NOW MICROSOFT WANTS YOUR PERSONAL HEALTH RECORDS

Microsoft’s new HealthVault is not such a bad idea if it didn’t portend yet another increase in the collection and selling of your sensitive data. I am not even implying that is what Microsoft has in mind, but the sale of medical related information is already big business in the junk mail industry. There are 1,403 “medical related” lists on the market representing every ailment from Alzheimers to ulcers, and each medication you take from Advil to Zoloft. There’s a new list on the market called MedTrackAlert Ailment eNewsletter where 500 thousand online consumers signed up for this free newsletter and asked for information on various health subjects, and now their names and e-mail and postal addresses are for sale. A physician does make his case for the HealthVault approach to accessible medical data: for doctors, as a patient, and if you provide health care for a family member. See article. That’s a good thing, but it never seems to stop there. First of all, the loss of your medical records by the institutions that hold them is running at a record pace. The VA breach of 26.5 million records, Ohio U., 60,000 student records, UCLA, over 800,000 records, and the list goes on. When you Google “medical data breaches” you get 234,000 hits. Second, the minute a new piece of consumer information is collected by most organizations, there is that immediate-impulse- mentality to get it ready to sell. This is demonstrated by a total of over 50,000 junk mail lists on the market, more specifically the 1,403 devoted to medical data. And there is also the alleged sale by the Albertsons food and drug chain of customer names and prescription data to pharmaceutical companies in 2004, which resulted in a lawsuit filed against the chain by Privacy Rights Clearinghouse. MS says of HealthVault, “The personal information will be stored in a secure encrypted database.” From a New York Times article. The question is, what level of encryption, and is it secure enough to ward off hackers. The TJX (TJ Maxx, Marshalls, etc. retail stores) customer credit card data was also encrypted, but at a level that allowed the crooks to steal it easily with a directional antenna while cruising the retail store’s parking lot. MS also says it isn’t expecting much information from the individual, but hopes the individual will grant permission for its release from doctors and hospitals. I haven’t signed up yet, which I plan to do just to find out the parameters of the program, but I did get some specifics from the initial stages of this process. They are: You control your HealthVault; You decide what information goes in or out of your record; MS won’t use your “health information for commercial purposes unless (they) ask and you say clearly that (they) may.” And there lies the problem, in that the complexity in any approval of the use of your name and personal data by an outside source can be confusing. It is hard to understand and digest on the spot, which is the position you are in when signing-on, or even eventually when you are contacted for approval. Trust me…data collectors always get what they want, and that is the reason we are in the identity crisis that exists today.

More on this later.

MEDICAL IDENTITY THEFT ALSO NEEDS YOUR ATTENTION…AND NOW – PART 4

The article by Arian Eigen Heald, “’Medical’ Identity Theft – New (to me) and Scary,” explains her dilemma, but what is scary to me is that it is “new” to her, an expert in her field of computer technology. Heald has served as a systems engineer, network administrator, webmistress, and a number of other positions related to the Internet and computers for years. So, if medical identity theft is new to her, we have done one lousy job of getting this fraud before the public, even professionals. And that is the answer and the reason for this series of posts on the subject. Part 3, yesterday, covered a couple of bizarre incidents in Florida where millions of dollars were stolen by crooks. We closed by covering an article voicing privacy advocates’ concerns over the latest rush to build personal health record (PHR) databases by Microsoft and Google, and my promise to illustrate how we might make this all work. See Part 1, Part 2. Picking up again on the Washington Post article quoted from yesterday, Deborah Peel, a Texas psychiatrist and founder of the non-profit, Patient Privacy Rights, “wants Americans to retain exclusive control over their medical records.” Now there is an idea I can get behind 100 percent. Although Microsoft has said they won’t, Peel thinks that the information given to the PHRs would be shared with data mining companies, and could end up being sold to insurance companies and on the open list market. And she is exactly right, based on my 35 years as a list/data broker and database consultant. In addition, PHRs are not covered by the Health Insurance Portability and Accountability Act (HIPAA). The excitement over public health record databases by the MSs and Googles is beginning to sound like the frenzy in the junk mail list business years ago when they first realized they had personal consumer data to sell like your telephone number and date of birth. This has escalated today into humongous databases with private information on millions of Americans, including up to 250 personal identification characteristics about each individual. The leaders are ChoicePoint, Acxiom, Experian, Equifax and TransUnion, the latter three also being credit bureaus. Sidney Wolfe, director of Public Citizen’s Health Research Group says that no matter how secure the PHRs think they are, it only takes one insider to steal the information and sell it to insurers or employers. It seems that, since the identity crisis was officially put in motion in early 2005 by the ChoicePoint breach, before we can solve one problem—like financial identity theft—another hot potato surfaces…like medical ID theft. Business, government and the Congress have been skirting the issue since it became apparent this crime was not only here to stay, but seems to get worse every year. In three years of blogging on The Dunning Letter, I have held to one concept that I feel sure will solve the identity theft dilemma. Give consumers control over their names and personal data, and compensate them when it is sold as an extra incentive to take over this responsibility. Deborah Peel is a force behind this philosophy in relation to medical data, and it is time the general public got behind the both of us.