Dangers of Consumer Internet Services in Health Care

Although Internet services like Gmail, Yahoo! Mail, Hotmail and Google Calendar are familiar to patients and doctors, use of such services in health care environments creates a serious privacy risk. The U.S. Department of Health & Human Services took action earlier this year when it discovered that Phoenix Cardiac Surgery, a five-physician clinic in Arizona, was posting patient appointments on the web using Google Calendar. As a result, the appointments could be found by anyone searching the Internet. Make sure your doctors and health care providers are not using consumer Internet services such as the ones identified above to store protected health information.

Health care providers should only use cloud services that are designed to comply with HIPAA and offer a HIPAA Business Associate Agreement.

You can contact PPR if you have questions or concerns about the use of consumer Internet services by health care providers and the security of your health information.

Re: Google Defends Way It Gets Phone Data

Mobile devices will be the future of healthcare and health IT. Today in parts of the world too poor to afford enterprise systems, “mHealth” is now the way healthcare is delivered.

Please see the recent article in the Wall Street Journal: Google Defends Way It Gets Phone Data

This story should serve as a warning to patients: If your doctor uses an iPad, iPhone, or Android to access your electronic health information, Google and Apple may be collecting, using, or selling it.

  • QUOTE: “Amid rising scrutiny of their practices, Google Inc. defended the way it collects location data from Android phones, while Apple Inc. remained silent for a third day. The companies’ smartphones regularly transmit locations back to Google and Apple servers, respectively, according to data and documents analyzed by The Wall Street Journal. Research by a security analyst this week found that an Android phone collected location data every few seconds and sent it to Google several times an hour. Apple disclosed in a letter to Congress last year that its phones “intermittently” collect location data, and the company receives it twice a day.”

Do Androids, iPhones and iPads send health records back to Google and Apple every few seconds the same way they send GPS data? Right now, health data on mobile devices typically isn’t even encrypted.

Do Google and Apple collect and store health data for months, like they do with location data?

Do Google and Apple “anonymize” health data the same way they “anonymize” your cell phone: by assigning a unique number that is directly traceable back to you?

The point is, whatever Apple and Google can do with GPS data, they can do with health data on mobile devices.

Privacy & Publicity

SXSW 2010 Interactive Festival: Opening Remarks: Privacy & Publicity

Danah Boyd explains in this presentation what privacy is and why it is important in all aspects, but specifically in social networking.

One of the world’s foremost authorities on social networks, Boyd works at Microsoft Research New England and also serves as a Fellow at the Harvard University Berkman Center for Internet and Society. Boyd recently completed her PhD in the School of Information at the University of California-Berkeley.

U.K. mulls handing off national health records to Microsoft, Google

Conservatives reportedly pushing for privitization

The British government is reportedly preparing a plan to give national health records to either Google or Microsoft, rather than creating a massive government database. Reports of the plan have sparked vigorous debates in the United Kingdom

The plan, as described in the reports, would privatize the National Programme for Information Technology’s Care Records Service. The government would entrust health records to either Microsoft HealthVault or Google Health.

Britain’s National Audit Office warns that the government’s digitization project is over budget and behind schedule, with a total cost to taxpayers of more than 12.7 billion British pounds sterling, the BBC said.

UK Handing off their health records?

Federal Computer Week: U.K. mulls handing off national health records to Microsoft, Google

It will be interesting to see which one the UK chooses. Microsoft joined the bipartisan Coalition for Patient Privacy to urge Congress to restore consumer control over PHI in 2007. Google has not.

MS signed Coalition letters in 2007 and 2009, and agreed to support the Coalition’s tough privacy principles and health privacy rights in electronic systems. HealthVault was built to adhere to the Coalition’s stringent privacy principles. Open, public promises by major corporations are taken very seriously by federal regulatory agencies and consumer advocates.

The promises by the technology corporations that joined the Coalition are a rebuke to other HIT vendors and the data mining industry that will do anything to get their hands on PHI for all sorts of uses that patients would never agree to.

