Probe Uncovers Hospitals' Inability to Protect Patient Privacy
When Robertson contacted subjects for comments for his story, they were astounded, and sometimes angry, that he knew their medical diagnoses and treatments from those hospitalizations, and that the system could be used in such a fashion.
"The data has a lot of value in the wrong hands, and we've chosen to publicize this, because we're trying to draw attention to it," Robertson says. "This could have been done just as easily by a private investigator or by a short-seller, if they had the wherewithal and the means to do it."
It dawned on me that while providers may do everything they're supposed to do to abide by HIPAA, loopholes like this state public health exemption, renders information accessible. And once it's on the Internet, data can live forever.
States may be lulled out of their inaction by Robertson's story. Already, Washington state has told Robertson it intends to tighten its data standards. Unless the entity requesting the information is truly a public health agency, the state will likely charge steeper fees to access the data. Already, the state of Pennsylvania, seeing increased demand from commercial data companies, increased the cost of the data sets.
But Robertson noted that the uses of secondary health data, including for marketing purposes, is projected to be in a $10 billion industry by 2020. So how likely is it that commercial interests will let higher fees slow them down?
- Hospital Groups Strike Back at Hospital Rating Systems
- 5 Hot Healthcare Ideas from SXSW
- AHIP: Enormity of HIX Challenges Sinks In
- The Secret to Physician Engagement? It's Not Better Pay
- Hospital CEO Turnover Hits Record High
- Another SGR Patch Likely, Lawmaker Says
- Rules to Rein in HIX Narrow Networks Could Drive Away Payers
- How Succession Planning Boosts Employee Retention Rates
- 4 Reasons PCMH Principles Aren't Going Away
- Two-Midnight Rule Must be Fixed or Replaced, Say Providers