Hostname: page-component-6d856f89d9-mhpxw Total loading time: 0 Render date: 2024-07-16T06:13:06.689Z Has data issue: false hasContentIssue false
  • English
  • Français

Selling Health Data

De-Identification, Privacy, and Speech

Published online by Cambridge University Press:  10 June 2015

BONNIE KAPLAN
Get access Rights & Permissions [Opens in a new window]

Abstract:

Two court cases that involve selling prescription data for pharmaceutical marketing affect biomedical informatics, patient and clinician privacy, and regulation. Sorrell v. IMS Health Inc. et al. in the United States and R v. Department of Health, Ex Parte Source Informatics Ltd. in the United Kingdom concern privacy and health data protection, data de-identification and reidentification, drug detailing (marketing), commercial benefit from the required disclosure of personal information, clinician privacy and the duty of confidentiality, beneficial and unsavory uses of health data, regulating health technologies, and considering data as speech. Individuals should, at the very least, be aware of how data about them are collected and used. Taking account of how those data are used is needed so societal norms and law evolve ethically as new technologies affect health data privacy and protection.

Keywords

confidentialityhealth data privacyhealth recordsbig datadata miningpharmaceutical marketinghealth data salede-identificationHIPPAEU Data Protection DirectiveSorrell v. IMS Health Inc.R v. Department of Health, Ex Parte Source Informatics Ltd.
Type
Special Section: Bioethics and Information Technology
Information
Cambridge Quarterly of Healthcare Ethics , Volume 24 , Issue 3 , July 2015 , pp. 256 - 271
Copyright
Copyright © Cambridge University Press 2015 

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Notes

1. Sorrell v. IMS Health Inc. et al, 131 S. Ct. 2653 (2011).

2. R v. Department of Health, Ex Parte Source Informatics Ltd., [C.A. 2000] 1 All ER 786. See also R v. Department of Health, Ex Parte Source Informatics Ltd. European Law Report 2000;4:397–414.

3. Businessweek. Company Overview of Source Informatics Limited; available at http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=26078316 (last accessed 18 May 2014).

4. IMS Health. About IMS Health; available at http://www.imshealth.com/portal/site/imshealth/menuitem.051a1939316f851e170417041ad8c22a/?vgnextoid=7311e590cb4dc310VgnVCM100000a48d2ca2RCRD&vgnextfmt=default (last accessed 14 May 2014).

5. Petersen, C, DeMuro, P, Goodman, KW, Kaplan, B. Sorrell v IMS Health: Issues and opportunities for informaticians. JAMIA (Journal of the American Medical Informatics Association) 2013;20(1):35–7.CrossRefGoogle Scholar

6. Kaplan B. How should health data be used? Using Source and Sorrell v. IMS, Inc. to think with about privacy, secondary use, and big data sales. Cambridge Quarterly of Healthcare Ethics; forthcoming.

7. Kaplan, B. Health data privacy. In: Yanisky-Ravid, S, ed. Beyond Intellectual Property: The Future of Privacy. New York: Fordham University Press; forthcoming.Google Scholar

8. Beyleveld, D, Histed, E. Betrayal of confidence in the Court of Appeal. Medical Law International 2000;4:277311CrossRefGoogle ScholarPubMed, at 280, citing p. 796 of R v. Department of Health, Ex Parte Source Informatics Ltd., [C.A. 2000] 1 All ER 786.

9. Dunkel, YF. Medical privacy rights in anonymous data: Discussion of rights in the United Kingdom and the United State in light of the Source Informatics cases. Loyola of Los Angeles International and Comparative Law Review 2001;23(1):4180.Google Scholar

10. Srinivas, N, Biswas, A. Protecting patient information in India: Data privacy law and its challenges. NUJS Law Review 2012;5(3):411–24.Google Scholar

11. See note 8, Beyleveld, Histed 2000.

12. Taylor, MJ. Health research, data protection, and the public interest in notification. Medical Law Review 2011;19(2):267303.CrossRefGoogle ScholarPubMed

13. See note 9, Dunkel 2001.

14. See note 9, Dunkel 2001.

15. See note 1, Sorrell v. IMS 2011, at 2653.

16. Mello, MM, Messing, NA. Restrictions on the use of prescribing data for the use of drug promotion. New England Journal of Medicine 2010;365(13):1248–54CrossRefGoogle Scholar, at 1248, citing IMS Health, Inc v. Sorrell, 630 F.3d 263 (2nd Cir 2010).

