The Blue Cross and Blue Shield Association's illegal and unethical plan to sell data to large employers on all 79 million Blues enrollees against their will, without informed consent, and with no way to opt-out cannot be "cleaned up" by claiming that the data is "de-identified" or by adding unpaid advisers from government or private industry to contribute "research-based insights" to justify their theft and sale of sensitive health and claims data.
Forced participation in research is abhorrent. America is not yet a gulag. "Research" conducted in this fashion will drive people away from participation in the healthcare system. No one wants secret snooping in his or her most sensitive personal records of all: medical records.
Face it, the Blue Health Initiative is intended to be a major profit center for the Blues; it is not a research database. Imagine the potential revenue from selling this far richer and more detailed data than the prescription data IMS Health sells, which netted them $1.75 billion in revenue in 2005.
First, it is critical to point out the obvious: It is impossible to de-identify health data. There are simply too many unique pieces of identifying information, dates and places that cannot all be removed from records.
A medical record of a 55-year-old person who had a CT scan at Seton Hospital in Austin on April 15, 2007, could easily be re-identified by his/her employer, even by other employers like Dell. How many employees were absent from work that day? How many employees submitted medical claims for that day? His/her data could be re-identified by other large employers who could easily match him/her up by using programs to match public voter registration databases with health databases for re-identification. Then they may not hire that person.
The computer scientist Latanya Sweeney is famous for conducting demonstrations that matched up supposedly de-identified ambulatory visit records with public databases to determine which ones belonged to former Gov. William Weld of Massachusetts and his family.
Sadly and criminally, the greatest use of Americans' electronic health data today is by the data-mining industry for profit. And not a single dime of this money from using and selling our stolen private property goes to improve the health of a single sick person. Even though HIPAA allows "covered entities" to use and sell electronic health data, the data-miners are still violating stronger state laws that require consent before access to and disclosure of medical records.
Pretending that data-mining and selling supposedly de-identified health records is legal won't work. No one is fooled. The strong laws and medical ethics in every state that protect us from having our medical records used without our consent do not make exceptions for using and selling de-identified medical records.
This is just the Blues' latest attempt to try and make the systemic theft of enrollees' sensitive health records and claims data to appear to be something to benefit the public. They tried to justify what they were doing the very same way last year when they announced the Blue Health Intelligence project. What better way to try and legitimize such a massive theft than to keep claiming the data will be used for the public good?
The only legal, ethical and legitimate way the Blues can use the data entrusted to it from claims payment is by seeking informed contemporaneous consent from its enrollees for other uses and requiring enrollees to opt-in to any and every other databases it builds.
The Blues could start by making a public statement that it will never use, share or disclose anyone's health or claims data without informed consent. The Blues should tell Americans that it will never disclose any of their data without informed consent. Then they could put "smart" new technology in place, called independent consent management systems, that provide instant electronic consents for each use of enrollees' data, provide audit trails of authorizations with copies of all the data disclosed to patients, and allow patients to segment and specify which data goes where, down to the level of the data field.
Then the public and the Blues' enrollees will begin to be able to trust the Blue Cross and Blue Shield Association and might eventually be willing to participate in research.
Deborah Peel, M.D.
Patient Privacy Rights Foundation
To submit a letter to YOUR VIEWS, click here. Please include your name, title and hometown.