Privacy and Profit

Dr. Matthew Edlund, MD, MOH

How health care records get used

Posted March 30, 2012

By Dr. Matthew Edlund, MD, MOH

Privacy is dead—so we hear. Somewhere on the Net lies all the data on you ever uploaded. Much of that information is now going into the cloud—to servers all over the world.

Now here’s the story of one Tennessee teacher. She was unhappy with School Board policies, and made waves. People were not happy.

Suddenly she started getting enormous numbers of hits on Facebook. She could not understand why. Then she recognized the face on her Facebook page was attached to a different body. That new body was the star of porn videos.

Thousands were writing her.

She went to the local FBI office. The agent was polite but pointed out to her that she did not own the material on the website—Facebook did. A lawyer told her they would be willing to begin investigation following payment of a $10,000 retainer, but their chance of actually catching the person who had placed her into porn videos was “next to nothing.”

Such stores have caused concern. Now government guidelines are in the works to again look at how personal information is collected and sold.

But you just wait. We have not yet seen the changes wrought by mandatory electronic health records.

Who Knows

A few breaches of health data are reported to the Department of Health and Human Services, but their overall numbers are inevitably smaller than the problem. Not everyone wants to advertise the fact that essential health records have been compromised.

According to HHS, between 2009 and 2011 approximately 18 million people were probably affected by health record breaches. An underestimate, no doubt.

Doctors know mandatory electronic records are scheduled to arrive by 2014. Professor Jacob Appel of NYU Law School figures 12 million people should have access to those records at that time. That’s people with legal access. What about the others?

Follow the Money

Americans know that financial people have received outsized pay over the past few decades. Before the financial crisis nearly wrecked much of the world’s economy, banks and finance were reaping approximately 40% of nationwide corporate profits. Some are still doing well.

Certainly the cases brought by the federal prosecutor in New York City demonstrate that insider stock trading remains alive and well—and not just for Congressmen.

From what patients tell me, it also goes on in health information. Lots of people want to find the edge.

Here’s a hypothetical that people tell me really isn’t:

A New York private equity firm is planning to buy into a California high tech outfit. They’re aware others are circling the same company. They also want to know a bit more than their competition.

There are four major principals in the California company. The private equity manager then puts out the word that he wants information on those four—whatever he can get. That includes their electronic health records.

The call goes out to hackers. Bunches of data comes back on three of the four.

By financial standards, the cost of this information is very inexpensive.

Two of the principals have the aches, pains and cholesterol levels of males in their forties. There’s a few tidbits on early drug use, some results on their genetics tests that might prove interesting, but the third man at the company invites further scrutiny.

He’s being treated at Cedars-Sinai for lymphoma. The equity analyst looks up the drugs. Some he finds in a quick scan on Pubmed, others he can’t.

Looks like an experimental protocol, he thinks.

He can call up a research analyst about those new drugs. He might say he has a family member on the combination. Or he could claim he just wants to know whether those drugs look like promising future profit centers for the small Biotech that makes them. Everybody wants a good investment, right?

Yet he may not bother inquiring further. Already he thinks he knows quite enough—that one of the people he’ll be negotiating with is really sick. That might give him lots of leverage.

And one way you get ahead in the financial business is leverage—of many different kinds.

Nightmare Scenario

Is this an unreal, nightmare scenario? I doubt it. Medical records are already being used by employers to radically change the conditions of their employees.

And we know that medical information is all over place. Years ago, when such records were less accessible, thousands showed up in Pakistan. With everything now in the cloud, medical records will prove almost too easy to access.

And even if VIPs are sensitive to these problems, can they protect the information of their family members? Their friends? What will remain private?

Bottom Line

Electronic Health Records are here to stay. Soon they will be nearly ubiquitous.

So will access to personal health information.

Much useful information—life-saving information—will come from EHRs. But people must remain vigilant. They must recognize that information rules the world—that information is power.

And health information will be bought. Some may be used to sell people products, as occurs with drug companies who access data from Real Age and other Web companies.

Other information will not be used so benignly. Until major breaches receive major public attention, expect your health information to get used.

In secret.

Yet for not so secret purposes.

Dr. Matthew Edlund, M.D., M.O.H., is an internationally recognized expert on rest, sleep, and body clocks. His books include The Body Clock Advantage, Designed to Last, and Psychological Time and Mental Illness. His new book, The Power of Rest, shows that rest is a skill that rebuilds, renews, and rewires mind and body, and can increase productivity, health, and pleasure. For more information, visit his website, TheRestDoctor.com. You can also subscribe to his new Fitcast via the iTunes Store.