Legislation has been introduced that, if passed, would ensure health consumers have the opportunity to see and correct information held by data brokers
When it comes to patient privacy, pathologists and clinical laboratory managers may be spending more time addressing a growing issue with the patient data their labs create and store. Third-party data brokers want to position themselves to collect healthcare data at the source so can they de-identify it and sell it to interested parties.
Data brokers are commercial entities that collect, assemble, and/or maintain personal information about individuals. They also sell or provide third-party access to the information, explained the Congressional Research Service, a Legislative Branch Agency that provides policy and legal analysis to both House and Senate members and committees of the U.S. Congress, regardless of party affiliation.
Pharmaceutical companies, medical device manufacturers, and other businesses can purchase said data from various types of data brokers, such as information, analysis, and technology companies. The purchased data then can go on to guide industry investments or launch drug marketing campaigns.
Medical Data Trading is Already Big Business
“I have found growing unease about the expanding sale of medical information not just among privacy advocates but among health industry insiders as well,” wrote Adam Tanner in an article he penned for Scientific American. Tanner is a fellow at Harvard University’s Institute for Quantitative Social Science.
The Business of Health Data Compilation and Leverage
Data brokers obtain longitudinal information from hundreds of millions of hospital and physician records; prescription and insurance claims; and medical laboratory test reports, explained Tanner. Since clinical laboratory data make up a significant portion of patients’ health records, pathology groups and clinical labs have a stake in how the data they gather gets used.
The data companies anonymize data (noting only birth year, gender, partial zip code, and doctors’ names) prior to sale. Therefore, according to Tanner, U.S. medical privacy rules are not applicable.
Pfizer annually spends $12 million to buy health data from diverse sources including IMS Health, said Marc Berger, Pfizer’s Vice President of Real World Data and Analytics, in the Scientific American article.
IMS Health (IMS), a global information and technology company located in Danbury, Conn., says it aims to provide clients (pharmaceutical and consumer health companies, medical device manufacturers, providers, payers, and government agencies) with solutions to measure and improve performance.
IMS earned $2,921 million in 2015 and projects a 10% to 12% increase in revenue this year, according to a statement.
Government Agencies Weigh-In
Government agencies are calling for accountability and transparency by data brokers. Last year four U.S. senators introduced the Data Broker Accountability and Transparency Act of 2015. It prohibits data brokers from obtaining or causing to be disclosed personal information, or any other information relating to any person, by making false, fictitious, or fraudulent statements or representation.
“It is getting easier and easier to identify people from anonymized data,” Chesley Richards, MD, Deputy Director of the Office of Public Health Scientific Services, Centers for Disease Control and Prevention, told Scientific American.
In a 2015 Computerworld report on the proposed legislation, the Direct Marketing Association (DMA), a trade organization for users and suppliers in the direct database and interactive marketing fields, declared no need for the legislation. DMA pointed to three 2014 investigations of the data broker industry by the Federal Trade Commission (FTC), the U.S. Government Accountability Office (GAO) and the Senate Commerce, Science and Transportation Committee, which, according to then DMA Vice President of Government Affairs Rachel Thomas, found little evidence of wrongdoing in the industry.
Additionally, a Consumer Privacy Bill of Rights unveiled last year by the Obama Administration, attempted to make protections clear for consumers and greater certainty for businesses. Consumers, the document proclaims, have the right to:
1) exercise control over the data organizations collect from them, and how the data is used;
2) understand information about privacy and security;
3) expect organizations will collect, use, and disclose personal data in ways consistent with the context in which it was provided; and
Big Data Fuels Big Business
In summary, as Dark Daily has previously explored, big data health projects can have goals other than improving care outcomes and reducing costs. Medical data—including clinical laboratory test reports—are driving companies’ success, launching marketing campaigns, raising privacy concerns, and stimulating possible legislation.
—Donna Marie Pocius