Elizabeth Burke discusses the lack of privacy in offshoring medical records
February 7, 2019
Having previously worked as an outpatient and diagnosis-related group (DRG) medical coder, auditor, appeals author, and coding educator, Elizabeth Burke is no stranger to Health Information Management. Burke worked in a medical corporation for six months, and during that time, she saw firsthand how many privacy violations of patients’ medical records occurred and was told to “keep quiet.” Her experience fueled her desire to make a change. In response, she is now taking on a new role to inform others about privacy violations in the healthcare system by public speaking, or as she describes it, “technically whistleblowing.”
The University’s Institute for Public Policy invited Burke to speak about her experience as a patient privacy advocate on Feb. 5. Burke began her talk with the fact that “increasingly, medical records are being sent to foreign countries for processing,” which is known as offshoring. According to Burke, this occurs because it is far cheaper to process records in countries like India and Pakistan than it is to do so in the United States. She also explained that this is a problem because HIPAA laws are not internationally protected; therefore, these foreign countries often do not regulate who can get a hold of the medical information that is brought there by the United States.
One particular case that Burke outlined in her talk was that of India, a country where “offshoring is 28 percent of their GDP,” and yet there are little to no regulations on who can access these medical records. Additionally, there are no protections for Americans whose information is contained within those files.
In India specifically, Burke explained that a clarification of the Information Technology Act made in 2011 states that, “Body corporate providing services relating to collection, storage, dealing or handling of sensitive personal data or information under contractual obligation with any legal entity located within or outside India is exempt from the requirement to obtain consent.” In other words, Burke claims, “an entire industry lives inside that loophole,” as the Act says that medical records of Americans brought to India for offshoring do not need to be given with the consent of the patients themselves.
To conclude her talk, Burke provided two examples of current events relating to the mishandling of private patient information in the United States. The first was a company called Aetna, which mailed letters to HIV-positive patients in Pennsylvania and had their status obviously visible in the clear space on the front of the envelope. The second example was a company in New Jersey called Virtua, whose medical records were leaked to Google. As a result of this leak, one woman was able to find her mother’s entire medical history online.
Burke used these two examples to detail her point that patient privacy and patient rights are being violated by the business of offshoring. She finished by stating that “No one goes to a hospital to do business; you go to a hospital because you are sick.”
Following the talk, attendee Clare Merante ’21 said, “The talk was very eye-opening. I had no idea that this was such an issue. I was always taught to be worried about our government misusing our information, not about how easy it was for our information to be used overseas.”