Re: Open data is not a panacea

Regarding the story on MathBabe.org titled Open data is not a panacea

This story is a much-needed tonic to the heavy industry and government spin promoting ONLY the benefits of “open data” without mentioning the harms.

Quotes from the story:

  • When important data goes public, the edge goes to the most sophisticated data engineer, not the general public. The Goldman Sachs’s of the world will always know how to make use of “freely available to everyone” data before the average guy.
  • If there’s one thing I learned working in finance, it’s not to be naive about how information will be used. You’ve got to learn to think like an asshole to really see what to worry about.
  • So, if you’re giving me information on where public schools need help, I’m going to imagine using that information to cut off credit for people who live nearby. If you tell me where environmental complaints are being served, I’m going to draw a map and see where they aren’t being served so I can take my questionable business practices there.

Patient Privacy Rights’ goal is a major overhaul of U.S. health technology systems, so your health data is NOT OPEN DATA. Your health data should only be “open” and used with your knowledge and informed consent for purposes you agree with, like treatment and research. It will take a major overhaul for the public to trust health IT systems.

Why does Patient Privacy Rights advocate for personal control over health information and against “open data”? Answer:

For reasons that are NOT apparent, the healthcare industry shuns learning from computer scientists, mathematicians, and privacy experts about the harms and risks posed by today’s poorly designed “open” healthcare technology systems, the Internet, and the “surveillance economy”.

The health care industry and government shun facts like:

YOU can help build a data map so industry and government are forced to stop pretending that the health information of every person in the US is safe, secure, and private. Donate at: http://patientprivacyrights.org/donate/

Kravis Backs N.Y. Startups Using Apps to Cut Health Costs

The title should have been: “Wall Street trumps the Hippocratic Oath and NY patients’ privacy” or “NY gives technology start-ups free access to millions of New Yorkers sensitive health data without informed consent starting in February”.

Of course we need apps to lower health costs, coordinate care, and help people get well, but apps should be developed using ‘synthetic’ data, not real patient data. Giving away valuable identifiable patient data to app developers is very risky and violates patients legal and ethical rights to health information privacy under state and federal law—each of us has strong rights to decide who can see and use personal health information.

What happens when app developers use, disclose or sell Mayor Bloomberg’s, Governor Cuomo’s, Sec of State Hillary Clinton’s, or Peter Thiel’s electronic health records? Or will access to prominent people’s health records be blocked by the data exchange, while everyone’s else’s future jobs and credit are put at risk by developer access to health data?  Will Bloomberg publish a story about the consequences of this decision by whoever runs the NY health data exchange? Will Bloomberg write about the value, sale, and massive technology-enabled exploitation of health data for discrimination and targeted marketing of drugs, treatments, or for extortion of political or business enemies? Natasha Singer of the NYTimes calls this the ‘surveillance economy’.

The story did not mention ways to develop apps that protect patients’ sensitive information from disclosure to people not directly involved in patient care. The story could have said that the military uses “synthetic” patient data for technology research and app development. They realize that NOT protecting the security and privacy of sensitive data of members of the military and their families creates major national security risks.  The military builds and tests technology and apps on synthetic data; researchers or app developers don’t get access to real, live patient data without tough security clearances and high-level review of those who are granted permission to access data for approved projects that benefit patients. Open access to military health data bases threatens national security. Will open access to New Yorkers’ health data also threaten national security?

NY just started a national and international gold rush to develop blockbuster health apps AND will set off a rush by other states to give away or sell identifiable patient health information in health information exchanges (HIEs) or health information organizations (HIOs)—-by allowing technology developers access to an incredibly large, valuable data base of identifiable patient health information.  Do the developers get the data free—or is NY selling health data? The bipartisan Coalition for Patient Privacy (represents 10.3M people) worked to get a ban on the sale of patient health data into the stimulus bill because the hidden sale of health data is a major industry that enables hidden discrimination in key life opportunities like jobs and credit. Selling patient data for all sorts of uses is a very lucrative industry.

Further, NY patients are being grossly misled: they think they gave consent ONLY for their health data to be exchanged so other health professionals can treat them. Are they informed that dozens of app developers will be able to copy all their personal health data to build technology products they may not want or be interested in starting in February?

