Showing posts with label consumer credit. Show all posts
Showing posts with label consumer credit. Show all posts

Saturday, September 9, 2017

The Equifax Hack - Implications for Corporate Medicine




A couple of days ago it became general knowledge that Equifax, one of the major credit reporting agencies in the US was hacked and information on up to 143 million people was exposed.  To make matters worse, the theft occurred from the company's own identity theft monitoring division called TrustedID Premier.  Like most identity theft prevention companies they charge a monthly fee for monitoring your credit transactions and monitor credit card transactions  by number.  They generally store more personal identification information than is found on a typical credit report.  According to Bloomberg financial news Social Security numbers, addresses, driver’s license data, and birth dates were available to the hackers.  It took a few days but the agencies eventually picked up on the fact that Equifax was going to provide a year of free credit protection in return for a waiver that the person getting the protection was not going to sue the company.  The Bloomberg piece quotes an attorney saying that Equifax could be facing and $70 billion in claims and a multibillion dollar class action lawsuit has already been filed.  It goes on to point out that the consumers are limited by arbitration, but in practical terms they are also limited by the sheer scope of trying to collect damages from massive corporations.

I have followed consumer reporting since it all started back in the 1970s.  Originally it was just one company and the data was held in a safe.  With the evolution of information technology in the 21st century the landscape has evolved into three national credit reporting agencies Equifax, Experian, and TransUnion.  There are longstanding concerns about the accuracy of the data they keep in credit reports, the rating system, consumer access, and dispute resolutions.  The fact that all of the information is stored under Social Security Number identifiers is significant for two reasons.  One is the promise that Congress made to the American people when Social Security was introduced - the the Social Security Number would never be used as a national identifier.  At the most it would be used within the government for identification purposes.  Today all credit reporting information is linked to SSNs and the numbers are bought and sold on the black market by the tens of millions.  Reason two is that this is this wholesale loss of control over the SSN has been the single most important cause of identity theft.

According to the US Department of Justice - 17.6 million people or about 7% of the US population over the age of 16 was a victim of identity theft in 2014.  Although half of these incidents are rapidly resolved with minimal losses the scope of the crime results in total losses to victims of $15.4 billion.  The DOJ study shows that social consequences of the theft (life stress) are a direct correlate with the length of time that it takes to resolve the incident.  Commercial losses are estimated to be about twice of the loss to victims.  The typical way that a victim of identity theft learns about the problem is that they are notified by a business.  There is no standard protocol for dealing with the problem.  A minority of people report it to the police and if they do they are likely to receive a police report number.  Businesses in general were very lax in doing anything about the theft.  The usual recommendation is complete the affadavit that the consumer did not take the money himself, but now hacking and identity theft is so common that the federal government has a special website to be of assistance called IdentityTheft.gov.

Most Americans would find that the wholesale facilitation of identity theft would be infuriating enough on its own merit.  But consider for a moment that they general processes that resulted in this problem are generally applied to any number of businesses including health care.  A few of the common points are listed in the table below.  The only possible difference is that data breaches of health care systems are much more common.

Industry
Credit Reporting
Managed Care
Invented by Congress?
Yes
Yes
Protected by state and federal laws and regulations?
Yes
Yes
Use Social Security Numbers as unique identifiers?
Yes
Yes
Legally mandated limits on privacy?
Yes
Yes
Mandated use by every citizen – no opt out?
Yes
Yes
Civil Liability limited by law?
Yes
Yes


The parallels are uncanny and the results are the same.  Large protected industries that at some level can trade in consumer privacy and generally act with impunity.   Like the explicit and implicit protections against lawsuits that the credit reporting industry has - the managed care industry is protected from lawsuits by ERISA.  Managed care companies themselves can essentially do what they want in terms of reimbursing doctors, paying for medications, setting rates and copays.  They set their own standards and advertise these standards as quality.  The real quality these businesses add is negligible to less than negligible. To get treated in these systems prospective patients need to agree to play by all of these limitations including the fact that medical and private information will be released to any payers and "protected entities", including companies that may be interested in selling the patient a product to treat one of their chronic illnesses.

I never cease to be amazed at how passive Americans are when it comes to allowing elected officials to barter way their privacy rights and money to businesses.  The credit reporting industry did not exist before a few entrepreneurs convinced Congress it was a good idea and and the legal and regulatory landscape was set to to favor those businesses to the point that they are essentially monopolies.  With few exceptions, the consumer needs to pay for the information that they are collecting on him or her if they are interested in the reports and then again if they are making a significant financial deal.  They are not allowed to opt out of a system that puts them at risk all of the time.  It is easy to see how these systems engender a fatalistic and in some cases nihilistic attitude in many Americans. 

That is not likely to change until elected officials stop treating their citizens like they are cannon fodder for the businesses they invented in the halls of Congress.      

