Health apps run into privacy snags

“The next time you use your smartphone to inquire about migraine symptoms or to check out how many calories were in that cheeseburger, there is a chance that information could be passed on to insurance and pharmaceuticals companies.

The top-20 health and wellness apps, including MapMyFitness, WebMD Health and iPeriod, are transmitting information to up to 70 third-party companies, according to Evidon, a web analytics and privacy firm”

If you are a subscriber to ft.com, you can view the full article at: Health apps run into privacy snags

Between Paranoia and Naivete

This op-ed was written by the political editor of the German paper ‘Die Zeit’. He summarizes the historical/cultural perspectives of Germany and the US regarding data protection and rights to control personal information in electronic systems.

He recommends both nation’s approaches should be on the table for discussion to decide “best practices” for data protection.

But he makes some key assertions I disagree with.

He states:

1) A future dictatorship’s use of Facebook would be “the least of your problems”.

  • But actually Facebook spying is very valuable to dictatorships because it reveals contacts and thoughts.

2) Citizens of “liberal societies” are not “experiencing a change in values” and “no longer feel uncomfortable sharing personal even private information”.

  • There is no change in values. Research shows people care just as much as they always have about privacy: ie control over what personal information they share with whom.  People care most about controlling who sees sensitive personal health data—but in the US we have no control.
  • The problem is that privacy/personal control over pii was not built into electronic systems.

3) Re: the Internet as an “emergent system” which “functions so well because it works equally for everybody” and “might cease to offer the greatest benefit for the greatest number”.

  • The Internet has already brought an “advantage to a minority–the rulers”.  He fails to recognize that the Internet is controlled and who controls it now.
  • Lawrence Lessig’s classic book “Code” explains that software and hardware, ie ‘code’ regulates the Internet and determines who controls it.  We must legislate/regulate technology in order to build a cyberspace that supports fundamental democratic rights and values.
  • The NSA/Verizon revelations are proof that a minority in fact control/rule the Internet to the detriment of all; and to the detriment of freedom and our human and civil rights to be “let alone”.

To view the full article, please visit: http://www.nytimes.com/2013/08/29/opinion/between-paranoia-and-naivete.html?_r=0#!

Privacy Advocates Set Their Sights on the Wrong G-Men

In the wake of NSA revelations, key privacy advocates make the point that private corporations and the government are working to ensure total surveillance of all digital information about all 300 million Americans and lock in billions in corporate revenue from the sale of personal data and detailed digital profiles of everyone in the US.

Corporate and government collection, use, and sale of the nation’s personal data is opaque.  The author of the story below trashes several  privacy advocates and misrepresents their key points about the hidden ‘government-industrial complex’.  And he claims that “Individuals can choose not to use a particular social network, search engine or website.”  But individuals have no meaningful choices online. See the documentary: “Terms and Conditions May Apply”.

The lack of trust online and in all holders of personal data is why President Obama proposed the Consumer Privacy Bill of Rights (CPBOR). Unfortunately the proposed data privacy protections in the CPBOR do not apply to the most sensitive data of all, health data.

Meanwhile,  the ‘government-industrial complex’ is destroying Americans’ most fundamental rights to privacy. The highest right of civilized man is the right to be ‘let alone’—which happens to be the foundation of Democracy.  Yet all we read about are the wonders of ‘big data’ and the need to collect and use personal data without meaningful informed consent. We can certainly use big data for innovation and benefits—but the public wants to be asked permission for all uses of data, especially for ‘research’ uses. Big data analytics is research.

  • See Westin’s research that shows only 1% of the public approves use of health data for research without consent. See more of his findings here.

Today US citizens have no control over their most sensitive personal information: health data from DNA to prescriptions records to diagnoses—-because privacy-destructive technologies and system architectures prevent us from exercising our rights to give meaningful informed consent before health data is collected, used, disclosed, or sold.

To view the full article, please visit: Privacy Advocates Set Their Sights on the Wrong G-Men

Privacy groups criticize proposed $8.5 million Google settlement

“Five U.S. privacy groups have opposed a proposed $8.5 million settlement with Google in a class action lawsuit over search privacy, as it fails to require Google to change its business practices, they said.”

