A new report by Bloomberg Businessweek shows that your hospital medical records — which state agencies already sell to private data-mining companies — are even less secure than previously thought.
While the records have no names or addresses, certain information that the records do contain could allow companies to track the data to actual individuals.
“All I have to know is a little bit about a person and when they went to a hospital, and I can find their medical record in this kind of data,” Latanya Sweeney, the director of Harvard University’s Data Privacy Lab, told Bloomberg. Using a software program that cross-references the data again public records and news reports, she was able to match more than 30 people.
Zip codes, patient ages and treatments dates are just some of the information included.
A number of companies buy the state data, from sources as varied as WebMD (WBMD) to OptumInsight, which is owned by the largest U.S. health insurer, UnitedHealth (UNH).
State sales of patient medical information in large part go toward funding public health studies, though agencies recently have begun a process to review what type of information is released.