Re: “You for Sale, A Data Giant is mapping, and Sharing, the Consumer Genome”

Below comment in response to the New York Times article “You for Sale, A Data Giant is Mapping, and Sharing, the Consumer Genome.”

Acxiom is the poster-child for why tough new laws are needed to protect personal information on the Internet, in electronic systems, and on cell phones ASAP. No data should be collected about Americans without prior meaningful, informed consent.

Natasha Singer’s story is a must read to understand how the use of personal data threaten people’s jobs, reputations, and future opportunities. The information is analyzed and sold to those who want detailed real-time profiles of who we are, including the health of our minds and bodies. Data analytics enable Acxiom to create and sell far more intimate, detailed personality and behavioral portraits than our own mothers or analysts might know about us (and would never share).

Most people have never heard of Acxiom or other hidden data users. Today, most Americans have no idea that personal data is used by thousands of corporations and government agencies to make decisions about whether they will receive jobs or benefits.

Even though the hidden data mining industry began by using personal information to improve marketing and advertising, Acxiom proves that the kind and amounts amount of identifiable data being collected are simply unacceptable. As for the collection of health information, the data mining industry is clearly violating Americans’ very strong legal, Constitutional, and ethical rights to control and keep personal health data private. To the public, this is theft of personal health information.

On June 6th at the 2nd International Summit on the Future of Health Privacy, Professor Latanya Sweeney of the Harvard Data Privacy Lab along with Patient Privacy Rights introduced theDataMap.org. This project will enable citizens and whistleblowers to help create a detailed picture/map of where sensitive personal health information flows, from prescription records, to DNA, to diagnoses. Without a ‘chain of custody’ for our identifiable health data, it’s impossible to know who uses our data or why. A ‘chain of custody’ for personal health data could show us whether potential employers or banks had bought or received our health data, learn about the many ways the federal government uses health data as described in the Federal Health Information Technology Strategic Plans, and see the names of for-profit and public research and public health institutions that use personal health data.

Health data has long been used to discriminate against people for jobs, insurance, and credit. This fact is so well known that every year tens of millions of us refuse to get early diagnoses and treatment for cancer, depression, and sexually transmitted diseases. Hidden data flow causes bad health outcomes; treatment delays can be deadly. We need the same kind of control/consent over the use of electronic health data that we have always had for paper medical records.

US Internet and electronic systems have made us the most intimately surveilled people in the Free World. In Europe, strong laws and privacy-enhancing technologies prevent hidden data collection and data flow, so everyone benefits from technology and harms are avoided.

European standards for the collection of personal data were created after WW II, when data were used to decide who would die. Europeans consequently passed the world’s toughest data privacy laws, preventing personal data from being collected or used without consent.

Europe also established regional Data Privacy Commissioners to defend citizens’ rights to control the collection and use of personal information and ensure data accuracy. The US needs them too.

Unless we know where trillions of bytes of our personal data flow, who uses it and why, we cannot weigh the benefits and risks of using the Internet, electronic systems, or cell phones. It’s time for Congress to end the massive hidden flows of personal data.

Resolution of Disapproval in Supreme Court Decision in Sorrell v. IMS Health Case

Lawmaker, author of health privacy protections in economic recovery act, declares privacy rights of doctors, patients should trump commercial interests

WASHINGTON, D.C. – On Friday July 8, 2011, Congressman Edward J. Markey (D-Mass.), co-chairman of the Congressional Bi-Partisan Privacy Caucus and senior member of the House Energy and Commerce Committee, introduced H.Res. 343, a resolution expressing disapproval of the recent Supreme Court decision in Sorrell v. IMS Health. In its decision, the Court struck down a Vermont state law that banned the sale of doctors’ drug prescriptions records if the records are used for commercial purposes without the doctors’ permission.

Rep. Markey’s resolution states that the Court erred in applying free speech protections to a Vermont law that lawfully regulated a purely commercial interest. Before the Vermont law was enacted, data-mining companies would purchase information about doctors’ prescription drug information from pharmacies and then resell the data to pharmaceutical companies. The pharmaceutical companies could use the information – without the doctors’ consent – for the commercial purpose of targeting their sales messages and marketing more expensive, brand-name drugs to physicians.

“In this case, the Supreme Court tipped the scales of justice in favor of big drug companies at the expense of patients and their doctors,” said Rep. Markey. “The privacy of the doctor-patient relationship should outweigh the ability of pharmaceutical companies to mine data simply so they can market expensive drugs to providers and reap huge profits. States should be able to regulate pharmaceutical companies in a way that protects the privacy of their residents and prevents pharmaceutical companies from having undue influence on doctors’ prescribing habits.”

