Re: Sizing Up the Family Gene Pool

In response to the New York Times article: Sizing Up the Family Gene Pool

This story is about the fact that genetic testing companies sell people’s test results, compromising families’ and descendants’ future jobs and opportunities. “The NYTimes Ethicist” confirmed a questioner’s fears:

“As for the privacy issue, your concern is well founded. Many of these companies do use customers’ data for medical research or commercial applications, or they sell it to third parties whose interests you might never know. Legally they can’t do that without your consent, but the fine print on those consent forms goes by so quickly that it can be hard to follow.”

Americans’ lack of control over sensitive personal health information in electronic systems is a true national disaster. Not everyone knows this yet, but President Obama does.

On Feb 22, the he introduced historic new privacy principles to guide the use of personal data in the global digital economy. He recognized the lack of privacy in current networked technologies and systems has severe economic consequences. See story on the White House Initiative: http://patientprivacyrights.org/2012/02/wh-initiative-consumer-privacy-bill-of-rights/

President Obama’s new principles address the causes of the privacy violation in the story:

  • Current federal law does not protect the right to health information privacy or the right of consent to use health data
  • neither HIPAA nor Genetic Information Non-Discrimination Act (GINA) prevent the systemic corporate business practice of selling Americans’ highly sensitive personal health information (like genetic test results)

He laid out an historic, tough new Consumer Privacy Bill of Rights to stop the data mining and data theft industries. The first principle is that of individual control: “Consumers have a right to exercise control over what personal data companies collect from them and how they use it.”

Key quotes from the Administration’s new “Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy”:

  • “Strong consumer data privacy protections are essential to maintaining consumers’ trust in the tech­nologies and companies that drive the digital economy.”
  • The President concluded, “It [privacy] has been at the heart of our democracy from its inception, and we need it now more than ever.”

The only way we can trust the Internet and have a vibrant global digital economy is if individuals control personal information online and in electronic systems. The right of informed consent before personal information is collected or used must be restored.

When will the health IT industry, Congress, and lawmakers across the US act to restore the right to privacy and control over personal information?

Patient Data Posted Online in Major Breach of Privacy

This New York Times article by Kevin Sack outlines the key findings by experts at the Health Privacy Sumit: There are SERIOUS flaws in electronic health records when it comes to privacy, and these need to be addressed NOW.

“A medical privacy breach led to the public posting on a commercial Web site of data for 20,000 emergency room patients at Stanford Hospital in Palo Alto, Calif., including names and diagnosis codes, the hospital has confirmed. The information stayed online for nearly a year.

Since discovering the breach last month, the hospital has been investigating how a detailed spreadsheet made its way from one of its vendors, a billing contractor identified as Multi-Specialty Collection Services, to a Web site called Student of Fortune, which allows students to solicit paid assistance with their schoolwork.

Gary Migdol, a spokesman for Stanford Hospital and Clinics, said the spreadsheet first appeared on the site on Sept. 9, 2010, as an attachment to a question about how to convert the data into a bar graph.

Although medical security breaches are not uncommon, the Stanford breach was notable for the length of time that the data remained publicly available without detection.

Even as government regulators strengthen oversight by requiring public reporting of breaches and imposing heavy fines, experts on medical security said the Stanford breach spotlighted the persistent vulnerability posed by legions of outside contractors that gain access to private data.”

When 2+2 Equals a Privacy Question

TIME to revisit the always compelling — and often disconcerting — debate over digital privacy. So, what might your movie picks and your medical records have in common?

How about a potentially false sense of control over who can see your user history?

While Netflix and some health care concerns say they have been able to offer study data to researchers stripped of specific personal details like your name, phone number and e-mail address, in some cases researchers may be able to re-identify you by correlating anonymous information with the digital trail that you’ve left on blogs, chat rooms and Twitter.

Of course, you may be fine with that. On the other hand, you may not want complete strangers rummaging around in your history of movie selections or medical needs.

For example, contestants in Netflix’s competition to improve its recommendation software received a training data set containing the movie preferences of more than 480,000 customers who had, as they say in the trade, been “de-identified.” But as part of a privacy experiment, a pair of computer scientists at the University of Texas at Austin decided to see if it was possible to re-identify those unnamed movie fans…

…The Web site of Practice Fusion, meanwhile, quotes Ryan Howard, the chief executive, as saying that the company subsidizes its free record-keeping systems by selling de-identified data to insurance groups, clinical researchers and pharmaceutical companies. In an interview, however, Mr. Howard said Practice Fusion had not yet started selling patient information but that it intended to do so

NEW regulations require notifying patients if their personally identifiable medical information gets loose, and they prohibit selling protected health records. But privacy advocates said electronic health records remain vulnerable because no federal law now forbids the sale of de-identified health care data.

In 1997, for example, a researcher identified the medical records of William Weld, then the governor of Massachusetts, by correlating birthdays, ZIP codes and gender in voter registration rolls and information published by the state’s government insurance commission.

There are no current federal laws against re-identification, said Dr. Deborah Peel, a psychiatrist who is a director of Patient Privacy Rights, a nonprofit watchdog group in Austin, Tex.

“Once personal health data gets out there, it’s like the Paris Hilton sex tape,” Dr. Peel said. “It is going to be out there forever.”

And You Thought a Prescription Was Private

Randee Lonergan says a pharmacy sold her prescription history to a local Target without her knowledge.

MORE than 10 years after she tried without success to have a baby, Marcy Campbell Krinsk is still receiving painful reminders in her mail. The ads and promotions started after she bought fertility drugs at a pharmacy in San Diego.

