In a recent Washington Post article (4 August 2008), "Prescription Data Used to Access Consumers", Ellen Nakashima writes about the availability of medical records for data mining. Insurance companies have begun to use databases of prescription records to assess the risks of insuring individuals or when deciding to pay for a treatment. For example, a report could show that an "individual has been on the highest does of the cholesterol-reducing drug Zocor for 18 months" and an insurance company could determine that the patient has "a very high, near-intractable cholesterol problem … and could avoid a costly blood test". The article also points out that these records are more honest than many applicants for insurance and could reduce the cost of insurance while facilitating faster decision making. While HIPAA stipulates that patient consent must be acquired before these records can be accessed, "HIPAA does not give the Department of Health and Human Services the ability to directly investigate or hold accountable … pharmacy benefit managers". Nakashima reports that the increasing availability of electronic records will result in a market in which data mining organizations compete to sell the most complete and cheapest sources of patient data to insurers. Joy Pritts, of the Georgetown University Health Policy Institute observes that "Most people don't even know these organizations exist . . . ." Privacy consultant, Bob Gellman notes that "consumers will likely continue to have no real meaningful choices if they want insurance". Richard Dick, a database designer, suggests better privacy tools for consumers which would allow patients to be more specific when consenting to release medical information, "Otherwise … you have the fox in charge of the henhouse".
I want to know what incentives motivate patients to consent to release this information in the first place. I'm guessing that insurance coverage may depend upon consent; if so, is this real "consent"? – J.O.