Dissenting in the Supreme Court’s 6-3 decision, Justice Stephen Breyer wrote that the Vermont state law in question “adversely affects expression in one, and only one way. It deprives pharmaceutical and data-mining companies of data…that could help pharmaceutical companies create better sales messages.” The dissent, which was joined by Justices Ruth Bader Ginsburg and Elena Kagan, stated that the Vermont statute is a “lawful governmental effort to regulate a commercial enterprise…The far stricter, specially ‘heightened’ First Amendment standards that the majority would apply to this instance of commercial regulation are out of place here.”

Dr. Deborah Peel, a national health privacy expert and founder of the non-profit Patient Privacy Rights, praised the Markey resolution. “With a Supreme Court that stands up for the interests of pharmaceutical companies, it’s reassuring to know that Congressman Markey is looking out for patients and doctors who value the privacy of their prescription drug information.”

Text of the resolution can be found HERE.

Re: Web site helps people profit from information collected about them

See the new story in the Washington Post by Thomas Heath: Web site helps people profit from information collected about them

A new technology called “Personal” allows people to control some their personal information and monetize it themselves.   A technology like “Personal” could give us control over our personal health data, which is constantly being “monetized” today without our consent and sold for uses that have nothing to do with improving our health.

“Personal” is betting that data we enter about ourselves and our product preferences will be very attractive to corporations that want to know us and/or sell to us. Today corporations use and sell whatever information they can scavenge about us online.

Similarly, sensitive health data that we control and release will be FAR more valuable to our doctors, researchers, and marketers because we have checked it for accuracy and completeness.  No one has quite the same motivation to ensure the accuracy and completeness of our health data as we do: it’s literally a matter of life and death.

Here is the business model “Personal” uses:

  • “if you mon­etize your data (Personal doesn’t like the word “sell”) through commercial activities with companies that want to buy it. Personal wants to be your “agent,” collecting a 10 percent fee on the compensation you receive each time you monetize your data.
  • EXAMPLE:  “So if I were a user of Personal, I could fill in the data fields in my “gem” on travel preferences for my trip to Stockholm this summer. I would release the information to Stockholm hotels, which could compete for my business based on my preferences for a clubby hotel bar, delicious breakfasts, a king-size bed and access to running trails. If a hotel gave me a discount or cash payment, Personal would collect a 10 percent fee.”

JUST LIKE in today’s electronic healthcare systems where we are powerless to stop the theft and sale of health data, “Personal can’t stop companies and others from scavenging data by tracking your online activities. It does, however, “give you the tools to monetize your data, but only if you want to,” Green said.”

“Personal’s” model of individual control over personal data could work very well with sensitive health data—–giving us choices, like NOT selling anything at all. But, Granny could sell some of her health information to afford her medications.  Or Dad could sell some of his data for research to afford treatment.

At a time when healthcare is not affordable for so many people, why should hospitals, pharmacies, doctors, labs, health IT and HIE vendors, prescription data mining corporations, insurers, transcription companies, data warehouses, states like Texas, digital devices, cell phone corporations and innumerable others be able to sell and “monetize” health data, instead of patients?

Many are concerned that if patients can monetize their data, poor and vulnerable people will give up privacy for money and the rich won’t need to. But how moral is the current system where corporations secretly profit from health information about the poor and rich alike?

To date, federal and state laws designed to prevent the sale of our protected health information have not been implemented or enforced. Congress and the states intended to stop the sales of health data without consent, but industry lobbies have effectively prevented the laws from working.

When was the last time your pharmacy asked if they could sell your prescription details? All US pharmacies sell everyone’s prescription records every night. See: http://patientprivacyrights.org/consumers/campaign-for-perscription-privacy/

Discussion on Targeting in the UK using the National Health Service

UK patients are outraged over whether the government NHS (National Health Service) data base was used to find individual cancer patients and pressure them to vote for the Labour party.  See article here.

Even if NHS data was not used, CLEARLY there is enough commercial data for sale in both Britain and the US for cancer victims’ addresses to be found and re-identified.

Allowing the secret US data mining industries that steal, collect, aggregate, and sell all Americans’ sensitive personal health information, health-related searches, health-related posts on social websites, email about health, and health-related purchases to continue doing business-as-usual is a prescription for disaster.

It’s a key reason we are seeking 500,000 people to sign the Do Not Disclose list. If Congress gets 500,000 signatures, they will pass a law to restore our control over our digital health records and set up the list.

Don Berwick MD, President Obama’s nominee to lead the Centers for Medicare and Medicaid, agrees that health information should belong to patients—and doctors should have to ask us to see it. See his article on patient empowerment: What ‘Patient-Centered’ Should Mean.

Yes, it’s illegal for employers and banks to use health information—but if they have it, they can use it—and there is no way to stop them.

We should be able to stop anyone from getting our health information. A national Do Not Disclose list would ensure we decide who sees our health information and who doesn’t.

It’s time to prevent corporations and government from being able to get our sensitive health information without consent. Sign the Do Not Disclose list!

