NHS England patient data ‘uploaded to Google servers’, full disclosure demanded

The UK government has been debating illegal disclosures of patient health data: “The issue of which organisations have acquired medical records has been at the centre of political debate in the past few weeks, following reports that actuaries, pharmaceutical firms, government departments and private health providers had either attempted or obtained patient data.”

The article closes with quotes from Phil Booth of medConfidential:

  • “Every day another instance of whole population level data being sold emerges which had been previously denied”.
  • “There is no way for the public to tell that this data has left the HSCIC. The government and NHS England must now come completely clean. Anything less than full disclosure would be a complete betrayal of trust.”

Far worse privacy violations are the norm in the US, yet our government won’t acknowledge that US health IT systems enable hidden sales and sharing of patients’ health data.  US patients are prevented from controlling who sees their health records and can’t obtain real-time lists of who has seen and used personal health data.

Learn how the data broker industry violates Americans’ strong rights to control the use of personal health information in IMS Health Holdings’ SEC filing for an IPO:

  • IMS buys and aggregates sensitive “prescription and promotional” records, “electronic medical records,” “claims data,” “social media” and more to create “comprehensive,” “longitudinal” health records on “400 million” patients.
  • All purchases and subsequent sales of personal health records are hidden from patients.  Patients are not asked for informed consent or given meaningful notice.
  • IMS Health Holdings sells health data to “5,000 clients,” including the US Government.
  • IMS buys “proprietary data sourced from over 100,000 data suppliers covering over 780,000 data feeds globally.”

Data brokers claim they don’t violate our rights to health information privacy because our data are “de-identified” or “anonymized”—-but computer scientists have proven it’s easy to re-identify aggregated, longitudinal data sets:

deb

This blog was written in response to the following article: NHS England patient data ‘uploaded to Google servers’, Tory MP says

Guest Article: Can You Ever Opt Out from Data Brokers?

Check out the latest from Debra Diener, courtesy of Privacy Made Simple.

Consumers may wonder how it is that they get ads, emails and other information from companies with whom they have had no interaction on or off-line.  Maybe they’re particularly confused if they’ve set their privacy settings to block cookies and other tracking devices.

The reality is that data brokers gather, compile and then sell lists of personal information to companies.  So what can consumers do if they want to try and protect their information from being compiled and sold by data brokers?  The answer is “it’s not easy” especially given the numbers of data brokers and the range of information they collect.

Julia Angwin has written a newly published book, Dragnet Nation, that focuses, in part, on her efforts to identify data brokers and then get the information that brokers have about her.  I plan on reading her book as I heard her discuss it recently and have just read her January 30th article, “Privacy Tools: Opting Out from Data Brokers” posted on ProPublica (www.propublica.org).

Her ProPublica article summarizes the steps required by some of the data brokers in order for her to opt-out of information collection.  As Ms. Angwin writes, there’s no law requiring data brokers to offer consumers that option.  She very helpfully attaches two spreadsheets to her article with the names of companies tracking information along with links to their privacy pages and, for those data brokers offering an opt-out, the instructions for doing so.  As she writes, many of the data brokers require consumers who want to opt-out to provide personal  information and identification (e.g., driver’s license).

Ms. Angwin’s spreadsheets of 212 data brokers provides consumers with a very useful resource.  She is also very candid in describing the difficulties in finding her own information and what she calls “some minor successes” in finding data brokers who had her information and opting-out.

Privacy Tools: Opting Out from Data Brokers

By Julia Angwin
ProPublica, Jan. 30, 2014

Data brokers have been around forever, selling mailing lists to companies that send junk mail. But in today’s data-saturated economy, data brokers know more information than ever about us, with sometimes disturbing results.

Earlier this month, OfficeMax sent a letter to a grieving father addressed to “daughter killed in car crash.” And in December, privacy expert Pam Dixon testified in Congress that she had found data brokers selling lists with titles such as “Rape Sufferers” and “Erectile Dysfunction sufferers.” And retailers are increasingly using this type of data to make from decisions about what credit card to offer people or how much to charge individuals for a stapler.

