|
Issue Dtd. 1st to 15th February 2003
INSIDE
HOSPINEWS
LEGALITIES
TECHNOLOGY
REGULATION
EDIT
HEART MATTERS
FOCUS
DIFFERENT STROKES
INTERVIEW
EVENTS
BURNS MGMT.
SUPPLEMENTS
LABWATCH
HOSPIUPDATE

ARCHIVES
 SUBSCRIBE
CUSTOMER SERVICE
 CONTACT US
ADVERTISE
ABOUT US

 Network Sites

  Express Computer
  IT People
  Network Magazine
  Business Traveller
  Exp. Hotelier & Caterer
  Exp. Travel & Tourism
  Exp. Backwaters
  Exp. Pharma Pulse
  Express Textile
 Group Sites
  ExpressIndia
  Indian Express
  Financial Express
-
Home > Technology- > Full Story

Is your health information up for sale?

Dr Saji Salam

A hacker called "Kane" managed to download admission records of four thousand heart patients in June/July 2000. (Security Focus, December 6, 2000) The hospital would have faced stiff penalties if HIPAA had been enforced. The incident at the University of Washington Medical Center highlights the sensitivity as well as the vulnerability of health care data systems connected to the Internet to outside threats.

The noise about HIPAA in the US and clamour for strict privacy laws in other parts of the world, is primarily driven by the fact that healthcare information is being traded for big bucks. A series of national public opinion polls conducted by Louis Harris and Associates in US documents a rising level of public concern about privacy, growing from 64 per cent in 1978 to 82 per cent in 1995. Americans’ concern about the privacy of their health information is part of a broader anxiety about their lack of privacy in an array of areas.

HIPAA privacy regulations
HIPAA (Health Insurance Portability and Accountability Act) mainly addresses three areas, standardization of transactions and code sets used in claims processing, privacy and security of protected health information (PHI). Under the provisions of privacy
component of the regulations, a covered entity may use or disclose PHI only in the following ways:

  • It may use or disclose PHI for its own treatment, payment or healthcare operations purposes.
  • It may use or disclose PHI to another covered entity for that entity’s treatment purposes.
  • Disclosure between two covered entities for limited use for operations, such as quality assurance or peer review. Such disclosures may take place insofar as the covered entity receiving the disclosure has a treatment relationship with an individual and PHI may only be disclosed regarding treatment that occurred while the relationship existed.

Buyers of healthcare information
The purchasers of healthcare data have been pharma companies, insurance companies, employers and strangely bankers. Pharmaceutical companies were in the hot seat when consumers groups agitated against the direct marketing efforts of pharma companies, which send specific treatment intervention options to specific disease groups. Direct marketing to patients with the advent of direct to consumer marketing approach became a nuisance to privacy advocates. Other issues revolved use of use of patient information by insurers in underwriting applicants. Banks used health information in "due diligence" to ascertain if the borrower had any health reasons that would prevent his repayment capabilities.

Indian Scenario
To date the Indian healthcare sector has relatively free from this concern, as most of the medical records in the country are still physical records, safely stored away in medical records room. However this is all set to change with the advent of companies focused on collating health care data on Indian population. Several corporates in metros were approached by a company that promised to maintain electronic health records of employees at a nominal fee in addition to other healthcare service. For many human resources mangers who are not sensitized to privacy of health information, this was a good service offering.

However, the flipside is that some a database of patients along their diseases and contact information, would be up for sale. You might soon be bombarded by requests from various pharmaceutical companies with mailing campaigns that would be focused on solutions for your heart or kidney disorder. Others would want you to be part of clinical trial for Drug A or B. How would the Indian patient/consumer respond? Are consumer groups aware of this emerging scenario? What are the grievance redressal mechanisms in place from a legal or regulatory standpoint?

As the healthcare sector in India moves towards a electronic medical records era, these are some of the questions healthcare mangers and the patient community have to address keeping in view the global trends in privacy of healthcare information.

(The author is chairman, Health Level Seven India. He may be contacted at saji@chn.cognizant.com)
Back to Top


Copyright 2000: Indian Express Group (Mumbai, India). All rights reserved throughout the world.
This entire site is compiled in Mumbai by The Business Publications Division of the Indian Express Group of
Newspapers. Please Email our Webmaster for any queries / broken links on this site