The DEA Wants Your PHI
added: 09.26.2013, by Mike Spinney
Facebook may be a great place to share pictures of your cat beard, or to re-circulate the latest meme, but even in an age of rampant social sharing, if you are dealing with addiction, spousal abuse, sexual dysfunction or some other challenge, chances are you aren’t anxious the post the details on your wall.
After all, an individual’s medical records are among our most private documents. The discussions and interactions we have with professional healthcare providers on even the most mundane of maladies are highly sensitive. We engage in those discussions because there is a bond of trust between the public and the medical profession, and that bond is protected by the assurance of doctor-patient confidentiality.
Yet Drug Enforcement Agency is trying to argue for a loophole in that bond that would give them access to personal health information and other medical records shared with pharmacies.
According to the Verge, the American Civil Liberties Union has filed suit against the DEA over its claims that medical records handed over to a pharmacy negate constitutional protections on the basis of third-party doctrine.
The article points out that the ACLU’s initial filing took place earlier this year and remains in the courts, so it remains to be seen how the courts will rule. I bring it up not to continue to beat the drum of domestic surveillance, because it is yet another example of document security that may have been assumed but that is, in reality, tenuous.
We go through each day in the digital age sharing information and leaving a trail of data crumbs without much thought. Swipe a debit card, carry a mobile device, activate a toll collection transponder, browse the Internet, stroll through a public square and someone somewhere is keeping tabs. While we may be comfortable with such activities, it may inure us to the many ways our privacy could be invaded or our sensitive documents compromised.
Awareness is the first line of defense. If you know that your confidential information may be at risk and you are comfortable with the status quo, that’s your informed decision. But if you assume a certain level of protection and make decisions within that context, and those protections do not exist, that is an uninformed decision.
It is becoming clearer that the best position is to assume no protection apart from those actions we take on our own behalf.