Home » Time Capsule » Currently Reading:

Time Capsule: EMR Vendor Starts Secretive, Lucrative Business: Pimping the Patient Data of its Provider Customers

January 4, 2013 Time Capsule 3 Comments

I wrote weekly editorials for a boutique industry newsletter for several years, anxious for both audience and income. I learned a lot about coming up with ideas for the weekly grind, trying to be simultaneously opinionated and entertaining in a few hundred words, and not sleeping much because I was working all the time. They’re fun to read as a look back at what was important then (and often still important now).

I wrote this piece in March 2008.

EMR Vendor Starts Secretive, Lucrative Business: Pimping the Patient Data of its Provider Customers
By Mr. HIStalk


Genetic medicine company Perlegen Sciences probably never saw the controversy coming. Its March 18 press release innocently and proudly announced an exclusive collaboration agreement with an unnamed EMR vendor to mine that vendor’s database, which is said to hold medical information on four million patients. To egghead scientists who don’t get out much, that sounds like a victorious achievement for medical research.

Perlegen will sift through mountains of data to select patients who meet its research criteria. The company will then contact the providers of those patients, asking them to contact the patient on the company’s behalf and offering them cash for providing a DNA sample. (Everbody’s watched enough CSI to know about the Q-Tip cheek swab thing, of course).

Perlegen’s intentions sound noble, at least when they’re the ones reciting them. The company is hoping to find genetic markers that can predict the individual response of patients to specific drugs. That correlation could improve patient safety and drug efficacy. And boost drug company profits, of course, which is the real point (some of its investors are drug companies).

The fastidiously unnamed EMR vendor is being paid to provide massive amounts of supposedly de-identified patient data (that methodology wasn’t specified). They get a cut of the take. Perlegen gets an ownership stake in the EMR vendor. Everybody’s happy.

Except perhaps those patients whose information is being probed by a company they’ve never heard of. Generously provided by another company they’ve also never heard of. Do they really want a genetic research firm peeking into their medical records, obtained in an open-air bazaar?

You’ll be hearing more about this story. It opens up a number of legal and ethical questions that are sure to tickle the fancy of journalists, privacy advocates, and software vendors.

The document trail will be interesting. Did the providers’ Notice of Privacy Practices indicate to patients that their data would be marketed since this goes well beyond the usual treatment, payment, and operations? Did the EMR vendor’s contracts with its customers reserve the right to not just store their data, but to sell it?

Perlegen drops the words “HIPAA” and “IRB” to make everything sound on the up-and-up. They’re HIPAA-immune, however (they’re not providers) and it’s not clear whose IRB will oversee the project. In other words, it’s not illegal, but it sounds a bit loophole-ish. So much for HIPAA offering broad privacy protection.

The biggest villain here appears to be the EMR vendor. It has no contractual agreement with patients as far as we know, so what is it doing selling their information?

Don’t blame Perlegen – they should have been told ‘no’. Blame lax privacy protections, the unnamed EMR vendor, and poor IT market conditions for leading to such a desperate cash grab. When that vendor is named – and it will be – we’ll know how it worked out such a sneaky deal, how it’s de-identifying the data of its customers, and how it justifies being partially owned by drug company interests.

View/Print Text Only View/Print Text Only

HIStalk Featured Sponsors


Currently there are "3 comments" on this Article:

  1. So how is healthcare supposed to benefit from big data is nobody is allowed to look at it? A company is paid to help identify patients, and then the patients themselves are paid to participate. Sounds like those devious contract research organizations out there paying doctors to review charts and then paying patients to participate in studies. Patients need to be educated about devious companies like Quintiles and Covance paying to access their charts and recruit them for managed studies. Imagine the chaos if academic hospitals were to have clinical research units where patient charts are reviewed without their knowledge so they can be paid to participate in research studies sponsored through grants at the hospital. I shudder at all those nameless, faceless researchers and CROs taking advantage of all that innocent data just so patients can be paid for research participation.

  2. Disgusting is all I can say. I dont want my medical history shared with anyone, de-identified or not. Certainly I would like the right to provide my consent. There is a world of difference being asked vs having it taken.

    These companies do this stuff because they can get away with it….just like the banks. Publish the names of this data thiefs and this practice will stop. E.g., Humedica.

  3. It’s important to understand that what is described relates to looking at de-identified data. Not arguing whether the manner of de-identification is strong enough, the practice of looking through aggregated, deidentified data to support research feasibility is pretty much common practice and is allowed by both HIPAA and under IRB guidelines. It happens in every academic hospital today. This is not the same as sniffing through individual charts to recruit patients. Even if that were practical, it is not allowed under HIPAA. It’s also important to understand that a trial that has received IRB approval is no longer subject to HIPAA. It has it’s own human subjects protection standards that it must follow (in many cases, more stringent than HIPAA). In addition, IRB’s are not organizationally based. This means any, legitimate IRB can provide approval for a specific study that may be across numerous organizations.

    I fully agree that privacy is something we need to devote more attention to but we can’t knee jerk react to it. We all benefit from research focused on curing us of our most threatening ills and we have to accept that research is costly; therefore, it requires business models to support it. Making it harder for the research community to access trial candidates isn’t the answer. It will only hurt society in more fundamental ways than privacy.

Subscribe to Updates



Text Ads

Report News and Rumors

No title

Anonymous online form
Rumor line: 801.HIT.NEWS



Founding Sponsors


Platinum Sponsors


































































Gold Sponsors
















Reader Comments

  • jp: I'm with you on the icebreakers and other "interacting for the sake of interacting" types of things....
  • AynRandWasDumb: Re: VA/Jackson - WOW http://apps.washingtonpost.com/g/documents/politics/ronny-jackson-summary-of-allegations/2922/...
  • Drivin' and Cryin': I witnessed a noted health IT leader do the same "tears after telling a story about how he didn't treat his wife well en...
  • Mr. HIStalk: I agree for a class, where an ongoing relationship is important -- you'll be spending time with the instructor and fello...
  • jp: On the whole conference thing and engaging the audience. If the purpose of a conference (or one of the main purposes) is...
  • MerryMe: Anyone besides me disturbed by the title of the Healthwise webinar listed? "Converting Consumers into Patients" -- Shoul...
  • Justa CIO: Wholeheartedly agree with System CIO's comment. I like him/her do not have time for HIMSS, CHIME, etc., as I am heads d...
  • shh bby is ok: I was taken by the tongue-in-cheek wit of your cartoon above Stealthily Healthily's comment. Then I clicked on it an...
  • Fourth Hansen Brother: My God, 60 is too old? Hint- rapidly aging population. He's not anywhere near retirement age, and CEO tenures are pretty...
  • Lisa Hahn, RN, Org Management/Clinical Strategist: I have seen a mixed bag of tricks for these situations. There is no specific singular “path” for for every organiza...

Sponsor Quick Links