If you've been a patient in a Texas hospital over the past 10 years, chances are high that the details of your stay have wandered the U.S. and popped up in all kinds of places. The Texas Department of State Health Services (DSHS) has sold or given away hospital patient data on more than 27 million hospital stays since 1999, according to a report by the Austin Bulldog, an investigative journalism nonprofit organization.
Attorney Jim Harrington, director of the Texas Civil Rights Project, told the Bulldog, that DSHS data sales represent a "wholesale invasion of families' medical privacy" and a "shocking breach of people's constitutional rights."
DSHS makes public use data files available through its website. The data files contain more than 200 kinds of information, naming your insurance coverage, whether the stay involved placement of a heart stent, sterilization, abortion performed due to rape, and any tests or medications you may have received.
Buyers can obtain two versions of the hospital patient files, one version containing complete personal info--which includes date of birth, date of admissions and discharge, and the patient's full address--and a second, "de-identified" version with some, but not all, personal information removed by DSHS. Data security experts claim that it's easy to re-identify people in de-identified data files by comparing them with other files, the Bulldog reports.
The data files DSHS distributes often go to non-physicians who use, sell, and re-sell hospital patient data, putting personal privacy at risk. The insurance lobby group America's Health Insurance Plans, in 2009, was one of many entities approved to buy the unrestricted research version patient data files. Since January 1, 2009, 98 customers bought patient data from Texas. Several are listed in the Bulldog article.
When asked to comment on the data downloads, Deborah Peel, an Austin psychiatrist and privacy advocate told the Bulldog, "The problem is, once [hospital patient data] gets out, there's no way to know where it went forever." She heads up Patient Privacy Rights, which is a foundation that's part of a network of organizations working to restore patients' right to control access to their sensitive health records. "There is no control over any third-party use," Peel noted.
To learn more:
- read the investigative report in the Austin Bulldog
- here's some commentary on the story on P2Pnet.net
Related Articles:
HHS quietly withdraws HIPAA breach-notification rule
Cerner markets patient data to pharma, researchers
BS rolls out data mining program
Study: Patient data at risk with file-sharing networks
Peel pushes for 'informed consent' over every element of patient data