In my previous post (Nov 2010) regarding the Sorrell case, I pointed out that the U.S. Supreme Court's decision (either way) will have a profound impact on data-mining and how certain patient information can be used. 

The Center for Democracy and Technology (CDT) has recently taken a closer look at the privacy issues presented in the Sorrell case, and has prepared an excellent memo that "unpacks" and carefully analyzes the legal issues and potential impact the Court's decision could have on current health care policy, and patient privacy in general.  CDT has asked Legal HIE to help get the "word out" regarding the issues presented by Sorrell and covered in the CDT memo, and Legal HIE in turn asks our readers to visit CDT's websiteand review the critical points raised in CDT's Sorrell Memo.  

CDT's blog post on the case and link to the legal memo are also reprinted below: 

A Nuanced Understanding of Privacy

by Brock N. Meeks

March 24, 2011

A case pending before the U.S. Supreme Courthas serious implications for how privacy protections are interpreted.  But understanding the various risks posed in this case requires some careful unpacking of the ways in which "privacy" is—and is not—at issue here.  CDT's Health Privacy Project team has taken a look those risks and published an in-depth memo about its findings.

In this memo CDT focuses on two aspects of the case: First, an explanation of why it is important to recognize the valid distinctions between personally identifiable data and "de-identified" data.  The paper explains that privacy could actually be harmed if the Court were to accept the claims, made in some briefs in the case, that there is no difference between identified and de-identified data.  

The second aspect of the case the paper examines is the claim that doctors have a "privacy" right in their drug prescribing practices.  CDT disagrees and explains here that, while the patient-doctor relationship is based on confidentiality and the trust it generates, it is not useful – and would undermine other health care goals – to speak of doctors as having a "privacy" right in their drug prescribing practices.

The paper concludes by saying:  
 

So in many ways, Sorrell v. IMS Health is not about privacy in the way that defenders of the Vermont law claim.  Yet a broad ruling by the court on de-identified data could have a negative impact on patient privacy.  And a broad statement by the Court on doctor 'privacy' could derail other very timely initiatives. This is not the case, nor is the Supreme Court the institution, to make policy on either set of issues; the parties have offered other viable rationale for the Court to use to decide this case. There needs to be a policy conversation about the viability of the current de-identification standard, but this case needs to preserve the concept that there is a meaningful distinction between identified and de-identified data. It is up to other processes to ensure a continually robust de-identification standard and strict accountability for re-identification.

A full copy of the CDT Sorrell Memo can also be reviewed under "Continue Reading" below.