REVIEW RSS FEED
MORE HOLES DISCOVERED IN SUPPOSEDLY PRIVATE ELECTRONIC MEDICAL RECORDS
Kim Zetter, Wired - When patients visit a physician or hospital, they know that anyone involved in providing their health care can lawfully access their medical records. But unknown to patients, an increasing number of outside vendors that manage electronic health records also have access to that data, and are reselling the information as a commodity. The revelation comes in a recent New York Times article about how so-called "scrubbed" patient data isn't as anonymous as people think. The piece focuses primarily on how anonymized data can be easily de-anonymized when cross-bred with other publicly available databases, such as voting records. But buried near the end of the article is the news that medical data is collected, anonymized and sold, not by insurance agencies and health-care providers, but by third party vendors who provide medical record storage in the cloud.
Electronic health record services have been a growing industry in the last few years, according to Sue Reber, marketing director of the Certification Commission for Health Information Technology. Reber says that previously most vendors simply sold software packages; once the product was sold, the vendor had no connection to the data stored in it. But an increasing number of companies have begun to offer web-based software management applications that include database storage controlled and managed by the vendor.
Reber told Threat Level that such products generally come with security and privacy provisions that prevent the software provider from having access to the data, even though they're managing it. But others say this isn't always the case.
As part of their contracts with the vendors, doctors are agreeing to let some vendors access and collect the patient data, scrub it of personally identifying information, and sell it in bulk to pharmaceutical companies and other buyers, the Times reports.
George Hill, an analyst at Leerink Swann, a health care investment bank, told the Times that the market for health record systems is $8 billion to $10 billion annually. About 5 percent of this income comes not from the sale of information systems but from the sale of data and analysis. As more physicians and hospitals - spurred by federal incentives - switch to electronic record keeping, revenue from the sale of health records could grow to $5 billion, Hill said. . .
Giving vendors access to such data would apparently violate the Health Insurance Portability and Accountability Act, which prohibits doctors from providing medical records to anyone not involved in providing health care or payment for health care or involved in health-care research. Although the law does provide a loophole for "business associates" hired by health-care providers, privacy rights lawyer Robert Gellman told ModernHealthCare that this likely wouldn't protect health-care providers in these cases.
PATIENT PRIVACY RIGHTS
Electronic health record services have been a growing industry in the last few years, according to Sue Reber, marketing director of the Certification Commission for Health Information Technology. Reber says that previously most vendors simply sold software packages; once the product was sold, the vendor had no connection to the data stored in it. But an increasing number of companies have begun to offer web-based software management applications that include database storage controlled and managed by the vendor.
Reber told Threat Level that such products generally come with security and privacy provisions that prevent the software provider from having access to the data, even though they're managing it. But others say this isn't always the case.
As part of their contracts with the vendors, doctors are agreeing to let some vendors access and collect the patient data, scrub it of personally identifying information, and sell it in bulk to pharmaceutical companies and other buyers, the Times reports.
George Hill, an analyst at Leerink Swann, a health care investment bank, told the Times that the market for health record systems is $8 billion to $10 billion annually. About 5 percent of this income comes not from the sale of information systems but from the sale of data and analysis. As more physicians and hospitals - spurred by federal incentives - switch to electronic record keeping, revenue from the sale of health records could grow to $5 billion, Hill said. . .
Giving vendors access to such data would apparently violate the Health Insurance Portability and Accountability Act, which prohibits doctors from providing medical records to anyone not involved in providing health care or payment for health care or involved in health-care research. Although the law does provide a loophole for "business associates" hired by health-care providers, privacy rights lawyer Robert Gellman told ModernHealthCare that this likely wouldn't protect health-care providers in these cases.
PATIENT PRIVACY RIGHTS
0 Comments:
Post a Comment
<< Home