Is the Medical Establishment the Best Guardian of Your Medical Data?

David C. Kibbe, MD, MBA and Vince Kuraitis

Drs. Mandl and Kohane begin their recent article in NEJM with the statement that “large corporations are seeking an integral and transformative role in the management of health care information,” and then warn that this “will profoundly affect the biomedical research enterprise.”   

At issue for the authors is who controls the information about you and me, our health and healthcare data. Without coming right out and saying it directly, they worry that data in the hands of consumers and patients made possible through PCHR service providers like Google and Microsoft could be dangerous to the nation’s health because of  “commercial interests”.  

So, they are warning us, too.

But, let’s examine the presumption that your personal health information is safest in the hands of the medical establishment (incumbent service and health care provider organizations and the biomedical research enterprise). The real question that their article in NEJM begs is:

how good a job of stewarding our health data is the medical establishment doing?  

The answer is, of course, not so good.  If they were, one might expect much higher levels of safety and quality of care than we now experience.  

Estimates are that some 100,000 people in this country die each year unnecessarily from medical errors, and that many of these errors are related to lack of information or its continuity from one provider to the next.  

Is the problem the authors are warning us about inherently associated with corporations?  Many traditional and incumbent holders of health data are large corporate entities, too, e.g. Harvard, Walgreens Pharmacy, and Blue Cross Blue Shield.  Even the NIH itself has certain aspects of a very large and bureaucratic enterprise, and has been known to have ties to commercial interests.  

And the “biomedical research enterprise” that the authors refer to is notoriously and intimately connected to the interests of the pharmaceutical companies, whose profits have led all industry sectors in the US economy for nearly a generation.

If non-covered entity status under HIPAA is part of the problem, as the authors seem to think it is, and if global Internet brands like Microsoft and Google might be less careful and cautious guarding patient privacy, as the authors also seem to think will be the case, then the proper question to ask is:  

why is it that the current guardians of personal health data — the medical establishment — continue to be in the news on almost a weekly basis for some breach of confidentiality that has resulted in the publication or loss of patient data, and why is it that they seem to avoid all consequences for their ineptitude, sloppiness, or negligence in not protecting personal health data?

The authors state that a federal accreditation agency may be required to  

“strike a balance between patient control and a paternalistic protection against coercion and false claims made across the multiple channels of communication that are possible between these new research entities and health care consumers.”    

What false claims to the public are the authors referring to or anticipating that could be worse than those recently revealed to have been made about drugs such as Vioxx, Vytorin, and Zetia?  These claims were made with the full “paternalism” and “transparency” of the current research and provider economy that the authors appear to hold as a gold standard.

So, is the medical establishment the best guardian of your medical data? 

We’re not so sure. Maybe Google Health and Microsoft HealthVault are a wake up call, not a cause for warning.