Blog | Tuesday, March 10, 2015

Medical privacy

You may have heard about a data breach at Anthem Blue Cross.

It's estimated that the hackers who were able to break into the company's computers had access to 80 million files. That's 1 out of every 4 Americans.

Just like prior breaches at Target, Home Depot, Sony (did you see that awful movie, “The Interview?”), etc., hackers are eager to demonstrate that they can break into ‘secure’ corporate networks. We all need to be ready for computer hacks, identity theft, etc. It's part of living in a connected world where much of our personal data lives in ‘the cloud.’

The Anthem breach has an additional wrinkle to consider: Not only was personal information (demographic, Social Security numbers, income information, etc.) hacked, but private medical information was potentially vulnerable.

The federal law known as HIPAA is an added privacy protection for consumers (patients) about our medical data. Unfortunately, I now believe that it has outlived its usefulness.

HIPAA creates “above and beyond” penalties as a form of deterrence for being careless with private health information. While well-intentioned, the law is an unfunded mandate that has added billions of dollars in unrecoverable costs to the health care system.

Ironically, it's another federal law, the Affordable Care Act (“Obamacare”) that in my view has rendered HIPAA less relevant. Obamacare forbids insurers from denying patients eligibility on the basis of “pre-existing conditions.” It was exclusions for those conditions that made HIPAA so necessary — under such a system, people needed the right to keep their medical info private.

I think medical data should be private, but only inasmuch as financial and demographic information. Creating an added layer of bureaucracy and penalties has only clouded issues for all of us.

There are at least 2 possible goods that could come from revising (or repealing) HIPAA:
1. Increasing transparency in general. This might help increase price transparency in health care, something sorely needed. Obstacles to us sharing our health information keep prices shrouded.
2. We'd have many more opportunities to anonymously collect data in huge data bases and perform analyses that would lead to more knowledge generation. We still do many things in medicine based on tradition without knowledge of whether it's helpful [See, as examples, this wiki-startup or this Harvard scientist-librarian with a really great idea].

We'll all have our data stolen at some point. Making at least 1 aspect of that data less valuable to crooks would diminish the appeal of stealing it and perhaps allay some of our anxieties over our medical privacy.

This post by John H. Schumann, MD, FACP, originally appeared at GlassHospital. Dr. Schumann is Interim President of the University of Oklahoma-Tulsa. His blog, GlassHospital, seeks to bring transparency to medical practice and to improve the patient experience.