Your Medical Records Are an Open Book

Bloomberg is reporting that states hungry for revenue and flush with the power to requisition individual medical records are moving to capitalize on the value of that information by selling the information in them to all comers. Unlike private companies, states and their agents are exempt from HIPAA requirements and therefore do not have to take data privacy especially seriously.

In an experiment, researchers were able to match several dozen people with their supposedly de-identified medical records by combining public record searchers and the information in a sample group of records purchased for $50 from Washington State. Among other things, “an executive treated for assault was found to have a painkiller addiction,” and a “retiree who crashed his motorcycle was described as arthritic and morbidly obese.”

Bloomberg reports notes that states that exclude zip codes, and admission and discharge dates are less vulnerable to records identification. But even “de-identified” data sets contain significant personal information that could be used to identify individuals, especially in rural areas with small populations.

The “de-identified” data set for Colorado includes type of insurance, gender, month and year of birth, city of residence, race/ethnicity, month and year of admission, where service was provided, the zip code of where service was provided, the DEA code or National Provider Identifier number code for the person providing service, all payment data, details of the drugs prescribed and how they were delivered, and all payment details for everything. The de-identified data set also includes details of family relationships such as whether the person receiving services is the spouse or child of the person who owns the family insurance policy.

Montrose hospital in Montrose, Colorado, hosted 2,563 surgeries and 469 births in 2012. Its service area includes the city of Redvale, population 236. Nine people in its population were Hispanic according to the 2010 Census 2010. Matching the medical record of a birth to a Hispanic mother from Redvale to a specific individual wouldn’t take much effort.

Unless ObamaCare is repealed and states give people the power to opt out of databases, if you need health care and you have, or have ever had, a health condition that you do not want to make public, you might be wise to seek care in a state or foreign country that takes medical privacy seriously.

Comments (11)

Trackback URL | Comments RSS Feed

  1. Buster says:

    I’m not sure why and how states have access to medical records that they can sell to marketers. I’m not particularly fond of the idea that pharmacies can sell physicians’ prescribing history either.

    • JD says:

      I’m also unsure. Do these states already have the central database like the national one included in Obamacare?

  2. JD says:

    This has the potential to ruin some peoples lives.

    • Dewaine says:

      True. What are the legal implications of that? Would an individual be able to sue for damages?

  3. Todd says:

    It’s infuriating that medical records are being used for things other than to solve health ailments.

    • Todd says:

      The government is expanding its control over private information daily. The government can request phone records on bulk without a warrant. They are investigated the taxes of political opponents. It should be to no surprise that they are taking medical records.

      • Tim says:

        This is not only governmental overreach, it’s also mainly driven by pharmaceutical demand. Take that away and states won’t have an incentive to obtain these records because hardly anyone would want or feel the need to buy them.

  4. Tim says:

    This is an interesting report. Obviously, a little strange and worrisome, but interesting how this has been happening without public awareness until now. The fact that I could buy someone’s private health records from this database should raise major questions. Pharmaceuticals really need to stop having so much power, it’s quite scary.

    • Tim says:

      Also important to note is that since pharmaceuticals are the main drivers of demand for obtaining access to these records, we should consider changing our culture into less dependency on drugs. That’s really the only way pharmaceuticals will be less influential and powerful in our health care industry.

      • Roget says:

        Very good point. Can you imagine the number of big pharm lobbyists trolling hospitals? They already do so — but there would be a ton of data to be gained by third party patient follow up after pharm therapy.

  5. Hoover says:

    Imagine this on a much larger scale. The VA has lost laptops which tens of thousands of names with full pedigree on them.

    Keeping secrets isn’t exactly a bureaucratic forte.