My point is that many hospitals voice concern about patient access to their data through open APIs - yet they give patient data to commercial entities that create easily identified patient records for sale. Shouldn’t we focus this, HIPAA-condoned practice first? @SavageMeHealth

@SavageMeHealth The open APIs give patients choices and access. We need to find ways to help them protect themselves. The current practices give data to commercial entities to sell w/o transparency or patient knowledge. Or patient access. @ePatientDave @BraveBosom @MightyCasey @lisabari

@SavageMeHealth @ePatientDave @BraveBosom @MightyCasey @lisabari So health systems buy unified patient records from companies that have bought data, linked it, and sold it. Patients can’t have it. And health systems don’t tell them they are tracking them. Isn’t this surveillance w/o permission? @PrivacyProject @HugoOC @HealthPrivacy

@SavageMeHealth @ePatientDave @BraveBosom @MightyCasey @lisabari @PrivacyProject @HugoOC @HealthPrivacy I know health systems that buy data from companies that essentially spy on patients… if you go elsewhere, they tell the health system where you went, what for, and when. Never asking the patient if that is OK. Is that OK? #suveillance @SecAzar @HHSOCR @PrivacyProject

@SavageMeHealth @ePatientDave @BraveBosom @MightyCasey @lisabari @PrivacyProject @HugoOC @HealthPrivacy @SecAzar @HHSOCR Intent of companies that get and customers that buy data providing surveillance info on patients w/o permission might be well-intended… but all the same… it is spying w/o permission. Patients don’t know. And the spying data are unavailable to them. Why not #patientsincluded?