Page Content | Main Menu | Section Menu | Support Us | Contact Us
Center for Democracy and Technology
Working for Democratic Values in a Digital Age
Support CDT
Contact Us
PolicyBeta - Digital Policy in Process
This Section
« My First IETF
Quick Start to “Quiet” Month »

Consent No Cure For Health Info Privacy Issues

August 4th, 2008 by Deven McGraw

An article in the Washington Post today reported on the use by health and life insurers of identifiable prescription drug records to make coverage decisions. This data is actually acquired by companies that act as data brokers or analysts on behalf of insurers, and individuals applying for insurance consent to having their prescription drug data gathered and used for this purpose. The article further notes that the gathering of this data will be even easier when this information is stored in electronic health records.

This article exposes the limits of relying on individual consent to protect sensitive health information. The companies mentioned in the article (Ingenix, Milliman) who mine this data all claim to have relied on consent to obtain sensitive prescription drug histories. It’s no surprise that these individuals consented to having this information gathered about them – they had no other choice. When you need health or life insurance, or if you are seeking medical care, you will sign whatever form is put in front of you.

The article also exposes the limits of the federal privacy rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which gives the federal government no basis to go after Ingenix or Milliman or any other intermediary entity for any misuse of health information or data breaches.

If the public doesn’t trust that electronic health record systems will protect their privacy, we will never make further progress toward achieving an interconnected health data system that improves care. This article demonstrates clearly that patient consent is not the answer. Instead, we need clear limits on uses of an individual’s health information that are applicable to “downstream� entities that use or hold this information, as well as aggressive monitoring and enforcement of the law.

This entry was posted on Monday, August 4th, 2008 at 4:44 pm and is filed under CDT, Health Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Archives
 
About the Blog

    PolicyBeta is a forum for CDT experts to discuss news and developments in the technology policy arena. Visitors are encouraged to comment on the blog or email the authors.

    Our goal with PolicyBeta is to foster thoughtful discussion regarding technology policy as it relates to civil liberties and democratic values. While we encourage comments, we must insist that they be focused, relevant and written in a tone that is respectful of other posters. For more information, please feel free to contact PolicyBeta editor Brock Meeks.

    Check the main CDT site for complete, up-to-date information on CDT initiatives and activities.

 
Search Blog
 
Blogroll
 
Meta
 
 
       Top
Privacy Policy | Feedback