[Recently] the Wall Street Journal‘s front page story exposed a significant privacy breech of online personal information via the world’s most popular social networking site, Facebook:
Many of the most popular applications, or “apps,” on the social-networking site Facebook Inc. have been transmitting identifying information—in effect, providing access to people’s names and, in some cases, their friends’ names—to dozens of advertising and Internet tracking companies, a Wall Street Journal investigation has found.
The issue affects tens of millions of Facebook app users, including people who set their profiles to Facebook’s strictest privacy settings. The practice breaks Facebook’s rules, and renews questions about its ability to keep identifiable information about its users’ activities secure.
So while Facebook grapples with its latest public relations nightmare, we should realize our electronic medical record app vendors are doing exactly the same thing. Worse, it’s perfectly legal, even though each of use has been assured our privacy settings are set to “maximum” through the reassurances of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the The Patient Safety and Quality Improvement Act of 2005 (PSQIA).
That’s because Clause 4302 of our new Patient Protection and Affordable Care Act of 2010 (PPACA) dealing with “Health Disparities” mandates:
The Secretary (of Health and Human Services) shall ensure that, by not later than 2 years after the date of enactment of this title, any federally conducted or supported health care or public health program, activity or survey (including Current Population Surveys and American Community Surveys conducted by the Bureau of Labor Statistics and the Bureau of the Census) collects and reports, to the extent practicable
(A) data on race, ethnicity, sex, primary language, and disability status for applicants, recipients, or participants;…
D) any other demographic data as deemed appropriate by the Secretary regarding health disparities.
Just like Facebook’s apps that look for certain characteristics of social media games, patients with health “disparities” will be mandated by law to have their data transmitted to “the Office of Minority Health, the National Center on Minority Health and Health Disparities, the Agency for Healthcare Research and Quality, the Centers for Disease Control and Prevention, the Centers for Medicare & Medicaid Services, the Indian Health Service and epidemiology centers funded under the Indian Health Care Improvement Act, the Office of Rural health, other agencies within the Department of Health and Human Services, and other entities as determined appropriate by the Secretary.”
Welcome to healthcare’s Facebook. In comparison, the open-ended phrasing of many portions of our new PPACA law makes Facebook’s privacy issues look like chump change.
- WesMusings of a cardiologist and cardiac electrophysiologist.
*This blog post was originally published at Dr. Wes*