During my book research, I sought to obtain the data that brokers held about me. At first, I was excited to be reminded of the address of my dorm room and my old phone numbers. But thrill quickly wore off as the reports rolled in. I was equally irked by the reports that were wrong — data brokers who thought I was a single mother with no education — as I was by the ones that were correct — is it necessary for someone to track that I recently bought underwear online? So I decided to opt out from the commercial data brokers.

View the full article here, Privacy Tools: Opting Out from Data Brokers and get a list of the names of companies that track your information, links to their privacy pages, and instructions on how to opt out.

 

 

Data Mining to Recruit Sick People

Companies Use Information From Data Brokers, Pharmacies, Social Networks

Some health-care companies are pulling back the curtain on medical privacy without ever accessing personal medical records, by probing readily available information from data brokers, pharmacies and social networks that offer indirect clues to an individual’s health.

Companies specializing in patient recruitment for clinical trials use hundreds of data points—from age and race to shopping habits—to identify the sick and target them with telemarketing calls and direct-mail pitches to participate in research.

“I think patients would be shocked to find out how little privacy protection they have outside of traditional health care,” says Nicolas P. Terry, professor and co-director at the Center for Law and Health at Indiana University’s law school. He adds, “Big Data essentially can operate in a HIPAA-free zone.”

FTC Commissioner Julie Brill says she is worried that the use of nonprotected consumer data can be used to deny employment or inadvertently reveal illnesses that people want kept secret. “As Big Data algorithms become more accurate and powerful, consumers need to know a lot more about the ways in which their data is used,” Ms. Brill says.

To view the full article, please visit: Data Mining to Recruit Sick People (article published December 17, 2013)

 

 

Brokers Trade on Sensitive Medical Data with Little Oversight, Senate Says

“Marketers maintain databases that purport to track and sell the names of people who have diabetes, depression, and osteoporosis, as well as how often women visit a gynecologist, according to a Senate report published Wednesday.

The companies are part of a multibillion-dollar industry of “data brokers” that lives largely under the radar, the report says. The report by the Senate Commerce Committee says individuals don’t have a right to know what types of data the companies collect, how people are placed in categories, or who buys the information.

The report came in advance of a committee hearing on industry practices Wednesday afternoon.

The report doesn’t contain any new evidence of wrongdoing by the industry, but it underscores the tremendous increase in the sale and availability of consumer information in the digital age. An industry which began in the 1970s collecting data from public records to help marketers send direct mail has become an engine of a global $120 billion digital-advertising industry, helping marketers deliver increasingly targeted ads across the web and on mobile phones.”

To view the full article please visit: Brokers Trade on Sensitive Medical Data with Little Oversight, Senate Says

The Truth About HIPAA – It Hasn’t Changed

Everyone thinks HIPAA protects personal health data. It doesn’t.

The most valuable data collected and sold by US “data brokers” is sensitive personal health information.

US “data brokers” capture sensitive health information by tracking our searches, social media, phone apps and GPS data. The majority of US healthcare institutions, health-related state and federal government agencies, and health technology vendors are also “data brokers”.

HIPAA gave millions of hidden institutions, healthcare providers, and technology vendors the right to control, use, and sell our medical records, prescriptions, lab tests, claims data, and more. HIPAA gave them the right to be “data brokers”.

If the President’s Consumer Privacy Bill of Rights (CPBOR) was the law of the land AND also was applied to the healthcare system, patients could control who collects and uses health data—not “data brokers”.

The CPBOR’s strong new rights to control the use of personal data could end the use of data for discrimination in every area of life, including  jobs, credit, mortgages, and opportunities.

The EU got it right:  no government agency or corporation in the EU can collect, use, or sell personal data without permission.

deb

This blog was written in response to the following article: Senators call for consumer privacy protections