We all know that patient data can be worth its weight in gold. It contains a treasure trove of information, and lots of companies will be happy to give an arm and a leg to get access to this.
When patients go to a clinic, they expect that their information will be kept private and secure. However, I find that private labs in India seem to be selling this data to corporate healthcare customers to create an additional source of revenue. While I don't have any proof, I have strong circumstantial evidence based on what my patients have shared.
For example, I recent had a patient who had a negative beta-hCG result , which means her IVF cycle had failed. The test was done at a reputed lab, and after two days, she got a phone call from an agency which said - We are so sorry to hear your IVF cycle failed - would you like us to refer you to another reputed IVF clinic?
Then there was another patient who went to the same lab who had a positive hCG test. She received a call from a cord blood stem cell company saying - Congrats, we heard that you are pregnant ! Would you like us to store your baby's cord blood cells after delivery ?
How , why and where is this confidential patient data getting leaked ? Is the lab monetising this by selling leads to companies ? Or is this data being sold on the sly by their employees ?
This may just be the tip of the iceberg. It's high time checks and balances are put in place to make sure that confidential patient data is not sold. It's not just labs - we all know that pharmaceutical companies buy this data from chemist shops so that they can keep track of doctors' prescribing habits. Similarly, digital health companies which provide electronic medical record services as well as Practice Management Software to doctors also have access to a lot of patient data, and we don't know how they well they protect this.
Everyone in the US healthcare system has to follow strict HIPAA laws, and this is an important safeguard. Both doctors and patients are confident that their patient's data is secure . Most Indian companies don't seem to follow any guidelines, and I am very worried that patient confidentiality is being breached. Others say they do, but they need to be audited to prove their claims.
Before the situation goes from bad to worse, this needs to be looked into seriously. As it is , the credibility of the healthcare system is poor, and this will just increase the trust deficit even further. This is an important topic, and it's very disappointing that the quality of investigative journalism in India is so poor that no one is willing to explore this topic in greater depth.
Are there checks in place to ensure that labs and digital healthcare companies do not share the patient data which they have access to without the patient's specific permission and consent? And how is this being verified ?