OhioHealth and Mount Carmel Health System routinely mine health data from their patients' records to decide who should receive certain mailings. The approach—sometimes called "customer-relationship management"—has been used for 6 years by OhioHealth and 2 years by Mount Carmel. Officials with both organizations said their use of the tactics complies with healthcare privacy laws, including the 1996 Health Insurance Portability and Accountability Act(HIPAA). And they said data are encrypted so an individual's health data can't be viewed by marketing officials.
