Re: Web site helps people profit from information collected about them

See the new story in the Washington Post by Thomas Heath: Web site helps people profit from information collected about them

A new technology called “Personal” allows people to control some their personal information and monetize it themselves.   A technology like “Personal” could give us control over our personal health data, which is constantly being “monetized” today without our consent and sold for uses that have nothing to do with improving our health.

“Personal” is betting that data we enter about ourselves and our product preferences will be very attractive to corporations that want to know us and/or sell to us. Today corporations use and sell whatever information they can scavenge about us online.

Similarly, sensitive health data that we control and release will be FAR more valuable to our doctors, researchers, and marketers because we have checked it for accuracy and completeness.  No one has quite the same motivation to ensure the accuracy and completeness of our health data as we do: it’s literally a matter of life and death.

Here is the business model “Personal” uses:

  • “if you mon­etize your data (Personal doesn’t like the word “sell”) through commercial activities with companies that want to buy it. Personal wants to be your “agent,” collecting a 10 percent fee on the compensation you receive each time you monetize your data.
  • EXAMPLE:  “So if I were a user of Personal, I could fill in the data fields in my “gem” on travel preferences for my trip to Stockholm this summer. I would release the information to Stockholm hotels, which could compete for my business based on my preferences for a clubby hotel bar, delicious breakfasts, a king-size bed and access to running trails. If a hotel gave me a discount or cash payment, Personal would collect a 10 percent fee.”

JUST LIKE in today’s electronic healthcare systems where we are powerless to stop the theft and sale of health data, “Personal can’t stop companies and others from scavenging data by tracking your online activities. It does, however, “give you the tools to monetize your data, but only if you want to,” Green said.”

“Personal’s” model of individual control over personal data could work very well with sensitive health data—–giving us choices, like NOT selling anything at all. But, Granny could sell some of her health information to afford her medications.  Or Dad could sell some of his data for research to afford treatment.

At a time when healthcare is not affordable for so many people, why should hospitals, pharmacies, doctors, labs, health IT and HIE vendors, prescription data mining corporations, insurers, transcription companies, data warehouses, states like Texas, digital devices, cell phone corporations and innumerable others be able to sell and “monetize” health data, instead of patients?

Many are concerned that if patients can monetize their data, poor and vulnerable people will give up privacy for money and the rich won’t need to. But how moral is the current system where corporations secretly profit from health information about the poor and rich alike?

To date, federal and state laws designed to prevent the sale of our protected health information have not been implemented or enforced. Congress and the states intended to stop the sales of health data without consent, but industry lobbies have effectively prevented the laws from working.

When was the last time your pharmacy asked if they could sell your prescription details? All US pharmacies sell everyone’s prescription records every night. See: http://patientprivacyrights.org/consumers/campaign-for-perscription-privacy/

PPR Comments on FTC Consumer Privacy Protection Report

We applaud the FTC for creating a report focused on protecting consumer privacy. The proposed framework
upholds many of the practices we believe in: informed consumer consent, privacy protection and data security,
and greater transparency.

View the FTC Staff Report: Protecting Consumer Privacy in an Era of Rapid Change

View PPR’s full comments

Open Source Research

See the Government Health IT article: NCI to open research grid to cancer patient ‘army’

Women desperate to cure breast cancer are contributing their sensitive personal health information to “an army” of researchers.

But there is no reason that these altruistic women have to risk their futures and their daughters’ futures to find a cure.

It’s possible to do research without risking their futures and their daughters’ and granddaughters’ futures by using privacy-protective technologies and robust informed electronic consent. But this project does NOT protect the privacy of these generous and well-intentioned women.

The women’s data can be downloaded by “thousands of users”–all of whom make copies of their extremely sensitive, IDENTIFIABLE records. The records are identifiable so that the women can be contacted by researchers.

Some of the major things wrong with this picture:
1) The NCI system allows “researchers (to) form and maintain large breast cancer disease databases.” Is there any way to tell if the security is ironclad, state-of-the-art? No.
2) How many copies will researchers make? How many times will the data be replicated and backed-up across the world? No way to know.
3) What countries will copies of the records be kept in? No way to know.
4) How many and which researchers will download and keep their data? No way to know.
5) The researchers must sign agreements to protect and not sell the data, but there are no ‘data police’ to enforce those agreements. If there are no ‘data police’ watching this data, how do the women know it’s safe? No way to know.
6) What if a woman does not approve of a particular study or researcher who has their data? Can a woman prevent any researcher from using her information? No.
7) How will the data be handled after the research study is complete? How will the women know if it is destroyed? No way to know.
8) How safe is research access via a web browser? No way to know

The severe flaws in this plan are obvious. Fearful women desperate for cures are being exploited by the government and the research industry that designed these systems to serve their needs, NOT the women’s rights to privacy. Putting such sensitive data out into cyberspace KNOWING it can never be retrieved or destroyed is grossly irresponsible. Like Paris Hilton’s sex video, this data will live forever in cyberspace, risking future jobs and opportunities of every child of every woman desperate for a cure.

The NCI could do this a better way—we can have research and privacy at the same time. But the privacy protective technologies that can enable both are not being used. Why not?????

See our testimony Sept 18th at the national HIT Policy Committee and the many letters from the Coalition for Patient Privacy to federal agencies and Congress describing how to do research while protecting privacy.

And NO–the Genetic Information Nondiscrimination Act (GINA) DOES NOT protect our genetic data. It allows insurers and employers to have our genetic data and it has no enforcement. Zero. And HIPAA has no protections for genetic data either–it allows others to control and use our data without consent.

The cost of contributing to research should not be that your female descendents are unemployable. Unless data is protected, we will have generations of people who cannot work because employers will not risk hiring anyone at risk of getting a disease.

Who is tracking YOU?

On the Internet ALL your health searches about scary and stigmatizing illnesses, all searches or purchases of books on health, and all searches or purchases of medications and devices are tracked and sold.

It is impossible to search for health information privately via Google, etc.

Health websites take massive advantage of Americans’ powerful expectations that ALL healthcare providers put their interests and their privacy first—expectations which come from the traditional doctor-patient relationship and the ethics that have governed Medicine for 2,400 years (derived from the Hippocratic Oath).

Americans are not yet ready to believe that every aspect of healthcare in the US is profit-driven, rather than driven by the ethical codes all health professionals swear to at graduation: the promises to “do no harm” and to “guard their secrets”.

Americans are not yet ready to believe that Wall Street has taken over Medicine—and that instead of guaranteeing the strong health privacy rights Americans have under the law, Wall Street erases our rights to ensure shareholder profits.