Google’s Larry Page wants to ‘save 100,000 lives’ by analyzing your healthcare data

By Eerke Boiten, University of Kent | June 28, 2014

Talking up the power of big data is a real trend at the moment and Google founder Larry Page took it to new levels this week by proclaiming that 100,000 lives could be saved next year alone if we did more to open up healthcare information.

Google, likely the biggest data owner outside the NSA, is evidently carving a place for itself in the big data vs life and death debate but Page might have been a little more modest, given that Google’s massive Flu Trends programme ultimately proved unreliable. Big data isn’t some magic weapon that can solve all our problems and whether Page wants to admit it or not, it won’t save thousands of lives in the near future.

Big promises

Saving lives by analysing healthcare data has become a major human ambition, but to say this is a tricky task would be an enormous understatement.

In the UK, the government has just produced a consultation on introducing regulations for protecting this kind of information alongside care.data, a huge scheme aiming to make health records available to researchers and others who could work with it.

Given the ongoing care.data debacle, this is a broadly sensible document and a promising start for consultation. In particular, it identifies different levels of data. Data that could be used to identify an individual person should not be shared in the same way as other types of data.

But, like Page, the UK government is also presenting a false vision for big data. It has said review after review have found that a failure to share information between healthcare workers has led to child deaths. It’s an emotive admission but rather beside the point in the big data perspective.

It is indeed entirely credible that many tragic failures within the NHS might have been prevented by someone sharing the right information with the right person. Sharing is essential, but when the NHS talks about sharing, it means linking and sharing large medical databases between organisations. Surely no case review has ever claimed that the mere existence of a larger database of information would have got the right knowledge to the right person.

Medical data sharing may be a good thing in many ways, but unfortunately there is no clear case yet that it prevents child deaths and other tragedies. It is only big data, not magic. Preventing child deaths appears to be brought in as emotional blackmail, expected to trump the valid concerns over the NHS’ big data plans.

To view the full article, please visit Google’s Larry Page wants to ‘save 100,000 lives’ by analyzing your healthcare data

Your Doctor Knows You’re Killing Yourself. The Data Brokers Told Her.

Shannon Pettypiece and Jordan Robertson | Bloomberg News | Jun 26, 2014 11:35 AM CT

You may soon get a call from your doctor if you’ve let your gym membership lapse, made a habit of picking up candy bars at the check-out counter or begin shopping at plus-sized stores.

That’s because some hospitals are starting to use detailed consumer data to create profiles on current and potential patients to identify those most likely to get sick, so the hospitals can intervene before they do.

Information compiled by data brokers from public records and credit card transactions can reveal where a person shops, the food they buy, and whether they smoke. The largest hospital chain in the Carolinas is plugging data for 2 million people into algorithms designed to identify high-risk patients, while Pennsylvania’s biggest system uses household and demographic data. Patients and their advocates, meanwhile, say they’re concerned that big data’s expansion into medical care will hurt the doctor-patient relationship and threaten privacy.

Related:

“It is one thing to have a number I can call if I have a problem or question, it is another thing to get unsolicited phone calls. I don’t like that,” said Jorjanne Murry, an accountant in Charlotte, North Carolina, who has Type 1 diabetes. “I think it is intrusive.”

Acxiom Corp. (ACXM) and LexisNexis are two of the largest data brokers who collect such information on individuals. Acxiom says their data is supposed to be used only for marketing, not for medical purposes or to be included in medical records. LexisNexis said it doesn’t sell consumer information to health insurers for the purposes of identifying patients at risk.

To view the full article, please visit Your Doctor Knows You’re Killing Yourself. The Data Brokers Told Her.

Congress sits on hands as health privacy wanes

By David Pittman | Politico.com | 6/12/14 5:00 AM EDT

Everyone from legal scholars to patient privacy advocates — and even the White House — are saying the country’s landmark health privacy law is antiquated and needs to be updated.

But Congress doesn’t appear to be moving any legislation on the issue.

Backers of tougher health data privacy rules argue that much has changed in how people’s health information is collected and handled since the law governing patient records was passed in 1996. Protections added in 2009 don’t fully address the problem, they say.

The Health Insurance Portability and Accountability Act — commonly called HIPAA — largely applies to use of data by health care providers and insurance companies. But they are a smaller and smaller slice of who deals with patient information today.

For example, employee wellness programs, which are increasingly popular and hold potentially private information such as pregnancy status, don’t fall under the HIPAA umbrella. Hospital discharge data is sold by 33 states, according to the Federal Trade Commission, but only three do so in a HIPAA-compliant fashion.

