There is a growing concern in the health care industry regarding third party information technology companies pooling medical record information for insurance companies. These companies are tentatively called Electronic Health Record (EHR) companies
and make revenue by collecting pharmaceutical prescription information and organizing it as medical “credit reports” for health providers to purchase. Insurance companies then buy an individuals’ medical history from these companies to determine whether a selected person is a risk for a health care provider.
electronic health records
Here’s an example. If a woman currently going though chemotherapy needs 400$ of medication a month and wants to buy a health insurance plan for 250$ a month, then it would not make sense for the health provider to accept this applicant without adding premium costs. With the introduction of third party companies who have access to this woman’s pharmaceutical information, her profile that details her purchases of the necessary medication for chemotherapy can be sold to a health insurance company for 15$ a view. The health insurance company then blacklists this woman as a risk for their company and will ask her for more information or suggest she buys a higher health insurance plan.
The privacy issues related to this mixing of personal health information and technology will have vast consequences for the health care industry. The Health Insurance Portability and Accountability Act (HIPAA)
does not cover these third party companies, like Ingenix
and Milliman IntelliScript,
which house databases that cover 200 million American’s personal health information for sale. These companies get their information outside the rules of HIPAA by collecting it from prescription drug histories housed by pharmacy benefit managers (PBM's). PBM's are also not covered entities
under HIPAA law. The histories of pateients they pull up can go back as far as five years and includes the follwoing personal health information: drugs and dosages prescribed, dates filled and refilled, the therapeutic class and the name and address of the prescribing doctor. The fact these EHR's do their business outside the regulations set down by HIPAA means their business practices are not subject to government review, a potentially dangerous precedence. Your pharmaceutical records can already be seen by EHR's, who knows how much more access these third party companies will have concerning your medical records in the future.
There are two sides to this issue, the insurance companies’ point of view and that of the consumers. An insurance company does not want to offer a health care plan to a person who lies on their application and ends up being a major cost to the company. Consumers, on the other hand, do not want their personal health information
sold for profit, potentially raising their insurance levels. A new area for debate in the legal, medical, and technological arenas, the sale of personal health information by third party database collection companies is undoubtedly a hot-button issue for Americans. You should be aware of your rights and request a free document each year from your provider outlining exactly who your records were shared with.