Does Your EHR Sell Your EHR Data?

I recently saw a tongue-in-cheek tweet from Howard Green, MD about how healthcare shares data:

There has always been a disconnect between providers and EHR vendors saying they can’t share data and then EHR vendors can easily sell and share EHR data to the healthcare industry. If you don’t think this happens at large scales in healthcare, then you need to look no further than IMS which last I checked was a multi billion dollar public company on the back of our health data.

The “sharing” or should we say selling of EHR data is big business and happening a lot more than we realize. I know the Patient Privacy Rights organization was trying to make a map of all the ways your health data was being shared. However, you can imagine that’s an almost impossible task to accomplish. I think most of us would be shocked to see how far and wide are health data is shared.

I wonder how many doctors know the answer to this question, “Does your EHR sell your EHR data?”

My guess is that most doctors assume that their EHR data is not being sold. For a number of EHR vendors, that’s probably true. However, my guess is that most doctors don’t know their EHR vendor’s policy on selling EHR data. If you don’t know, you should ask your EHR vendor and find out.

For those EHR vendors that are selling EHR data, you can be sure that they will happily reply that any EHR data they sell is de-identified. They’ll argue that it’s not a violation of HIPAA because it doesn’t have any PHI because they’ve de-identified the data and only sell the data in aggregate. No doubt there are many that would argue that there’s no perfect way to totally de-identify your EHR data and that when combined with other sources, they can often identify your patients.

This is big business and so it’s easy to see why an EHR vendor would give the go ahead to de-identify and sell the data stored in their EHR. Although, it is disappointing when they’re doing this and their users don’t know that’s the case.

If you’ve asked your vendor if they sell your EHR data, we’d love to hear what they say. How did they respond? Are you ok with your EHR selling your de-identified EHR data?

About the author

John Lynn

John Lynn

John Lynn is the Founder of, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference,, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.

1 Comment

  • I haven’t asked my doctor/their EHR vendor if they sell my data, but I am more than OK with them selling my de-identified data. Am I naive to think they are selling the data to improve healthcare? I think of de-identified data as being very useful to people who are trying to study how to improve healthcare. And I don’t think there are many people out there trying to reverse engineer my identity with de-identified data.

    I’m admittedly a person who does not worry much about privacy, but that is mostly because no one has given me a compelling argument to be concerned. Why should I expect de-identified data will be used for harm instead of good?

Click here to post a comment