skip to Main Content

In the era of big data, unless you live completely off the grid as a hermit, your personal information is being collected and brokered by large and small companies–whether you like or not.  At best, this information is used in our best interest to facilitate, protect and enhance our lives.  At worst, it can be used to target our vulnerabilities, destabilize our sense of well-being and even commit criminal acts such as extortion and identity theft. The power of big data to manipulate behavior, persuade purchases, shape prices, and above all to influence our thought process is vastly understated by the governments, corporations and news agencies that are using our personal information for their own, often hidden, agendas.  I think it is naïve to believe it is only altruistic in nature.

“If we accept as normal and unavoidable that everything in our lives can be aggregated, sold and even leaked in the event of a hack, then we lose so much more than data. We lose the freedom to be human.” Adding “even if you have done nothing wrong other than think differently, you begin to censor yourself. Not entirely at first. Just a little, bit by bit. To risk less, to hope less, to imagine less, to dare less, to create less, to try less, to talk less, to think less. The chilling effect of digital surveillance is profound and it touches everything.”
Apple CEO, Tim Cook at the 2019 Stanford Commencement Address

The Health Insurance Portability and Accountability Act of 1996 (HIPAA)[i] protects your medical information and allows sharing of your medical information in order to facilitate care and payments to health providers directly involved in your care including health insurers, doctors, pharmacies, labs, imaging centers and medical supply vendors. Medical information is also collected and shared with your identity scrubbed for population-based health with the purpose of improving healthcare delivery and determining optimal treatment plans.

However, HIPAA does not cover the collection of sociodemographic information for the purpose of mining, analyzing and brokering for reasons other than to improve care or protect privacy. This data can be manipulated to raise insurance premiums, target-marketing activities and other pursuits that may not be in your best interest.

HIPAA violations are common[ii]  especially in large organizations or provider networks where more people have access to the electronic medical records. If a major data breach at large health system occurs the public and victims are usually informed.  Unfortunately, minor and small-scale violations are rarely reported due to the lack of institutional control in overseeing the self-discovery and self- reporting process.  One such common violation is called snooping where an employee with access to records decides to improperly peruse the records of a family member, friend, celebrity or someone of interest. This violation would be very difficult to catch unless the snoop comes forward and self-reports the incident which would open themselves up to potential discipline or termination.

I have grown increasingly concerned about the ways private information data is being collected and used for manipulative and profitable purposes either intended or unintended without proper consent.[iii] I have also seen the devastation that identity theft can cause.  One of the reasons I like the direct primary care model is the enhanced privacy aspect.    As a solo direct care provider with a limited staff and free of health insurance auditing of my practices medical records, I believe I offer more of a safeguard to patient privacy by having:

  1. Fewer people with access to the e-chart. No snooping.
  2. Proper encryption of mobile messages and charting.
  3. Less likelihood of being the target of a sophisticate attack being a small practice.
  4. More transparency for patients to view their information and to report inaccuracies.
  5. Fewer business partnerships all having HIPAA compliant Business Associates Agreements.
  6. A greater appreciation of technology from my MIT education as well as understanding of cyber hacking traps.

Since the doctor-patient relationship is built around trust, I want my patients to be confident that I respect, prioritize and do my utmost to protect their right to privacy.