Search This Blog

Monday, September 5, 2011

Don't turn red when you get caboosed!

ANSI 5010 is the new version of the federal HIPAA transaction standards that regulates the electronic transmission of your personal health care records. The new 5010 standards will replace the existing 4010/4010A1 version of HIPAA. The new standards make the ability to mine electronic data much easier. The secondary use of data under the new HIPAA 5010 de-identification rules raises several ethical considerations, with privacy being at the top of the list. The new HIPPA law sets standards for the de-identification of personal health care records in a way that there is no legal reason for permission to be obtained from the patient. This fact should alarm everyone. As health care providers and institutions race to meet federally mandated dates for implementation of electronic medical records most of them do not know that this will eliminate the absolute security and privacy of their patient’s most sensitive health issues.

There are numerous computer science studies that have been able to tie "unidentifiable data" back to individuals. Personal health information under the new HIPAA 5010 law is unique enough to eliminate only 87% of the U.S. population. Couple that with drill down to other public record data sources personal health records where easily and readily tied back to the individual. In one study conducted in the late 1990s by Latanya Sweeny, a computer science professor at Carnegie Mellon University was able to pin unidentified health information back to William Weld the governor of Massachusetts. The fact is that there is a huge market for identifiable data.

A similar study was conducted by two University of Texas at Austin scientist in relation to deidentified information and it was determined that this information could in fact be reidentified. The study was discontinued after reaching an agreement with Federal Trade Commission investigators. Now if that doesn't send chills down your spine I don't know what will. The unauthorized release of personal health care information is a very big and very real risk under the new HIPAA 5010 deidentification guidelines. The key question is who determines accessibility and who makes the decision for what this information will be used for?

With this new law any private or government agency can obtain your personal health care records without your knowledge or consent. Most of the agencies that obtain personal health care records state that they are using them for research. However research is not defined under HIPAA 5010. Most of this so called "research" is compiled into lists by unscrupulous and exploitative corporations. These lists containing your personal health care records are then sold to the highest bidder for thousands of dollars. The trend is that the majority of the companies that buy these lists are marketing and sales corporations. They use the information gleaned from your records to target groups with specific advertising schemes. This is how these unscrupulous companies define research. This is what is being done in order to control the costs of pushing health care providers into electronic media. Are you getting that warm fuzzy feeling yet? I don't know how you feel about your personal health care records but mine are extensive I can see the pitchmen drooling over them right now. I don't want anyone looking at my personal health care records for any reason without my consent or permission. I wonder, how would you feel if you new that your most private health issues where put up for auction? 

1 comment: