Even before the Colorado legislature passed the All-Payer Database law and the Department of Health Care Policy and Financing turned your medical records over to CIVHC, a private 501(c)(3), the Independence Institute warned that allowing states to routinely requisition medical records would compromise medical privacy (see this, this, and this). The problem is that medical records contain so much personal data that individuals can be identified even if names and SSNs are redacted.
Bloomberg is now reporting that states hungry for revenue and flush with the power to requisition individual medical records are moving to capitalize on the value of that information by selling the information in those records to all comers. Unlike private companies, states and their agents are exempt from HIPAA requirements and therefore do not have to take data privacy especially seriously.
In an experiment, researchers were able to match several dozen people with their supposedly de-identified medical records by combining public record searches and the information in a sample group of records purchased for $50 from Washington State. Among other things, “an executive treated for assault was found to have a painkiller addiction,” and a “retiree who crashed his motorcycle was described as arthritic and morbidly obese.”
CIVHC’s “De-Identified” data set for Colorado includes type of insurance, gender, month and year of birth, city of residence, race/ethnicity, month and year of admission, where service was provided, the zip code where service was provided, the DEA code or National Provider Identifier number code for the person providing service, details of the drugs prescribed and how they were delivered, and all payment details for everything. The de-identified data set also includes details of family relationships, such as whether the person receiving services is the spouse or child of the person who owns the family insurance policy.
The attack on medical privacy also represents another front in the legislature’s war on rural Colorado. In rural areas with small populations, there is more than enough data in the “de-identified data set” to link individuals to their medical records.
Consider Montrose hospital. In 2012, it hosted 2,563 surgeries and 469 births. In 2011, the hospital received 77 percent of its patients from an area with a population of about 42,000. It contained about 7,000 females of childbearing age, 4,347 people between 25 and 34, and 127 black people. Its service area includes the town of Naturita, population 635. Census records show that there are 32 Hispanic residents fewer than 10 of whom were between the ages of 15 and 40 in 2010. If the de-identified data set includes a birth by a Hispanic mother from Naturita, it would not be difficult to match her to her medical records.
With the passage of the All-Payer Database, members of the Colorado legislature made it quite clear that protecting your medical privacy was not a priority. Until the law is repealed, along with similar requirements in ObamaCare, your medical records are for sale to the highest bidder.
Every future visit to a doctor or a hospital should be made with this in mind. If you need health care and you have, or have ever had, a health condition that you do not want to make public knowledge, you might be wise to travel to a state or foreign country that takes medical privacy more seriously.