A number of states are taking a second look at how they collect and sell patient health information. The move comes as a result of a June report from Bloomberg News and a Harvard University professor that showed some patient information was at risk of being exposed to the public due to Washington state selling medical data.
A number of state public-health agencies collect patient data and sell it to researchers and companies like data-mining firms, Bloomberg reported. They are exempt from the federal law for medical privacy, the Health Insurance Portability and Accountability Act. Though the information public health agencies sell does not contain names, addresses or dates of birth, it may include postal codes of where the patient lives, their age and when they were admitted to a hospital. This information, along with other public information, could be used to identify a patient.
Washington, along with Arizona, Nevada and Tennessee, reacted to the June report - beginning an audit of their privacy policies to reduce the chance of medical identity theft. Other states, too, including Alaska, California, Connecticut and Illinois, were already in the midst of their health data collection policies, the source said.
States are looking into whether their policies should be strengthened as data-mining technologies become more sophisticated, making it easier for people to use medical information to identity someone. Also of concern is how the use of electronic medical records is spurring the amount of how much patient data is being generated and then shared.
Nevada health agencies, specifically, are asking the buyers of the medical data what exactly they are doing with it, Bloomberg reported.
Prescription data provider IMS HEalth Inc. is just one example of a company that purchases medical data from state health industries. WebMD Health Group is another. The more data a company has, the more useful the medical information becomes, according to the source. It's expected the medical data industry will exceed $10 billion by the end of the decade.
Some States Still Lagging
At least 26 states sell hospital records. All 50 states were asked by Bloomberg for its June report if they participate in selling medical information. Three said they did not collect or sell such information and 18 said they had no plans to review or change privacy policies. The remainder of the states did not reply.
Matt Cullina is chief executive officer of IDentity Theft 911.