[From RISKS Forum Digest 17.28.]

Date: Sun, 20 Aug 1995 09:35:01 -0500
From: Quentin Fennessy <Quentin.Fennessy@sematech.org>
Subject: Medicare leak through FOIA analysis and 9-digit ZIP

I read an article on Medicare in the 20 Aug 1995 _Austin American-Statesman_.
The article was evidently done for the Cox Newspaper chain.  The article
talks of the deterioration of the service, and also touches on that fact
that a handful of doctors earn a disproportionate share of Medicare funds
paid out.

The article has a sidebar, which says, in short: Cox analyzed 100 million
computerized Medicare payment records for the report.  The information was
obtained via FOIA.  The doctors names were not released.  Evidently there is
an ongoing court case to release the doctors' names.  Cox was able to
identify some of the doctors.  The doctor's id codes were obscured by
Medicare, but the 9 digit zip codes of the doctor's offices were not.  Cox
was able to pinpoint individual doctors given this level of detail.

Risks: If information needs to be split into private and public components
then care needs to be taken for the job to be done correctly.  9-digit zip
codes divide the US into fairly small areas and so can (and have) given away
the store.

This is not to say that I think this Medicare information should be kept
secret.  However, 9 digit zip codes in databases can be used to pinpoint all
sorts of details about folks.

Quentin Fennessy  quentin.fennessy@sematech.org