George Dawson, MD, DFAPA




Reference:

Polly Mosendz and Shahien Nasiripour.  Equifax’s Hacking Nightmare Gets Even Worse For Victims https://www.bloomberg.com/news/articles/2017-09-08/equifax-s-hacking-nightmare-gets-worse-thanks-to-arbitration-clause  September 8, 2017, 6:38 PM CDT



Attribution:  Graphic at the top dowmloaded from Shutterstock per their standard agreement.  Artist is TippaPatt  - labelled as: "Digital alarm icon and low angle view modern office buildings in blue tone with network connection concept, smart city and wireless communication network, IOT internet of things conceptual image."


Supplementary:

Jerri-Lynn Scofield.  Wolf Richter: Worst US Consumer Data Hack Ever? Equifax Confesses.  naked capitalism.  September 11, 2017.

Good article on how to protect yourself from the Equifax hack and a good quote on how to view your relationship with credit reporting companies:

"And remember: you’re not their customer; you’re their product."

Monday, March 24, 2014

The Problem With Making Medical Information More Like Financial Information

I have been an interested reader of financial information for the the past 40 years.  My uncle was an avid stock market investor when I was a kid and he got me interested in reading the Value Line investment  survey.  I still read it and base some of my decisions on it.  Over the years I have had some degree of success in investing, but it hasn't all been good.  One of my greatest successes was a defensive maneuver that resulted in me not losing anything during the stock market crash of 2008.  I have been a subscriber at one time or another to most of the significant investment magazines and newspapers in the United States.

It has been interesting to observe what has happened to what has come to be known as the financial services industry over my investing career because it has implications for the increasing business control over medicine.  I have already alluded to many on these implications on this blog including treating knowledge workers like production workers and creating an unhealthy work environment that results in a lack of empathy for the patients being treated.  But there are even larger implications.  Financial services industry friendly legislation has probably been the single largest contributor to the idea that the privacy of individuals is relative to the advantages gained by establishing credit reporting.  Credit reporting agencies were born out of the idea that data could be collected under a Social Security Number and released to any financial institution without the consent of the person behind that SSN.  That single idea violated a previous promise by Congress that SSNs would not be used as any type of national identifier and was single handedly responsible for creating a multi-billion dollar industry that basically buys and sells credit information and the identity theft industry - both the criminal side and the services to protect people from the criminals.  It is much harder to be an identity thief in a world that does not have credit information centralized on a SSN.

The driving force behind businesses everywhere is to create leverage that results in people needing to buy a product or service and make it so they can't get it anywhere else.  We hear a lot about competition and its importance in capitalism, but there is plenty of evidence that capitalism is not only lacking but that measures are often in place to severely restrict it.    It results in an industry that is set up to optimize gain from consumers while keeping them all at risk.  As an example, one of the "low risk" strategies for investing with some of these companies is to investment in index funds.  As retirement nears, the recommendation can be to put funds into an annuity or with an advisor who can determine withdrawal rates, reallocation, and future investment decisions.  In many cases the retiree is charged up to 1% for that service on top of whatever service charges and transaction fees are associated with the funds that are invested in.  There is always the disclaimer that there is no guarantee of income from the account and this is compounded by the fact that interest on cash and money market funds is at an all time low.  Very few investors can fund their retirement by interest on so-called safe investments and in the last decade we have witnessed the first losses on money market funds.  All things considered, regulation at all levels seems like it is clearly set up to favor the financial services industry.  They have a license to warn you that you can lose money even though you may be paying them to protect it - and that's OK.  In some extreme examples, investment banks have recommended purchases to customer that they were actively betting against.

I don't know how many people can see the trend, but it is pretty obvious to me.  As medical information gets more like financial information - it moves farther away from any reality basis and it becomes a vehicle for manipulation.  The whole point of collecting data from a medical and scientific standpoint is to look at underlying meaning specifically implications for health care.  The best example is lab data.  If I look at a patient's CBC with differential count and chemistry profile,  I have about 40 data points, any one of which could have significant health implications for the care of that individual.  If I look at various quality markers and screening scores that are being collected for business purposes that data varies from questionable to clearly invalid and yet physicians are being held "accountable" for what is essentially business quality data.  In other words, data that has no scientific basis and can be manipulated for a specific result.  The usual intent is to maximize business profits and make it seem like the business is much more critical to the provision of health care than the health professionals it hires.  As absurd as that last sentence looks, it is without a doubt one of the goals of most health care businesses.

Business information collected and manipulated for the sake of furthering business interests in the health care industry is no more valid than  what happens in the financial services industry.  Both types of information have evolved to place the consumer at risk all of the time and give them no clear reason for a making a decision in their own interest.  And in both cases, consumers have no choice but to participate.  We have a government mandated retirement industry that provides a windfall to financial services.  We now have a government mandated health care industry that is set to provide a windfall the large health care and pharmaceutical companies.  In both cases it is underwritten by the American consumer who is placed at financial risk all of the time in an economy of stagnant wages and significant unemployment.

George Dawson, MD, DFAPA