There was some great reporting by Jordan Robertson of Bloomberg while I was away:
Hospitals in the U.S. pledge to keep a patient’s health background confidential. Yet states from Washington to New York are putting privacy at risk by selling records that can be used to link a person’s identity to medical conditions using public information.
Consider Ray Boylston, who went into diabetic shock while riding his motorcycle in rural Washington in 2011. He careened off the road and was thrown into the woods, an accident that was covered only briefly, in the local newspaper. Boylston disclosed his medical condition and history to a handful of loved ones and the hospital that treated him.
After Boylston’s discharge, Washington collected the paperwork of his week-long stay from Providence Sacred Heart Medical Center in Spokane and added it to a database of 650,000 hospitalizations for 2011 available for sale to researchers, companies and other members of the public. The data was supposed to remain anonymous. Yet because of state exemption from federal regulations governing discharge information, Boylston could be identified and his medical background exposed using only publicly available information.
Read more on Bloomberg News. As part of his investigative reporting, Jordan worked with Latanya Sweeney, who’s well-known for her research on re-identifying supposedly de-identified information. Hopefully his reporting will start some serious discussions in states that do sell data to researchers and others.