco Health Solutions, Express Scripts, and Quest Diagnostics.

  • IMS buys and aggregates sensitive “prescription and promotional” records, “electronic medical records,” “claims data,” “social media” and more to create “comprehensive,” “longitudinal” health records on “400 million” patients.
  • All purchases and subsequent sales of personal health records are hidden from patients.  Patients are not asked for informed consent or given meaningful notice.
  • IMS Health Holdings sells health data to “5,000 clients,” including the US Government.
  • Despite claims that the data sold is “anonymous”, computer science has long established that re-identification is easy.
  • See brief 3-page paper by Narayanan and Shmatikov at: http://www.cs.utexas.edu/~shmat/shmat_cacm10.pdf)
  • See Prof. Sweeney’s paper on re-identifying patient data sold by states like WA at: http://thedatamap.org/risks.html
  • “Our solutions, which are designed to provide our clients access to our deep healthcare-specific subject matter expertise, take various forms, including information, tailored analytics, subscription software and expert services.” (from IMS Health Holding’s SEC filing)

 

Quotes from IMS Health Holding’s SEC filing:   “We have one of the largest and most comprehensive collections of healthcare information in the world, spanning sales, prescription and promotional data, medical claims, electronic medical records and social media. Our scaled and growing data set, containing over 10 petabytes of unique data, includes over 85% of the world’s prescriptions by sales revenue and approximately 400 million comprehensive, longitudinal, anonymous patient records.”   IMS buys “proprietary data sourced from over 100,000 data suppliers covering over 780,000 data feeds globally.”

How can this business model be legal?  How can companies decide that US citizens’ personal health data is “proprietary data,” a corporate asset, and sell it?  If personal health data ‘belongs’ to anyone, surely it belongs to the individual, not to any corporation that handles, stores, or transmits that information.

Americans’ strongest rights to control personal information are our rights to control personal health information. We have constitutional rights to health information privacy which are not trumped by the 2001 elimination of the right of consent from HIPAA (see: http://patientprivacyrights.org/truth-hipaa/ ). HIPAA is the “floor” for privacy rights, not the ceiling. Strong state and federal laws, and medical ethics require consent before patient data is used or disclosed. 10 state constitutions grant residents a right to privacy, and other states constitutions have been interpreted as giving residents a right to privacy (like TX).

Surely FTC would regard the statement filed with the SEC as evidence of unfair and deceptive trade practices. US patients’ health data is being unfairly and deceptively bought and sold.  Can the SEC deny IMS Health the opportunity to offer an IPO, since its business model is predicated on hidden purchase and sale of Americans’ personal health data?

If we can’t control the use and sale of our most sensitive personal information, data about our minds and bodies, isn’t our right to privacy worthless?

deb

To view the full article published in Modern Healthcare visit:  IMS Health Files for IPO

 

ACP Supports Creating National Rx Drug Monitoring Database

Wednesday, December 11, 2013
 
The American College of Physicians supports the development of a national prescription drug monitoring program, which would create a single database that physicians and pharmacies could electronically review before prescribing controlled substances, according to a position paper, CBS News reports. The paper was published in the Annals of Internal Medicine on Monday (Jaslow, CBS News, 12/9).

 

A new national drug data base will extend the failed “War on Drugs”, criminalize millions more, increase patients’ reluctance to use controlled substances, and NOT improve treatment for addiction. US prescriptions are already collected and sold daily by prescription data aggregators like IMS Health, Merck Medco, SureScripts, etc., etc. These businesses all sell the nation’s prescription data to any willing buyers.Meanwhile neither physicians nor patients can get electronic copies of prescription data to improve care.Who should health technology benefit? Patients or corporations?

Why not use patients’ prescription data, already being collected by the hidden data aggregation industry, to improve patient health?

Why not use technology to strengthen the patient-physician relationship and to ensure effective diagnosis and treatment?

