Health Records Being Uploaded to Databases Without Patient Consent

I just returned from the 2nd International Summit on the Future of Health Privacy in Washington, D.C. where the title of this year’s Summit was: “Is there an American Health Privacy Crisis?” The Summit brought together privacy experts, public health officials, lawyers, technology developers, and academics to discuss the importance of privacy protection (as I wrote about last week) as the federal government moves to establish the Nationwide Health Information Network (NwHIN). Security breaches and patient consent were two major themes at the Summit—two issues which I believe are inextricably linked.

My vantage point for thinking about this issue is my home state of New York, where we’re facing a major privacy issue. Over 60,000 providers here have contracted with 12 Regional Health Information Organizations (RHIOs) and have made their patients’ health information available through the RHIOs. Several years ago, New York made a policy decision to “upload” patient information—making it accessible electronically—without patient consent or notification. From a patient privacy perspective, this is a huge mistake. The state maintains that no one can access this patient data without consent, but this isn’t the case.

In fact, there are at least five ways that patient health information can be accessed without consent:

1.   Through the state’s Break the Glass policy, which allows a provider to “break the glass” to access patient health information through a RHIO in an emergency situation when a patient is unable to provide consent for such disclosure;
2.  For public health surveillance purposes, because the state’s department of health has argued that it has the legal authority to access identifiable patient health information in order to track trends that may indicate a public health epidemic (a questionable legal proposition);
3.   By those in charge of auditing, maintaining, and performing other technical functions at the facility or RHIO-level;
4.   By health care professionals who do not have patient consent but nevertheless access the system through unauthorized disclosures; and
5.   Through security breaches.

While each of the above disclosures is worthy of its own discussion, I want to focus here on security breaches.

The vast amount of patient data that is now accessible electronically is a treasure trove for identify thieves and perpetrators of fraud—and it’s not a question of preventing security breaches, because bad actors are often one step ahead of those charged with establishing security protocols and breaches are inevitable. It’s a matter of when and how to mitigate such breaches.

Data breaches have increased as the adoption of electronic medical records exchange has increased:

•    A December 2011 report from the Ponemon Institute noted that the number of reported breaches has increased by 32 percent between 2010 and 2011.
•    The New York Times has reported on a number of these breaches, including one involving “the theft of a laptop computer from an employee of the Massachusetts eHealth Collaborative which potentially exposed over 13,500 patients’ private data—an ‘identity theft gold mine.’”
•    In another story, the Times reported that the medical records of close to 20,000 patients were posted online for nearly a year because the hospital’s billing contractor’s marketing agent used an electronic spreadsheet with patient data as part of a skills test for a job applicant, who then posted the data on a public website. The marketing agent explained the breach as “a chain of mistakes which are far too easy to make when handling electronic data.”

In light of the tremendous risk to privacy posed by ubiquitous security breaches, it is critical that patients have the ability to consent to making their personal health information available electronically. While most agree that enabling providers to easily share information about their patients can improve care, patients must be given the choice whether to take advantage of these benefits in light of the risks involved.

The backlash against the adoption of health information exchange in the event of a security breach could be fatal to the system. Imagine finding out that someone was able to gain access to all of your aggregated medical information from many different providers—information you didn’t even know was made accessible electronically? That’s one reason that it’s so important that patients are given notice—and more importantly, provided with an opportunity to consent—before their information is uploaded to a networked system that makes that information accessible electronically.

Add a comment (2)
Read the Terms of Use

Anonymous

I have personally been aware of this since the early '80s, with the Medical Information Bureau. All patient records were routinely sent there to be placed in the database. More than once, I asked my provider to NOT send my medical information to any other entity, and not to file on my insurance, since I was paying for it myself, only to find those particular visits entered into my insurance records.

As a clerical employee, I ask myself: Why would I cause unnecessary work for myself and do exactly the opposite of what my customer requests? Then I realize who the real customer is . . .

MIB

MIB Group, Inc., formerly Medical Information Bureau, does not obtain, store or use any patient records that have been provided by healthcare providers. MIB members (life and health insurance companies) contribute data to the MIB database about their applicants when they determine that such data may be useful to other members that later search the database with the authorization of the insurance applicant. Only those insurance companies that are members of MIB may access MIB’s database and report information to MIB, and they may only do so when they have obtained the written authorization of the individual. If a member company wishes to use MIB (i.e., to search the database and report information back to MIB), then it must provide the applicant with the MIB Pre-Notice which describes MIB, the circumstances under which a brief report may be sent to MIB by our members, the conditions under which MIB will disclose the report to another member insurance company and the address to contact us at MIB for disclosure and correction of an MIB record, if a record exists. Our website can provide additional information: www.mib.com

Sign Up for Breaking News