17. Outterson, K. Higher First Amendment hurdles for public health information. New England Journal of Medicine 2011;365(7):e13(1)–e(3), at e13(1).CrossRefGoogle Scholar

18. Central Hudson Gas & Electric Corporation v. Public Service Commission of NY, 447 U.S. 564 (1980).

19. See note 1, Sorrell v. IMS 2011, at 2653.

20. Bambauer, JR. Is data speech? Stanford Law Review 2014;66:57120.Google Scholar

21. Bhagwat, A. Sorrell v IMS Health: Details, detailing, and the death of privacy. Vermont Law Review 2012;36:855–80.Google Scholar

22. Warren, S, Brandeis, L. The right to privacy. Harvard Law Review 1890;4:193201, at 194.CrossRefGoogle Scholar

23. See note 21, Bhagwat 2012.

24. Schwartz, PM, Solove, DJ. PII problem: Privacy and a new concept of personally identifiable information. New York University Law Review 2011;86(6):1814–94.Google Scholar

25. Skloot, R. The Immortal Life of Henrietta Lacks. New York: Crown; 2010.Google Scholar

26. See note 8, Beyleveld, Histed 2000.

27. See note 12, Taylor 2011.

28. Institute of Medicine. Capturing Social and Behavioral Domains in Electronic Health Records: Phase 1. Washington, DC: The National Academies Press; 2014.

29. Ohm, P. Broken promises of privacy: Responding to the surprising failure of anonymization. UCLA Law Review 2010;57:1701–77.Google Scholar

30. Malin, BA, El Emam, K, O’Keefe, CM. Biomedical data privacy: Problems, perspectives, and recent advances. JAMIA (Journal of the American Medical Informatics Association) 2013;20(1):26.CrossRefGoogle ScholarPubMed

31. See note 29, Ohm 2010.

32. Rothstein, MA. The Hippocratic bargain and health information technology. Journal of Law, Medicine and Ethics 2010; Spring:713.CrossRefGoogle ScholarPubMed

33. Rothstein, MA. Access to information in segmented electronic health records. Journal of Law, Medicine and Ethics 2012 Summer:394400.CrossRefGoogle ScholarPubMed

34. See note 12, Taylor 2011, at 303.

35. See note 29, Ohm 2010.

36. Institute of Medicine. Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research. Washington, DC: National Academies; 2009.

37. European Union. EU Directive 95/46/EC—The Data Protection Directive; available at http://www.dataprotection.ie/docs/EU-Directive-95-46-EC--Chapter-2/93.htm (last accessed 23 Mar 2014).

38. European Union. The European Data Protection Supervisor; available at http://europa.eu/about-eu/institutions-bodies/edps/index_en.htm (last accessed 23 Mar 2014). Maintained or enhanced in http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52012PC0011:en:NOT (last accessed 23 Mar 2014).

39. See note 9, Dunkel 2001, at 44.

40. See note 7, Kaplan forthcoming.

41. See note 29, Ohm 2010.

42. Koontz, L. What is privacy? In: Koontz, L, ed. Information Privacy in the Evolving Healthcare Environment. Chicago: Healthcare Information and Management Society (HIMSS); 2013:120.Google Scholar

43. United States Government, Department of Health and Human Services, Office for Civil Rights. Summary of the HIPAA Privacy Rule; available at http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/ (last accessed 30 June 2013).

44. See note 42, Koontz 2013.

45. McGraw D. Privacy and Information Technology. Washington, DC; 2009; Paper 25, O’Neill Institute Paper; available at http://www.law.georgetown.edu/oneillinstitute/research/legal-solutions-in-health-reform/Privacy.cfm (last accessed 1 July 2014) and http://scholarship.law.georgetown.edu/ois_papers/25 (last accessed 17 July 2014).

46. The Standards for Privacy of Individually Identifiable Health Information; available at http://aspe.hhs.gov/admnsimp/final/pvcguide1.htm (last accessed 19 Jan 2014).

47. Rothstein, MA, Talbot, M. Compelled authorizations for disclosure of health records: Magnitude and implications. American Journal of Bioethics 2007 Mar;7(3):3845.CrossRefGoogle ScholarPubMed

48. Vt. Stat. Ann. Tit. 18 §§4631d (Supp. 2010).

49. Findlay, SD.Direct-to-consumer promotion of prescription drugs: Economic implications for patients, payers and providers. PharmacoEconomics 2001;19(2):109–19.CrossRefGoogle ScholarPubMed

50. Gostin, LO. Marketing pharmaceuticals: A constitutional right to sell prescriber-identified data? JAMA 2012;307(8):787–8.CrossRefGoogle ScholarPubMed

51. Orentlicker, D. Prescription data mining and the protection of patients’ interests. Journal of Law, Medicine and Ethics 2010; Spring:7484.CrossRefGoogle Scholar

52. Curfman, GD, Morrissey, S, Drazen, JM. Prescriptions, privacy, and the First Amendment. New England Journal of Medicine 2011;364(21):2053–5.CrossRefGoogle ScholarPubMed

53. Hartung, DM, Evans, D, Haxby, DG, Kraemer, DF, Andeen, G, Fagnan, LJ. Effect of drug sample removal on prescribing in a family practice clinic. Annals of Family Medicine 2010;8(5):402–9.CrossRefGoogle Scholar

54. See note 49, Findlay 2001.

55. See note 51, Orentlicker 2010.

56. Gooch, GR, Rohack, JJ, Finley, M. The moral from Sorrell: Educate, don’t legislate. Health Matrix 2013;23(1):237–77.Google ScholarPubMed

57. Donohue, JM, Cevasco, M, Rosenthal, MB. A decade of direct-to-consumer advertising of prescription drugs. New England Journal of Medicine 2007;357:673–81.CrossRefGoogle ScholarPubMed

58. de Frutos, MA, Ornaghi, C, Siotis, G. Competition in the pharmaceutical industry: How do quality differences shape advertising strategies? Journal of Health Economics 2013;32:268–85.CrossRefGoogle ScholarPubMed

59. See note 49, Findlay 2001.

60. Boumil, MM, Dunn, K, Ryan, N, Clearwater, K. Prescription data mining, medical privacy and the First Amendment: The U.S. Supreme Court in Sorrell v. IMS Health Inc. Annals of Health Law 2012;21:447–83.Google Scholar

61. See note 56, Gooch et al. 2013.

62. See note 8, Beyleveld, Histed 2000.

63. Atherley, G. The public-private partnership between IMS Health and the Canada Pension Plan. Fraser Forum 2011:57.Google Scholar

64. See note 52, Curfman et al. 2011.

65. Joint Appendix, Vol. 1, at 155, William H. Sorrell et al. v. IMS Health Inc. et al., 2010 U.S. Briefs 779 (2nd Cir. 2011) (No. 10–779).

66. Brief for the New England Journal of Medicine, the Massachusetts Medical Society, the National Physicians Alliance, and the American Medical Students Association as amici curiae supporting petitioners, William H. Sorrell v. IMS Health Inc. et al., 2010 U.S. Briefs 779 (No. 10–779), 2011 U.S. S. Ct. Briefs LEXIS 299.

