Healthcare data brokering is big business and getting bigger. Insurance carriers and other companies are making big bucks while playing loose with HIPAA rules.
The information below illustrates how companies, not subject to federal privacy laws, are making bank through harvesting and reselling private healthcare data. Some companies, like Optum and McKesson, are well known. Others are not.
I’m now more certain than ever that patients are being seriously exploited in terms of their data, its value, and the profitability others are deriving from its aggregation and sale — though some are beginning to realize just how valuable their health data can be.
In many cases, such data sharing is not only enabled by existing regulations, including HIPAA, but is facilitated, helping businesses share data to adjudicate insurance claims and make payments
Putting teeth into the Health Breach Notification Rule sends a warning signal to companies that aren’t being honest about the use of valuable health data. The rule requires businesses not covered by the more well-known (but often misunderstood) Health Insurance Portability and Accountability Act of 1996 (HIPAA) to notify customers if there is a breach of individually identifiable electronic health information.
Another came recently when the Federal Trade Commission — finally — enforced the Health Breach Notification Rule for the first time since it became law in 2009. The FTC ruled that GoodRx, a popular online destination for finding the best price for prescriptions, broke promises to users about not sharing their data with Facebook, Google, and other third parties for advertising purposes, monetized its users’ data without their consent, and committed other violations of the Health Breach Notification Rule. The company agreed to pay a $1.5 million civil penalty.
Today’s system allows data monopolies to operate unfettered and reap profits while data laborers — in this case, patients and health care professionals — receive no compensation for their essential contributions.
[EXTERNAL LINK] - Needed: a new framework to make sure health companies play fair with patient data
The information below illustrates how companies, not subject to federal privacy laws, are making bank through harvesting and reselling private healthcare data. Some companies, like Optum and McKesson, are well known. Others are not.
I’m now more certain than ever that patients are being seriously exploited in terms of their data, its value, and the profitability others are deriving from its aggregation and sale — though some are beginning to realize just how valuable their health data can be.
In many cases, such data sharing is not only enabled by existing regulations, including HIPAA, but is facilitated, helping businesses share data to adjudicate insurance claims and make payments
Putting teeth into the Health Breach Notification Rule sends a warning signal to companies that aren’t being honest about the use of valuable health data. The rule requires businesses not covered by the more well-known (but often misunderstood) Health Insurance Portability and Accountability Act of 1996 (HIPAA) to notify customers if there is a breach of individually identifiable electronic health information.
Another came recently when the Federal Trade Commission — finally — enforced the Health Breach Notification Rule for the first time since it became law in 2009. The FTC ruled that GoodRx, a popular online destination for finding the best price for prescriptions, broke promises to users about not sharing their data with Facebook, Google, and other third parties for advertising purposes, monetized its users’ data without their consent, and committed other violations of the Health Breach Notification Rule. The company agreed to pay a $1.5 million civil penalty.
Today’s system allows data monopolies to operate unfettered and reap profits while data laborers — in this case, patients and health care professionals — receive no compensation for their essential contributions.
[EXTERNAL LINK] - Needed: a new framework to make sure health companies play fair with patient data
