Data brokers freely trade consumer health info--is it legal?

Tools

Data brokers trade on sensitive medical data with little oversight or regulation, a senate committee found on Wednesday.

The report, discussed at U.S. Senate Committee on Commerce, Science and Transportation hearing on Wednesday, found that while the companies aren't necessarily guilty of any wrongdoing, the huge amount of consumer data available in the digital age should raise concerns.

Committee Chairman John D. (Jay) Rockefeller IV launched an investigation into the data broker industry to give consumers a better understanding of how their personal data is handled. Rockefeller sent inquiries to 12 popular personal finance, health and family websites and then had Experian report on how those companies vet customers. This followed reports that an Experian subsidiary sold data to an identity theft scheme.

The Wall Street Journal points out that various data brokers collect information about people's incomes, home loans and pets, and assign them to groups like "rural and barely making it" and "ethnic city strugglers."

The Fair Credit Reporting Act and the Health Insurance Portability and Accountability Act (HIPAA) protect consumers in certain contexts, but new technologies and companies leave a large gray area, WSJ notes. Profiling one's health condition online isn't protected because the data brokers aren't health providers, and providers of "e-credit" scores aren't qualified credit agencies.

"Current federal law does not fully address the use of new technologies, despite the fact that social media, web tracking, and mobile devices allow for faster, cheaper and more detailed data collection and sharing among resellers and private-sector entities," the report states.

Increased access to health data online can lead to malicious attacks. Health data is targeted for the value it holds and the ease with which hackers can gain access to it, according to Rick Kam, president and co-founder of ID Experts, FierceHealthIT previously reported. While there are still plenty of breaches occurring due to lost or stolen laptops, many instances of data loss or exposure are no accident, he said.

Hackers often are more interested in financial information they can use in identity theft and other fraud schemes, though that data increasingly is prized for numerous commercial ventures.

To learn more:
- watch the hearing
- read the article in the Wall Street Journal

Related Articles:
Most health data breaches malicious, not accidental
Cloud storage debacle marks hospital's third privacy incident in a year
Privacy experts: Health data security efforts too reactive
Securing health data from hackers requires a holistic approach
Stolen health data increasingly sought after for commercial ventures
Healthcare organizations leaving themselves open to breaches

Filed Under