BLOG

Trading patient data for free EHR software…can your patients live with that?

Free software vendors sell anonymized patient data to medical research firms, pharmaceutical and insurance companies, as well as to other entities. Data is supposed to be stripped of direct identifiers, which are names, Social Security numbers and dates of birth, in accordance with HIPAA requirements. However, with sophisticated technology, this practice may result in identifying that data with a patient and the release of sensitive patient information. Companies that violate physicians’ trust place physicians in jeopardy of losing loyal patients. 

Responding to on an online article entitled, “Use of Free EHRs may violate new HIPAA Rule,” a reader warns, “As a patient, I think the more ominous aspect of “free EHR” is the selling of deidentified patient data. Experts have proven that it is possible to reidentify individual data, such as with Netflix. Also what happens if someone with the EHR company accidentally fails to properly deidentify the data, or the EHR company goes belly-up and someone acquires the company?

Most providers are not reading the software licenses and understanding that if something bad happens, the free EHR vendor is not going to take the liability. And patients have no idea that their doctor is selling their patient data (which is what is really going on) in exchange for a “free” EHR.