Selling my Patient's Health Data, Have I Been Missing a Profit Opportunity? | [node:field-byline] | Healthcare Blogs Skip to content Skip to navigation

Selling my Patient's Health Data, Have I Been Missing a Profit Opportunity?

February 10, 2009
by James Feldbaum
| Reprints

The Washington Post this morning had a distressing article (Lobbying War Ensues Over Digital Health Data) about the wrangling over the EMR dollar. Worse, were the assertions that we have already been abusing patient privacy for profit.

In previous posts I attributed much of the hubbub to paranoia, but if the concerns raised in this article are true I have been naïve.

Give it a read and let me know if it gives you a pit in your stomach.

A paranoid is someone who knows a little of what’s going on.

William S. Burroughs (1914-1997)



from: on the benefits of VUHID... private identifiers:

Better control of your medical privacy

- A key benefit of the VUHID system is the ability to provide private identifiers (PVIDs) to an individual. Private identifiers are anonymous. They work by enabling electronic linkage of various types of clinical information without revealing who that information is about. For example, suppose a physician orders an AIDS test but does not want anyone to know who that test is for. A PVID can be attached to the sample and the laboratory would return that result to the physician using only that PVID for identification. No one else in the chain of people who process that sample ever knows the patient with whom that sample, or the test result, is associated. Only the patient, the physician and the EMPI are aware of the identity of the person. Similar situations might apply for psychiatric information, genetic information - anything that a patient chooses to treat as private healthcare information. Using VUHID PVIDs, the patient has much better control over the privacy of his or her information.

I am sixty years old. Statistically, I am much more likely to require emergency medical care than to have my personal medical information misused, pried into, or sold. So, my angst regarding our ongoing privacy debate is trumped by my desire to have a well informed care team using the most refined decision support at my bedside. I suspect that I am like Joe's example of "people who will perceive their healthcare data as benign, and trade for convenience and trust (since they don't perceive personal risk, when they do so.)" There is no shortage of plans that if properly implemented can allay many of our fears and make our most private medical information secure. My biggest concern is that we not take our eyes off the prize, which must remain quality medical care.

Lobbying war ensues over privacy of EHR data
The Senate and House appear headed for a clash over competing visions of how to protect the privacy of patients' electronic health records, with the House favoring strict protections advocated by consumer groups while the Senate is poised to endorse more-limited safeguards urged by business interests.

Read more (registration may be required). - Washington Post

Jim. I think that unless people are guaranteed that their information will not be shared without their consent, there will be major barriers to promoting healthcare IT adoption.

Great point Jim. You've expressed your opinion in light of your personal situation and the priorities that arise from it. Of course, there will be those affected that are young and paranoid :)

I agree that something can and will be done to find a middle ground. Usually, it's a good, spirited debate that helps find the right place to plant the stake.

Great discussion.

Joe, I'm still marveling that the graciousness of your, "I think there is more pluralism here." Rarely have I been told more diplomatically that my point makes no sense. Can I use this with my wife during our next argument? :)

Your point makes complete sense. Any adequately trained and informed 'systems' thinker would sensibly come to the same conclusion.

History to date suggests that there's no way to make the guarantee you describe. In my post today, I'm extending your point about barriers. Specifically, there are three go-forward methods of dealing with barriers and one alternative option, the dead stop at the barrier.

Thank you for framing my remarks as gracious. They often feel more academic to me!

Thanks for the heads up about this Washington Post review of some of the issues.

I see more pluralism here. There are a lot of people who will perceive their healthcare data as benign, and trade for convenience and trust (since they don't perceive personal risk, when they do so.) That's certainly been the case in commerce.

Another dimension that we haven't kicked around on this blog is the concept of the voluntary identifier system, to allow segregating sensitive personal health information from other medical records.   For Gartner clients, see "Designing a Voluntary Universal Healthcare Identification System(VUHID)," ID Number: G00155382, written by Barry Hieb in 2008.  In this system, a patient can get an HIV test under a distinct (and different) ID than the one that their payer/insurer has any access to.  There doesn't need to be any linkage.

The other dimension that I picked up from your post, perhaps my own naïveté, was the OpenSecret's mentioned in the article. Specifically this piece: Top All-Time Donors 1989-2008 Summary, here

The "Tilt" information I found unexpected.

Thanks for another useful conversation.

FYI --From Health IT Strategist []

Patient privacy is not a 'black vs. white' issue
In response to Jean DerGurahian's "HIPAA privacy rule not enough to protect info: IOM":
The current debate over the security and privacy of health records has generated many hardened "black vs. white•bCrLf positions. As I read them, most of these positions are based on the fear of the writer that something important to them will be impeded by whatever rules they imagine coming out of the debate. There is a simple solution to the problem, one which can address every need, if we accept a few principles.
Also, it appears to me that two fears drive the concern of most people: First, there is the possibility that access to personal information will be misused by employers or insurance providers, issues better dealt with by legal sanction than security technology. Second there is the possibility that my obnoxious neighbor, who works in the medical office of a provider I do not use, will gain access to my record. This problem cannot be addressed by legal sanction, but can be addressed by security technology and a proper implementation of the policies outlined here. ... FULL STORY