If you’ve ever been in hospitalized in Texas, do you know who has bought or obtained your patient data?
Okay, this is mind-boggling. Truly. Even though I know that patient information is sold a lot, what’s going on in Texas seems really appalling.
First read this investigative report by Suzanne Batchelor of the Austin Bulldog. Here’s part of it:
Texas hospital-patient data for the years 1999 through 2003 are available at no charge. Data for the years 2004 through 2009 must be purchased, but the cost is minimal for a commercial user (more about that later).
The hospital-patient Public Use Data Files contain more than 200 fields of information, naming everything from your insurance coverage, or lack of it, to whether or not your stay included placement of a heart stent, “sterilization,” “abortion performed due to rape,” or a drug- or alcohol-related diagnosis, along with what tests you got and when, and what medications you received.
Buyers may order one of two versions of the hospital-patient files.
Research version—This version of the Public Use Data Files contains complete personal information including date of birth, date of admission and discharge, and the patient’s full address.
De-identified version—For this version DSHS has removed some but not all personal information, in a privacy protection process called “de-identification.” DSHS removes the patient’s dates of admission and discharge from the hospital, but leaves in the dates of diagnoses, treatments, medications, and payments. A four-year age range is substituted for the patient’s exact age, and the street address is removed. The de-identified version includes the patient’s gender and full zip code in most cases.
After you read the full investigative report — and do read it all to learn who’s been buying your identifiable patient data for “research” purposes — then trot on over to the state’s site and prepare to breathe into a brown paper bag when you see this offer for sale:
The data files for 2009 include 255 data fields in a base data file and 13 data fields in a detailed charges file. Data files for years before 2004 include only 205 data fields.
As I read the report and looked at the site, I kept thinking about Professor Paul Ohm’s “database of ruin.” If you’ve been hospitalized in Texas, you may be closer to ruin than you know.
Over on Patient Privacy Rights, Dr. Deborah Peel has also blogged about this investigative report and urges members of the public to sign the “Do Not Disclose” petition.