Privately Eroding Privacy by Public Decree

The structural and ethical issues that conflict electronic health records with patient privacy are nothing new. I’ve written previously about my concerns regarding Microsoft Health Vault and Google Health; other members of this community have about electronic health records as well. Scott Strumello has noted in his responses to these items that the United State’s Health Insurance Portability and Accountability Act (HIPAA) provides little real protection to patients’ information; the Patient Privacy Rights organization states that in-progress legislative initiative may strip away even some of that.

A recent editorial about the FDA in The Lancet mentioned a proposed $275 million increased-funding initiative currently in Congress. Among other things, this funding would add support for “the Sentinel Initiative – an electronic database that will track drug hazards, which will be shared with health insurers, the private sector, and other government agencies”. I clicked over to the Initiative’s main page to read the following:

The Sentinel System will enable FDA to query multiple, existing data sources, such as electronic health record systems and medical claims databases, for information about medical products. The system will enable FDA to query data sources at remote locations, consistent with strong privacy and security safeguards. Data sources will continue to be maintained by their owners.

Add to this the recent merger announcement of major pharmacy benefit managers RxHub (manager for CVS Caremark Corporation, Express Scripts, Inc., and Medco Health Solutions) and SureScripts (formed by the National Association of Chain Drug Stores (NACDS) and the National Community Pharmacists Association (NCPA), with the aim of creating a single electronic network to manage all prescriptions filled in the United States, and recent court decisions overturning local and statewide bans against third-parties reaping financial benefits from data-mining electronic health databases, and it seems all but certain that we are headed towards an environment of 100% information transparency to government agencies, insurance companies, pharmaceutical companies, and employment managers – with little we, the affected patients, can do about it.

On the positive side, mined data can be used to track significant-but-unreported side-effects and long-term effects of drugs, and track the development of public health issues. Sadly, altruism and maximizing social benefit are not in the best interests of pharmaceutical companies’ financial interests or government agency heads’ professional interests – so my confidence level in this publicly-useful data being collected and analyzed is extremely low. Nothing has been stated about the use of this data by potentially-disinterested parties such as university- and hospital-based researchers, or the use of aggregate data by a patient’s personal medical team – where it could mean the life, or quality of life, of the individual patient.

Certainly, all of the players in this collusion of deprivatization are waving the flags of privacy, data security, and network security – but recent history shows that no publicly-stored data are safe from unauthorized change or deletion. Furthermore, securing our personal health information in databases where we, as patients, cannot access it, renders us more vulnerable to inappropriate care driven by government mandate, pharmaceutical marketing, and health-insurance-company restrictions. It may also adversely affect our healthcare providers, denying them reimbursement because they accept out-of-network or uninsured patients, or private payment for services not covered by a patient’s health plan – or by penalizing doctors for prescribing non-preferred drugs (or classes of drugs) even if the patient has severe adverse reactions to the preferred items.

Where will that leave you, me, and the millions of others who depend on health insurance, or the healthcare providers we have carefully selected to provide us (to the greatest degree practicable) the services we require? I’m no seer, but the image in the crystal ball seems to suggest that the patient will be even more marginalized than s/he is today. For those of us with persistent health concerns, that’s a scary thought.

I did a blog posting related to the issue of creation of health ‘credit report’ using this type of data. I have concerns it will be misused, particularly since these ‘scores’ contain only half of the data that a complete ‘score’ would. See my post at http://sstrumello.blogspot.com/2008/08/prescription-data-used-to-assess.html for more on that.

I remember seeing that when it was posted. One of the concerns noted on the iHealth site was the idea of Big Pharma using the data those companies mine to come down on doctors for not pushing their drugs enough…
I should probably link here the Washington Post article on those “credit reports” mentioned on PatientPrivacyRights.org