Despite a technology revolution in healthcare, patients hoping to compare doctors online or find out what a hospital procedure will cost still don’t have much to go on. But a push for more transparency has led to the release of a massive database of Medicare records, and soon more information–including the financial relationships between healthcare companies and doctors–will also be public. Many hope transparency initiatives will help patients better navigate their health care options.


  • Charles Ornstein Senior Reporter, ProPublica
  • Deven McGraw Partner, Manatt, Phelps & Phillips; former director of the Health Privacy Project at the Center for Democracy & Technology

Join The Conversation Live From Health Datapalooza

We’re pulling in your tweets, photos and videos from noon to 12 as we broadcast from Health Datapalooza. Ask a question, make a comment or post a photo using the hashtag #hdpalooza, and track the conversation below.

You can also join a live chat here


  • 13:06:40

    MR. KOJO NNAMDIFrom WAMU 88.5 at American University in Washington welcome to "The Kojo Nnamdi Show," connecting your neighborhood with the world.

  • 13:06:55

    MR. KOJO NNAMDIToday we're broadcasting live from the Health Data Consortium's Health Datapalooza Conference at the Washington Marriott Wardman Park, a conference bringing together government gatekeepers, web and ad developers, academics and health care professionals. They're brainstorming about how to harness big data to improve the health care system and empower individuals to make well-informed health care decisions.

  • 13:07:17

    MR. KOJO NNAMDILater in t he broadcast, the revolution in personal healthcare technology but first, despite all the advantages and technology in health care, patients hoping to compare doctors online or patients trying to find out what a hospital procedure will cost still don't have a great deal to go on. But a renewed push for more transparency has led to the opening of a trove of health care data to journalists and to the public, including the release of a huge database of Medicare records.

  • 13:07:48

    MR. KOJO NNAMDIAnd soon more information will be made public including the financial relationships between health care companies like pharmaceutical manufacturers and doctors. Many hope that these transparency initiative will help patients better navigate their health care options. Joining us now to have this conversation is Deven McGraw, partner with Manatt, Phelps and Phillips. She's the former director of the Health Privacy Project at the Center for Democracy and Technology. Deven, thank you for joining us.

  • 13:08:18

    MS. DEVEN MCGRAWThank you, Kojo. I'm glad to be here.

  • 13:08:20

    NNAMDIAlso in studio with us is Charles Ornstein. He's a Pulitzer Prize-winning journalist and a senior reporter with ProPublica covering the health care industry. Charles, thank you for joining us.

  • 13:08:31

    MR. CHARLES ORNSTEINGreat to be here, Kojo.

  • 13:08:32

    NNAMDIAnd congratulations to you, Charles, because it was just announced that Charles has won this year's Health Data Liberator's Award presented by the Health Data Consortium, so congratulations.

  • 13:08:43

    ORNSTEINThank you.

  • 13:08:47

    NNAMDIYou can join this conversation by calling 800-433-8850 or you can send email to You can shoot us a tweet @kojoshow. Are you concerned about privacy when it comes to our health information? You can also go to our website, ask a question or make a comment there.

  • 13:09:06

    NNAMDICharles, in most other areas of our lives, looking for a hairdresser or a hotel we can check out online reviews or comparison shop based on price. When it comes to health care it's not easy to do. What are some of the issues?

  • 13:09:20

    ORNSTEINWell, when you're looking to pick a doctor, what are the couple things you're going to do? First, you're going to probably talk to family members and friends and ask them who they see. Second, you're going to see who's located near you. You don't want to travel 20 miles to see a doctor. And third, you're going to ask a doctor if you have that relationship, who would you recommend I see? It's a high-trust profession but one in which you have to, you know, hope that you're lucky and that the advice you're getting is good. Because if it's not, you're putting your life in somebody's hand that maybe you shouldn't.

  • 13:09:53

    NNAMDIDeven, is that what makes health care so different from other services?

  • 13:09:57

    MCGRAWOh, there are so many things that make health care different, but that's definitely one of them. You know, people consumers and patients are really in many respects flying blind. And even if you're getting the kinds of recommendations from friends and family and neighbors, it might not necessarily be focused on the kinds of issues that you really should look for. Like how good is this doctor at the type of procedure that I need? And how good is this hospital at the type of operation that I'm -- that's been recommended for me? And should I even be having it in the first place? That kind of information is really hard for patients to find.

  • 13:10:34

    NNAMDICharles, as we heard in the last hour, that lack of transparency is changing. In fact, today's New York Times has a story about a surge in the prices for some of the most common inpatient hospital procedures based on Medicare data released yesterday. And back in April for the first time, Medicare released information on the types and frequency of medical services...

