The story last week on e-prescribing ["$3 billion annual savings estimated for Medicare e-prescribing," GovHealthITcom, March 4] does not mention the elephant in the room: that every prescription in the nation has been data-mined and sold for over a decade to drug companies and employers without the legal consent of Americans.

The 'consents' on which this theft is based are illegal and coerced by health plans when you sign up annually for a health plan.

No e-prescribing legislation should pass unless it ends the daily theft of
the nation's electronic prescription records and restores Americans' rights to health information privacy. My organization, Patient Privacy Rights, and our allies will oppose this bill unless it is fixed.

Today most Americans do not even know about this privacy disaster.
Patient Privacy Rights is working to alert the public about this massive violation of their right to privacy.

Last Friday at a congressional briefing sponsored by the bipartisan Alliance for Health Reform and Divided We Fall, I called for congressional investigations into the secret corporate world that data mines our sensitive personal information.

The data mining industry makes billions in profits every year and not one dime goes to help a single sick person. Our healthcare system is so broken that the greatest profits in healthcare are made by corporations that steal our sensitive health records, not by the health professionals who actually treat and care for us when we are sick.

One prescription data mining corporation reported revenues in 2006 of $2 billion. One of the nation's largest insurers sells the longitudinal claims and health data of all 79 million of its enrollees to large employers to lower their costs.

How on earth could they have obtained all that data without informed consent? All the data they sell can easily be re-identified with three bits of information, zip code, sex, and age. It is impossible to scrub the data in health records so clean that re-identification is impossible. Health data is so rich that it contains far too much detail to ever be safe.

Most health information technology systems were built either in ignorance or defiance of both medical ethics and the very strong laws in every state requiring informed consent before sensitive personal health information is disclosed. HIPAA is an "disclosure sure" rule, not a Privacy Rule. After it was secretly gutted in 2002 by HHS, it has been used by the data mining industry to justify access and use of the nation's health information without consent.

To help address this issue, Patient Privacy Rights has formed a new organization, Privacy Rights Certified, which will begin certifying health IT platforms and applications in the next 30-60 days so that vendors with health IT products that protect the security of our data and ensure we are in control of who can see and use our data will be able to display a Good Housekeeping-type seal-of-approval to show the public that their personal health information is safe.

Microsoft's HealthVault and e-mds.com's EHR application for physicians' offices will be the first to be certified. Vendors that build legal and ethical health IT products will want to prove to the public they are not data thieves by being audited by an independent, consumer-led non-profit organization. Certification by industry consortia will never be trusted by the public. The foxes will never convince us chickens that they are looking out for our best interests.

Its time for Congress to stop pandering to the insurance industry, the data mining industry, the drug industry, the hospital industry, and all those who profit from the illegal and unethical theft of our personal health data----worth billions annually.

Congress should start by ending the daily data mining and theft of our
prescriptions. Congress should show the American people that it will not stand for the systematic destruction of Americans' long-held rights to privacy. Let the investigations begin!

Deborah C. Peel, MD
Founder and Chair
Patient Privacy Rights