Privacy could ‘crash’ big data if not done right

April 15, 2014 | By Ashley Gold | FierceHealthIT

Privacy has the potential to crash big data before there’s a chance to get it right, and finding the right balance is key to future success, experts argued at a Princeton University event earlier this month.

The event, titled “Big Data and Health: Implications for New Jersey’s Health Care System” featured four panels exploring health, privacy, cost and transparency in regard to how big data can improve care and patient outcomes, according to an article on the university’s website.

“Privacy will crash big data if we don’t get it right,” Joel Reidenberg, visiting professor of computer science at Princeton and a professor at Fordham University’s School of Law, said at the event.

To view the full article, please visit Privacy could ‘crash’ big data if not done right

 

Kaiser Had Malware on Server for 2.5 Years

By Joseph Goedert | April 8, 2014 | HealthData Management

The Northern California division of Kaiser Permanente is notifying about 5,100 patients that protected health information was on a server found in February 2014 to be infected with malicious software.

In a letter to patients, the organization says it believes the server was infected in October 2011. Kaiser removed the server–used to store research data–and confirmed other servers were not affected and appropriately secured. “We currently have no information that any unauthorized person accessed the information on the server,” according to the patient letter. “However, the malicious software broke down the server’s security barriers so we are investigating and responding with a very high level of caution and concern. We are very sorry that this happened.”

Information on the server included patient name, date of birth and gender, and also may have included address, race-ethnicity, medical record number, lab results associated with research, and patient responses to questions related to research studies in which they participated. Social Security numbers and data from Kaiser’s electronic health record were not held on the server.

(See also: Top 6 Threats to Enterprise Security)

The new breach soon will be listed on the HHS Office for Civil Rights’ website of major security breaches affecting 500 or more individuals, and it will be Kaiser’s fourth posting on the site.

In late 2013, a missing flash drive from the nuclear medicine department at Anaheim Medical Center resulted in notifications sent to about 49,000 patients. Also in 2013, Kaiser notified 647 patients after learning of unauthorized access/disclosure of the EHR. In late 2009, the organization notified about 15,500 patients following the theft of an electronic portal device.

 

 

 

Advances in health IT must be viewed as a whole

by Andy Oram | @praxagora | April 7, 2014

Reformers in health care claim gigantic disruption on the horizon: devices that track our movements, new treatments through massive data crunching, fluid electronic records that reflect the patient’s status wherever she goes, and even the end of the doctor’s role. But predictions in the area of health IT are singularly detached from the realities of the technical environment that are supposed to make them happen.

To help technologists, clinicians, and the rest of us judge the state of health IT, I’ve released a report titled “The Information Technology Fix for Health: Barriers and Pathways to the Use of Information Technology for Better Health Care.” It offers an overview of each area of innovation to see what’s really happening and what we need to make it progress further and faster.

To view the full article, please visit: Advances in health IT must be viewed as a whole

Security and Privacy of Patient Data Subject of Regulatory Hearing

Representatives of patients, providers, insurers and tech companies testify before federal panel yesterday at the HIT Policy Privacy & Security Tiger Team Virtual Hearing on Accounting for Disclosures.

“We believe it’s the patient’s right to have digital access that is real-time and online for accounting of disclosures,” said Dr. Deborah Peel, the head of Patient Privacy Rights, a group she founded in 2004. Patients “need and want the data for our own health. We need to have independent agents as advisors, independent decision-making tools, we need independence from the institutions and data holders that currently control our information. We need to have agents that represent us, not the interests of corporations,” she said.

“I think the day will come when people will understand that their health information is the most valuable personal information about them in the digital world and that it’s an asset that should be protected in the same way that they protect and control their financial information online,” Peel said.

To view the full article click Security and Privacy of Patient Data Subject of Regulatory Hearing

To view a PDF of the hearing click HIT Policy Privacy & Security Tiger Team Virtual Hearing on Accounting for Disclosures

 

Privacy groups ask FTC to stop Facebook policy changes

“Half a dozen privacy groups have asked the Federal Trade Commission to stop Facebook from enacting changes to two of its governing documents… In addition to EPIC, CDD and Consumer Watchdog, representatives from Patient Privacy Rights, U.S. Public Interest Research Group and the Privacy Rights Clearinghouse also signed the letter.”

To view the full article, please visit: Privacy groups ask FTC to stop Facebook policy changes

A Family Consents to a Medical Gift, 62 Years Later

Should researchers control the use of everyone’s genomes?

