Are our privacy rules robust enough to protect our patients?

Ok, imagine this.

You take a video of your little girl’s soccer practice with your iPhone. Within moments it’s posted on YouTube for the grandparents to see.

Minutes later search engines called spiders begin to crawl across the data set of images on your upload. Face recognition technology identifies a face on the video and, with some assistance from the geo-tagging of the built in GPS metadata that accompanied the upload, gets a general location of where the video was made.

It determines that your child has other photos posted on Flickr and also a photo in the local newspaper. Now it associates a name with the face. The name might be associated with a Facebook account.

Maybe there’s an article that mentions a parent. The data discovery evolution continues continually attributing identifying information. The parent’s information is exhaustive, but most importantly it contains an address.

From a face on a cell phone video, a sexual predator might discover the home and contact information for your child.

All searchable by keyword: soccer, girl, Facebook, my home town.


Its easy to see the danger the internet can pose to children. We all know that. From Net Nanny to Web Watcher there are software and web packages that purport to protect our children.

They are good. But not perfect.

Health information interconnectivity is considered the holy grail of disease management.

In fact, most experts, including me, feel that without a robust means of health care providers sharing information we can never achieve the cost and quality metrics required for optimal health care delivery.

Especially as we enter the world of the ACO – accountable care organizations – where multiple providers may very well be paid to manage the health care of an individual patient, it will be essential to share information.

Cost savings will be dependent on reducing duplicated tests, encouraging patients to fill needed prescriptions for their diabetes or hypertension, or reminding and scheduling patients for preventative health measures like mammograms or a colonoscopy.

And patients will like it.

Can you imagine a doctor visit for an elderly patient where medicines are continually updated including whether they were even filled at the pharmacy?

We have that now in our office and many physicians subscribe to pharmacy data information that can help us know what medications patients are using.

In addition many offices and emergency rooms have access to claims data for some insured patients.

What does this tell you? Well, for one thing, it can report what you have filed on your health insurance as a recent claim including diagnosis codes for illnesses, visits to other emergency rooms or health providers, and procedures you may have had.

It certainly isn’t perfect – the coding has to be right and it’s stale (often not being updated for months) – but it provides a snapshot of the health care services that you received which in a pinch can provide a physician with some idea of your medical background.

Some insurers will also report medical allergies to round out the picture.

But the problem here is that all the information is fragmented. There are multiple sources, many that are not up-to-date or recent, and they are on many different databases.

The word thrown out a lot by governments and policy gurus is “data warehousing.” This would be a central repository of all the available information that could be accessed securely and updated.

The benefits could be great: better managed health care for individuals and populations. Maybe less visits to the emergency rooms for diabetics, fewer readmissions to the hospital for patients with congestive heart failure, and less unnecessary tests for patients with chronic diseases.

The concept of disease case management might be able to lower cost and improve quality. A value statement that would be hard for anyone to argue with.

But are our privacy rules robust enough to protect our patients?

That’s really the question.

So imagine these scenarios.

A school district during a new hire review of a teacher discover that she’s taken antidepressants in the past. Would this be a good employee to hire?

A drug company does a database query for men with erectile dysfunction as a diagnosis code and who have been prescribed Viagra. They are sent emails and junk mail advertising a new little blue pill.

Your company hires a consultant to lower health insurance costs for your employees. They sell a product that searches the web and ranks future applicants on past health care costs and usage and provides a score. With a high score an applicant doesn’t get an interview.

You file a disability claim on your short term disability plan. Your insurance company, by finding your face on a YouTube video and attributing a name, sees that you can play on a YMCA flag football team. See the problem here?

You could write hundreds of these scenarios. Does it mean that we have to shut down interconnectivity and data sharing of sensitive health information?

No. We can’t afford too.

We must continue to move the ball forward to achieve quality and cost improvement.

We have no other option.

But it does raise the concern that as we get more and more data on the web, and more and more sophisticated in our processing power, there will be big problems with patient’s privacy.

The best thing that could happen would be a systematic process — where everyone works together — to create a unified secure database with strong patient protection rules, including who can access the data and how it can be used.

For now we are left with a fragmented system where companies and governments are creating their own plan and their own data warehouses. All of these will have their own rules, security, data, and problems.

So am I scared of posting something on Facebook?

Absolutely not.

Do I think someday someone will be posting the status of my high blood pressure?


Dan McCoy is a dermatologist who blogs at

Submit a guest post and be heard on social media’s leading physician voice.

Comments are moderated before they are published. Please read the comment policy.

  • Ardella Eagle

    As long as there are locks being made, there will be a method to pick it.  Same is true with ‘secure data warehouses’.  There is nothing out there that can’t be hacked within 5 minutes of it being put ‘out there’.  Should we not use the technology or the social media sites?  To not have some web ‘presence’ is almost as bad as having ‘bad’ web ‘presence’, much like having no credit is worse than having weak or bad credit.  At least you have a past and it doesn’t appear that you’ve just jumped out of a cave.

    That doesn’t mean that you shouldn’t monitor what’s being put out there about yourself.  If someone tags you in a questionable photo, remove the tag and tell the person to think things over about posting the pic.  It’s like we’re all celebrities and have to worry about the Page Six gossip columns.

    I think what needs to change are the hiring personnel’s attitude.  The applicant is a different religion than you?  So what?  Freedom of religion is allowed in the U.S.  The applicant has a Dx of depression and is being treated?  At least they are aware of their issues and are being mature enough to take care of it.  The applicant has children?  Does the word ‘Dedication’ and ‘Family Values’ mean anything to you?  If the hiring people are going to use social media sites and medical information gleaned from the internet (no matter how legally obtained) to knock off applicants, they’ll quickly find that there aren’t any ‘perfect’ applicants applying.

    We all have skeletons in the closet.  Who’s brave enough to admit to them?

  • Jawaid Manzoor

    you can hide but you can’t run. Come to think of it,  there is no such thing as privacy anymore – this is the age of technology. Your health records, anything!  So should you try  -YES and NO. There is at least half chance if your doors are locked, yet every one is curious to look at a naked person………

  • Jawaid Manzoor

    Remove every one to allow the recipient get  fresh air and positioned comfortably while the aid is in process.

  • Jawaid Manzoor

    Gone past the age of desk tops as predicted thirty years back, Ipads is the new age and helpful for reference and emergency……

  • Jawaid Manzoor

    If virtual reality allowed an experimental model for an operation many years back, wireless is common place now ….perhaps a New York doctor networking records of his patient sitting in London……

Most Popular