There is a booming business in America of selling patients fear and telling them there is a massive privacy problem. Fear is worth millions of dollars to individuals who run “privacy” groups.
This started a year or two ago. Patient privacy rights groups started a campaign of telling outright lies to instill fear in people. These lies include the notion that the government, insurance companies and drug companies are engaged in a vast conspiracy to expose private patient medical information. The root of this view is that HIPAA is completely worthless and only these patient privacy rights groups possess the knowledge to truly protect patient privacy.
The patient privacy rights groups claim that all data can be “easily re-identified” with only three pieces of information: zip code, sex and age. If you are a 59 year old man living in zip code 37205, then your name must be Al Gore…because there can only be one 59 year old man in that zip code (there’s at least one other 59 year old man living in that zip code and probably many, many more). Obviously it’s absurd and the patient privacy rights folks know it. But it doesn’t stop them telling lies or selling fear.
Why the big business? You can make more money selling fear than you can as a physician. It takes a lot of money to have houses in multiple states and swanky condos in Washington, DC. It takes a lot of money to jet around to “privacy conferences” and lecture about the “risks” to patients (conveniently ignoring that those “risks” are the fabrications of individuals with ulterior motives). Many of these conferences take place at tropical beach resorts or ski chalets.
How do the patient privacy rights groups make money? The leaders are on the lecture circuit and sell their consulting services to organizations and their “expert” testimony to trial lawyers. But their most recent program is truly insidious. In my day, we called it a shakedown or extortion, but they call it “certification.”
The patient privacy rights groups start by telling lies about a specific company or organization. They then have a meeting with a company and tell them that the only way the lies will stop is if the company goes through the certification program (which obviously has costs associated with it). And low and behold, the patient privacy rights groups claim that the companies are fully complaint and get the gold star of approval.
But here’s the rub, there was never a problem to begin with. The companies were fully complaint with existing law and company policies often exceeded federal standards. Patient information was never at risk. EVER. But this hasn’t stopped these patient privacy rights groups from advancing an agenda to extort money from companies.
If you think back, the breaches in patient privacy in American haven’t come from a conspiracy of insurance companies, drug companies and the government flying around in black helicopters together and using secret technologies derived from secret government programs. It comes from doctors, nurses and hospital staff snooping (illegally, I might add) into hospital computer systems. Britney Spears privacy wasn’t breached by the government, a drug company, a data miner or an insurance company. It was a group of doctors and nurses looking to make a quick buck at selling her personal information. All the privacy protections that these privacy rights groups advocate for will never stop that. That is the real privacy problem. The issue is not electronic databases, it’s the people who deliver the care who are corruptable.
No patient has died or was harmed because their health information was stored in an electronic database. I’d challenge the patient privacy rights groups to prove otherwise. Yet there are countless examples in the literature of instances where patients could have been saved or not harmed through EMR/EHR technologies. Privacy is important, but so is rational thought. Just because the patient privacy rights groups sell fear and ignorance doesn’t mean you need to buy it.