Today, the clearest sign of serious corporate commitment to health privacy rights is joining the Coalition for Patient Privacy and standing with consumers to build an ethical, legal HIT system—the only kind that will be trusted and succeed.

UK Handing off their health records?

Federal Computer Week:U.K. mulls handing off national health records to Microsoft, Google

It will be interesting to see which one the UK chooses. Microsoft joined the bipartisan Coalition for Patient Privacy to urge Congress to restore consumer control over PHI in 2007. Google has not.
MS signed Coalition letters in 2007 and 2009, and agreed to support the Coalition’s tough privacy principles and health privacy rights in electronic systems. HealthVault was built to adhere to the Coalition’s stringent privacy principles. Open, public promises by major corporations are taken very seriously by federal regulatory agencies and consumer advocates.

The promises by the technology corporations that joined the Coalition are a rebuke to other HIT vendors and the data mining industry that will do anything to get their hands on PHI for all sorts of uses that patients would never agree to.

Today, the clearest sign of serious corporate commitment to health privacy rights is joining the Coalition for Patient Privacy and standing with consumers to build an ethical, legal HIT system—the only kind that will be trusted and succeed.

More than just google

In response to the Consumer Watch article: “U.S. Senate Records Reveal Google Inc. Lobbying Campaign On Personal Medical Records Law Despite Internet Giant’s Denials

This story is of interest because the public has no idea which corporations lobbied against their privacy rights in the stimulus bill or how much was spent overall to try to eliminate health privacy.

The focus on Google alone is misleading and actually distracts from the real work of informing the public about the major health-related industries that have long opposed Americans’ privacy rights. The real question is which other industry giants that are not household names lobbied against privacy?

The total lobbying money spent by the massive secret health data mining industry, insurers, hospitals, and big Pharma to oppose Americans’ rights to privacy far exceeds Google’s lobbying expenses.

If we don’t know who all the culprits are, we can’t stop them and restore privacy.

The most dangerous enemies of privacy are the ones we don’t know about.

U.S. Senate Records Reveal Google Inc. Lobbying Campaign On Personal Medical Records Law Despite Internet Giant’s Denials

First quarter federal reports show Google lobbied on the electronic medical records provisions of the federal economic stimulus act, contradicting the Internet giant’s earlier claims that Consumer Watchdog’s report of its effort was “100 percent false.”

Google’s report shows a total expenditure of $880,000 on lobbying during the period including on “online health-related initiatives; issues relating to online personal health records, including in connection with H.R. 1: American Recovery and Reinvestment Act of 2009.”  Google also contracted with an outside firm, the Podesta Group, which independently reported lobbying for Google on “health information technology” and “online privacy.”

King and Spalding LLP also independently reported lobbying for Google on “online health-related initiatives, including health information technology provisions in H.R. 1, The American Recovery and Reinvestment Act.”

Pro-Privacy Will Continue to Grow

More and more genuine consumer pro-privacy groups —as opposed to privacy-lite, industry-supported, faux consumer organizations—are speaking out to restore privacy in electronic health systems. Support for privacy rights will build and build. There may be set-backs, but we cannot be stopped. See this recent article on Consumer Watchdog supporting patient privacy.

The real reason privacy will win is simple and practical: electronic systems will never be trusted or work unless consumers control personal health information.

In the words of Justice Brandeis: “The right to be let alone is the most comprehensive of rights and the right most valued by civilized men. To protect that right, every unjustifiable intrusion by the government upon the privacy of the individual, whatever the means employed, must be deemed a violation of the [Constitution].” Justice Brandeis 1928.
Olmstead v. United States, 277 U.S. 438, 478, 48 S.Ct. 564, 572 (1928) (Brandeis J., dissenting).

Brandeis dissented from the conventional wisdom of his time. Today we are the dissenters from the CW of our time, but like Brandeis’ dissent, ours will prevail.