Monday, October 19, 2009

"Re-identifying" and the Debate over Electronic Health Record Privacy

An excellent article in New York Times caught my eye today that sounds a few alarm bell regarding just how "safe" our personal data - and likewise that data's connection with us as individuals - will be in the coming cyber world of electronic health records.

When it comes to the issue of e-health records certainly one question the consumer should ponder is "Where is my data and who has access to it?" Or perhaps even more importantly, "can my private data be traced back to me personally and sold to others?"

According to a new study by two computer scientists at the University of Texas at Austin, "re-identifying" customers was a lot easier than expected, and contradicts claims made by company's promising individual anonymity (in this case by NetFlix).

In other words, just because a customer's name, address, and other specific identifying information were not connected to their movie choices, the researchers were still able to correctly match them up through a process called "de-anonymization".

Such a technique raises concerns that the same process could be used to do the same thing to individuals and their health records.

One of the most important challenges for privacy advocates has been making sure that the transition to electronic medical records includes ironclad data safeguards along with it.

We know such a system will save money and improve health care (though how significant these improvements and savings will be is still in question), but what remains contentious - and rightly so - is the intrinsic threat a massive electronic database containing our most personal medical records poses to individual privacy and security.

Specific privacy guidelines for this transition were recently provided by The Center for American Progress, the Markle Foundation's Connecting for Health Initiative, the Center for Democracy and Technology, and others. Click here to check those out.

I should also probably note that The Electronic Privacy Information Center (EPIC) released their Privacy Report Card for President Obama last month in which they gave the Administration an A- on Medical Privacy (though some privacy advocates disagree with this score), ""giving him full credit for creating important privacy safeguards as part of the network for electronic health records. The privacy language in the HI‐TECH Act makes the bill one of the best privacy laws in years. Still, implementation of privacy safeguards remains a key challenge."

Nonetheless, it does appear that something still needs to be done to prevent the "re-identifying" of customer's with their data.

The New York Times reports:

TIME to revisit the always compelling — and often disconcerting — debate over digital privacy. So, what might your movie picks and your medical records have in common? How about a potentially false sense of control over who can see your user history?


By comparing the film preferences of some anonymous Netflix customers with personal profiles on, the Internet movie database, the researchers said they easily re-identified some people because they had posted their e-mail addresses or other distinguishing information online.

Vitaly Shmatikov, an associate professor of computer science at the University of Texas at Austin and a co-author of the “de-anonymization” study, says the researchers were able to analyze users’ public postings and connect that to their Netflix preferences — including how a person may have rated films with controversial themes. Those are choices a person may or may not want to make public, Mr. Shmatikov said.


Nevertheless, the Texas researchers say they were indeed able to positively identify Netflix customers, and some privacy advocates say their study raises questions about whether newly strengthened laws governing the security of electronic health records — which contain information on diagnoses and treatments entered by health care providers — may offer incomplete privacy protection. Leaked movie preferences might embarrass or stereotype you, they said. But information extracted from medical records and then linked back to you, they said, has the potential to cause social, professional and financial harm.


The idea of an entirely paperless medical system holds the promise of more efficient and cost-effective care. And, with the incentive of stimulus package money, many companies are rushing to sell clinical information systems to streamline services like patient scheduling, sample tracking, and billing at hospitals and clinics.

In some cases, the same companies that sell data management systems to hospitals and physicians also store that information and then repackage it to make money on other services.

The clinical information systems market in the United States has sales of $8 billion to $10 billion annually, and about 5 percent of that comes from data and analysis, according to estimates by George Hill, an analyst at Leerink Swann, a health care investment bank.

But by 2020, when a vast majority of American health providers are expected to have electronic health systems, the data mining component alone could generate sales of up to $5 billion, Mr. Hill said. Demand for the data is likely to be robust. Policy makers and hospitals will want to dig into it to analyze physician practices and glean information about patient health trends.


There are no current federal laws against re-identification, said Dr. Deborah Peel, a psychiatrist who is a director of Patient Privacy Rights, a nonprofit watchdog group in Austin, Tex. “Once personal health data gets out there, it’s like the Paris Hilton sex tape,” Dr. Peel said. “It is going to be out there forever.”

Click here to read the article in its entirety.

No comments: