Health surveillance gone wild: 35 federal agencies to collect and share your personal health information
One of the goals of the federal government’s Affordable Care Act is to universally implement the use of Electronic Health Records (EHR). What this means is that federal health authorities have begun a push toward converting all Americans’ health data and medical histories into a digital format which can be easily accessed and shared by doctors, insurance providers, scientific researchers and the patients themselves.
The Department of Health and Human Services (HHS) recently released the Federal Health IT Strategic Plan 2015-2020, which outlines the goal of advancing the “collection, sharing, and use of electronic health information to improve health care, individual and community health, and research.”
Under the Health Information Technology for Economic and Clinical Health (HITECH) Act, which was introduced in 2009, a majority of doctors and hospitals have already begun to convert patient data into digital form.
Proponents of the plan argue that it will improve healthcare for Americans by making it easier for doctors and hospitals to access and share vital patient info, and through creating a database to be used in medical research.
Although there would seem to be some merit in creating such a system, many are voicing concerns over privacy — part of the plan includes making these electronic records available to more than 35 federal agencies.
These agencies include the Bureau of Prisons, the Department of Justice, the Department of Defense and even NASA.
Although the creators of the plan state that one of their first concerns will be the protection of patient privacy, critics are skeptical — pledges to “anonymize” and “de-identify” the data are likely to fall short of the mark.
A 2009 report by the Center for Democracy and Technology (CDT) stated, regarding the Health Insurance Portability and Accountability Act (HIPAA):
HIPAA’s protections do not extend to “deidentified” health information. …
If a third party then reidentifies these data–for example, by using information in its possession or available in a public database–the reidentified personal health information would not be subject to HIPAA. It could be used for any purpose unless the entity holding the reidentified data was a covered entity.
It is far too easy to re-identify data which has been de-identified, and that’s just one of the potential ways in which patient privacy may be breached. The federal government has done a sloppy job of protecting personal info — the security breaches which occurred during the rollout of the Obamacare website is just one glaring example.
As the CDT report noted:
The computerization of personal health information undeniably poses risks to privacy. Tens of thousands of health records may be accessed or disclosed through a single breach. Recent headlines about the theft of laptop computers containing unencrypted health information and inappropriate access to celebrities’ records validate the concerns reflected in the survey data.
One might understandably wonder exactly why all these agencies require access to health records. Does the Bureau of Prisons, for instance, really need to be able to look at your medical history — especially if you are not a criminal?
Digitizing records is one thing — of course it might prove useful for a doctor to be able to easily share a patient’s records with a surgeon, for instance. But making this information available to dozens of federal agencies seems an obvious step too far, even with the promises of anonymization — which appear to be relatively empty in the first place.
If you’d like to voice your own concerns about the plan, the HHS is seeking comments from the public before it is implemented. Public comments will be received until February 6, 2015 — below is the website address for submission:
Sources for this article include: