Probe Uncovers Hospitals' Inability to Protect Patient Privacy
Researchers and a journalist were able to re-identify, without much fuss, the de-identified medical records of scores of patients, thought to have been protected by HIPAA. Here's how they did it.
Patients concerned about privacy have more than flimsy hospital gowns to worry about. Their medical data may be showing.
First, a visual aid. Click on the map and take a look at where much medical information is flowing today.
This map, constructed by some of the nation's leading privacy experts, is an apt illustration for a big problem. In theory, all the healthcare providers on this map are complying with HIPAA, the Health Insurance Portability and Accountability Act of 1996 and its subsequent amendments.
So how come, in a year-long investigation, a few researchers and a journalist were able to re-identify, without much fuss, the de-identified medical records of 85 patients treated in Washington state in 2011?
The answer to that question is a big challenge to HIPAA and to providers in 33 states, and perhaps beyond.
The story resulting from this investigation, "States Hospital Data for Sale Puts Privacy in Jeopardy," hit Washington D.C. like a health privacy bombshell earlier this month. As I've been researching a HealthLeaders magazine story on HIPAA, it's obvious that the revelations are troubling to healthcare CIOs and other executives as well.
- CMS Offers Some ACOs $114M for 'Upfront' Costs
- WellPoint Dominates Nearly Half of Markets, AMA Says
- Ebola: Second TX Nurse Diagnosed After Improper Protective Gear Application
- Ebola: A Call for Designated Hospitals
- 16 Medicare Advantage Plans Earn 5-Star Ratings
- Providers Ask HHS to Address EHR Interoperability Barriers
- 76% of Nurses Say No Ebola Policy Communicated by Hospitals
- CDC admits to mistakes in Ebola protocol
- CMS' new investment model will help ACOs with health IT
- The Drug Price Reform Debate