“I think HIPAA does a really good job where it’s relevant,” said Kirk Nahra, a privacy and information security lawyer at Wiley Rein. “What’s happened in the last 15 years is that the space where it’s not relevant has been what’s growing.”

HIPAA governs the doctor-patient and doctor-payer relationships, but it didn’t envision the rest of the universe, and that’s where there is a need for new privacy protections, Nahra said.

Health and fitness apps — of which there are nearly 100,000 available today — are probably the biggest concern. They fall outside HIPAA and are free to collect and share information on their users.

The Privacy Rights Clearinghouse concluded last year that mobile health and fitness apps “are not particularly safe” when it comes to protecting user privacy. They found 26 percent of the free apps and 40 percent of paid apps didn’t have a privacy policy. Furthermore, 39 percent of free apps and 30 percent of paid apps sent data to a third party not disclosed by the developer.

The FTC mapped where data was being sent from 14 free health and fitness apps. One transmitted data to 18 different third parties with diet, workout, personal identifiers and other information. Fourteen third parties received consumers’ names and email addresses, and 22 received gender, location and symptom-search information.

The free use of consumer information by app makers is one reason privacy advocates are concerned that Apple is entering the game. The tech giant announced last week it would make its HealthKit part of its iOS 8 operating system, set to be released later this year.

The FTC sees all of this as a problem and is looking to Congress for help.

In a recent report on data brokers, the commission recommended Congress consider legislation to force tech companies to obtain express consent from consumers before information is collected or shared.

A White House report on big data and privacy last month noted that current policy “may not be well-suited” in the future. While health data exchanges will help realize technology’s potential, the information often is shared “in ways that might not accord with consumer expectations of the privacy of their medical data.”

“Health care leaders have voiced the need for a broader trust framework to grant all health information, regardless of its source, some level of privacy protection,” the report said.

Despite the pleas for new rules on use of consumer health information, Congress appears to be sitting on its hands. Little legislation exists, and the issue has yet to gain traction.

“The only thing that is likely to get congressional interest is for there to be a major data tragedy,” said Nicolas Terry, health law professor at Indiana University law school. “It’s very hard at the moment to see much consensus out there. Everyone says they believe in privacy. Privacy is very important. Privacy is a right. But actually moving the ball forward to protect consumers, given the massive weight of the information lobby, seems very hard.”

Congress has been working on data security and breach notification issues — especially in light of recent high-profile cases involving Target and others — with a decent chance of passing something by the end of the year.

Privacy is another issue. “There’s no consensus on broader privacy issues,” Nahra said.

Lawmakers on Capitol Hill have taken some steps to improve consumer privacy protections since HIPAA was passed. Seeing the dawn of the advent of electronic medical records, they included several provisions in the 2009 HITECH Act, including a ban on the sale of personal health information, breach notification requirements and penalties for privacy violators.

One possible source of inaction is the seemingly immovable lobbying force. Companies such as Microsoft, Google, Siemens, the Mayo Clinic, WebMD, IMS Health and IBM all spent money lobbying Congress last year on health privacy issues, according to disclosure forms.

Even Nike — maker of the popular fitness app Nike+ that’s implanted on all iPhones — disclosed lobbying on privacy issues in 2013.

Terry said consumers could incite change if they demanded it. Automobile makers lobbied hard against safety regulations in the 1960s and 1970s, but car safety is ubiquitous today because of pressure from car buyers, he said.

The FTC has the authority to halt companies’ deceptive practices if they fail to disclose certain data uses to consumers, notes Justin Brookman, director of consumer privacy at the Center for Democracy & Technology, which advocates stronger protections.

As long as the FTC and Congress remain inactive, and consumers remain passive, it’s up to Washington power brokers to point out HIPAA’s inadequacies.

“I do believe it’s time that we look beyond [HIPAA],” Karen DeSalvo, national coordinator for health IT, said at the recent Health Privacy Summit. “As this field rapidly evolves, we need to think about what additional protections might need to be in place.”

To view online:
https://www.politicopro.com/go/?id=35019

 

 

FTC Calls for Data Broker Transparency

By Marianne Kolbasuk McGee | healthcareinfosecurity.com
May 29, 2014

The Federal Trade Commission is urging Congress to enact privacy legislation that would provide consumers with more transparency about the activities of data brokers that collect sensitive health and financial data.

Reacting to the FTC recommendation, two consumer advocates say the explosion of data broker activities in recent years, coupled with regulatory gaps, point to the need for some legislative reforms to protect consumer privacy.