  • 13:11:08

    ORNSTEIN...information's going to be available than just what -- you know, what are referral recommendations. So among the information that's available first, as you mentioned, there's information available about doctors and the services they perform in Medicare. So you can know which services they perform, the number of times they perform them, how much they were reimbursed for them.

  • 13:11:29

    ORNSTEINThere's other datasets too. One is one that we've been putting together called Dollars for Docs. That looks at the payments by 15 pharmaceutical companies to doctors for speaking and consulting and research and meals. So that's important because it allows you to sort of see, are there other issues that may be affecting your doctor's decision-making.

  • 13:11:49

    ORNSTEINThe third dataset is one of what your doctor prescribes in the Medicare Part D program. So Part D is a drug program that Medicare runs for seniors and the disabled. And we submitted a request under the Freedom of Information Act for individual records prescribing by doctor. So instead of just pharmaceutical companies knowing this for marketing and insurance companies knowing this, we thought, shouldn't patients know this? Shouldn't you know if your doctor's prescribing a drug for you that no other doctors in their specialty are prescribing for patients?

  • 13:12:22

    NNAMDII should.

  • 13:12:23

    ORNSTEINI would think you should too. So we created a website called Prescriber Check-up that lets people check this out and compare doctors to one another in the same specialty and state. Finally the -- one more dataset and then I will be done which is...

  • 13:12:36


  • 13:12:36 about patient referrals within Medicare. Medicare quietly released a dataset which shows you the relationships between doctors, which doctors see patients the most before a certain doctor does and which doctors see patients the most after a certain doctor was. And it's really interesting.

  • 13:12:53

    ORNSTEINWe found one doctor, for example, who four of the five doctors that saw his patients most often after him, the first one is in prison having been convicted of fraud. The second one is in prison having been convicted of fraud. The third one is having discipline against his license and the fifth one is under indictment for fraud. So I would be really concerned about if that were my provider.

  • 13:13:15

    NNAMDIWell, you find this, Charles, to be a pretty exciting moment because in addition to that Medicare data there's a whole lot more information we'll soon be seeing in addition to the Medicare data. Can you talk about that?

  • 13:13:26

    ORNSTEINWell, coming this fall we're going to have a release of information of the payments made by every drug company, every medical device company to doctors. And so then you'll be able to see if your doctor's recommending for you, for example, a da Vinci robot procedure. Did your doctor get money from the maker of the da Vinci robot? If your doctor is recommending for you a spinal implant from Medtronic is your doctor getting paid by Medtronic? These are really important issues that to think that we're flying blind, as Deven said, like right now is kind of crazy.

  • 13:13:59

    NNAMDIIn case you're just joining us, we're discussing information and privacy at the Health Datapalooza meeting being held here at the Marriott Wardman Park Hotel in Washington with Charles Ornstein. He's a Pulitzer Price-winning journalist and a senior reporter with ProPublica covering the health care industry. And Deven McGraw, she's a partner with Manatt, Phelps and Phillips, former director of the Health Privacy Project at the Center for Democracy and Technology. We have a studio audience. Feel free to get -- stand -- step forward to the microphone if you have a question. If you're listening to us on the radio you can call us at 800-433-8850 or send us an email to You can also send us a tweet @kojoshow.

  • 13:14:38

    NNAMDIDeven, these databases may be a treasure trove of information but releasing this data also raises privacy concerns. What are some of the issues?

  • 13:14:48

    MCGRAWWell, the data that are being released are not patient identifiable. So it's data that you could identify to a potential prescriber. For -- in the drug case it's a data that you can identify to a particular hospital but it's not data that's identifiable to if you're a Medicare beneficiary for you as a beneficiary.

  • 13:15:07

    MCGRAWAnd so that really enables patients, consumers and journalists and others to learn from the data without creating undue risks to patient privacy. Is it perfectly de-identified? Is it possible that someone could re-identify a patient from that dataset? You know, it's really hard to get the risk of re-identification down to zero. But it's extremely low that anybody would be identifiable from that dataset. And I think frankly that patients have such a strong interest in learning what we need to learn from this data that that frankly is a risk worth taking.

  • 13:15:42

    NNAMDIAnd then there's this. Jennifer in Silver Spring, Md., your turn.

