Publisher's note: The author of this post is Dan Way, who is an associate editor for the Carolina Journal, John Hood Publisher.
Central clearinghouse could sell personal data for profit
RALEIGH As the North Carolina medical community presses ahead with a sweeping conversion to electronic health records, privacy advocates warn that confidential medical data is in jeopardy, and patients' most intimate health information could be used in harmful ways against them - or at a minimum mined for profit by pharmaceutical companies, medical providers, or other entities.
"There's the loudest group of people who think anything electronic is wonderful, and who buy the claim that costs will be reduced, and we'll all live happily ever after in a digital wonderland," said Linda Gorman, senior fellow and director of the Health Care Policy Center at the Independence Institute in Golden, Colo.
"There's another group of people, though, who, I think, have seen the IRS scandal, and have seen this [Obama] administration's misuse of government power, and are thinking, 'Whoa, let's stop here and think a minute,'" Gorman said. "People would be horrified if they realized that they can't keep anything secret."
The North Carolina Health Information Exchange, a tax-funded nonprofit, is similar to exchanges in other states. It is a government entity designed to be a statewide repository of digital patient health records that would be shared among health providers, medical researchers, insurers, and others.
Established in 2009 with a $12.9 million grant through the American Recovery and Reinvestment Act (aka the federal stimulus program), the data-sharing clearinghouse is intended to speed up care, improve health outcomes, aid medical analysts and researchers, and lower costs.
The health information exchange is housed under the nonprofit agency Community Care of North Carolina, which administers the bulk of the state's Medicaid program.
Officials with CCNC have refused to discuss the tax-funded health insurance exchange.
While the Patient Protection and Affordable Care Act, commonly called Obamacare, requires a massive transition to computerized record keeping, "It's not at all clear it's going to help medical care," improve health outcomes, or reduce costs, Gorman said.
"We have a few states who have adopted these and are pushing ahead enthusiastically," Gorman said. "It's been happening under the radar for a long time," but people are slowly becoming aware of the conversion and alarmed over potential side effects.
The focal issue is control of the health care system and micromanaging health care providers, Gorman said.
"The only way to tell if physicians are doing what you ask them to do is to have a patient's medical record," she said.
If people believe their medical records are not private "they will start lying to their physician. People aren't stupid. So that compromises medical care," Gorman said.
There "absolutely" is a risk of a person's most private and embarrassing medical records being leaked, hacked, stolen, or mistakenly released and used against the patient, she said. "You'd be insane, literally, to go seek mental health treatment" knowing that a risk of public exposure exists.
Another down side of the centrally digitized data is a thriving black market for intimate details about celebrities and political figures that gives incentive to breach the system.
It's not hard to imagine a political candidate whose health records show he once used an illegal substance or was treated for substance abuse could be confronted with that information, threatened with its public release, and intimidated into withdrawing his candidacy, she said.
It's not difficult for those navigating the health information exchange to identify a person even though advocates of the systems say they "de-identify" records to prevent that, Gorman said.
"Actually if you combine it with modern marketing databases it's pretty easy to identify an individual," especially those who live in small towns, she said.
The state law creating the North Carolina Health Information Exchange mandates adherence to the federal Health Insurance Portability and Accountability Act, which protects the privacy of identifiable health information that can be linked to individuals.
But HIPAA has an exception for health oversight agencies that administer the system, and the same carve-out would exist in North Carolina, Gorman said.
Those agencies "can get the data and then do whatever they want with it. So when they say you're protected by HIPAA or they're going by all of the requirements of HIPAA, it's a fig leaf," Gorman said. "States sell [the data], which is what they're planning to do ... sell it to support themselves."
Mark Bell, vice president of health information technology and chief information officer at the North Carolina Hospital Association, has been working with the North Carolina Health Information Exchange for several years. He agrees there is a risk that private medical records could be compromised when housed in a central storage repository.
For that reason, the hospital association supports a system of interconnected regional health information exchanges that can share data through a system with greater safeguards and exclusivity than is possible on one statewide network.
"There are whole groups of health IT stakeholders who are advocating for the patient" and the security of their health records because all of that accumulated data represents huge money to various interests for differing reasons, he said.
"There is a group of stakeholders, especially researchers, and also pharmaceutical companies, people who pay big dollars for access to data for research, so they can sell products" and increase profits, Bell said.
"There are groups of people for whom having access to data through health information exchange is their holy grail. They see this as the single best opportunity to get access to data for their purposes that, while important, are often not directly related to bedside care of a patient," he said.
Bell does not oppose health information exchanges. Indeed, the hospital association operates its own.
"Most of the large health systems have purchased some type of capability for health information exchange. Health information exchange is happening all across the state," Bell said.
"Public health has an interest in having access to that data for good and honorable public health reasons. To cut down on diseases and whatever flu virus we might get this coming flu season, these are great tools for public health," he said.
Despite the promise of improved population health and reduced costs, health information exchanges will not foster improved medical care "unless they collect enough information such that it's like a full-blown drug study, where they track every bit of somebody's health," Gorman said.
"They really have no way to measure a lot of this stuff they're talking about," she said. "They need to have metrics for outcomes, and there are no metrics for outcomes."
Many proponents of health information exchange point to the Veterans Administration's system as a success story.
"There's errors in tons of the VA records, but they can't decide who owns the records and who has the ability to make changes in it," Gorman said.
"Right now, theoretically, physicians own their own medical records. Once it's in electronic form, who owns it, who can make changes, what if there's an error, what if somebody puts stuff in that's not true?" Gorman said of unanswered questions facing these systems.
"In Britain, it failed," Gorman said, citing media reports
on an exchange run by the National Health Service in the United Kingdom. "They spent a lot of money and it's not working very well," the British government concluded.
Dan E. Way (@danway_carolina) is an associate editor of Carolina Journal.