The State of Connecticut is on track to collect all of your medical insurance claims information into a large data base called the All-Payers Claims Database– APCD. Senate Bill 130 has been raised by the Public Health Committee to allow patients a mechanism to prevent their data from being included in the APCD by using either an opt-in or opt-out option. The Data Submission Guide for the health insurers requires that fully identified patient information be sent to an outside company hired to process and manage the data. The company will then release data to other researchers in de-identified form, but some re-identification is still possible.
This bill would make the APCD directly accountable to consumers for its actions as they would be able to choose who sees this medical information. But right now many state agencies have expressed opposition to that choice because of the cost and the possible decrease to the data base. So unless citizens express their support of SB 130 to the members of the Public Health Committee now, the bill may never get out of committee to go to the Legislature for a vote, and we will lose this control over our medical information.
Fortunately, the A.C.L.U. has testified in support of SB 130, but our immediate expression of support to the Public Health Committee is still needed.
Our neighboring State of Rhode Island allows patients to opt-out of its APCD and does not take names and addresses. Connecticut takes both, along with Social Security numbers and family information. The database will include every diagnosis we have had, the name of every physician and dentist we’ve seen, and every test, procedure and name of drugs prescribed, with the dates – a lifetime medical dossier. (1)
The data released to researchers would have a .22 percent rate of re-identification, which potentially could amount to 7,000 people in Connecticut. The data going to Access Health Analytics (a part of the Insurance Exchange) could have an 87 percent rate because they still contain two personal identifiers of the full date of birth and Zip Code which possibly could be merged with its identified enrollment data and the public voter registration lists. The data going to the Dept. of Public Health could be re-identified by merging with its identified data bases of hospital discharge summaries, tumors, infectious disease and newborn DNA, as just some examples.
As we know, every time data are transferred electronically, there are incremental layers of risk for hacking and inadvertent disclosure by employees. The APCD will carry cyber liability insurance to protect from such breaches as occurred to Anthem, Excellus BCBS and the California hospitals. But the researchers can re-disclose the data to third parties, making it more susceptible to hackers, and the APCD will accept only a signature for proof that the data have been destroyed after use, as per the APCD Policies and Procedures.
The price transparency provided by the APCD could be achieved by requiring providers to post their prices directly to consumers without compromising privacy and without the APCD’s over $11 million cost per year to the taxpayer and the increase to their premiums from the insurers passing on the cost of their participation. The APCD also hopes to improve the quality of healthcare and decrease its cost by setting treatment guidelines and mandates, but consumers must still be able to act on their assessment of the APCD’s risk/benefit ratio which SB 130 would allow them to do.
Susan Israel is a physician from Woodbridge who testified before the state’s Public Health Committee regarding SB 130. Here is that testimony, complete with footnotes.