Read more at: http://www.pcworld.com/article/2047323/privacy-groups-criticize-proposed-85-million-google-settlement.html

Privacy Groups Seek To Scuttle Google’s $8.5 Million Data-Leakage Settlement

“Google’s attempt to settle a privacy lawsuit by donating $8.5 million to nonprofit groups and schools should be rejected, advocacy groups argue in a letter to U.S. District Court Judge Edward Davila.”

Read more: http://www.mediapost.com/publications/article/207420/privacy-groups-seek-to-scuttle-googles-85-milli.html#ixzz2eQQGnJNG

Enabling the Health Care Locavore

Here’s a great article written by PPR’s Chief Technical Officer, Dr. Adrian Gropper about “why hip replacement surgery costs 5-10 times as much in the US as in Belgium even though it’s the same implant… JAMA publish[ing] research and a superb editorial on the Views of US Physicians About Controlling Health Care Costs and CMS put[ting] out a request for public comment on whether physicians’ Medicare pay should be made public.”

To view the full article, please visit Enabling the Health Care Locavore on The Health Care Blog.

MUST SEE privacy documentary: “Terms and Conditions May Apply” & interview with Filmmaker Cullen Hoback

Cullen Hoback, director of the documentary  “Terms and Conditions May Apply”, argues Facebook and Google are “public utilities” in an interview, “Is Facebook a Public Utility? Yes, says Filmmaker Cullen Hoback”.

The same argument applies to the US electronic healthcare system—all 300 million Americans are forced touse it, we have no real choices.

The collection and use of the nation’s health data is hidden. There is no full data map tracking all uses and we have no ‘chain of custody’ of our personal health information.

Quotes from the interview:

  • “All data can be tracked and followed.”
  • “You have the companies making a fortune off of our data and you have the government getting something that it’s wanted for a very long time, which is this sort of unprecedented access to all of the information of all of its citizens.”
  • “It’s hard to say opting out is an option.”

See the trailer for “Terms and Conditions May Apply” at  http://www.trackoff.us/

States Review Rules After Patients Identified via Health Records

To view the full article, please visit States Review Rules After Patients Identified via Health Records.

Key Quotes from the Article:

  • -”Some U.S. states are reviewing their policies around the collection and sale of health information to ensure that some patients can’t be identified in publicly available databases of hospital records.”
  • -Bloomberg News, working with Harvard University professor Latanya Sweeney, reported on June 4 that some patients of Washington hospitals could be identified by name and have their conditions and procedures exposed when a database sold by the state for $50 is combined with news articles and other public information.
  • -The state probes are focused on whether privacy standards for health information should be tightened as data-mining technologies get more sophisticated and U.S. President Barack Obama’s health-care overhaul drives rapid growth in the amount of patient data being generated and shared.
  • -Sweeney’s goal of identifying patients is to show that threats to privacy exist in datasets that are widely distributed and fall outside HIPAA’s regulations.

Hackers Sell Health Insurance Credentials, Bank Accounts, SSNs and Counterfeit Documents, for over $1,000 Per Dossier

The value of personal health information is very high inside and outside of the US healthcare system. At the same time, the US healthcare industry as a whole does a terrible job of protecting health data security. Most health data holders (hospitals and insurers) put health data security protection dead last on the list for tech upgrades.
Besides the lack of effective, comprehensive data security protections, thousands of low-level employees can snoop in millions of people’s health records in every US hospital using electronic records.

The public expects that only their doctors and staff who are part of their treatment team can access their sensitive health records, but that’s wrong. Any staff members of a hospital or employees of a health IT company who are your neighbors, relatives, or stalkers/abusers can easily snoop in your records.
In Austin, TX the two major city hospital chains each allow thousands of doctors and nurses access to millions of patient records.
All this will get much worse when every state requires our health data to be “exchanged” with thousands more strangers. The new state health information exchanges (HIEs) will make data theft, sale,  and exposure exponentially worse.
Tell every law maker you know: all HIEs should be REQUIRED by law to ask you to agree or OPT-IN before your health data can be shared or disclosed.

Today:

  • -many states do not allow you to ‘opt-out’ of HIE data sharing
  • -most states do not allow you to prevent even very sensitive health data (like psychiatric records) from being exchanged

There is no way to trust electronic health systems or HIEs unless our rights to control who can see and use our electronic health data are restored.