67. See note 63, Atherley 2011, at 7, quoting the Canadian Medical Association.

68. Data mining case tests boundaries of medical privacy. CMAJ 2011;183(9):E509–E10.

69. See note 52, Curfman et al. 2011.

70. See note 56, Gooch et al. 2013.

71. See note 5, Petersen et al. 2013.

72. See note 68, Data mining case tests boundaries of medical privacy 2011.

73. See note 56, Gooch et al. 2013.

74. See note 51, Orentlicker 2010.

75. Piety, TR. Brandishing the First Amendment: Commercial Expression in America. Ann Arbor: University of Michigan Press; 2012.CrossRefGoogle Scholar

76. See note 20, Bambauer 2014.

77. See note 10, Srinivas, Biswas 2012.

78. See note 17, Outterson 2011.

79. See note 21, Bhagwat 2012.

80. Mermin, SE, Graff, SK. The First Amendment and public health, at odds. American Journal of Law and Medicine 2013;39:298307.CrossRefGoogle ScholarPubMed

81. Tien L. Online behavioral tracking and the identification of Internet users. Paper presented at: From Mad Men to Mad Bots: Advertising in the Digital Age. The Information Society Project at the Yale Law School. New Haven, CT; 2011.

82. See note 81, Tien 2011.

83. See note 16, Mello, Messing 2010.

84. See note 17, Outterson 2011.

85. See note 75, Piety 2012.

86. See note 20, Bambauer 2014.

87. See note 1, Sorrell v. IMS 2011, at 2667.

88. Pasquale, F. Restoring transparency to automated authority. Journal on Telecommunications and High Technology Law 2011;9:235–54.Google Scholar

89. Koppel, R, Kreda, D. Healthcare information technology vendors’ “hold harmless” clause: Implications for patients and clinicians. JAMA 2009;301(12):1276–8.CrossRefGoogle Scholar

90. Goodman, KW, Berner, E, Dente, MA, Kaplan, B, Koppel, R, Rucker, D, et al. Challenges in ethics, safety, best practices, and oversight regarding HIT vendors, their customers, and patients: A report of an AMIA special task force. JAMIA (Journal of the American Medical Informatics Association) 2011;18(1):7781.CrossRefGoogle ScholarPubMed

91. Evans, BJ. Much ado about data ownership. Harvard Journal of Law & Technology 2011;25(11):70130.Google Scholar

92. See note 6, Kaplan forthcoming.

93. See note 7, Kaplan forthcoming.

94. See note 63, Atherley 2011.

95. Hall, MA, Schulman, KA. Ownership of medical information. JAMA 2009;301(12):1282–4.CrossRefGoogle ScholarPubMed

96. McGraw, D. Building public trust in uses of Health Insurance Portability and Accountability Act de-identified data. JAMIA (Journal of the American Medical Informatics Association) 2013;20(1):2934.CrossRefGoogle ScholarPubMed

97. See note 75, Piety 2012.

98. Miller, RA, Schaffner, KF, Meisel, A. Ethical and legal issues related to the use of computer programs in clinical medicine. Annals of Internal Medicine 1985;102:529–36.CrossRefGoogle ScholarPubMed

99. Goodman, KW. Health information technology: Challenges in ethics, science and uncertainty. In: Himma, K, Tavani, H, eds. The Handbook of Information and Computer Ethics. Hoboken, NJ: Wiley; 2008:293309.CrossRefGoogle Scholar

100. White R. Electronic Health Records: Balancing Progress and Privacy; 2012 June 19; available at http://thehastingscenter.org/Bioethicsforum/Post.aspx?id=6907&blogid=140 (last accessed 29 June 2014).

101. See note 20, Bambauer 2014.

102. Abril PS, Cava A. Health privacy in a techno-social world: A cyber-patient’s bill of rights. Northwestern Journal of Technology and Intellectual Property 2008; Summer;6(3):244–77.

103. See note 30, Malin et al. 2013.

104. See note 1, Sorrell v. IMS 2011, at 24.