  • 13:15:48

    JENNIFERYeah, hi. I'm a little bit concerned about the information being put out there, number one. And number two, I thought the HIPAA Law -- how does that protect us? And as far as my pertinent information goes, with computers being so hackable, how is it possible that any company could protect our information and does the government even put anything out there to protect us? I know she said it's not identifiable but it's easy to trace somebody with their diagnosis. Keep in mind there are so many data brokers out there that are collecting people's data. And you don't know who they are and how to even reach them. That's my serious concern.

  • 13:16:27

    JENNIFERNow health care is a privacy between me and my doctors. Why do I want to put it out on the web? And the other thing that I wanted to know is if -- nobody out there can help me but my doctor so putting my information out there, how does that really help me?

  • 13:16:42

    NNAMDIJennifer, is it your belief that the online world will always be vulnerable?

  • 13:16:48


  • 13:16:49

    NNAMDIWell, any more vulnerable than someone maybe breaking into your doctor's office? I don't know.

  • 13:16:54

    MCGRAWYeah, it's not necessarily more vulnerable when that information is digital. And part of it depends on whether the entities holding and receiving that data are adopting security protections for it, things like encryption, things like world-based access, things like only credentialing people to use it who have been authorized to do so.

  • 13:17:15

    MCGRAWAgain, the HIPAA law -- and really it's the Freedom of Information Act that applies here -- always have protections for -- at the individual identifiable level. And notwithstanding the fact that, yes, there is a lot more data out there in the world today than there used to be, it is still really hard and actually very expensive to re-identify someone in a dataset that -- where steps have been taken to de-identify it. So, again, if you're looking for a zero-risk world, you're probably in the wrong one because it's never really been there. But there are steps that are being taken to protect it.

  • 13:17:51

    MCGRAWAnd again, I think consumers have a hug amount to lose when we don't learn from this information. We pay for this care. We pay for it in taxes, we pay for it in terms of co-pays. And when we're getting procedures done that are in fact not best evidence, we're hurt from that too. And so all of that needs to be taken into consideration in addition to privacy interests.

  • 13:18:13


  • 13:18:13

    ORNSTEINI would just add to that, Jennifer, your information is not being released. The information is being released on a provider. And so if your doctor didn't perform a service on at least 11 patients, that information is not being released at all. So this is aggregate information, so this is cumulative over a whole year over multiple patients. So that's important to remember.

  • 13:18:33

    ORNSTEINThe second point I'd make is paper records aren't exactly safe. A pharmacy chain in Minneapolis got in a lot of trouble because it was throwing away information about prescriptions in the dumpster, in unlocked dumpsters in trash bags. And this has happened all this last week. There was a trash bag found along the road -- I don't remember where -- that contained medical records, right. So paper records are pretty dangerous too if they're not handled properly.

  • 13:18:58

    NNAMDIOh, that's exactly what I was thinking. But Deven, when it comes to the privacy of people's personal health information, we often hear that data has been anonymized. Can you talk about how that works?

  • 13:19:20

    MCGRAWYou know, data has a number of different elements to it. As Charles pointed out, when it's in aggregate form, when what you're getting is aggregate statistical form, it's really hard to tell whose data -- whose individual data contributed to that statistic. But even if there were sort of individual level data that are being released, it's got common identifiers either stripped out of it or masked or perturbed using a lot of sort of fancy statistical stuff that I might've learned once in a math class but have since forgotten it.

  • 13:19:51

    MCGRAWBut what they do is they try to retain the usefulness of the data while taking out the elements that would subject it to being more easily re-identified through the presence of other data that's out there in the world. And generally what we find is that when proper standards are used to either de-identify or anonymize data, whatever term you like best, it's incredibly rare that re-identification occurs. When it does occur it usually means that somebody actually hasn't followed standards and customary practice that gets done.

  • 13:20:21


  • 13:20:22

    ORNSTEINYeah, I think it's important to take a step back and say, well why would you want this information in the first place, right? So in addition to just the fact that we're all taxpayers and we're paying for these government programs which are costing tens of billions of dollars or more, you know, so say you're a patient with Parkinson's disease and you go to an internal medicine doctor. And the doctor recommends a prescription for you of a particular drug.

  • 13:20:43

    ORNSTEINYou could go to our website, you could go to PrescriberCheckup and see, has the doctor prescribed this drug? Like, does he have -- do they have experience prescribing this drug? If they don't, do you really want to be seeing that prescriber? On the other hand, you have a co-payment for your drugs of say 30 percent. Your doctor prescribes you a drug that costs $300. Your coinsurance is $90. Well, there may be a generic alternative for that drug. And it just so happens the doctor also has a speaking relationship with the company that makes that drug. All of a sudden, $90 versus say $5, you as a person have a direct interest in knowing this sort of information.