A May 27 FTC report that examined nine companies describes data brokers as “companies whose primary business is collecting personal information about consumers from a variety of sources and aggregating, analyzing and sharing that information, or information derived from it, for purposes such as marketing products, verifying an individual’s identity, or detecting fraud.”

The FTC says data brokers raise privacy concerns for consumers because “significantly, data brokers typically collect, maintain, manipulate and share a wide variety of information about consumers without interacting directly with them.”

The report notes: “In light of these findings, the commission unanimously renews its call for Congress to consider enacting legislation that would enable consumers to learn of the existence and activities of data brokers and provide consumers with reasonable access to information about them held by these entities.”

Deborah Peel, M.D., founder of advocacy group Patient Privacy Rights, says federal legislators and regulators need to crack down on data brokers, especially those that deal with sensitive information, such as health data.

“This is clearly a case where the government must pass laws that require personal control over personally identifiable information to restore our rights to privacy, because we can’t possibly do it ourselves,” Peel says. “Worse, the FTC seems not to have a handle on the size of the health data broker industry. … “Personal information is the ‘oil’ of the digital age – and our personal information belongs to each of us. … If the data brokers want our data, they should just ask. If we think the benefits are worth it, we will say ‘yes’.”

To view the full article, please visit FTC Calls for Data Broker Transparency

 

NHS England patient data ‘uploaded to Google servers’, full disclosure demanded

The UK government has been debating illegal disclosures of patient health data: “The issue of which organisations have acquired medical records has been at the centre of political debate in the past few weeks, following reports that actuaries, pharmaceutical firms, government departments and private health providers had either attempted or obtained patient data.”

The article closes with quotes from Phil Booth of medConfidential:

  • “Every day another instance of whole population level data being sold emerges which had been previously denied”.
  • “There is no way for the public to tell that this data has left the HSCIC. The government and NHS England must now come completely clean. Anything less than full disclosure would be a complete betrayal of trust.”

Far worse privacy violations are the norm in the US, yet our government won’t acknowledge that US health IT systems enable hidden sales and sharing of patients’ health data.  US patients are prevented from controlling who sees their health records and can’t obtain real-time lists of who has seen and used personal health data.

Learn how the data broker industry violates Americans’ strong rights to control the use of personal health information in IMS Health Holdings’ SEC filing for an IPO:

  • IMS buys and aggregates sensitive “prescription and promotional” records, “electronic medical records,” “claims data,” “social media” and more to create “comprehensive,” “longitudinal” health records on “400 million” patients.
  • All purchases and subsequent sales of personal health records are hidden from patients.  Patients are not asked for informed consent or given meaningful notice.
  • IMS Health Holdings sells health data to “5,000 clients,” including the US Government.
  • IMS buys “proprietary data sourced from over 100,000 data suppliers covering over 780,000 data feeds globally.”

Data brokers claim they don’t violate our rights to health information privacy because our data are “de-identified” or “anonymized”—-but computer scientists have proven it’s easy to re-identify aggregated, longitudinal data sets:

deb

This blog was written in response to the following article: NHS England patient data ‘uploaded to Google servers’, Tory MP says

Guest Article: Can You Ever Opt Out from Data Brokers?

Check out the latest from Debra Diener, courtesy of Privacy Made Simple.

Consumers may wonder how it is that they get ads, emails and other information from companies with whom they have had no interaction on or off-line.  Maybe they’re particularly confused if they’ve set their privacy settings to block cookies and other tracking devices.

The reality is that data brokers gather, compile and then sell lists of personal information to companies.  So what can consumers do if they want to try and protect their information from being compiled and sold by data brokers?  The answer is “it’s not easy” especially given the numbers of data brokers and the range of information they collect.

Julia Angwin has written a newly published book, Dragnet Nation, that focuses, in part, on her efforts to identify data brokers and then get the information that brokers have about her.  I plan on reading her book as I heard her discuss it recently and have just read her January 30th article, “Privacy Tools: Opting Out from Data Brokers” posted on ProPublica (www.propublica.org).

Her ProPublica article summarizes the steps required by some of the data brokers in order for her to opt-out of information collection.  As Ms. Angwin writes, there’s no law requiring data brokers to offer consumers that option.  She very helpfully attaches two spreadsheets to her article with the names of companies tracking information along with links to their privacy pages and, for those data brokers offering an opt-out, the instructions for doing so.  As she writes, many of the data brokers require consumers who want to opt-out to provide personal  information and identification (e.g., driver’s license).

