Privacy groups ask FTC to stop Facebook policy changes

“Half a dozen privacy groups have asked the Federal Trade Commission to stop Facebook from enacting changes to two of its governing documents… In addition to EPIC, CDD and Consumer Watchdog, representatives from Patient Privacy Rights, U.S. Public Interest Research Group and the Privacy Rights Clearinghouse also signed the letter.”

To view the full article, please visit: Privacy groups ask FTC to stop Facebook policy changes

Health apps run into privacy snags

“The next time you use your smartphone to inquire about migraine symptoms or to check out how many calories were in that cheeseburger, there is a chance that information could be passed on to insurance and pharmaceuticals companies.

The top-20 health and wellness apps, including MapMyFitness, WebMD Health and iPeriod, are transmitting information to up to 70 third-party companies, according to Evidon, a web analytics and privacy firm”

If you are a subscriber to ft.com, you can view the full article at: Health apps run into privacy snags

FTC Files Complaint Against LabMD for Failing to Protect Consumers’ Privacy

The public would be surprised how little thought or money healthcare businesses put into data security.  LabMD is probably just one of thousands of healthcare businesses that don’t encrypt patient data and whose employees who use file-sharing apps to download music, etc, exposing patient records online.

We need new laws that require businesses that hold health data to be audited to prove they protect it.

Shouldn’t businesses have to prove they use tough data security protections before they are allowed to handle sensitive health information?

To view the full article, please visit: http://www.ftc.gov/opa/2013/08/labmd.shtm

Privacy Hawk: Put Patients at Center of Health Information Exchange (Quotes Dr. Peel)

“If healthcare organizations truly want to protect patient privacy and earn public trust regarding electronic health records (EHRs), they need to let go of the notion that institutions control individual data and look for technology that lets patients take charge of information flow…”

Key quotes from the article:

  • -“Many commercial EHRs started as systems to improve the operational side of healthcare and increase reimbursement, not to improve clinical care”
  • -“‘We’re stuck with these frankly primitive and privacy-disruptive systems that need to be fixed,’ Peel said at WTN Media’s 11th annual Digital Health Conference.”
  • -To Peel, last week’s revelations that the National Security Agency has been tracking phone calls and e-mails of virtually every American for at least six years shined a light on an issue that long has been prevalent in the healthcare industry.
  • -“‘In healthcare we actually have a total surveillance economy, too,’ said Peel, an Austin, Texas, psychiatrist.”
  • “‘We don’t actually know where our health data goes. We have no chain of custody, much less control over our health information,’ she said. Having personal information get out could lead to ‘health discrimination’ in employment or insurance coverage for patients with mental health disorders, sexually transmitted diseases or cancer, Peel added, and the threat of a breach often leads to care avoidance.”

The Verizon order, the NSA, and what call records might reveal about psychiatric patients

The NSA knows we are sick because we phone doctors’ offices.

As a mental health professional, Dissent Doe explains in her blog (below) how revealing phone call metadata is:

“Because my phone is used mainly for calls to and from patients and clients, can the NSA figure out who my patients are?  And could they, with just a query or bit of analysis, figure out when my patients were going into crisis or periods of symptom worsening?  I suspect that they can. And because I am nationally and internationally known as an expert on a particular disorder, could the government also deduce the diagnosis or diagnoses of my patients or their family members? Probably.”

There is a huge national media response to the NSA spying on Americans’ cell phone calls, but the media does NOT report on the far worse systemic corporate and government spying on the nation’s electronic health records.

The US healthcare system is engineered for hidden corporate and government surveillance of personal data about the minds and bodies of all 300 million Americans –from prescriptions to diagnoses to DNA—it’s all collected and sold.

The US media simply repeats industry and government talking points about the benefits of electronic health systems without reporting on the massive harms:

  • -Millions of patients/year avoid early diagnosis and treatment of cancer, depression, and sexually transmitted diseases because they know that information will not be private (see citations and statistics in:http://patientprivacyrights.org/wp-content/uploads/2010/08/The-Case-for-Informed-Consent.pdf)
  • -1/8 people hide health information because they know that information will not be private
  • -Should we use technology that causes millions to suffer bad outcomes?

2013 is a critical year: every state will share your health data with hundreds-thousands more hidden users via Health Information Exchanges (HIEs).

  • -Many states to not allow you to ‘opt-out’ of HIEs that exchange your health data.
  • -Most states do not allow you to prevent your most sensitive health information from being exchanged.
  • -So far, not one state gives patients control over data exchange.

SIGN PPR’s petition and say “no” to data exchange without your consent at: http://patientprivacyrights.org/2013/06/sign-the-petition-for-patient-controlled-exchange-of-health-information/

We need trustworthy technologies that put patients back in control of the use, disclosure, and sale of their sensitive health data.

  • -Patients have always controlled who could see and use paper medical records.
  • -Now institutions (corporations and government) control who can see and use the nation’s electronic health records.

Great existing technologies can fix badly designed electronic health systems, but we need new laws that require privacy-protective technologies are built into all electronic systems that handle health data.

Re: The Internet is a surveillance state

In response to the CNN article by Bruce Schneier: The Internet is a surveillance state

Bruce Schneier is wrong. Privacy is not over — the public is just now learning how invasive Internet technology, tech corporations, and government really are, and that they ACT to protect and maintain the US surveillance economy. When enough citizens tell Congress and the President to stop, this privacy disaster will stop.

The public is just beginning to WAKE UP. Today is the start of privacy in the Digital Age in the US, not the end.