  • 13:21:21

    NNAMDI800-433-8850 is our number. Do you think there's enough information out there for patients when it comes to health care options, 800-433-8850. You can send email to But Deven, even with anonymized data, there are still privacy concerns. You point out that even in new stories that do not name individuals there's often a great deal of information that could identify someone.

  • 13:21:47

    MCGRAWWell, you know, I was looking at the stories where they were talking about a very serious illness that's only in the Middle East, MERS, that they're starting to see some cases here in the United States. And they've identified a lot of details about the people who have been found to have this disease in this country. When they were in the Middle East, what they were doing in the Middle East. And it's frankly a fairly large amount of data that, with the right other pieces of data that you might be able to gather, it wouldn’t be too hard for someone to figure out who that person is.

  • 13:22:22

    MCGRAWNow keep in mind though that as hard as journalists work to try to protect identity and not name persons, the type of information that was released about this person would never pass muster for de-identification under HIPAA rules, for example. And HIPAA is the federal privacy law that covers data that's held by doctors and health plans and Medicare frankly.

  • 13:22:44

    NNAMDIHere now is Roger in Chevy Chase, Md. Roger, you're on the air. Go ahead, please.

  • 13:22:50

    ROGERFirst I'd like to reply to -- or add to the speaker who just answered the question there. The real point of having the HIPAA rules and sort of the (word?) of the patient has not been to -- was to protect the patients from insurance finding this out or other companies finding it out and applying that information against them.

  • 13:23:13

    ROGERBut the other point that you were making earlier was in reference to private companies or individuals receiving favors. I don't see how the system is really doing to be able to link that in the data banks besides maybe a very well-known doctor that has speaking engagements with a private group. There's a lot of marketing done that's really unidentifiable that pushes doctors to, you know, prescribe one particular drug over another drug as sort of a habit more than anything else because they've been exposed to the information concerning those drugs.

  • 13:23:48


  • 13:23:48

    ORNSTEINWell, I think what I would say to that is that we are already seeing indications that there's a pretty strong link between the way in which companies market their drugs and the way in which doctors prescribe their drugs. There is a drug for blood pressure, a beta blocker it's called, made by Forest Laboratories called Bystolic. And Bystolic is more expensive than other generic beta blockers in this class.

  • 13:24:09

    ORNSTEINSeventeen of the top twenty prescribers in the Medicare program received speaking payments from Forest Laboratories, the maker of Bystolic. One is deceased and the other two did not. That's important to know. There is a strong relationship between marketing and practice. And you could argue it's a chicken-egg sort of thing that the reason that they're chosen for speakers is because they believe in the drug and it's not affecting their prescribing. But as a patient you deserve to know that.

  • 13:24:35

    ORNSTEINAnother point I'd just make about HIPAA too that the caller brought up, HIPAA is not designed to protect the privacy of health providers. It's designed to protect the privacy of patients. And too often what I find as a reporter is it's used as an excuse as a shield for all manner of not wanting to talk about things. Even when a patient has signed a consent that allows you to talk about something, the provider will say, well I'm not going to talk about it for a different reason. So HIPAA's sort of like the default excuse.

  • 13:25:01


  • 13:25:04

    NNAMDIDeven clearly agrees with that. We're talking with Deven McGraw. She's a partner with Manatt, Phelps and Phillips, former director of the Health Privacy Project at the Center for Democracy and Technology. And Charles Ornstein. He's a Pulitzer Prize-winning journalist and a senior reporter with ProPublica covering the health care industry. You can call us at 800-433-8850 or send email to Deven, what kind of privacy protection do users of things like personal health apps have?

  • 13:25:34

    MCGRAWWell, that's a really good question, Kojo, because I think a lot of people think that HIPAA -- because, you know, they sign that nice little form in the doctor's office and they get one from their health plan and they think that it applies to health data regardless of who collects it and where it is. And, in fact, that's not the case. HIPAA has limited coverage. It only protects data when it's in the hands of your physician or your hospital or your health plan. And it doesn't protect the data that you might decide to enter into an app that you download on your phone.

  • 13:26:04

    MCGRAWThat -- the protections that you are provided are the ones that the company offers you through their notice of privacy practices or their licensing agreement, the thing that you are asked to check the box on when you sign up for the app. And more often than not people want the app and they either don't read what's in those policies or maybe they do and they don't sort of fully understand it but they want the app anyway and they check that box.