Ms. Angwin’s spreadsheets of 212 data brokers provides consumers with a very useful resource.  She is also very candid in describing the difficulties in finding her own information and what she calls “some minor successes” in finding data brokers who had her information and opting-out.

Privacy Tools: Opting Out from Data Brokers

By Julia Angwin
ProPublica, Jan. 30, 2014

Data brokers have been around forever, selling mailing lists to companies that send junk mail. But in today’s data-saturated economy, data brokers know more information than ever about us, with sometimes disturbing results.

Earlier this month, OfficeMax sent a letter to a grieving father addressed to “daughter killed in car crash.” And in December, privacy expert Pam Dixon testified in Congress that she had found data brokers selling lists with titles such as “Rape Sufferers” and “Erectile Dysfunction sufferers.” And retailers are increasingly using this type of data to make from decisions about what credit card to offer people or how much to charge individuals for a stapler.

During my book research, I sought to obtain the data that brokers held about me. At first, I was excited to be reminded of the address of my dorm room and my old phone numbers. But thrill quickly wore off as the reports rolled in. I was equally irked by the reports that were wrong — data brokers who thought I was a single mother with no education — as I was by the ones that were correct — is it necessary for someone to track that I recently bought underwear online? So I decided to opt out from the commercial data brokers.

View the full article here, Privacy Tools: Opting Out from Data Brokers and get a list of the names of companies that track your information, links to their privacy pages, and instructions on how to opt out.

 

 

Data Mining to Recruit Sick People

Companies Use Information From Data Brokers, Pharmacies, Social Networks

Some health-care companies are pulling back the curtain on medical privacy without ever accessing personal medical records, by probing readily available information from data brokers, pharmacies and social networks that offer indirect clues to an individual’s health.

Companies specializing in patient recruitment for clinical trials use hundreds of data points—from age and race to shopping habits—to identify the sick and target them with telemarketing calls and direct-mail pitches to participate in research.

“I think patients would be shocked to find out how little privacy protection they have outside of traditional health care,” says Nicolas P. Terry, professor and co-director at the Center for Law and Health at Indiana University’s law school. He adds, “Big Data essentially can operate in a HIPAA-free zone.”

FTC Commissioner Julie Brill says she is worried that the use of nonprotected consumer data can be used to deny employment or inadvertently reveal illnesses that people want kept secret. “As Big Data algorithms become more accurate and powerful, consumers need to know a lot more about the ways in which their data is used,” Ms. Brill says.

To view the full article, please visit: Data Mining to Recruit Sick People (article published December 17, 2013)

 

 

Brokers Trade on Sensitive Medical Data with Little Oversight, Senate Says

“Marketers maintain databases that purport to track and sell the names of people who have diabetes, depression, and osteoporosis, as well as how often women visit a gynecologist, according to a Senate report published Wednesday.

The companies are part of a multibillion-dollar industry of “data brokers” that lives largely under the radar, the report says. The report by the Senate Commerce Committee says individuals don’t have a right to know what types of data the companies collect, how people are placed in categories, or who buys the information.

The report came in advance of a committee hearing on industry practices Wednesday afternoon.

The report doesn’t contain any new evidence of wrongdoing by the industry, but it underscores the tremendous increase in the sale and availability of consumer information in the digital age. An industry which began in the 1970s collecting data from public records to help marketers send direct mail has become an engine of a global $120 billion digital-advertising industry, helping marketers deliver increasingly targeted ads across the web and on mobile phones.”

To view the full article please visit: Brokers Trade on Sensitive Medical Data with Little Oversight, Senate Says

The Truth About HIPAA – It Hasn’t Changed

Everyone thinks HIPAA protects personal health data. It doesn’t.

The most valuable data collected and sold by US “data brokers” is sensitive personal health information.

US “data brokers” capture sensitive health information by tracking our searches, social media, phone apps and GPS data. The majority of US healthcare institutions, health-related state and federal government agencies, and health technology vendors are also “data brokers”.

HIPAA gave millions of hidden institutions, healthcare providers, and technology vendors the right to control, use, and sell our medical records, prescriptions, lab tests, claims data, and more. HIPAA gave them the right to be “data brokers”.

If the President’s Consumer Privacy Bill of Rights (CPBOR) was the law of the land AND also was applied to the healthcare system, patients could control who collects and uses health data—not “data brokers”.

The CPBOR’s strong new rights to control the use of personal data could end the use of data for discrimination in every area of life, including  jobs, credit, mortgages, and opportunities.

The EU got it right:  no government agency or corporation in the EU can collect, use, or sell personal data without permission.

deb

This blog was written in response to the following article: Senators call for consumer privacy protections