Worst of all the consequences of systems that eliminate privacy is: patients to act in ways that risk their health and lives when they know their health information is not private:

  • -600K/year avoid early treatment and diagnosis for cancer because they know their records will not be private
  • -2M/year avoid early treatment and diagnosis for depression for the same reasons
  • -millions/year avoid early treatment and diagnosis of STDs, for the same reason
  • -1/8 hide data, omit or lie to try to keep sensitive information private

More questions:

  • -What proof is there that the app developers comply with the contracts they sign?
  • -Are they audited to prove the identifiable patient data is truly secure and not sold or disclosed to third parties?
  • -What happens when an app developer suffers a privacy breach—most health data today is not secure or encrypted? If the app developers signed Business Associate Agreements at least they would have to report the data breaches.
  • -What happens when many of the app developers can’t sell their products or the businesses go bust? They will sell the patient data they used to develop the apps for cash.
  • -The developers reportedly signed data use agreements “covering federal privacy rules”, which probably means they are required to comply with HIPAA.  But HIPAA allows data holders to disclose and sell patient data to third parties, promoting further hidden uses of personal data that patients will never know about, much less be able to agree to.  Using contracts that do not require external auditing to protect sensitive information and not requiring proof that the developers can be trusted is a bad business practice.

NY has opened Pandora’s box and not even involved the public in an informed debate.

Sizing Up De-Identification Guidance, Experts Analyze HIPAA Compliance Report (quotes PPR)

To view the full article by Marianne Kolbasuk McGee, please visit: Sizing Up De-Identification Guidance, Experts Analyze HIPAA Compliance Report.

The federal Office of Civil Rights (OCR), charged with protecting the privacy of nation’s health data, released a ‘guidance’ for “de-identifying” health data. Government agencies and corporations want to “de-identify”, release and sell health data for many uses. There are no penalties for not following the ‘guidance’.

Releasing large data bases with “de-identified” health data on thousands or millions of people could enable break-through research to improve health, lower costs, and improve quality of care—-IF “de-identification” actually protected our privacy, so no one knows it’s our personal data—-but it doesn’t.

The ‘guidance’ allows easy ‘re-identification’ of health data. Publically available data bases of other personal information can be quickly compared electronically with ‘de-identified’ health data bases, so can be names re-attached, creating valuable, identifiable health data sets.

The “de-identification” methods OCR proposed are:

  • -The HIPAA “Safe-Harbor” method:  if 18 specific identifiers are removed (such as name, address, age, etc, etc), data can be released without patient consent. But .04% of the data can still be ‘re-identified’
  • -Certification by a statistical  “expert” that the re-identification risk is “small” allows release of data bases without patient consent.

o   There are no requirements to be an “expert”

o   There is no definition of “small risk”

Inadequate “de-identification” of health data makes it a big target for re-identification. Health data is so valuable because it can be used for job and credit discrimination and for targeted product marketing of drugs and expensive treatment. The collection and sale of intimately detailed profiles of every person in the US is a major model for online businesses.

The OCR guidance ignores computer science, which has demonstrated ‘de-identification’ methods can’t prevent re-identification. No single method or approach can work because more and more ‘personally identifiable information’ is becoming publically available, making it easier and easier to re-identify health data.  See: the “Myths and Fallacies of “Personally Identifiable Information” by Narayanan and Shmatikov,  June 2010 at: http://www.cs.utexas.edu/~shmat/shmat_cacm10.pdf Key quotes from the article:

  • -“Powerful re-identification algorithms demonstrate not just a flaw in a specific anonymization technique(s), but the fundamental inadequacy of the entire privacy protection paradigm based on “de-identifying” the data.”
  • -“Any information that distinguishes one person from another can be used for re-identifying data.”
  • -“Privacy protection has to be built and reasoned about on a case-by-case basis.”

OCR should have recommended what Shmatikov and Narayanan proposed:  case-by-case ‘adversarial testing’ by comparing a “de-identified” health data base to multiple publically available data bases to determine which data fields must be removed to prevent re-identification. See PPR’s paper on “adversarial testing” at: http://patientprivacyrights.org/wp-content/uploads/2010/10/ABlumberg-anonymization-memo.pdf

Simplest, cheapest, and best of all would be to use the stimulus billions to build electronic systems so patients can electronically consent to data use for research and other uses they approve of.  Complex, expensive contracts and difficult ‘work-arounds’ (like ‘adversarial testing’) are needed to protect patient privacy because institutions, not patients, control who can use health data. This is not what the public expects and prevents us from exercising our individual rights to decide who can see and use personal health information.

