For Sale: Your Medical Records?

In a quiet data warehouse, somewhere on the Internet:

"Step right up for our big clearance sale! Today only, we have billions of medical records. Pharmaceutical companies, learn what doctors are prescribing. It's the best way to convince them to switch from your competitor's brand! We also have deals on using patient information from pharmacies to pitch advertisements directly to the consumer. We can even help you outsource to companies not covered by health privacy laws!"

Wait a minute, that doesn't sound right. Isn't my medical information private? You're not talking about medical records about me, right?

Actually we are. Calling the federal medical "privacy" laws riddled with more holes than Swiss cheese is an insult to Swiss cheese. Privacy rules (formally known as the Health Insurance Portability and Accountability Act, or HIPAA) supposedly prohibit health care providers from disclosing medical information — but these rules apply only to doctors, hospitals, insurers and other covered entities. Once they are shared with "business associates" (which can happen for any reason), these associates are not bound by HIPAA and can resell the information at will.

This leads to the resale and repackaging of patients' records and personally identifiably information from non-covered entities to other corporations, including employers, insurance companies, for-profit and not-for-profit researchers, and pharmaceutical companies. Due to this loophole, a multibillion dollar industry has sprung up, trafficking in prescriptions, personal health information and other coverage information.

But there are good reasons why you don't know what's happening with your medical records. Seemingly the only person who doesn't have access to them is you. You have almost no ability to see who has looked at your record, limit where it gets sent or control access to it. Providers are not required to tell you when your information is lost or stolen.

Fortunately, that sorry situation has just gotten a little bit better. Included in the mammoth stimulus legislation that President Obama signed earlier this week was a section encouraging doctors and hospitals to move toward the use of electronic medical records. And it included important language plugging some holes and improving some privacy protections for both electronic medical records and medical records in general.

However, much will depend on how the law is implemented, especially the regulations that will now be created to implement the new law. Those regulations could mean the difference between significant new protections that go a long way toward protecting the privacy of American patients, and yet another set of loopholes that leave Americans' medical lives out in the open.

Hopefully in the future when you head back to the data warehouse you'll hear something different, perhaps: "Sorry folks, no medical data for sale here, we've been shut down!"

Here is our more formal analysis.

Add a comment (7)
Read the Terms of Use

Elisabeth Ellenbogen

Medical Records Privacy! One of the dangers of info leaks is burglary/theft of ordinary people who happen to use EXPENSIVE MEDS! Unfortunately, I doubt Government has addressed this risk when plans are made to create a huge medical data bank!

PRIVACY issues of one's health are ALREADY quite insecure when a person applies for SSI, SSDI, Medical Assistance, or other publicly funded health related matters.


I have posted several times and been censored I will endeavor to follow all on this boards policies. I will not provide the specific examples in my previously deleted posts. I will just ask the one Obvious question.

"What if the medical data isn't stored in the US?"

Patricia Allbritton

My entire medical history was stored in my safety deposit in a bank in Davenport Iowa; it was also fraudulently withheld and fraudulently transfered - solded. How do i go into a federal court of law and have my entrire medical history returned? I will never be able to seek vital medical treatment until they are returned.

Hawaiian style

Lets pass a quick bill that says no private person's medical records can be disclosed for any reason UNTIL all Congressional medical records of the member and immediate family have been made public.

Vic Livingston


• Converge on Thistle Marble Arch Hotel in London on Thursday, Feb. 26 through Saturday, Feb. 28

• Protest the covert use of classified hand-held radiation weapons -- the cruel, silent hi-tech instruments of an ideologically-motivated, worldwide genocide.

British and E.U. ethical humanists, UNITE!

Western European citizens who value human rights must turn out in force to protest this week's London conference of amoral scientists, militarists -- and, perhaps, some "new world order" political fascists -- who are pushing the global proliferation of silent, injury- and illness-inducing radiation weapons... armaments that already are widely deployed among security, intelligence and law enforcement personnel and their vigilante citizen operatives in industrialized nations throughout the world.

