Does Your EHR Sell Your EHR Data?

Posted on May 12, 2017 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I recently saw a tongue-in-cheek tweet from Howard Green, MD about how healthcare shares data:

There has always been a disconnect between providers and EHR vendors saying they can’t share data and then EHR vendors can easily sell and share EHR data to the healthcare industry. If you don’t think this happens at large scales in healthcare, then you need to look no further than IMS which last I checked was a multi billion dollar public company on the back of our health data.

The “sharing” or should we say selling of EHR data is big business and happening a lot more than we realize. I know the Patient Privacy Rights organization was trying to make a map of all the ways your health data was being shared. However, you can imagine that’s an almost impossible task to accomplish. I think most of us would be shocked to see how far and wide are health data is shared.

I wonder how many doctors know the answer to this question, “Does your EHR sell your EHR data?”

My guess is that most doctors assume that their EHR data is not being sold. For a number of EHR vendors, that’s probably true. However, my guess is that most doctors don’t know their EHR vendor’s policy on selling EHR data. If you don’t know, you should ask your EHR vendor and find out.

For those EHR vendors that are selling EHR data, you can be sure that they will happily reply that any EHR data they sell is de-identified. They’ll argue that it’s not a violation of HIPAA because it doesn’t have any PHI because they’ve de-identified the data and only sell the data in aggregate. No doubt there are many that would argue that there’s no perfect way to totally de-identify your EHR data and that when combined with other sources, they can often identify your patients.

This is big business and so it’s easy to see why an EHR vendor would give the go ahead to de-identify and sell the data stored in their EHR. Although, it is disappointing when they’re doing this and their users don’t know that’s the case.

If you’ve asked your vendor if they sell your EHR data, we’d love to hear what they say. How did they respond? Are you ok with your EHR selling your de-identified EHR data?