When 2+2 Equals a Privacy Question
TIME to revisit the always compelling — and often disconcerting — debate over digital privacy. So, what might your movie picks and your medical records have in common?
How about a potentially false sense of control over who can see your user history?
While Netflix and some health care concerns say they have been able to offer study data to researchers stripped of specific personal details like your name, phone number and e-mail address, in some cases researchers may be able to re-identify you by correlating anonymous information with the digital trail that you’ve left on blogs, chat rooms and Twitter.
Of course, you may be fine with that. On the other hand, you may not want complete strangers rummaging around in your history of movie selections or medical needs.
For example, contestants in Netflix’s competition to improve its recommendation software received a training data set containing the movie preferences of more than 480,000 customers who had, as they say in the trade, been “de-identified.” But as part of a privacy experiment, a pair of computer scientists at the University of Texas at Austin decided to see if it was possible to re-identify those unnamed movie fans…
…The Web site of Practice Fusion, meanwhile, quotes Ryan Howard, the chief executive, as saying that the company subsidizes its free record-keeping systems by selling de-identified data to insurance groups, clinical researchers and pharmaceutical companies. In an interview, however, Mr. Howard said Practice Fusion had not yet started selling patient information but that it intended to do so
NEW regulations require notifying patients if their personally identifiable medical information gets loose, and they prohibit selling protected health records. But privacy advocates said electronic health records remain vulnerable because no federal law now forbids the sale of de-identified health care data.
In 1997, for example, a researcher identified the medical records of William Weld, then the governor of Massachusetts, by correlating birthdays, ZIP codes and gender in voter registration rolls and information published by the state’s government insurance commission.
There are no current federal laws against re-identification, said Dr. Deborah Peel, a psychiatrist who is a director of Patient Privacy Rights, a nonprofit watchdog group in Austin, Tex.
“Once personal health data gets out there, it’s like the Paris Hilton sex tape,” Dr. Peel said. “It is going to be out there forever.”