Private traits and attributes are predictable from digital records of human behavior

Picture a box with 2,000 or 10,000 puzzle pieces inside—any one puzzle piece reveals nothing about the picture. But when all the pieces are assembled, an incredibly detailed picture FULL of information is created.

The data mining industry—including Google, Facebook, Acxiom and thousands more unknown corporations and foreign businesses—assembles the puzzle of who we are from thousands of bits of data we leave online. They know FAR MORE than anyone on Earth knows about each of us—more than what our partners, our moms and dads, our best friends, our psychoanalysts, or our children know about us.

The UK study (abstract below) shows how easy it is for hidden data mining companies to intimately know us (and sell) WHO WE ARE.

Most Americans are not aware of the ‘surveillance economy’ or that data miners can easily collect intimate psychological and physical/health profiles of everyone from online data.

The study:

-“demonstrates the degree to which relatively basic digital records of human behavior can be used to automatically and accurately estimate a wide range of personal attributes that people would typically assume to be private”

-“is based on Facebook Likes, a mechanism used by Facebook users to express their positive association with (or “Like”) online content, such as photos, friends’ status updates, Facebook pages of products, sports, musicians, books, restaurants, or popular Web sites”

-correctly discriminates between:

  • -Homosexual and heterosexual men in 88% of cases
  • -African Americans and Caucasian Americans in 95% of cases
  • -Between Democrat and Republican in 85% of cases
  • -For the personality trait “Openness,” prediction accuracy is close to the test–retest accuracy of a standard personality test

The “surveillance economy” is why the US needs FAR STRONGER LAWS at the very least to prevent the hidden collection, use, and sale of health data, including everything about our minds and bodies, unless we give meaningful informed consent.

This urgent topic, ie whether the US should adopt strong data privacy and security protections like the EU—will be debated at the 3rd International Summit on the Future of Health Privacy June 5-6 in DC (it’s free to attend and will also be live-streamed). Register at: www.healthprivacysummit.org

2012 Sets New Record for Reported Data Breaches

Please view the full report at 2012 Sets New Record for Reported Data Breaches

Everyone knows that securing data is hard, but in healthcare much is still not even encrypted. 2012 broke the record for the most data breaches.

  • -”With 2,644 incidents recorded through mid-January 2013, 2012 more than doubled the previous highest year on record (2011)”

“The latest information and research conducted by Risk Based Security suggests that organizations in all industries should be on notice that they face a very real threat from security breaches. Whether it is the constantly increasing security threats, ever-evolving IT technologies or limited security resources, data breaches and the costs related to response and mitigation are escalating quickly. Organizations today need timely and accurate analytics in order to better prioritize security spending based on their unique risks.”

Some key statistics:

“The Business sector accounted for 60.6 percent of all 2012 reported incidents, followed by Government (17.9%),Education (12.0%), and Medical (9.5%). The Business sector accounted for 84.7 percent of the number of records exposed, followed by Government (12.6%), Education (1.6%), and Medical (1.1%).”

“76.8% of reported incidents were the result of external agents or activity outside the organization with hacking accounting for 68.2% of incidents and 22.8% of exposed records in 2012. Incidents involving U.S. entities accounted for 40.7% of the incidents reported and 25.0% of the records exposed.”

Snapchat and the Erasable Future of Social Media

Here is a recent article about SnapChat, which makes pictures and videos shared via the Internet disappear 10 seconds after they are seen.
Internet technologies constantly collect and use personal data without consent. American health IT systems do the very same thing: constantly collect and use sensitive personal health data without consent. New technologies that ‘erase’ data after a single use could prevent secondary collection, disclosures, and sales of everything from our diagnoses to prescription records to DNA.
We are constantly told young Americans don’t care about privacy. Would you be surprised to learn that’s wrong? The truth is the majority of people, young and old, want to control the use of personal data:

  • -”88 percent of participants from ages 18 to 24 responded that there should be a law requiring websites and advertising companies to delete all stored information about an individual upon request”
  • -”94 percent of people from 45 to 54 also supported the idea”

“The default setting for almost everything people share online is that it will live for eternity in the cloud” —-we are forced to surrender control of personal information just to be online. Who believes the US public agreed that total surveillance is a fair price for using the Internet?

Since we can’t STOP personal data from being collected, technologies like Snapchat  and Wickr that make data “erasable” are critical tools to help restore control over personal data.

Americans want the right to be forgotten, BUT FIRST AND FOREMOST, our constitutional RIGHT TO BE LET ALONE should be restored in the digital age.

