Yesterday, The Washington Post featured an article describing what the authors called “a powerful new tool for evaluating whether to cover individual consumers: a health ‘credit report’ which is drawn from databases containing prescription drug records on more than 200 million Americans.” Pharmaceutical industry blog Pharmalot broke the story online, but as you might imagine, that did not represent the patient perspective of this practice.
Two of the biggest providers of this type of data are Ingenix, a Minnesota-based health information services company that had $1.3 billion in sales last year, and a Wisconsin-based rival named Milliman IntelliScript.
Privacy and consumer advocates argue (with good reason) that this type of “scoring” is taking place largely outside the scrutiny of federal health regulators and lawmakers. The problem is that in most financial credit reports, there are things that contribute to a better credit score, such as repaying bills on time and not utilizing all of the credit which has been extended, as well as any negative information. But in the case of healthcare information, all that is going into the current models are the “bad” elements. None of the “good” things, such as whether HbA1c is better as a result of these pharmaceutical interventions, are factored into the score. On that basis alone, the notion of credit scoring for health is decidedly one-sided.
There is some effort to try and get a more balanced picture. For example, the Washington Post story notes that several companies are testing systems that tap into not only prescription drug information, but also data about patients held by clinical and pathological laboratories. Again, none of this data sharing is disclosed to patients.
A few years ago, the U.S. Government Accountability Office (GAO) was asked by Congress to summarize in a report describing the different steps that the Department of Health and Human Services (HHS) is – and is not – taking to ensure privacy protection as part of its national health IT strategy and identifies challenges associated with protecting electronic health information exchanged within a nationwide health information network. I wrote about some of these issues a while back.
Think about the ramifications of this type of database, and the outlook is particularly dire for anyone with a chronic medical condition, which seems to be ever more people these days as medicine has moved away from actually curing people, to instead keeping them alive with chronic medical conditions which require permanent treatment with medication(s).
The practice also illustrates how electronic data gathered for one purpose can be used (or misused) and marketed for another purpose – often without consumers’ knowledge, privacy advocates say. They argue that although consumers sign consent forms, they effectively have to authorize the data release if they want insurance.
Once again, our Government hasn’t been doing it’s job. In February 2007, the GAO released its report which showed that overall, the Department of HHS was only in preliminary stages of protecting patient privacy, and had not yet defined an overall approach for integrating its various privacy-related initiatives or for addressing key privacy principles, nor had it defined milestones for integrating the results of these activities. The GAO identified a number of key challenges associated with protecting electronic personal health information.
The GAO report defined the key challenges as understanding and resolving legal and policy issues, such as those related to variations in states’ privacy laws; ensuring that only the minimum amount of information necessary is disclosed to only those entities authorized to receive the information; ensuring individuals’ rights to request access and amendments to their own health information; and implementing adequate security measures for protecting health information.
As of today, few (if any) of these issues has been addressed by Congress. But some patient advocacy groups, such as the Austin, TX-based Patient Privacy Rights Foundation, founded by Dr. Deborah Peel, have gone a long way towards effectively communicating the issues patients need to be concerned with, and have gained an important voice on Capital Hill.
However, today, if you have a dispute about your financial records, there aren’t really any Federal laws which mandate certain procedures for disputing information, and provide statutory timeframes that credit reporting agencies must resolve such disputes. HIPAA has so many “covered” entities that there are gaping holes in the few protections it does provide. And with medical records (unlike financial records), there is no established process to resolve medical record disputes, or even guarantee your access to such “scores”. In fact, although you have a right to your medical records, there is no legal way to challenge the information contained there! You must file a complaint with the Department of Health and Human Services, and if you’re lucky, HHS may consider your request. But during the last 8 years under the Bush Administration, fewer than 30 cases have been allowed to pursue legal action, and the fines imposed for errors have been negligible.
While the Presidential Candidates have talked about these issues, neither John McCain nor Barack Obama have given any specifics on how they would help to ensure privacy and prevent abuse. In the interim, Congress continues to push down the path of electronic medical records on the elusive (and largely unsubstantiated by facts or evidence) hope that it will somehow reduce costs and improve accuracy. Most of those assertions are being driven by software and data processing companies, who spot an opportunity for themselves to make money. However, until our elected officials move to address this issue, we can probably expect that the healthcare “industry” will likely to abuse as much as they use the data without affording patients any way way to dispute misinformation or incomplete information, or provide us with a means to opt out of such “scoring” technologies.