It’s time for a national debate about when and how our genetic information should be used.  The healthcare industry and government are planning that our genomes will soon be part of our electronic health records, so that sensitive data can be used without patient consent. The cost of sequencing a genome will soon drop below $1,000.

But the debate about who should control the use of this unique, personal information must be informed by knowing/tracking the hidden flows of genetic data.

The next phase of theDataMap should track the use, sale, and disclosure of genetic information: from hospitals, labs, and genomic sequencing companies to private biobanks, etc, etc.

We cannot weigh risks vs. benefits of open access to genetic data when the risks are unknown.

Usability Failures Heat Up EHR Replacement Market, Black Book Rankings Survey

“According to a recent Black Book Market Research user surveys, the demands of EHR usability can no longer be ignored. 100% of nearly 2,900 practices engaged in the poll report they are employing much stricter selectivity in the replacement market wave and driving more informed decisions as they prepare to swap out original EHR systems.”

To view the full release: Usability Failures Heat Up EHR Replacement Market, Black Book Rankings Survey

Experts tout Blue Button as enabling information exchange between medical provider and patient

Blue Button Plus (BB+) and direct secure email technologies could put patients in control of all use and disclosure of their electronic health records. BB+ lets us ‘view, download, and transmit’ our own health data to physicians, researchers, or anyone we choose.

But state Health Information Exchanges (HIEs) don’t allow patients to control the disclosure of personal health data. Some state HIEs don’t even ask consent; the HIE collects and shares everyone’s health records and no one can opt-out. Most state HIEs ask patients to grant thousands of strangers—employees of hospitals, doctors, pharmacies, labs, data clearinghouses, and health insurers—complete access to their electronic health records.

When corporations, government, and HIEs prevent patients from controlling who sees personal health data– from prescriptions, to DNA, to diagnoses– millions of people every year avoid or delay treatment, or hide information.

HIEs that open the door to even more hidden uses of health data will drive even more patients to avoid treatment, rather than share information that won’t be private.

Health IT systems that harm millions/year must be fixed. Technology can put us in control of our data, achieve the benefits and innovations we expect, and prevent harms.  We have to change US law to require technologies that put patients in control of their electronic health records.

Re: The Internet is a surveillance state

In response to the CNN article by Bruce Schneier: The Internet is a surveillance state

Bruce Schneier is wrong. Privacy is not over — the public is just now learning how invasive Internet technology, tech corporations, and government really are, and that they ACT to protect and maintain the US surveillance economy. When enough citizens tell Congress and the President to stop, this privacy disaster will stop.

The public is just beginning to WAKE UP. Today is the start of privacy in the Digital Age in the US, not the end.

It’s a lie that people happily give up privacy for “targeted ads” — tech giants like Google, Facebook, etc. have PREVENTED us from having apps and tools that enable privacy (ie, our right TO control personal information online). We have NO choices because government and the data mining industry have prevented us from having meaningful choices.

Signs of intelligent life in the Universe:

  • Attend or watch the 3rd International Summit on the Future of Health Privacy (its free). The EU Data Protection Supervisor will keynote and so will the US Chief Technology Officer—-the stark differences between US and EU data protections will be discussed—register at: http://www.healthprivacysummit.org/d/vcq3vz/4W
  • SnapChat—millions of free downloads of an app that shows people want technology that gives THEM control over their data: single use of info (a picture in this case) and the ability to delete info. See: http://patientprivacyrights.org/2013/02/snapchat-and-the-erasable-future-of-social-media/
  • A recent Pew Research Center study found smartphone users are taking action to protect their privacy:
  • The default for Microsoft’s Windows 8 browser is ‘Do Not Track’
    • Microsoft’s Chief Privacy Officer Brendon Lynch said a recent company study of computer users in the United States and Europe concluded that 75 percent wanted Microsoft to turn on the Do Not Track mechanism. “Consumers want and expect strong privacy protection to be built into Microsoft products and services.”
    • See more in the New York Times article: Do Not Track? Advertisers Say ‘Don’t Tread on Us’

DONATE to help Latanya Sweeney and Patient Privacy Rights build a health data map—-we MUST prove that thousands of hidden data users are stealing, using , and selling our personal health data: http://patientprivacyrights.org/donate/

SEE Latanya describe thedataMap at: http://patientprivacyrights.org/thedatamap/
This is the beginning of privacy, the war has just begun.