KEY QUOTES from the article about Snapchat:

  • -”In the U.S., Snapchat was the second-most popular free photo and video app for the iPhone in early February, just behind YouTube and ahead of Instagram.”
  • -Pew Research Center survey found that 57 percent of all app users “have either uninstalled an app over concerns about having to share their personal information, or declined to install an app in the first place for similar reasons.”
  • -A January 2013 study by the Ponemon Institute… found social media to be among the least trusted industries when it comes to protecting customers’ privacy online.
  • -[Snapchat's] rapid growth demonstrates a huge business opportunity—namely, services aimed at the increasing number of people worried about their social media footprints.
  • -researchers at the University of California at Berkeley found that ….young Americans ….[are] as anxious as their parents about their permanent social records.
  • -88 percent of participants from ages 18 to 24 responded that there should be a law requiring websites and advertising companies to delete all stored information about an individual upon request
  • -94 percent of people from 45 to 54 also supported the idea
  • -“The early adopters of Snapchat are teens in the U.S.”
  • -“Whenever I ask someone, do they want control over the messages and media that they send to others, the answer 100 percent is yes,” says Sell. “There’s no question that this has mainstream appeal.”
  • -Sell talks of private communication as “a universal human right” that largely doesn’t exist in the current digital landscape in which big data companies are continuously harvesting and mining information about our every online utterance.

Ephemeral data is the future

Data Protection Laws, an Ocean Apart

American citizens are like just like EU citizens: they want the same strong rights to control personal information online, especially health information.

See the letter Patient Privacy Rights and other NGOs signed supporting the EU’s tough requirements for data protection.  The letter urges the US government policy makers to support the same tough data protections for US citizens, also embodied in the protections President Obama laid out in the “Consumer Privacy Bill of Rights”.

Unfortunately, the “Consumer Privacy Bill of Rights” exempts all health data, leaving the flawed HIPAA Privacy Rule that eliminates our control over personal health data in effect. The 563 page Omnibus Privacy Rules adds strong data security protections and stronger enforcement of violations for some health data holders and users, but not all. But it does not restore patients’ rights to consent before personal health information is accessed or used, even though the right to control health information has been the law of land for centuries and is the key ethic in the Hippocratic Oath (requires doctors to keep information private and not share it without consent).

US citizens will not trust their physicians or electronic health systems unless they control who can see and use their records, from diagnoses to DNA to prescriptions.

Article: Big brother to log your drinking habits and waist size as GPs are forced to hand over confidential records

To view the full article written by Jack Doyle, please visit: Big brother to log your drinking habits and waist size as GPs are forced to hand over confidential records

The UK government proposes to collect citizens’ health data in a “giant information bank”.  “A document outlining the scheme even raises the prospect of clinical data being passed on or sold to third parties”.

Quotes:

  • -Doctors will be forced to hand over sensitive information about patients as part of a new programme called Everyone Counts.
  • -The files will be stored in a giant information bank that privacy campaigners say represents the  ‘biggest data grab in NHS history’.
  • -Ross Anderson, professor of security engineering at Cambridge University, said: ‘Under these proposals, medical confidentiality is, in effect, dead and there is currently nobody standing in the way.’

David Cameron was criticized in the Guardian in 2011 when he first announced similar plans for collecting all citizens health data to:

  • -“encourage NHS ties with industry and fuel innovation, including £180m catalyst fund”
  • -encourage “collaboration between the health service and the life sciences industry”
  • -“make it easier for drug companies to run clinical trials in hospitals and to benefit from the NHS’s vast collection of patient data”.

The tens or hundreds of billions generated annually by sales of American citizens’ electronic health information are an attractive model for the UK and EU given the dire economic situation in the EU. It’s hard to know how large the market for health data is or how health data is used without a data map. See Professor Sweeney explain theDataMap research project at: http://tiny.cc/etyxrw

Americans can’t control who sees or uses their health data. Will UK citizens suffer the same fate?

Rekindling the patient ID debate

Unique patient identifiers pose enormous implications for patient control and privacy. Dr. Deborah Peel is quoted in this article explaining how detrimental UPIs will be for patient trust and safety. To view the full article, please visit Rekindling the patient ID debate.

Key Quotations:

“The idea of unique patient identifiers (UPIs) is not a concept extracted from the next dystopian novel. It could very well be reality in the not-so-distant future. The question remaining, however, is whether or not the benefits of such technology outweigh constitutional privacy and patient trust concerns.”

“Deborah Peel, MD, founder of Patient Privacy Rights, and a fierce opponent of UPIs, writes in a Jan. 23 Wall Street Journalarticle, ‘In the end, cutting out the patient will mean the erosion of patient trust. And the less we trust the system, the more patients will put health and life at risk to protect their privacy.’

Peel points to the present reality of patient health information – genetic tests, claims data and prescription records – already being sold and commercialized. ‘Universal healthcare IDs would only exacerbate such practices,’ she avers.”