If you harbor any doubts about the motives of an untamed "RAM" -- what we are dubbing the "Radiation Armaments Movement" -- just read this blurb from the U. S. military command, in support of Directed Energy Weapons 2009: Driving DEWs from the Laboratory to the Battlefield, a two-day seminar that convenes Thursday at London's historic Thistle Marble Arch Hotel:

"Directed Energy offers promise as a transformational ‘game changer’ in military operations, able to augment and improve operational capabilities in many areas."

-- Dr. William Schneider, Defense Science Board Chairman, U.S. Department of Defense

The speaker roster is laden with radiation weapons advocates from the United States and Canada, including:

• Dr. J. Douglas Beason PhD, Associate Laboratory Director (Threat Reduction), Los Alamos National Laboratory

• Dr. Spiro Lekoudis SES, Director of Weapons Systems in the Office of the Deputy Under Secretary of Defense (Science & Technology), US Department of Defense

• Colonel David Robie, Director, Directed Energy Task Force, U.S. Air Force

• Dr. Greg Schneider, Director, NATO Research and Technology Agency

• Dr. Benjamin Rockwell, Head of Laser Bio-Effects, US Air Force Research Laboratory

• Dr. Jacques Dubois, Electro-Optic Warfare Section, Canadian Ministry of Defense

• Susan Levine, Deputy Director, Joint Non-Lethal Weapons Directorate, U.S Department of Defense

The use of the factually deceptive non sequitur "non-lethal" notwithstanding, those who devised the agenda are not unaware that their advocacy of radiation weapons proliferation carries ethical and moral ramifications. Hence, these program items:

Directed Energy Bio-Effects: A Main Enabler To Directed Energy Weapons

• Overview of effects on humans due to exposure from laser and high-powered microwaves
• Understanding bio-effects as a crucial factor leading to policy approval of directed energy weapons
• Policy restrictions due to human effects

Another panel will examine the "legal implications" of radiation weapons (of course, the advocates never refer to "radiation" -- to them, it's always "laser weapons," or the euphemistically benign "directed energy weapons").

To underscore the point, consider these agenda items:

* Problems associated with the introduction of new concepts and technologies
* Utility of systems in real world conditions: The warfighter vs. the PhD
* Potential European limitations against the operational fielding of the Active Denial System (a battlefield "people-cooker" that causes severe pain by heating human flesh)

Those who are concerned with human rights and what the conferees term the "bio-effects" of radiation weaponry should encourage journalists worldwide to seek to cover this conference from the inside -- and hopefully pose some penetrating questions to "D.E.W." proponents. If you are reading this in London, get on the horn to your local media, newspapers, internet and telly, and let them know about this event.

But most important, human rights advocates should turn out in great numbers to line the streets in front of the hotel with signs and megaphones -- a vociferous protest against the proliferation of radiation weapons and the role of the U.S. military in advancing the deployment of what are truly "weapons of mass destruction"...

...weapons that should be banned outright by world governments as inhumane, a menace to civilian populations as well as to those who wield these hand-held moral equivalents of the atom bomb.

Hopefully, British police and secretive international intelligence units will have the good sense and human decency not to silently "dose" protesters with radiation, as has been alleged to have happened in the United States.




I think we really need to stop and question the continuing digitization of all of our information, from medical records (as cited here) to news media to literature.

This post makes a good point about privacy and the permanence of the written word.


Just recently our company (RR Donnelley) made the decision to audit all of the emloyees in the company who have healthcare and have dependants. The reason given was that they wanted to get rid of healthcare frauds. The expectation is that they will ask for multiple forms of documentation proving the validity of you dependants. If it is found you have defrauded the company then you can be fired.

This bothers me very much. Does anyone know of the legality of this action? Is there anything I can do to stop it without losing my job? Where is the information going to be kept? Who has access to it? What do I do???

If anyone has any ideas on what can be done to stop this please comment back.

Stay Informed