Re-identifying de-identified data, by combining it with other data sets, sometimes provides a way of legally circumventing medical privacy laws such as HIPAA. Data re-identification isn't illegal.
Here's a story from Stat:
Top privacy researchers urge the health care industry to safeguard patient data. By Megan Molteni
"As a STAT investigation published Monday revealed, data brokers are quietly trafficking in Americans’ health information — often without their knowledge or consent, and beyond the reach of federal health privacy laws. This market in medical records has become highly lucrative — $13.5 billion annually — thanks to advances in artificial intelligence that enable the slicing, dicing, and cross-referencing of that data in powerful new ways.
"But the building of these algorithms often sidelines patient privacy. And researchers who’ve been tracking these erosive effects say it’s time to reform how health data is governed and give patients back control of their information.
...
"One of the most frequent harms he and other researchers have chronicled: Patients being denied care or insurance coverage based on information payers drew from their social media activities after combining datasets to re-identify them.
No comments:
Post a Comment