Quotes:

  • “The Conservatives and the Liberal Democrats have attacked the Labour Party for sending “alarmist” literature to cancer patients, and called for an inquiry into whether NHS databases had been used to identify recipients. The row erupted after Labour sent cancer patients mailshots saying that their lives may be at risk under a Conservative government.”
  • “Experian, the data management company, confirmed that both Labour and the Conservatives use its Mosaic database, which divides voters into 67 groups. The databases can use anonymised hospital statistics, including postcodes and the diagnoses of patients, to identify the likely addresses of those with particular illnesses.”

UK: Labour [Party] attacked over mailshot to cancer patients

The Conservatives and the Liberal Democrats have attacked the Labour Party for sending “alarmist” literature to cancer patients, and called for an inquiry into whether NHS databases had been used to identify recipients.

The row erupted after Labour sent cancer patients mailshots saying that their lives may be at risk under a Conservative government.

Andrew Lansley, the Shadow Health Secretary, said: “It is shameful that the Labour Party, knowing that we are the only party that is going to increase investment in the NHS, have decided to deliberately scare patients and misrepresent what we have said.

De-identified? Yeah, right.

See these articles:
Netflix Contest Seen As Posing Privacy Risk
Netflix is about to commit a privacy Valdez with its customers’ viewing data
AOL, Netflix and the end of open access to research data

Once again Netflix plans to violate the privacy of those who rate the movies they rent. Two University of Texas computer scientists demonstrated that the Netflix database of 500,000 with movie ratings could be re-identified, revealing sensitive political and sexual preferences of the actual people who rated movies. Netflix did not get the consent of renters to expose their ratings to the public or ot researchers.

Yet Netflix is moving ahead to release even MORE personal data for its next million-dollar contest. The major media (NYT’s STeve Lohr for example) has NOT reported at all on how Netflix is violating movie renters’ privacy, but instead trumpets the prizes paid to those who develop more accurate ways to predict which movies you will want to watch next.

The problem of re-identification is VERY serious for the healthcare system because health data is impossible to de-identify. It is so rich in detail that de-identification is almost impossible.

Today, the treasure trove of all Americans’ sensitive health data is being endlessly used and disclosed without informed consent to millions of “covered entities” and “business associates” (and their millions of employees)–subjecting EVERY American to the theft, sale, and misuse of the most sensitive personal information that exists.

Who will hire you knowing all about your prescriptions, illnesses and genes?

Who is tracking YOU?

On the Internet ALL your health searches about scary and stigmatizing illnesses, all searches or purchases of books on health, and all searches or purchases of medications and devices are tracked and sold.

It is impossible to search for health information privately via Google, etc.

Health websites take massive advantage of Americans’ powerful expectations that ALL healthcare providers put their interests and their privacy first—expectations which come from the traditional doctor-patient relationship and the ethics that have governed Medicine for 2,400 years (derived from the Hippocratic Oath).

Americans are not yet ready to believe that every aspect of healthcare in the US is profit-driven, rather than driven by the ethical codes all health professionals swear to at graduation: the promises to “do no harm” and to “guard their secrets”.

Americans are not yet ready to believe that Wall Street has taken over Medicine—and that instead of guaranteeing the strong health privacy rights Americans have under the law, Wall Street erases our rights to ensure shareholder profits.

Data-mining: Australia Just Calls It Something Else

In Australia, the data mining industry pays doctors to sell patients’ prescription records. In the US they pay pharmacies, hospitals, and PBMs. See Article.

A complaint to the Australian Privacy Commissioner was dismissed because the data miners claimed that patients and doctors were “de-identified”. But it is very difficult to fully de-identify personal health data so that re-identification is impossible. If true, the industry should have offered proof that their methods actually work and that the data cannot be re-identified.

As in the US, the theft and sale of personal prescription records is rationalized with claims that it can be used to “provide valuable insight into healthcare trends– including the spread of infectious diseases”. The word that describes using data to provide “valuable insights” is “research”. It happens to be both illegal and unethical to do research without informed consent.

RealAge sets new low…

RealAge sets a new low for unscrupulous behavioral targeting to sell drugs.

Is the RealAge quiz an unfair and deceptive trade practice? Where is informed consent?

Do the 27 million who took the test to find out if they are younger or older than their “biological age” really know that they are giving detailed information so RealAge can market drugs to them?

RealAge illustrates a critical problem with almost all health-related websites: people are actually going there for help – they appear to offer services, so people expect that health websites follow medical ethics and protect their privacy. But they don’t. Health websites are not altruistic and don’t adhere to medical ethics or privacy rights. Health-related websites offering rating scales, searchers, or information about diseases and treatments are typically just as deceptive: they also are designed primarily to collect personal information for personally-targeted marketing or worse.

View the New York Times article Online Age Quiz Is a Window for Drug Makers.