Home > data science > Medical identifiers

Medical identifiers

January 30, 2012

In this recent article in the Wall Street Journal, we are presented with two sides of a debate on whether there should be a unique medical identifier given to each patient in the U.S. healthcare system.

Both sides agree that this would help record keeping problems so much (compared to the shambles that exist today) that it would vastly improve scientists’ ability to understand and predict disease. But the personal privacy issues are sufficiently worrying for some people to conclude that the benefits do not outweigh the risks.

Once it’s really easy to track people and their medical data through the system, the data can and will be exploited for commercial purposes or worse (imagine your potential employer looking up your entire medical record in addition to your prison record and credit score).

I agree with both sides, if that’s possible, although they both have flaws: the pro-identifier trivializes the problems of computer security, and the anti-identifier trivializes the field of data anonymization. It’s just incredibly frustrating that we haven’t been able to come to some reasonable solution to this that protects individual identities while letting the record keeping become digitized and reasonable.

Done well, a functional system would have the potential to save people’s lives in the millions while not exposing vulnerable people to more discrimination and suffering. Done poorly and without serious thought, we could easily have the worst of all worlds, where corporations have all the data they can pay for and where only rich people have the ability or influence to opt out of the system.

Let’s get it together, people! We need scientists and lawyers and privacy experts and ethicists and data nerds to get together and find some intelligently thought-out middle ground.

Categories: data science
  1. Annie
    January 30, 2012 at 8:05 am

    “imagine your potential employer looking up your entire medical record”–Well, no. That is strictly forbidden by HIPAA, the patient privacy regulation (and the reason you always have to sign that you’ve received a medical practice’s privacy policy when you go to a new doctor). Read the first opinionator’s essay carefully; the only question there is whether or not *doctors* should have access to all your medical records. The second opinionator is concerned about the fact that data, stripped of identifying information, is sold commercially. She expresses worry that it’s “easy” to re-identify patients. Well, first of all, it’s still illegal and most employers are uninterested in violating the law. And I work with this kind of data myself as a researcher (medical claims data where the exact birthdate, address, SSN, etc. have been removed) and it’s not so easy, even if I were interested in doing that.


    • January 30, 2012 at 8:59 am

      I agree that it was alarmist, but sometimes it is reasonable to sound an alarm. Consider the following:

      1) This applies to US citizens, but what about in other countries?
      2) For that matter, what about US companies who employ people in other countries? Filtering by medical issues is a sure way to make your operation look better.
      3) “It’s not so easy” is really not good enough. It’s also not so easy to link up profiles between Twitter, LinkedIn, Facebook, and Foursquare, but a hacker I met recently did so and suggests he can figure out where someone is at any time- where they live, work, and where they have coffee every day at 3pm.
      4) Also, “employers are uninterested in violating the law” doesn’t pass my smell test either, especially when the can subcontract this job. If they hired a company to go “look someone up” before making a hiring decision, and that company came back with medical information, do you think it would sell better or worse?
      5) Laws change.
      6) Corporations are becoming more powerful, not less, last time I checked. If they want to get their hands on this stuff and not get in trouble for it, I think they may find a way.
      7) All I’m saying is we have to be proactive about this. I think it’s worth a try.


    • January 30, 2012 at 11:04 pm

      Many companies have access to employee medical records and are mining them already. Just one example occurs when they employ you and they self insure their health insurance plan. The employees sign waivers that allow them to mine the information as a part of accepting the insurance.

      This is not illegal. And the data is being provided to third parties as part of contracts.


  2. January 30, 2012 at 9:06 am

    “imagine your potential employer looking up your entire medical record…”

    Actually, except perhaps for the modifier entire, that already happens. There are fatal weaknesses in our present privacy system.


    • January 30, 2012 at 11:06 pm

      Right. I don’t know a lot about how it’s done with all medical records, but I’ve seen the results in executive searches.


  3. Richard Séguin
    January 30, 2012 at 10:36 pm

    My own medical provider switched to all electronic records a number of years ago. Doctors love it because they can, for example, click on a few buttons to order your prescriptions. I’ve found that the system contains a lot of misinformation information that somehow never gets corrected. Moreover, doctors never get beyond the first level of screens, just as they never read past the first few pages in your chart. I showed up once at the ER associated with my provider, and they were not aware of my main medical pre-condition for several hours until I told them. Why didn’t this pop up in red on the first screen they looked at? Also, I can’t be certain, but I’ll bet many many years of history were lost in the transition to the computer system. Very discouraging.


  1. No trackbacks yet.
Comments are closed.
%d bloggers like this: