Re: Invasion of the Data Snatchers

Bill Keller’s NYTimes op-ed, “Invasion of the Data Snatchers,” is a fantastic piece on the hazy lines surrounding individual privacy in our new “surveillance economy.” Looking critically at The Journal News’ decision to publish the names and addresses of handgun permit holders in two nearby counties, as well as other instances in which people’s personal information is publicly shared, he asks a critical question: “What is the boundary between a public service and an invasion of privacy?” He then goes on to discuss the erosion of privacy and the challenges we face in determining “what information is worth defending and how to defend it.”

As the article says, “You can take your pick of the ways Facebook and Google are monetizing you by serving up your personal profile and browsing habits to advertisers for profit. Some of this feels harmless, or even useful — why shouldn’t my mobile device serve me ads tailored to my interests? But some of it is flat-out creepy. One of the more obnoxious trends is the custom-targeting of that irresistibly vulnerable market, our children.” Keller makes a good point—with so many different entities vying for a piece of your data, how can you know where to begin fighting back? And, it can be so overwhelming to think about the dirty underbelly of data sharing that it’s easier to say it’s no big deal in the long run, especially if you feel like you’re benefiting from it now.

For PPR, the bottom line is this: the erosion of our individual privacy is a critical issue. While some may be quick to dismiss such concerns, we have to remember that what we do now to protect our fundamental right to privacy matters. It matters to us in the present day and it matters to the futures of our children, our grandchildren, and so on…

Yes, there can be great benefits to the unparalleled connectivity and access people have to information in the rapidly shifting landscape of the digital era. At the same time, we have to make sure we establish clear boundaries and give people a say in the ways in which their information is accessed and used, particularly when it comes to sensitive data, like our personal health information. However, as Keller points out, protection of our privacy “doesn’t happen if we don’t demand it.”

This year, PPR will address a similar topic at its 3rd International Summit on the Future of Health Privacy: The Value of Health Data vs. Privacy — How Can the Conflict Be Resolved? We urge you to join us to be a part of the important conversations that will take place as we look at how our health information is valued, who has access to it, and what we can do to protect our privacy in an increasingly connected world.

Dangers of Consumer Internet Services in Health Care

Although Internet services like Gmail, Yahoo! Mail, Hotmail and Google Calendar are familiar to patients and doctors, use of such services in health care environments creates a serious privacy risk. The U.S. Department of Health & Human Services took action earlier this year when it discovered that Phoenix Cardiac Surgery, a five-physician clinic in Arizona, was posting patient appointments on the web using Google Calendar. As a result, the appointments could be found by anyone searching the Internet. Make sure your doctors and health care providers are not using consumer Internet services such as the ones identified above to store protected health information.

Health care providers should only use cloud services that are designed to comply with HIPAA and offer a HIPAA Business Associate Agreement.

You can contact PPR if you have questions or concerns about the use of consumer Internet services by health care providers and the security of your health information.

Re: Google Defends Way It Gets Phone Data

Mobile devices will be the future of healthcare and health IT. Today in parts of the world too poor to afford enterprise systems, “mHealth” is now the way healthcare is delivered.

Please see the recent article in the Wall Street Journal: Google Defends Way It Gets Phone Data

This story should serve as a warning to patients: If your doctor uses an iPad, iPhone, or Android to access your electronic health information, Google and Apple may be collecting, using, or selling it.

  • QUOTE: “Amid rising scrutiny of their practices, Google Inc. defended the way it collects location data from Android phones, while Apple Inc. remained silent for a third day. The companies’ smartphones regularly transmit locations back to Google and Apple servers, respectively, according to data and documents analyzed by The Wall Street Journal. Research by a security analyst this week found that an Android phone collected location data every few seconds and sent it to Google several times an hour. Apple disclosed in a letter to Congress last year that its phones “intermittently” collect location data, and the company receives it twice a day.”

Do Androids, iPhones and iPads send health records back to Google and Apple every few seconds the same way they send GPS data? Right now, health data on mobile devices typically isn’t even encrypted.

Do Google and Apple collect and store health data for months, like they do with location data?

Do Google and Apple “anonymize” health data the same way they “anonymize” your cell phone: by assigning a unique number that is directly traceable back to you?

The point is, whatever Apple and Google can do with GPS data, they can do with health data on mobile devices.

Privacy & Publicity

SXSW 2010 Interactive Festival: Opening Remarks: Privacy & Publicity

Danah Boyd explains in this presentation what privacy is and why it is important in all aspects, but specifically in social networking.

One of the world’s foremost authorities on social networks, Boyd works at Microsoft Research New England and also serves as a Fellow at the Harvard University Berkman Center for Internet and Society. Boyd recently completed her PhD in the School of Information at the University of California-Berkeley.

U.K. mulls handing off national health records to Microsoft, Google

Conservatives reportedly pushing for privitization

The British government is reportedly preparing a plan to give national health records to either Google or Microsoft, rather than creating a massive government database. Reports of the plan have sparked vigorous debates in the United Kingdom

The plan, as described in the reports, would privatize the National Programme for Information Technology’s Care Records Service. The government would entrust health records to either Microsoft HealthVault or Google Health.

Britain’s National Audit Office warns that the government’s digitization project is over budget and behind schedule, with a total cost to taxpayers of more than 12.7 billion British pounds sterling, the BBC said.

UK Handing off their health records?

Federal Computer Week: U.K. mulls handing off national health records to Microsoft, Google

It will be interesting to see which one the UK chooses. Microsoft joined the bipartisan Coalition for Patient Privacy to urge Congress to restore consumer control over PHI in 2007. Google has not.

MS signed Coalition letters in 2007 and 2009, and agreed to support the Coalition’s tough privacy principles and health privacy rights in electronic systems. HealthVault was built to adhere to the Coalition’s stringent privacy principles. Open, public promises by major corporations are taken very seriously by federal regulatory agencies and consumer advocates.

The promises by the technology corporations that joined the Coalition are a rebuke to other HIT vendors and the data mining industry that will do anything to get their hands on PHI for all sorts of uses that patients would never agree to.

Today, the clearest sign of serious corporate commitment to health privacy rights is joining the Coalition for Patient Privacy and standing with consumers to build an ethical, legal HIT system—the only kind that will be trusted and succeed.

UK Handing off their health records?

Federal Computer Week:U.K. mulls handing off national health records to Microsoft, Google

It will be interesting to see which one the UK chooses. Microsoft joined the bipartisan Coalition for Patient Privacy to urge Congress to restore consumer control over PHI in 2007. Google has not.
MS signed Coalition letters in 2007 and 2009, and agreed to support the Coalition’s tough privacy principles and health privacy rights in electronic systems. HealthVault was built to adhere to the Coalition’s stringent privacy principles. Open, public promises by major corporations are taken very seriously by federal regulatory agencies and consumer advocates.

The promises by the technology corporations that joined the Coalition are a rebuke to other HIT vendors and the data mining industry that will do anything to get their hands on PHI for all sorts of uses that patients would never agree to.

Today, the clearest sign of serious corporate commitment to health privacy rights is joining the Coalition for Patient Privacy and standing with consumers to build an ethical, legal HIT system—the only kind that will be trusted and succeed.

More than just google

In response to the Consumer Watch article: “U.S. Senate Records Reveal Google Inc. Lobbying Campaign On Personal Medical Records Law Despite Internet Giant’s Denials

This story is of interest because the public has no idea which corporations lobbied against their privacy rights in the stimulus bill or how much was spent overall to try to eliminate health privacy.

The focus on Google alone is misleading and actually distracts from the real work of informing the public about the major health-related industries that have long opposed Americans’ privacy rights. The real question is which other industry giants that are not household names lobbied against privacy?

The total lobbying money spent by the massive secret health data mining industry, insurers, hospitals, and big Pharma to oppose Americans’ rights to privacy far exceeds Google’s lobbying expenses.

If we don’t know who all the culprits are, we can’t stop them and restore privacy.

The most dangerous enemies of privacy are the ones we don’t know about.

U.S. Senate Records Reveal Google Inc. Lobbying Campaign On Personal Medical Records Law Despite Internet Giant’s Denials

First quarter federal reports show Google lobbied on the electronic medical records provisions of the federal economic stimulus act, contradicting the Internet giant’s earlier claims that Consumer Watchdog’s report of its effort was “100 percent false.”

Google’s report shows a total expenditure of $880,000 on lobbying during the period including on “online health-related initiatives; issues relating to online personal health records, including in connection with H.R. 1: American Recovery and Reinvestment Act of 2009.”  Google also contracted with an outside firm, the Podesta Group, which independently reported lobbying for Google on “health information technology” and “online privacy.”

King and Spalding LLP also independently reported lobbying for Google on “online health-related initiatives, including health information technology provisions in H.R. 1, The American Recovery and Reinvestment Act.”

Pro-Privacy Will Continue to Grow

More and more genuine consumer pro-privacy groups —as opposed to privacy-lite, industry-supported, faux consumer organizations—are speaking out to restore privacy in electronic health systems. Support for privacy rights will build and build. There may be set-backs, but we cannot be stopped. See this recent article on Consumer Watchdog supporting patient privacy.

The real reason privacy will win is simple and practical: electronic systems will never be trusted or work unless consumers control personal health information.

In the words of Justice Brandeis: “The right to be let alone is the most comprehensive of rights and the right most valued by civilized men. To protect that right, every unjustifiable intrusion by the government upon the privacy of the individual, whatever the means employed, must be deemed a violation of the [Constitution].” Justice Brandeis 1928.
Olmstead v. United States, 277 U.S. 438, 478, 48 S.Ct. 564, 572 (1928) (Brandeis J., dissenting).

Brandeis dissented from the conventional wisdom of his time. Today we are the dissenters from the CW of our time, but like Brandeis’ dissent, ours will prevail.