  • 13:26:29

    MCGRAWYou know, if what's been committed to you is we will sell your information in order to help fund the app because it's free to you, then they're permitted to do that. There isn't anything that is unlawful about that. And essentially you're sort of on the hook for reading those notices and protecting your own privacy. The Federal Trade Commission can intervene if a company makes a commitment to you and then does something in contravention or in conflict with that commitment. But otherwise it's sort of -- I call it be aware before you share.

  • 13:27:02

    NNAMDIBecause it is likely that people using these personal health apps don't realize that they may not in fact own their personal health data.

  • 13:27:09

    MCGRAWWell, that's right. I mean -- and the likelihood is that they probably don't although, you know, if it's an app that's designed to be appealing to them, you know, you should be given a lot of rights. And including if you decide not to use the app anymore to be able to at least retain your copies of that data much less be able to tell the company that they can't use that anymore. But the terms and conditions, they set them. And unless they're patently unfair, which is another piece of the Federal Trade Commission's authority, then it's permissible. And yet it is really up to you to determine whether you're comfortable with that.

  • 13:27:45

    NNAMDICharles, when it comes to what information is out there, why should we make a distinction between doctors and hospitals? Can you explain?

  • 13:27:53

    ORNSTEINSure. I think that when -- for too long the media sort of said that because we're going to talk to you about the health care system that you're going to care about it as a, you know, consumer of information, I think that there's something false there. The closer we can get to an individual and the more we allow them to personalize information, the more they care. So if I'm reading a story about say doctors misprescribing antibiotics, I sort of tune out because I'm like, well is my doctor doing that? Well, you can't answer that question so do I care? Well, I may ask my doctor about it but if you can show me that my doctor's misprescribing antibiotics, I'm going to care a whole lot more than that.

  • 13:28:26

    ORNSTEINSo I think you sort of have a hospital level is close to a person, but the person generally picks their doctor. The doctor then recommends which hospital they go to.

  • 13:28:34

    NNAMDIOn to Masha in Rockville, Md. Masha, you're on the air. Go ahead, please.

  • 13:28:40


  • 13:28:41

    NNAMDIGo right ahead, Masha, you're on the air.

  • 13:28:44

    MASHAYes. I have a question about the (unintelligible) a few months later (unintelligible) the credit card company that (unintelligible) from the credit card company. (unintelligible)

  • 13:29:26

    NNAMDIFascinating question. In case you didn't hear the question probably, Masha received a bill months back for a surgery even though her name was misspelled. A few months later she got a credit card offer with the same misspelling. She's wondering if maybe the hospital passed her information on to the credit card company. How likely would that be, Charles or Deven?

  • 13:29:48

    ORNSTEINWell, I think sometimes what you're finding is that hospitals in particular don't want to be the individuals to sue patients. They've gotten a pretty bad reputation for going after patients in court. So sometimes they try to form relationships with credit card companies or other billing firms to transfer that debt because then if you don't pay your debt to a credit card company, then the credit card company can go after you. And it's one level removed from the hospital.

  • 13:30:12


  • 13:30:12

    MCGRAWYeah, that's probably about the most logical explanation for that because the -- because from -- if -- physicians are prohibited -- or hospitals for that matter are prohibited -- and health plans also -- from selling that data to a marketer for marketing purposes. But they could, for example, enter into a contractual relationship with a credit card vendor to enable them to process payments that are owed to them.

  • 13:30:37

    MCGRAWBut in that case there'd have to be an agreement where that credit card company would have to abide by HIPAA as a contractor, what's called a business associate in the technical term. And so they also would be prohibited from using the data for marketing purposes without asking you about it first. And so it's -- but I would want to really uncover the details of this because when I hear about things like this, I'm always suspicious that somebody has done a pretty generous interpretation of what HIPAA allows. It doesn't seem right that that would happen.

  • 13:31:11

    NNAMDII'm afraid that's all the time we have. Deven McGraw is a partner with Manatt, Phelps and Phillips. She's the former director of the Health Privacy Project at the Center for Democracy and Technology. Deven, thank you so much for joining us.

  • 13:31:21

    MCGRAWThank you, Kojo.

  • 13:31:22

    NNAMDIAnd Charles Ornstein is a Pulitzer Prize-winning journalist and a senior reporter with ProPublica covering the health care industry. Charles, congratulations once again. Thank you for joining us.

  • 13:31:31

    ORNSTEINThanks. It's been a lot of fun.

  • 13:31:32

    NNAMDIWe're going to take a short break. When we come back, the revolution in personal health care technology. You can still calls us if you have questions or comments, 800-433-8850. Send us an email to Shoot us a tweet @kojoshow. I'm Kojo Nnamdi.

Topics + Tags


comments powered by Disqus
Most Recent Shows