An EMR vendor (whose name is kept secret) profits from secret access to Americans’ health information and the patients don’t know their health information has been data mined or their genetic samples were used until they get paid. They still might not know even then why they got a check.
“Consent” for getting genetic test data is ONLY obtained from the provider, NOT the patient, via “HIPAA and IRBs” - both of which totally bypass the patient. HIPAA allows unfettered use of PHI by covered entities - in total defiance of medical ethics and strong laws in every state which prohibit the use of PHI without consent. HIPAA was gutted by industry appointees to HHS in 2002 and the right of consent was eliminated.
There is no consent from patients up front to have their records data-mined or their DNA samples taken by Perlegen.
In fact - if you read this story carefully, patients may never know (even later on) that their genetic samples were taken or used or that their health records were data-mined and sold to Perlegen by the EMR vendor.
This is the new Tuskegee - forced research participation without informed consent or even notice.
The doctors are contacted when a candidate for genetic tests is identified by Perlegen and then are COMPENSATED after re-identification of patient records and genetic samples! There is no evidence provided to prove that the data is “de-identified” or in what way re-identification occurs without consent. There is no way to determine how secure the data is in Perlegen’s data banks, and there is no way to know to whom Perlegen will sell patient data or results.
This is a horrific abuse of patient privacy and we can expect to see a flood of this kind of for-profit “research” UNLESS Congress restores the right to health information privacy. Actually, I would bet this sort of arrangement is widespread already.
Patients do get some compensation - but there is major coercion for them to participate because their doctors are compensated for secretly offering them up as research subjects. How much do the doctors know about the EHR company that sells their patients’ PHI? How much do the doctors know about the security of the data in there or when it is transferred to Perlegen? Do the doctors know whether Perlegen, the “research” firm, will sell data or results to employers or insurers?
This story shows ALL the evils of secret data-mining and coerced participation in corporate for-profit schemes to sell genetic tests and “personalized” medicine. Who is promoting “personalized” medicine? Corporate data miners?
This story shows why there must be NO MORE RESEARCH without informed contemporaneous consent. The right of consent is the international ethical standard for researcher subjects and must not be eliminated in federal law or regulations. There must be no more research, whether its QI, patient safety, or public health research, without real consent.
“Smart” electronic technologies (independent consent management systems and tools) exist today that remove the burdens, cost and time required to obtain written informed consent. Technology can be used to facilitate research WHILE ensuring privacy and consent. We need to preserve our fundamental rights to privacy and build an ethical, legal HIT system now. Congress must act to ensure our rights to privacy. We need to use ‘smart’ technologies so that trust in the HIT system can be established. Consumers have no trust now and this story will only make them fear HIT more.
Data theft by EHR vendors that contract with corporations like Perlegen MUST be stopped. This massive violation of Americans’ health privacy deserves Congressional investigation ASAP.
Deborah C. Peel, MD
Founder and Chair
Patient Privacy Rights