IMS IPO and Health Data Privacy

The following is a guest post by Dr. Deborah Peel, Founder of Patient Privacy Rights. There is no bigger advocate of patient privacy in the world than Dr. Peel. I’ll be interested to hear people comments and reactions to Dr. Peel’s guest post below. I look forward to an engaging conversation on the subject.

Clearly the way to understand the massive hidden flows of health data are in SEC filings.

For years, people working in the healthcare and HIT industries and government have claimed PPR was “fear-mongering”, even while they ignored/denied the evidence I presented in hundreds of talks about dozens of companies that sell health data (see slides up on our website)

But IMS SEC filings are formal, legal documents and IMS states that it buys “proprietary data sourced from over 100,000 data suppliers covering over 780,000 data feeds globally”. It buys and aggregates sensitive “prescription” records, “electronic medical records”, “claims data”, and more to create “comprehensive”, “longitudinal” health records on “400 million” patients.

* All purchases and subsequent sales of personal health records are hidden from patients. Patients are not asked for informed consent or given meaningful notice.
* IMS Health Holdings sells health data to “5,000 clients”, including the US Government.

These statements show the GREAT need for a comprehensive health data map—–and that it will include potentially a billion places that Americans’ sensitive health data flows.

In what universe is our health data “private and secure”?

About the author

Guest Author

Guest Author


  • Maybe I’m naive…

    But – every situation I’ve seen where a doc sells access to the EHR data, said data has been de-identified.
    This is usually done by the purchasing company placing a server in the office that churns the database and de-identifies.

    So, the fact that this (de-identification claim) is in writing leads me to believe it is true.

    This is not to say others may be doing it in an unsecure method.

    BUT – this doesn’t change the fact that I should be able to opt out of the selling of my data.
    In the early days of the EHR hub in my area, I went to some of the meetings. The large medical group that was pushing this informed the docs in attendance (and me) that the selling of PHI would help fund this project.

    I raised my hand and asked if the data hub policy that all patients would have to sign was going to mention that their data may be sold.

    The answer was no, and I was shunned and removed from further discussions.

    If people aren’t paranoid about what can be done with their PHI, then they have their head in the sand.

Click here to post a comment