Re: Heart Gadgets Test Privacy-Law Limits

In response to The Wall Street Journal article “Heart Gadgets Test Privacy-Law Limits

This story shows the ethical and legal absurdity of private corporations’ claims to own and control patient records. Greedy corporations are copying their business models from Google and Facebook: sell every piece of information about every individual to any willing buyer.

Despite patients’ strong rights to obtain copies of their entire medical records, including data from devices that monitor health status, most hospitals and electronic health systems don’t yet offer patients a way to download personal health information, which is required by HIPAA and HITECH.

EVEN MORE IMPORTANTLY patients also have very strong ethical, legal, and Constitutional rights to control the disclosure and use of personal health information.

Today’s health IT systems and data exchanges were designed to prevent patient control over personal health information. Most health IT systems have abysmal data security (millions of health data breaches and thefts) and no means for patients to control who can see, use or sell their health data.

Government and Congress have poured $29 billion in stimulus funds into defective technology systems that violate the public’s rights to privacy and control over health information in electronic systems.

Medtronic and hospitals are hiding behind illegal contracts that violate patients’ rights to access and control sensitive personal health information.

We need clear new laws to ban the sale of personal health information without informed consent and RESTORE patient control over use, disclosure, and sale of health information.

-Deborah Peel

5 Held Over Apps that Stole Smartphone Info

Read the full article at 5 Held Over Apps that Stole Smartphone Info.

In Japan, “free apps had reportedly been downloaded up to 270,000 times” infecting at least “90,000 people’s smartphones” with a virus that stole “10 million pieces of personal information from users’ address books”. Creating viruses is a crime in Japan.

Criminals want valuable contact information. How much more valuable do you think personal health information is?

The value of health data is the reason theft is the #1 cause of health data breaches (See “Top Reasons for HITECH Breaches As of October. 17, 2012″ by Melamedia. Sign up for free monthly breach statistics at: http://melamedia.com/index.php).

In the US, millions of employees of corporations can obtain, use, and sell your health data (See ABC News Investigation showing diabetic records for sale from $14-25/record at: http://abcnews.go.com/Health/medical-records-private-abc-news-investigation/story?id=17228986&singlePage=true#.UFKTXVHUF-Y).

Loopholes in HIPAA grant millions of employees of providers, doctors, hospitals, insurers, data clearinghouses, and health technology companies the right to use and sell our electronic health records.  We have no way to know when this happens, it’s part of the hidden US “surveillance economy“.

Tell lawmakers and the next President to require health technology systems that put you in control over who can see, use, and sell your electronic health records—from prescriptions to DNA to diagnoses. 90+% of Americans, both Republicans and Democrats, expect to control access to their sensitive health data.

Do Not Track? Advertisers Say ‘Don’t Tread on Us’

See the full article written by Natasha Singer in the NY Times at Do Not Track? Advertisers Say ‘Don’t Tread on Us’

Americans are all victims of a massive hidden “surveillance economy” that collects and sells every bit of online information about us (and health information is the most valuable of all). This story is about the battle between the US data mining industry and the consumers, patients, and corporations that oppose secret data mining.

“Brendon Lynch, Microsoft’s chief privacy officer, said a recent company study of computer users in the United States and Europe concluded that 75 percent wanted Microsoft to turn on the Do Not Track mechanism. “Consumers want and expect strong privacy protection to be built into Microsoft products and services.”

“The Association of National Advertisers recently attacked Microsoft because Microsoft’s new browser will automatically tell hidden data collectors ‘Do Not Track’ users online.  “Microsoft’s action is wrong. The entire media ecosystem has condemned this action,” the letter said.”

It’s not surprising to see this attack by the data mining industry on Microsoft. There will be many more attacks as the public realizes the harms that are caused by unfettered corporate and government collection of personal information.  Today’s surveillance economy is based on monetizing personal data, selling intimate minute-by-minute profiles of our minds and bodies.

Benefits of Online Medical Records Outweigh the Risks- Includes Opposing Quotes from Dr. Deborah Peel

An article written by Larry Magid in the Huffington Post quotes PPR when speaking about the issues surrounding electronic health records. You can view the full article here: Benefits of Online Medical Records Outweigh the Risks.

