To view the full article, please visit athenahealth and Mashery team up for health developer-friendly API initiative.
Electronic health records (EHRs) companies allow access to patients sensitive health data and sensitive information about physicians’ practices so technology companies can develop applications.
Applications have the potential to be useful to physicians and patients but at what cost to privacy? Will EHR “apps” secretly collect and sell people’s information the way Smartphone apps collect and sell contact, GPS data and more? We now know the business model for many technologies is selling intimate personal data.
- ·athenahealth will open “access to doctors’ appointment data, patient’s medical history (anonymized) , billing information and more”,
- ·“the company hopes developers will be able to create an ecosystem of apps on top of athenahealth’s EMR service”
- ·“Other EMR providers, including Allscripts and Greenway, have also opened up their APIs to developers and created app marketplaces.”
The press release on this athenahealth project stated, “We’re providing the data and knowledge from our cloud-based network, a captive audience for developers to innovate for, and an online sandbox to do it all in.”
- ·Who are the “captives”? athenahealth’s 40,000 physicians and their 100’s of thousands of patients
- ·When were the “captive” patients asked for consent for strangers who want to use and monetize their health records?
- ·When were “captive” physicians asked consent for strangers to use information about their practices, what they charge, who they treat, how they treat patients, how they are paid by whom, and much more?
- ·Why does athenahealth claim that patient data is “anonymized”—-when its impossible to prevent “anonymized” patient records from easy re-identification?
- -See top computer scientists explain why “de-identification” and “anonymization” don’t work: http://www.cs.utexas.edu/~shmat/shmat_cacm10.pdf
Many electronic health record (EHR) companies allow access/or sell sensitive patient data to technology developers and other companies.
- ·Another example: Practice Fusion has been opening patient records for application developers and also sells patient data (citation page 104 in the book “Free” by Chris Anderson, Hyperion, 2009).
- ·When did the public learn about, debate, or agree to the use of their sensitive patient data by technology companies to build products?
- ·Why do technology companies claim that “anonymization” and “de-identification” of health data works, when computer science has clearly proved them wrong?
- ·How is the identifiable health data of hundreds of thousands of patients protected from any OTHER uses the technology developers decide to use it for?
- ·How can the public weigh the risks and harms vs. benefits of using EHRs when there is no ‘chain of custody’ for our health data and no data map that tracks the thousands of HIDDEN users of our personal health information?
- See Harvard Prof Latanya Sweeney explain the need for a data map at: http://tiny.cc/5pjqvw
- -Attend or watch via live-streaming video the 2103 International Summit on the Future of Health Privacy in Washington DC June 5-6 to see the first data map Prof Sweeney’s team has built. Registration to attend or watch is free at: www.healthprivacytsummit.org