The transfer and sale of personal health information is proceeding largely unregulated, according to an expert panel assembled by the American Medical Informatics Association in a newly issued report.
Despite the requirements of HIPAA (Health Insurance Portability and Accountability Act) that health care insurers and providers protect the personal information of their patients, health care information is routinely being exchanged that is not anonymous, according to a report from the AMIA.
The report cites the initiation of real-time data collection from emergency rooms that has been initiated by Congress for public health and homeland security reasons.
Another even more problematic privacy violation is the "ongoing buying and selling of non-anonymized patient and provider data by the medical industry without explicit consent of either patients or physicians."
Patients are also being pressured to waive their right to privacy and identifiable patient information is becoming increasingly available.
"Patients do not know who has access to their data and for what purposes. The expert panel learned of financial incentives for sharing of patient data that raises ethical questions," said AMIA chairman Paul Tang.
In these cases, HIPAA may not be particularly useful since it only covers very specific entities including health insurers, health care clearinghouses and health care providers. Beyond these, HIPAA offers no protection for secondary use of personal health information.
The report recommends that the secondary use of health care information be explicitly addressed by the health care industry and legislators, since the ability to successfully share health care information while protecting patient privacy is essential.
Future initiatives such as pay-for-performance and the ability to share health and genetic information for research purposes depend on adequately sorting out these issues.
It also calls for increased transparency for the uses of health data. The AMAI recommends that institutions shift away from a conception of "data ownership" toward one that emphasizes organizing and coordinating "access, use and control" of health data.
"The need for national leadership in this area will be critical for gaining and keeping the publics trust as electronic health records become more prevalent," said past chairman of AMIA and associate clinical professor of medicine at Harvard University Charles Safran.
More than 30 experts and stakeholders from government, industry and academia participated in the meeting that produced this report.
They included the Office of the National Coordinator for Health Information Technology, GlaxoSmithKline, Lockheed Martin, Pfizer, GE Healthcare, IBM, IMO (Intelligent Medical Objects), Medstat and RemedyMD.
A link to the full report can be found here.