“There are also privacy concerns. In a 2010 Wall Street Journal op-ed, psychiatrist Deborah Peel, founder of Patient Privacy Rights, complained that ‘lab test results are disclosed to insurance companies before we even know the results.’ She added that data is being released to ‘insurers, drug companies, employers and others willing to pay for the information to use in making decisions about you, your job or your treatments, or for research.’ Her group is calling for tighter controls and recognition that “that patients own their health data.’”

Onward and upward: ONC to automate Blue Button

See the full article in HealthcareITNews: Onward and upward: ONC to automate Blue Button

Why “Blue Button” matters: It is the critical first step to restore your control over personal health data.

  • -If we can’t get our data (via a “Blue Button”), we can’t use or control it—-much less check for errors.
  • -Few of us expect or know that today our sensitive health data flows to hidden businesses and users that have nothing to do with our health or treatment—which is why we need a map of health data flows:
    • -See Prof Sweeney explain this project in a brief video: http://tiny.cc/f466kw
    • -Today’s electronic health system allows millions of people who work for doctors, hospitals, insurers, health technology companies, and health data clearinghouses, etc, to use, disclose and sell our health data without consent.
  • -The current health technology system guarantees harms: like use of personal health data by employers and banks, ID theft and medical ID theft, and health data sales (see ABC World News story that shows the sale of diabetic patient data at: http://tiny.cc/un96kw ).

In 2001, the HIPAA Privacy Rule stated that patients should be able to download electronic copies of personal health data. Finally the federal government, through the Office of the National Coordinator for Health Information Technology (ONC), will actually require all electronic health records systems to let us do that.

  • -FYI—The box to click and download personal health information is known as a “Blue Button”. Some places already let patients do this (the VA system and MD Anderson for example).

When personal control over health data is restored, we can send our records to all the right places (for treatment and research) and NOT send records to hidden users and corporations that use it now to discriminate against us for jobs or credit, for ID theft, to impersonate us and use our health insurance to obtain treatment (medical ID theft), or for insurance, Medicare, and Medicaid fraud.

When the Privacy Button is Already Pressed

See the full article in the New York Times at: When the Privacy Button is Already Pressed

There is no “DO NOT TRACK” button in HIPAA. What happens when the public finds out they have no button to control the use and sale of intimate information about their minds and bodies?

This story shows the public is waking up to privacy:

*        11% of Mozilla users have turned ‘Do Not Track’ on.

*        18% of those with Firefox on Android phone use ‘Do Not Track’.
From sexual preferences, to records of child abuse, to DNA, to prescription records—–HIPAA and electronic systems eliminate our control over personal health information. Others decide when to use, disclose, or sell it. There is no “chain of custody” for personal health data. We can’t find out who collects and uses our health data. We can’t read a ‘data map’ and see where our health data flows. There is no health data map. See ABC World News story about the sale of health data: http://abcnews.go.com/Health/medical-records-private-abc-news-investigation/story?id=17228986&singlePage=true#.UFKTXVHUF-Y

The first step to fix any problem is to KNOW about it. Then we have to demand that law makers fix this disaster. Health information should not be used to make hidden decisions about our jobs, reputations, or credit.

Health technology can provide enormous benefits—but systems have to be re-designed so we control who sees and uses our health records. The best way to prevent harm is keep health data out of the hands of hidden users. Anyone who wants to use our health records should have to ask.

Your Medical Records May Not Be Private: ABC News Investigation

ABC TV’s Jim Avila shows how easy it is to buy personal health data. He spoke with security consultant Greg Porter, who showed him how to buy personal health information online for $14-$25. ABC News learned about the lack of effective security and privacy for medical records from “Julie” at the 2nd International Summit on the Future of Health Privacy.

Here is the video (after a short advertisement):

You can also see the above ABC News video on medical records at: http://abcnews.go.com/Health/medical-records-private-abc-news-investigation/story?id=17228986#.UIQCz1H6Acs

ABC’s print story about the TV news segment tells “Julie’s”  story, quotes Patient Privacy Rights (PPR), and links to our free online consumer protection forms so you can take action to better protect your health data. Use the free consent form and ask physicians and hospitals to honor longstanding state laws that require consent before they disclose your health information. According to HIPAA, providers can refuse to honor requests like this, but HIPAA also says stronger state laws and medical ethics should prevail—so ‘ask’ and tell them to honor your rights to control who sees and uses your electronic health information.