For example, here is one way technology could be re-designed to help patients:

Anytime a patient gets a controlled substance prescription, existing systems could automatically search for any prior controlled substance prescriptions the patient received in the last month. If a second or third prescription is found, the physician(s) and patient could be automatically notified and resolve together whether it should be filled or not—and how best to treat the patient’s symptoms

Technology should give patients and doctors they data they need for effective TREATMENT. It’s sad that such a prominent physician group supports giving law enforcement automatic access to every controlled substance prescription in the US. Law enforcement should only be able to access such sensitive patient data AFTER someone has committed a crime or with a judge’s approval.

Why open ALL prescriptions to law enforcement surveillance when the vast majority of patients taking controlled substances are not criminals?

Addiction is NOT a crime, it’s a very treatable medical illness.

deb

 

Your prescription history is their business

“A secretive, for-profit service called ScriptCheck keeps track of all your prescriptions, even those you pay for with cash. Life insurers pay for the data.”

To view the full article, please visit: http://www.latimes.com/business/la-fi-lazarus-20131022,0,1491023.column#ixzz2miu5cODJ

Benefits of Online Medical Records Outweigh the Risks- Includes Opposing Quotes from Dr. Deborah Peel

An article written by Larry Magid in the Huffington Post quotes PPR when speaking about the issues surrounding electronic health records. You can view the full article here: Benefits of Online Medical Records Outweigh the Risks.

“There are also privacy concerns. In a 2010 Wall Street Journal op-ed, psychiatrist Deborah Peel, founder of Patient Privacy Rights, complained that ‘lab test results are disclosed to insurance companies before we even know the results.’ She added that data is being released to ‘insurers, drug companies, employers and others willing to pay for the information to use in making decisions about you, your job or your treatments, or for research.’ Her group is calling for tighter controls and recognition that “that patients own their health data.’”

Resolution of Disapproval in Supreme Court Decision in Sorrell v. IMS Health Case

Lawmaker, author of health privacy protections in economic recovery act, declares privacy rights of doctors, patients should trump commercial interests

WASHINGTON, D.C. – On Friday July 8, 2011, Congressman Edward J. Markey (D-Mass.), co-chairman of the Congressional Bi-Partisan Privacy Caucus and senior member of the House Energy and Commerce Committee, introduced H.Res. 343, a resolution expressing disapproval of the recent Supreme Court decision in Sorrell v. IMS Health. In its decision, the Court struck down a Vermont state law that banned the sale of doctors’ drug prescriptions records if the records are used for commercial purposes without the doctors’ permission.

Rep. Markey’s resolution states that the Court erred in applying free speech protections to a Vermont law that lawfully regulated a purely commercial interest. Before the Vermont law was enacted, data-mining companies would purchase information about doctors’ prescription drug information from pharmacies and then resell the data to pharmaceutical companies. The pharmaceutical companies could use the information – without the doctors’ consent – for the commercial purpose of targeting their sales messages and marketing more expensive, brand-name drugs to physicians.

“In this case, the Supreme Court tipped the scales of justice in favor of big drug companies at the expense of patients and their doctors,” said Rep. Markey. “The privacy of the doctor-patient relationship should outweigh the ability of pharmaceutical companies to mine data simply so they can market expensive drugs to providers and reap huge profits. States should be able to regulate pharmaceutical companies in a way that protects the privacy of their residents and prevents pharmaceutical companies from having undue influence on doctors’ prescribing habits.”

Dissenting in the Supreme Court’s 6-3 decision, Justice Stephen Breyer wrote that the Vermont state law in question “adversely affects expression in one, and only one way. It deprives pharmaceutical and data-mining companies of data…that could help pharmaceutical companies create better sales messages.” The dissent, which was joined by Justices Ruth Bader Ginsburg and Elena Kagan, stated that the Vermont statute is a “lawful governmental effort to regulate a commercial enterprise…The far stricter, specially ‘heightened’ First Amendment standards that the majority would apply to this instance of commercial regulation are out of place here.”

Dr. Deborah Peel, a national health privacy expert and founder of the non-profit Patient Privacy Rights, praised the Markey resolution. “With a Supreme Court that stands up for the interests of pharmaceutical companies, it’s reassuring to know that Congressman Markey is looking out for patients and doctors who value the privacy of their prescription drug information.”