Questions of Privacy

ModernHealthcare.com recently posted a great article about PPR’s Dr. Deborah Peel and her work.

A few key points from the article:

“In 2002, HHS redrafted the privacy rule of the Health Insurance Portability and Accountability Act, replacing its patient consent requirement for the sharing of most patient records with a new provision. The rewrite afforded ‘regulatory permission,’ according to the rule, for hospitals, physicians, insurance companies, pharmacies, claims clearinghouses and other HIPAA-covered entities to use and disclose patient data for treatment, payment and a long list of other healthcare operations without patient consent.”

“’Let’s face it,’ Peel says, ‘HHS is the agency that eliminated patient control over electronic medical records and has remained hostile to patients’ rights ever since.’”

“‘Where I’m coming from is, I’ve spent all this time in a profession with people being hurt,’ Peel says. ‘Starting in the 1970s, when I first let out my shingle, people came to me and said, if I paid you in cash, would you keep my records private. Now, we’ve got a situation where you don’t even know where all your records are. We don’t have a chain of custody for our data, or have a data map’ to track its location.”

Nearly Half of U.S. Adults Believe They Have Little To No Control Over Personal Info Companies Gather From Them While Online

To view the full article, please visit Nearly Half of U.S. Adults Believe They Have Little To No Control Over Personal Info Companies Gather From Them While Online.

No surprise, 80% of US adults do NOT want targeted ads. 24% think they have no control over information shared online.

How will US adults feel when they learn they have no control over sensitive electronic health information? Despite the new Omnibus Privacy Rule,  there is still no way we can stop our electronic health records from being disclosed or sold.  The only actions we can take are avoiding treatment altogether or seeking physicians who use paper records and paying for treatment ourselves. No one should be faced with such bad choices. There is no reason we should have to give up privacy to benefit from technology.

Today, the only way to prevent OUR health information from being disclosed or sold to hidden third parties is to avoid electronic health systems as much as possible. That puts us in a terrible situation, because technology could have been used to ensure our control over our health data. The stimulus billions can still be used to build trustworthy technology systems that ensure we control personal health information. Institutions, corporations, and government agencies should not control our records and should have to ask us for consent before using our them.

Quotes:

  • -”45% of U.S. adults feel that they have little (33%) or no (12%) control over the personal information companies gather while they are browsing the web or using online services such as photo sharing, travel, or gaming.”
  • -”many adults (24%) believe that they have little (19%) to no (5%) control over information that they intentionally share online”
  • -”one-in-five (20%) said that they only minimally understand (17%), or are totally confused (3%) when it comes to personal online protection”
  • -”When asked under what circumstances companies should be able to track individuals browsing the web or using online services, 60% say this should be allowed only after an individual specifically gives the company permission to do so.”
  • -”Just 20% of adults say that they want to receive personalized advertising based on their web browsing or online service use, while the large majority (80%) report that they did not wish to receive such ads.”

DNA records pose new privacy risks

To view the full article, please visit: DNA Records Pose New Privacy Risks

An article in the Boston Globe highlights the ease with which DNA records can be re-identified. According to the article, “Scientists at the Whitehead Institute for Biomedical Research showed how easily this sensitive health information could be ­revealed and possibly fall into the wrong hands. Identifying the supposedly anonymous research participants did not require fancy tools or expensive equipment: It took a single researcher with an Internet connection about three to seven hours per person.” Even truly anonymous data was not entirely safe from being re-identified. Yaniv Erlich”…decided to extend the technique to see if it would work with truly anonymous ­data. He began with 10 unidentified men whose DNA ­sequences had been analyzed and posted online as part of the federally funded 1,000 Genomes Project. The men were also part of a separate scientific study in which their family members had provided genetic samples. The samples and the donors’ relationships to one ­another were listed on a website and publicly available from a tissue repository.”

These findings are incredibly relevant because it is highly possible that “something a single researcher did in three to seven hours could easily be automated and used by companies or insurers to make predictions about a person’s risk for disease. ­Although the federal Genetic Information Nondiscrimination Act protects DNA from ­being used by health insurers and employers to discriminate against people”.

Jodie Foster & Privacy at the Golden Globes

In her acceptance speech for the Cecil B. DeMille award at the Golden Globes, Jodie Foster spoke briefly on the value of privacy. Her poignant words are a reminder not to take privacy for granted. If we don’t stand up and fight to preserve our rights to privacy, we will lose them..

“But seriously, if you had been a public figure from the time that you were a toddler, if you’d had to fight for a life that felt real and honest and normal against all odds, then maybe you too might value privacy above all else. Privacy. Someday, in the future, people will look back and remember how beautiful it once was.”