Health records are one of the most important statistical factors that keep health insurance companies and the medical industry as lucrative and succesful as they are. The market for health record systems is $8 billion to $10 billion annually, of which approximately 5% comes from the sale of patient data and analysis.

It is estimated that the revenue from the sale of health data could grow to $5 billion. With so much money to be made, can medical patients be sure that their privacy rights are protected?

The Health Insurance Portability and Accountability Act (HIPAA) prohibits doctors from providing medical records to anyone not involved in providing health care or payment for health care or involved in health care research. Although vendors who collect and re-sell the patient data for research purposes claim that they scrub the data of any identifying information to protect patient privacy, the reality is that scrubbed data can be "de-anonymized."

In fact, some patients' medical records could be identified by a simple cross-reference of the anonymized data, with birthdays, ZIP codes, and gender information published in a state's voter-registration rolls. Presently, federal law does not prohibit the sale of scrubbed or de-identified health care data, nor does it prohibit the "de-anonymization" or re-identification of health care data.

As the industry and market demand for patient health data grows, it will be interesting to see how the courts and Congress will address these privacy issues.


Sources:
http://www.nytimes.com/2009/10/18/business/18stream.html?_r=3
http://www.wired.com/threatlevel/2009/10/medicalrecords/#more-10220