Text of the resolution can be found HERE.

“Getting IT Right: Protecting Patient Privacy Rights in a Wired World”

Official Pre-conference for CFP2011

June 13, 2011 Georgetown Law Center Washington, D.C.

“Getting IT Right: Protecting Patient Privacy Rights in a Wired World” is the nation’s first open and inclusive public forum to discuss the future of health privacy in a digital age. The conference will be held June 13, 2011 at the Georgetown Law Center in Washington, D.C. and is the result of a partnership between the Lyndon B. Johnson School of Public Affairs at The University of Texas at Austin and the Patient Privacy Rights Foundation, the premier health privacy advocacy organization in the United States.

You can find the agenda, a list of speakers, and more relevant news on the summit at the official website:www.healthprivacysummit.org.

Register Now: www.healthprivacysummit.org/registration

Re: Data Privacy, Put to the Test

Great story in the NY Times about the fact that patients’ rights to health privacy are being violated by the sale of prescription records. It quotes three of the big stars who will be speaking June 13th at the First Summit on the Future of Health Privacy: Chris Calabrese, Latanya Sweeney, and Lee Tien. See www.healthprivacysummit.org.

See the full story: Data Privacy, Put to the Test

The Case for Informed Consent

Austin, TX — Patient Privacy Rights (PPR), the nation’s leading health privacy watchdog released a white paper entitled, “The Case for Consent: Why it is Critical to Honor What Patients Expect: for Health Care, Health IT and Privacy.” The paper is designed to be a primer on health privacy and argues that the primary stakeholder in health care, the patient, must retain control over their personal health information. The white paper is available online at http://patientprivacyrights.org/wp-content/uploads/2010/08/The-Case-for-Informed-Consent.pdf.

The white paper tackles the arguments made that patient control is too technically difficult, is too expensive, or is too complex, among others. In fact, robust privacy-enhancing technologies are in use now that ensure both progress and privacy. Technology can enable control over personal health information today and likely simplify our systems and lower costs.

“Patients know what they want,” says Patient Privacy Rights’ founder, Deborah Peel, MD. “It is a mistake to design health IT in a paternalistic manner — assuming a corporation, vendor, provider or government agency knows what is best for each individual patient.”

View the white paper: The Case for Informed Consent

Privacy Risk Calculator

Is your sensitive health information at risk of being exposed and sold?

Take the following quick quiz to see if your health privacy is at risk.

Please Note:
Keep track of the total points earned by each answer
to calculate your health information’s privacy risk.

BEGIN THE PRIVACY QUIZ RISK CALCULATOR

Locking down privacy: Where do we draw the line?

Patient privacy dates back to ancient Greece, beginning with the physician and teacher Hippocrates, who is often called the father of Western medicine. He authored the Hippocratic Oath to establish best practices for his fellow physicians and to build trust with his own patients. It was necessary for him to keep the ailments of his contemporaries secret, lest they be subject to humiliation, personal harm or loss of opportunity.

Ironically, more than 2,400 years later, patient privacy remains a fundamental issue, and the repercussions of information leaks are just as distressing. Areas of vulnerability have now expanded beyond the doctor-patient relationship in the exam room to encompass whole healthcare systems, communities, nations and even the global marketplace. With electronic information storage and transmission coming of age, whispering behind a closed door, as Hippocrates might have done, is obviously not enough to protect privacy.

Deborah Peel, MD, is the founder of Patient Privacy Rights (PPR), a national not-for-profit watchdog coalition. As a physician, she was inspired to adopt privacy as her mission in 1993 after an unnerving proposal from President Bill Clinton called for every patient encounter in America to be recorded in an electronic data-base. She was intimately familiar with the anxiety related to privacy in her own psychiatric-services practice, but the broad reach of electronic health records posed an imminent threat she just couldn’t ignore.

“For 30 years, I’ve been in the most privacy-sensitive specialty in medicine,” Dr. Peel says. “I’ve spent 30 years listening to how people’s reputations and lives are ruined. If you were in my shoes, you’d be doing this, too.”