Researchers find a way to link de-identified data to individuals. Is your EHR data safe?
A recent New York Times article describes how researchers were able to track de-identified Netflix customer data back to some of the customers. The article also describes how two EHR vendors sell or plan to sell de-identified patient data.
Obviously, this raises the question: What is your EHR vendor doing with your data? and: Do you own your data?
These are good questions to address at contracting or now if you already have an EHR.
Don’t be fooled into thinking this is only an issue with Internet-based or ASP systems. The hospital EHR mentioned in the article is not an Internet-based system. Whether you have a client-server or Internet-based EHR, the vendor can probably access your data. Also, regardless of which type of system you have, data ownership and access is important because the data is not usable to you if you cannot obtain it in a usable format. Many systems encode or lock the data.
How about Sevocity? We do not report any data outside the practice without the express written permission of the practice and contractually our customers own their data and can receive it in an industry standard format.
C Huddle, VP, Market Development