Time Capsule: EMR Vendor Starts Secretive, Lucrative Business: Pimping the Patient Data of its Provider Customers
I wrote weekly editorials for a boutique industry newsletter for several years, anxious for both audience and income. I learned a lot about coming up with ideas for the weekly grind, trying to be simultaneously opinionated and entertaining in a few hundred words, and not sleeping much because I was working all the time. They’re fun to read as a look back at what was important then (and often still important now).
I wrote this piece in March 2008.
EMR Vendor Starts Secretive, Lucrative Business: Pimping the Patient Data of its Provider Customers
By Mr. HIStalk
Genetic medicine company Perlegen Sciences probably never saw the controversy coming. Its March 18 press release innocently and proudly announced an exclusive collaboration agreement with an unnamed EMR vendor to mine that vendor’s database, which is said to hold medical information on four million patients. To egghead scientists who don’t get out much, that sounds like a victorious achievement for medical research.
Perlegen will sift through mountains of data to select patients who meet its research criteria. The company will then contact the providers of those patients, asking them to contact the patient on the company’s behalf and offering them cash for providing a DNA sample. (Everbody’s watched enough CSI to know about the Q-Tip cheek swab thing, of course).
Perlegen’s intentions sound noble, at least when they’re the ones reciting them. The company is hoping to find genetic markers that can predict the individual response of patients to specific drugs. That correlation could improve patient safety and drug efficacy. And boost drug company profits, of course, which is the real point (some of its investors are drug companies).
The fastidiously unnamed EMR vendor is being paid to provide massive amounts of supposedly de-identified patient data (that methodology wasn’t specified). They get a cut of the take. Perlegen gets an ownership stake in the EMR vendor. Everybody’s happy.
Except perhaps those patients whose information is being probed by a company they’ve never heard of. Generously provided by another company they’ve also never heard of. Do they really want a genetic research firm peeking into their medical records, obtained in an open-air bazaar?
You’ll be hearing more about this story. It opens up a number of legal and ethical questions that are sure to tickle the fancy of journalists, privacy advocates, and software vendors.
The document trail will be interesting. Did the providers’ Notice of Privacy Practices indicate to patients that their data would be marketed since this goes well beyond the usual treatment, payment, and operations? Did the EMR vendor’s contracts with its customers reserve the right to not just store their data, but to sell it?
Perlegen drops the words “HIPAA” and “IRB” to make everything sound on the up-and-up. They’re HIPAA-immune, however (they’re not providers) and it’s not clear whose IRB will oversee the project. In other words, it’s not illegal, but it sounds a bit loophole-ish. So much for HIPAA offering broad privacy protection.
The biggest villain here appears to be the EMR vendor. It has no contractual agreement with patients as far as we know, so what is it doing selling their information?
Don’t blame Perlegen – they should have been told ‘no’. Blame lax privacy protections, the unnamed EMR vendor, and poor IT market conditions for leading to such a desperate cash grab. When that vendor is named – and it will be – we’ll know how it worked out such a sneaky deal, how it’s de-identifying the data of its customers, and how it justifies being partially owned by drug company interests.