New Take on Medical Record Privacy
Recently, The Wall Street Journal reported on an agreement between Google and the faith-based health care organization Ascension, a Catholic hospital network. The agreement gives the company access to tens of millions of personal health care records.
Recently, The Wall Street Journal reported on an agreement between Google and the faith-based health care organization Ascension, a Catholic hospital network. The agreement gives the company access to tens of millions of personal health care records, including names, test results, diagnoses and hospitalization records. At the time the article was published, the patients and physicians had not been notified of this data transfer.
At first glance, this would appear in violation of the Health Insurance Portability and Accountability Act of 1996, also known as HIPPA. Apparently it is not. In fact, according to government regulations, this data transfer is not illegal. The article notes that hospitals can share patient data with business partners without notifying patients as long as the information is “used only to help the covered entity carry out its health care functions.”
Under what is known as a business associates agreement, third parties can gain access to personal data. Initially, these agreements only applied to health care professionals, hospitals and such. But because large tech companies have not been required to sign these agreements, HIPPA doesn’t always apply to patients’ health information. These companies’ stated goal is to help patients better manage their health care information. Companies could collect data and transmit it directly to the patient. This would allow individuals to receive and store information — such as reminders of checkups or tests — and easily transfer this data when needed.
The advantages of this approach are obvious. Your information can travel with you wherever you go. This has the potential to reduce health care costs and improve outcomes. However, under current laws, a great deal of this information can also become public. As tech giants gather more and more health data, this information can be used by other entities without seeking consent from patients.
It is also possible to use this mega data to identify individuals. Such information could be used to create actuarial tables predicting an individual’s longevity and the probability of when that person will become debilitated and why. This shifts the system in the insurance companies’ favor, and could affect the cost and availability of life and disability insurance.
While health care providers have long used algorithms to search data in order to improve patient care, “the challenge is to figure out how to do so in a safe way,” says Nigam Shah, MBBS, PhD, associate director of the Stanford University Center for Biomedical Informatics Research. “Current laws are not sufficient. Individuals cannot choose which parties are allowed to use and disseminate their information.” Noting it is often impossible for patients to find out how their health care data is being used, he suggests the need for transparency. At present, however, transparency is sorely lacking.
In all likelihood, the practice of collecting personal data by third parties will continue until legislation is passed to protect it. Given the current political climate, don’t hold your breath.
Thomas G. Wilson Jr., DDS
Editor in Chief
From Decisions in Dentistry. March 2020;6(3):6.