Marketers got hold of her name, and she found coupons and samples in her mail that shadowed the growth of an imaginary child — at first, for Pampers and baby formula, then for discounts on family photos, and all the way through the years to gifts suitable for an elementary school graduate.

Deborah Peel, a psychiatrist in Austin, Tex., who lobbies for privacy rights, said she predicts “a looming battle between the data thieves and those that believe in constructing a digital universe with even stronger protections for the privacy of personal information than we have in the world of medical records on paper.”

SIGN OUR PETITION FOR RX PRIVACY

Online Age Quiz Is a Window for Drug Makers

Americans yearn to be young. So it is little wonder that RealAge, which promises to help shave years off your age, has become one of the most popular tests on the Internet.
According to RealAge, more than 27 million people have taken the test, which asks 150 or so questions about lifestyle and family history to assign a “biological age,” how young or old your habits make you. Then, RealAge makes recommendations on how to get “younger,” like taking multivitamins, eating breakfast and flossing your teeth. Nine million of those people have signed up to become RealAge members.
But while RealAge promotes better living through nonmedical solutions, the site makes its money by selling better living through drugs.

Thieves Winning Online War, Maybe Even in Your Computer

Internet security is broken, and nobody seems to know quite how to fix it.

Despite the efforts of the computer security industry and a half-decade struggle by Microsoft to protect its Windows operating system, malicious software is spreading faster than ever. The so-called malware surreptitiously takes over a PC and then uses that computer to spread more malware to other machines exponentially. Computer scientists and security researchers acknowledge they cannot get ahead of the onslaught.

As more business and social life has moved onto the Web, criminals thriving on an underground economy of credit card thefts, bank fraud and other scams rob computer users of an estimated $100 billion a year, according to a conservative estimate by the Organization for Security and Cooperation in Europe. A Russian company that sells fake antivirus software that actually takes over a computer pays its illicit distributors as much as $5 million a year.

Letters: Which Way Privacy?

Re “You’re Leaving a Digital Trail. Should You Care?” (Nov. 30):

The article concluded with the director of the M.I.T.Center for Collective Intelligence as saying: “For most of human history, people have lived in small tribes where everything they did was known by everyone they knew.”

But when humans were all villagers, no one could learn or recall details like exact locations, every contact with tribe members, what each villager was doing, every villager’s wealth, or what every villager was thinking about or interested in 24/7.

Technology allows the collection and analysis of terabytes of information. Human memory can’t. That changes everything for America. Will we choose laws and policies that strengthen and safeguard our precious rights to freedom and liberty, and the right to be let alone in the digital age?

Deborah C. Peel, M.D.

Austin, Tex., Dec. 1

The writer is founder and chairwoman of Patient Privacy Rights, a consumer advocacy organization.

Federal Court Upholds Drug Privacy Law

A federal appeals court in Boston on Tuesday dealt a setback to the pharmaceutical industry and companies that collect prescription data for use in drug marketing.

Ruling in support of a New Hampshire law, the court upheld the right of states to prohibit the sale of doctor-specific prescription drug data that is widely used in pharmaceutical marketing.

The case is a defeat for two large data-mining companies, IMS Health and Verispan. They sued in 2006 to block implementation of the New Hampshire law, which prohibited the sale of computerized data showing which doctors were prescribing what drugs.

Online Age Verification for Children Brings Privacy Worries

WHEN it comes to protecting children on the Internet and keeping them safe from predators, law enforcement officials have vocally advocated one approach in particular. They want popular sites, like the social network MySpace, to confirm the identities and ages of minors and then allow the young Web surfers to talk only with other children, or with adults approved by parents.
But performing so-called age verification for children is fraught with challenges. The kinds of publicly available data that Web companies use to confirm the identities of adults, like their credit card or Social Security numbers, are either not available for minors or are restricted by federal privacy laws.
Nevertheless, over the last year, at least two dozen companies have sprung up with systems they claim will solve the problem. Surprisingly, their work is proving controversial and even downright unpopular among the very people who spend their days worrying about the well-being of children on the Web.

Is There a Privacy Risk in Google Flu Trends?

When Google released its Flu Trends service earlier this week, the Drudge Report flashed a headline that read: “SICK SURVEILLANCE: GOOGLE REPORTS FLU SEARCHES, LOCATIONS TO FEDS.”

Google sought to avoid this kind of reaction by talking about how Google Flu Trends protects the privacy of its users. The service relies “on anonymized, aggregated counts of how often certain search queries occur each week,” Google said.

Still, the worries persist. On Wednesday, two advocacy groups, the Electronic Privacy Information Center and Patient Privacy Rights, sent a letter to Eric Schmidt, Google’s chief executive, raising privacy concerns: “The question is how to ensure that Google Flu Trends and similar techniques will only produce aggregate data and will not open the door to user-specific investigations, which could be compelled, even over Google’s objection, by court order or Presidential authority.” The letter went on to challenge Google to publish the techniques it has adopted to protect the privacy of search queries used for Flu Trends.

There is no doubt that there are longstanding and legitimate privacy concerns about the collection and storage of search data by companies like Google, Yahoo and Microsoft. They all retain logs of the searches conducted by millions of people for varying periods of time. The logs include the search terms used in a query, the I.P. address of the computer that sent the query and a cookie associated with that computer. Those search logs could be misused by the companies, and they certainly can be subpoenaed by the government or sought by private litigants in civil lawsuits. More than two years ago, The New York Times showed how the data could be used to identify the individuals behind certain queries, at least before the data is partially “anonymized.”