It’s a lie that people happily give up privacy for “targeted ads” — tech giants like Google, Facebook, etc. have PREVENTED us from having apps and tools that enable privacy (ie, our right TO control personal information online). We have NO choices because government and the data mining industry have prevented us from having meaningful choices.

Signs of intelligent life in the Universe:

  • Attend or watch the 3rd International Summit on the Future of Health Privacy (its free). The EU Data Protection Supervisor will keynote and so will the US Chief Technology Officer—-the stark differences between US and EU data protections will be discussed—register at: http://www.healthprivacysummit.org/d/vcq3vz/4W
  • SnapChat—millions of free downloads of an app that shows people want technology that gives THEM control over their data: single use of info (a picture in this case) and the ability to delete info. See: http://patientprivacyrights.org/2013/02/snapchat-and-the-erasable-future-of-social-media/
  • A recent Pew Research Center study found smartphone users are taking action to protect their privacy:
  • The default for Microsoft’s Windows 8 browser is ‘Do Not Track’
    • Microsoft’s Chief Privacy Officer Brendon Lynch said a recent company study of computer users in the United States and Europe concluded that 75 percent wanted Microsoft to turn on the Do Not Track mechanism. “Consumers want and expect strong privacy protection to be built into Microsoft products and services.”
    • See more in the New York Times article: Do Not Track? Advertisers Say ‘Don’t Tread on Us’

DONATE to help Latanya Sweeney and Patient Privacy Rights build a health data map—-we MUST prove that thousands of hidden data users are stealing, using , and selling our personal health data: http://patientprivacyrights.org/donate/

SEE Latanya describe thedataMap at: http://patientprivacyrights.org/thedatamap/
This is the beginning of privacy, the war has just begun.

2012 Sets New Record for Reported Data Breaches

Please view the full report at 2012 Sets New Record for Reported Data Breaches

Everyone knows that securing data is hard, but in healthcare much is still not even encrypted. 2012 broke the record for the most data breaches.

  • -“With 2,644 incidents recorded through mid-January 2013, 2012 more than doubled the previous highest year on record (2011)”

“The latest information and research conducted by Risk Based Security suggests that organizations in all industries should be on notice that they face a very real threat from security breaches. Whether it is the constantly increasing security threats, ever-evolving IT technologies or limited security resources, data breaches and the costs related to response and mitigation are escalating quickly. Organizations today need timely and accurate analytics in order to better prioritize security spending based on their unique risks.”

Some key statistics:

“The Business sector accounted for 60.6 percent of all 2012 reported incidents, followed by Government (17.9%),Education (12.0%), and Medical (9.5%). The Business sector accounted for 84.7 percent of the number of records exposed, followed by Government (12.6%), Education (1.6%), and Medical (1.1%).”

“76.8% of reported incidents were the result of external agents or activity outside the organization with hacking accounting for 68.2% of incidents and 22.8% of exposed records in 2012. Incidents involving U.S. entities accounted for 40.7% of the incidents reported and 25.0% of the records exposed.”

Nearly Half of U.S. Adults Believe They Have Little To No Control Over Personal Info Companies Gather From Them While Online

To view the full article, please visit Nearly Half of U.S. Adults Believe They Have Little To No Control Over Personal Info Companies Gather From Them While Online.

No surprise, 80% of US adults do NOT want targeted ads. 24% think they have no control over information shared online.

How will US adults feel when they learn they have no control over sensitive electronic health information? Despite the new Omnibus Privacy Rule,  there is still no way we can stop our electronic health records from being disclosed or sold.  The only actions we can take are avoiding treatment altogether or seeking physicians who use paper records and paying for treatment ourselves. No one should be faced with such bad choices. There is no reason we should have to give up privacy to benefit from technology.

Today, the only way to prevent OUR health information from being disclosed or sold to hidden third parties is to avoid electronic health systems as much as possible. That puts us in a terrible situation, because technology could have been used to ensure our control over our health data. The stimulus billions can still be used to build trustworthy technology systems that ensure we control personal health information. Institutions, corporations, and government agencies should not control our records and should have to ask us for consent before using our them.

Quotes:

  • -“45% of U.S. adults feel that they have little (33%) or no (12%) control over the personal information companies gather while they are browsing the web or using online services such as photo sharing, travel, or gaming.”
  • -“many adults (24%) believe that they have little (19%) to no (5%) control over information that they intentionally share online”
  • -“one-in-five (20%) said that they only minimally understand (17%), or are totally confused (3%) when it comes to personal online protection”
  • -“When asked under what circumstances companies should be able to track individuals browsing the web or using online services, 60% say this should be allowed only after an individual specifically gives the company permission to do so.”
  • -“Just 20% of adults say that they want to receive personalized advertising based on their web browsing or online service use, while the large majority (80%) report that they did not wish to receive such ads.”

Privacy and Health Care – Blog referencing PPR’s “The Case for Informed Consent”

The blog Emergent Chaos wrote an article urging for privacy in the mental health field as a means of minimizing the stigma associated with diagnosis.

Some key statistics pointed out in this post:

“First, between 13 and 17% of Americans admit in surveys to hiding health information in the current system. That’s probably a lower-bound, as we can expect some of the privacy sensitive population will decline to be surveyed, and some fraction of those who are surveyed may hide their information hiding. (It’s information-hiding all the way down.)

Secondly, 1 in 8 Americans (12.5%) put their health at risk because of privacy concerns, including avoiding their regular doctor, asking their doctor to record a different diagnosis, or avoiding tests.”