Q&A – Privacy activism in the age of Big Data

Read a very useful interview with Deborah Peel, MD, founder of the group Patient Privacy Rights, on

We chose an interesting sample:

Q: Your website cites a number of fairly nefarious and invasive scenarios: “If a school or university learns your child has ADHD or is being treated for depression, they may deny admission. If a boss knows you take Xanax or Zoloft, they may reconsider your promotion.” Wouldn’t both of those practices be illegal?

A: Of course it’s all illegal, using people’s information against them. But there’s no way that the poor employee can even know until later that’s something’s happened. For example, I can’t tell you how many stories psychiatrists hear about where somebody’s been out for two weeks for depression. They go back in, they’re assigned to a completely new job, and they end up quitting. How are they going to ever prove or know who looked at their records when there is no chain of custody? That’s the other thing that electronic records can prove: you can’t move them, you can’t open them, you can’t see them, without there being a transaction.

[Q&A: Health org’s don’t protect patient data for reasons dating ‘back to the industrial revolution’]

One of the things that we have lobbied for is a chain of custody and accounting of disclosures. And we did get that into the HITECH Act. You’re supposed to be able to get a chain of some disclosure, three years of all disclosures of electronic data from your EHR. They don’t even have the rules yet for how we can get disclosures of electronic health records — not from pharmacies, not from labs, not from insurers, not from all the other clearinghouses. What we really need is a chain of custody for all of health data, wherever it is. Because we don’t even know that, there’s no way to prove harm. One of our major projects right now is we’re working really hard with Harvard and Latanya Sweeney to raise the funds to build a data map. We do not even know how many entities have our information or what they’re doing with it. So how can we weigh risks and benefits, when we have institutional control of information, not patient control?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.