In lieu of an abstract, here is a brief excerpt of the content:

It also allows the sharing of information that does not identify the individual patient’s identity.78 As a result today many medical organizations share confidential patient data with health-care related businesses or sell such data. They freely sell patient data that does not state the patient’s identity to a wide range of entities. As was mentioned above, such data is often referred to as “anonymized” data, or sometimes as “deidentified” data. Yet even with such data, there are risks to patient privacy. A patient medical record that does not state the patient’s identity may still indicate their physician, pharmacy, hospital, zip code, or insurer. By combining this information with other information that is either public or purchased from private parties, it may be possible to identify the patient. The legal protections that historically have protected individuals from physicians, insurers, banks, and others disclosing their personal information have not arisen from the law recognizing such information as the individual’s property. Rather privacy laws and other principles have supplied the governing standards.79 Nevertheless, some privacy advocates argue that the best way to ensure patient confidentiality is to designate patient data as the property of patients and to prevent others from using the data without patients selling them rights to the data.80 Such an arrangement would require creating a costly complex infrastructure to oversee data markets.81 Moreover, granting individuals property rights to their personal data is not a particularly good way to protect privacy. Individuals may be willing to sell data to one purchaser for a particular purpose, but restrictions to selling for other purposes will be very hard to enforce after the sale, particularly if the purchaser sells or otherwise transfers the data to others. Monitoring compliance with initial restrictions to future purchasers will be difficult.82 In any event, there may be risks of unauthorized disclosure of personal information both when private firms and the public own such data. Under both forms of ownership there need to be measures to safeguard privacy. Firms already obtain and sell patient information. So making this information, or some of it, publicly available would not create significant privacy problems that do not already exist. In fact, public reporting and ownership may offer greater privacy protections than currently exist. The law could limit firms from selling data. These legal authorities could then ensure that no data is publicly released that does not comply with privacy safeguards. Public authorities are more likely to implement such policies than private firms because they do not have a profit motive to sell confidential information, while private firms do. In addition, when the data is publicly owned, it will be overseen using a uniform standard, which is 96 Marc A. Rodwin not the case when it is sold by private organizations, each of which may have their own policies and operating methods. Furthermore, public ownership of patient data is likely to allow greater oversight on its use to protect privacy than federal regulation of the use of privately owned patient data. The U.S. Constitution’s Fifth Amendment restricts the government from taking private property without compensating the owner. Courts have held that regulation of property often constitutes a taking of the property because it restricts rights to the property’s use.83 As a result, sometimes the government cannot regulate property use because it lacks the financial means to compensate the property owner. What Data to Make Public and How to Do It The details of what kind of data to make public, how to implement data reporting , and what measures should be put in place to ensure patient confidentiality require further work. However, these issues are already being discussed by the health information industry and providers as they collect and sell patient data today and as they explore sharing data in the future among private markets. Their analysis and conversations can be a starting point for examining these issues. Public reporting will initially be restricted by what data is available in electronic format. Currently, billing records generally are in electronic format, but many providers do not yet use electronic medical records or electronic prescribing . As standards for electronic medical records evolve this too will affect what and how data should be reported and by whom. Here I offer some preliminary suggestions as to what parties the law might require to report information and what data they should report. California provides a model. It...

Share