Texas is not the only state in the US selling or giving away sensitive hospital records to anyone who wants them; this is a devastating privacy problem every state must face.
$39 billion dollars in stimulus funds will be used to build a nationwide health IT superhighway system, exponentially expanding the theft, sale, and use of the health information of all 300 million Americans. Texas will get $38 million to exchange Texans’ health data.
How much money will your state get? BEWARE the form of consent used for Health Information Exchange (HIE) in your state.
- Each state sets up its own consent rules for HIE and industry is pressuring states to use the worst kind of consent: “opt-out”.
- The state of NY is going to share EVERYONE’S health data unless they “opt-out”.
- In AZ, the use of “opt-out” for health data exchange failed.
- TX has yet to decide what kind of consent it will use for data exchange.
Its critical to insist that your state empowers you to SELECTIVELY disclose PARTS of your sensitive health data–NOT ALL OR NONE. No one should be forced to give up privacy to benefit from data exchange.
Great consent and segmentation technologies exist and should be required for all data exchange so we can exchange ONLY the information we want to disclose. (See video of the Consumer Choices Technology Hearing in DC where 7 consent and segmentation technologies were demonstrated LIVE: http://nmr.rampard.com/hit/20100629/default.html. See transcript of the Hearing and written testimony about the 7 privacy-enhancing technologies at: http://healthit.hhs.gov/portal/server.pt?open=512&mode=2&objID=2833&PageID=19477#062910
Do you know whether YOUR state is selling or giving hospital data away? (SEE story here). Quotes from the story:
Buyers may order one of two versions of the hospital-patient files:
- Research version — contains complete personal information including date of birth, age in years, and start and end dates of hospital care. To purchase data in the research file, applicants must describe their “research project,” identify themselves as one of 10 organization types (including university; managed care insurer; governmental entity, pharmaceutical, biotechnology or medical product firm; trade group or lobby; and research organization consultant), and select each data field they want. Each application is reviewed by a DSHS committee, which must approve it before the applicant can obtain the data.
- De-identified version — For this version DSHS has removed some but not all personal information…DSHS removes the patient’s dates of admission and discharge from the hospital, but leaves in diagnoses, surgeries, and payment information. The patient’s gender and full zip code appear in most cases.
A five-year age range is substituted for the patient’s exact age (some children’s ages appear in shorter ranges, such as “1-4,” “15-17”) and the street address is removed. Patient county, state, race and ethnicity are listed.
Texas officials imagine that simply taking names, parts of addresses, etc off our health data means that our records cannot be traced back to us. WRONG!
It is extremely easy it is to re-identify what they call “de-identified” information. Making health data IMPOSSIBLE to re-identify is extremely difficult; solutions which make it impossible to re-identify data have not been proposed.
Unless we build consumer control over personal health information into state and national health IT systems, we will destroy everyone’s privacy and ensure generations of discrimination.
This kind of wholesale giveaway of Americans’ sensitive health information is an extremely serious problem. States and the federal government must address this BEFORE expanding today’s privacy-destructive health IT systems and data exchanges. Once sensitive health and demographic data is exposed, it’s too late. It can never be made private again.
Federal funds for HIE should be used to buy MODERN, privacy-protective technologies in every state. Unless we act NOW, the stimulus money IN YOUR STATE will be used to exponentially facilitate health information exchange, and facilitate the systemic collection, theft, sale, and misuse of sensitive health information.