Does the Fourth Amendment apply to our medical data?
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
According to a report by Milt Freudenheim in the New York Times (And you thought a Prescription Was Private, August 9, 2009), it sure doesn’t look like it.
More than two years ago (Patient Information: Who’s Your Daddy) I warned that for-profit entities might use private patient data to market products to consumers.
Patient data may be used to target relevant product ads to individuals based upon the data contained in the medical record.
Today, patient information is actively being used to target market products and services to patients. Large pharmacy chains such as CVS Caremark and Walgreens regularly utilize pharmacy information to identify patients to whom they send out email messages, coupons, and flyers. Although the data they utilize is de-identified, they employ reverse lookup utilities to reconstruct the information with patient identifiers.
At a meeting with several health information technology leaders at the HIMSS 2008 Annual Conference, Google’s CEO, Eric Schmidt, was cautioned about the use of patient data contained within Google Health. Although WebMD and Microsoft currently acknowledge the privacy rules outlined in ARRA apply to them, Google disagrees. Freudenheim quoted in his article a representative of Google who said:
Excerpts from: We Need Privacy Now. PSQH, September/October, 2009