Patient Privacy Rights --Austin, TX -- A new investigative report found that the Texas Department of State Health Services (DSHS) collects detailed hospital-patient data from nearly every hospital in the state. The agency has sold or given away hospital patients' data since 1999, covering nearly 28 million individual patient stays from 1999 through 2008, according to DSHS. According to the report, these "Public Use Data Files" are available on the website of the DSHS Texas Health Care Information Collection Center for Health Statistics.
Physicians and researchers are not the only customers. The same patient-data files are sold or given to trade groups, lobbyists, businesses, individuals, and even anonymous downloaders. None of this trading is done with patient consent. Texas is not the only state in the United States selling or giving away sensitive hospital records to anyone who wants them.
- Buyers of the patient data include:
- 3M Health Information Systems of Silver Spring, Maryland
- America's Health Insurance Plans of Washington, D.C.
- Blue Cross Blue Shield of Texas of Richardson, Texas
- Data Advantage LLC of Hermitage and Louisville, Kentucky
- Health Info Technics LLC of Brentwood, Tennessee
- Ingenix of Westerville, Ohio
- Intellimed International Corporation of Phoenix, Arizona
- McKinsey & Company of Florham Park, New Jersey
- Medtronic Inc. of Mounds View, Minnesota
"State officials imagine that simply taking names and parts of addresses off our health data means that our records cannot be traced back to us, but that is simply wrong", said Deborah Peel, MD, founder of Patient Privacy Rights. "Even if you take off patient name and other information, when you match that data with other data sets, such as a voter registration, you can often re-identify information. There is really nothing 'anonymous' about personal health information."
Amateurs re-identified AOL search records. University of Texas' computer scientists re-identified people's Netflix movie ratings. In 1997, Dr. Latanya Sweeney used two public data sets to identify the medical records of then Governor William Weld. Very simple technologies make re-identification of the most personal information about each of us a 'snap'.
DSHS' files include over 200 fields of information, including insurance coverage, tests, medications and items such as patient procedures like "sterilization," "abortion performed due to rape," or a drug- or alcohol-related diagnosis.
In the next 1-2 years, Texas alone will spend $38 million to exchange Texans' health data. Other states are doing the same thing. The federal government will spend $39 billion on health information exchange. Patient Privacy Rights is very concerned that the money will simply used to expand the theft, sale, and use of the health information of all 300 million Americans.
"Unless we build consumer control over personal health information into every state and national health IT system, we will destroy everyone's privacy and ensure generations of discrimination based on sensitive health records, from our prescriptions to our DNA," said Peel.
Making health data available for corporate and private uses and preventing these same users from selling the data or using it to discriminate against people in jobs, insurance, and credit is an extremely serious problem. States and the federal government must address this dangerous problem now, BEFORE expanded health IT systems and data exchanges can receive funding. Once our sensitive health and demographic data is exposed, it's too late. It can never be made private again.
Federal stimulus funds should only be used to buy MODERN, privacy-protective technologies, not today's dinosaur systems that were built without regard to patients' rights to control health information. Unless we act NOW, the stimulus billions will be used to buy model-T Fords, instead of hybrids and electric cars.
View the full story in the Austin Bulldog here.