Health care experts debate privacy threat of Covered California’s patient data collection

PANORAMA CITY, CA - JANUARY 28: Dr. Jason Greenspan (L) and emergency room nurse Junizar Manansala care for a patient in the ER of Mission Community Hospital where doctors held a press conference outside on a class action lawsuit against the state of California by a coalition of emergency room physicians claiming that without additional funding, the entire emergency healthcare system is on the verge of collapse on January 28, 2009 in Panorama City, California. According to the coalition, the cost of providing emergency room treatment has nearly doubled over the past decade and patient load increased by more than 28 percent while Medi-Cal reimbursements have remained largely unchanged. During that time, 85 California hospitals in California have closed and an additional 55 facilities have shut down their emergency rooms. California now reportedly ranks worst in the nation for access emergency care and last in emergency rooms per capita. California has seven emergency rooms per million people while the national average is 20 emergency rooms per million people. (Photo by David McNew/Getty Images) *** Local Caption *** Junizar Manansala;Jason Greenspan

Covered California, the Affordable Care Act’s state exchange in California, will collect insurance company data on prescriptions, doctor visits and hospital stays, a move that has stirred serious concerns about data protection and privacy.

Covered California, the Affordable Care Act’s state exchange in California, will collect insurance company data on prescriptions, doctor visits and hospital stays, a move that has stirred serious concerns about data protection and privacy.

The stated reason is to use patient data to maintain accountability from health insurers and medical providers; data the exchange already collects on enrollment was used to negotiate lower premiums for consumers, saving them over $100 million this year. But actual medical information is more important than enrollment information as medical records can be used to create a story about a person which may be invaluable to hackers and those who would sell or misuse them.

Covered California will be collecting the data on the approximately 1.4 million people enrolled on the exchange and then storing the data with Truven Health Analytics Inc. At present, there are no plans to let consumers in the exchange opt out of the data collection process, a concern that has critics countering that the state must ask permission for the information before taking it.

But the more pervasive concern has been about how the state will protect the data. The federal government has recently discovered multiple hacks throughout the executive branch, including the comprehensive theft of more than 4 million files from the Office of Personnel Management in June and 100,000 tax accounts at the Internal Revenue Service in May.

The private sector is similarly susceptible to such attacks - Anthem, the county’s second-largest health insurer, revealed a hack in February that may have affected 80 million people.

How will Covered California reassure its consumers that their data is safe and will only be used in an appropriate manner? Should Covered California ask permission before collecting the data they say is necessary to provide the best services to consumers? Are the consumer benefits promised by Covered California worth the risk of a potential hack?

Guests:

Dr. Andrew Bindman, MD, Professor of Medicine and Epidemiology & Biostatistics at the University of California, San Francisco; he was also the lead UCSF researcher on the exchange’s 2014 enrollment

John Simpson, Director of Privacy Project at Consumer Watchdog