Wealth of information online could threaten privacy of de-identified EMRs

Back in 1997, it took an MIT statistician to find ways to re-identify electronic patient data that had been stripped of identifiers--using then-Massachusetts Gov. William Weld as the unsuspecting guinea pig to make a point about privacy. Nowadays, there's so much personal information widely available on the Internet that the task has become much easier, the New York Times reports.

Also to make a point, researchers from the University of Texas say they recently had an easy time matching identifiers to a database of anonymized Netflix customers, thanks to other information online. Netflix disputes the results, but in an interview with the Times, one of the researchers, computer science professor Vitaly Shmatikov, specifically said the same process could be applied to electronic medical records, which could potentially pose a major problem as more patient records are computerized.

Just look at the numbers: Healthcare investment bank Leerink Swann pegs the U.S. market for clinical information systems at $8 billion to $10 billion a year right now, with about 5 percent of revenues coming from data mining. But the bank estimates that EMR data mining alone could be worth $5 billion annually by 2020.

This worries Patient Privacy Rights Foundation founder Dr. Deborah Peel, who certainly has a way with words to get her message across. "Once personal health data gets out there, it's like the Paris Hilton sex tape," she told the Times. "It is going to be out there forever." It's not the first time we've heard her make that comparison.

For more about the privacy risks with de-identified health data:
- have a look at this New York Times story