With more digitized health records, more non healthcare companies moving aggressively into the sector and a huge amount of consolidation underway, the issue of HIPAA and awareness of patient privacy issues has moved well beyond the world of clinical practice and the Office of National Coordinator. ProPublica’s move to set up a search engine that allows users to look up retail pharmacies, healthcare providers, labs and even the U.S. government to see how many HIPAA violations they have amassed is a mixed bag of usefulness.
It developed the search engine as part of its series, Policing Patient Privacy. Here’s an overview of how it obtained and used the data from the Office for Civil Rights at the U.S. Department of Health and Human Services, the Department of Veterans Affairs and the California Department of Public Health.
Under the Freedom of Information Act, we requested all closed HIPAA investigations conducted by the Office for Civil Rights since January 2008. We sought the name of each institution or person who was the subject of a complaint, as well as the date opened, date closed, how the case was resolved, and a description of the complaint. We chose to focus our analysis on a subset of these complaints — those closed from 2011 to 2014. The data was contained in multiple PDFs, totaling more than 5,000 pages. A sizable portion of the data was redacted, particularly complaints that referred to individual practitioners. (HHS took the position that the names of health facilities could be disclosed but the names of doctors or other providers could not. We are appealing that.)
We scanned and parsed the text using optical character recognition and Tabula, and then checked the results to ensure accuracy. We counted 31,310 complaints.
BioLabs Pegasus Park Cultivates Life Science Ecosystem
Gabby Everett, the site director for BioLabs Pegasus Park, offered a tour of the space and shared some examples of why early-stage life science companies should choose North Texas.
It whittled the complaints down to a little more than 13,200 by omitting complaints when the provider’s name was redacted or the name didn’t contain enough identifying information or, in the case of California’s health department, it was tied to quality-of-care reports.
Helpfully, it provides some context that will educate people on how these violations can happen inadvertently and the circumstances surrounding some of these incidents. Unfortunately, data isn’t available for many of the incidents so it will be up to the user’s imagination.
At its best, I think the search engine will make patients more aware of what HIPAA violations are and the circumstances behind them — that they’re frequently a case of an accident or nosy employees and less frequently the work of a malevolent third party that wants to sell their data on the black market to the highest bidder.
At worst, it will undermine consumer confidence. Although the number of violations the likes of Kaiser Permanente, Quest Diagnostics, and CVS Health each have may be small in relation to the number of patients they have, many people won’t see it that way. On the other hand, this kind of publicity could give them the motivation they need to improve training and security protocols. They might also enlist health IT companies developing technology to help them be more proactive about how they identify HIPAA violations.
BioLabs Pegasus Park Cultivates Life Science Ecosystem
Gabby Everett, the site director for BioLabs Pegasus Park, offered a tour of the space and shared some examples of why early-stage life science companies should choose North Texas.
There’s been concern that the government does not do enough to deter HIPAA violations. The increased transparency ProPublica has helped provide might do wonders to counter that.
Photo: Freedigitalphotos.net
