FTC Calls for Data Broker Transparency

By Marianne Kolbasuk McGee | healthcareinfosecurity.com
May 29, 2014

The Federal Trade Commission is urging Congress to enact privacy legislation that would provide consumers with more transparency about the activities of data brokers that collect sensitive health and financial data.

Reacting to the FTC recommendation, two consumer advocates say the explosion of data broker activities in recent years, coupled with regulatory gaps, point to the need for some legislative reforms to protect consumer privacy.

A May 27 FTC report that examined nine companies describes data brokers as “companies whose primary business is collecting personal information about consumers from a variety of sources and aggregating, analyzing and sharing that information, or information derived from it, for purposes such as marketing products, verifying an individual’s identity, or detecting fraud.”

The FTC says data brokers raise privacy concerns for consumers because “significantly, data brokers typically collect, maintain, manipulate and share a wide variety of information about consumers without interacting directly with them.”

The report notes: “In light of these findings, the commission unanimously renews its call for Congress to consider enacting legislation that would enable consumers to learn of the existence and activities of data brokers and provide consumers with reasonable access to information about them held by these entities.”

Deborah Peel, M.D., founder of advocacy group Patient Privacy Rights, says federal legislators and regulators need to crack down on data brokers, especially those that deal with sensitive information, such as health data.

“This is clearly a case where the government must pass laws that require personal control over personally identifiable information to restore our rights to privacy, because we can’t possibly do it ourselves,” Peel says. “Worse, the FTC seems not to have a handle on the size of the health data broker industry. … “Personal information is the ‘oil’ of the digital age – and our personal information belongs to each of us. … If the data brokers want our data, they should just ask. If we think the benefits are worth it, we will say ‘yes’.”

To view the full article, please visit FTC Calls for Data Broker Transparency

 

Privacy could ‘crash’ big data if not done right

April 15, 2014 | By Ashley Gold | FierceHealthIT

Privacy has the potential to crash big data before there’s a chance to get it right, and finding the right balance is key to future success, experts argued at a Princeton University event earlier this month.

The event, titled “Big Data and Health: Implications for New Jersey’s Health Care System” featured four panels exploring health, privacy, cost and transparency in regard to how big data can improve care and patient outcomes, according to an article on the university’s website.

“Privacy will crash big data if we don’t get it right,” Joel Reidenberg, visiting professor of computer science at Princeton and a professor at Fordham University’s School of Law, said at the event.

To view the full article, please visit Privacy could ‘crash’ big data if not done right

 

Petition for OSTP to Conduct Public Comment Process on Big Data and the Future of Privacy

February 10, 2013

Patient Privacy Rights, joined by EPIC, ACLU, Center for Democracy & Technology, EFF and 24 other consumer privacy and public interest organizations asked the White House’s Office of Science and Technology Policy to issue a Request for Information in order to conduct a review that incorporates the concerns and opinions of those whose data may be collected in bulk as a result of their engagement with technology.

“We believe that the public policy considerations arising from big data and privacy are issues of national concerns that ‘require the attention at the highest levels of Government.’”

The Coalition for Patient Privacy believes that the “OSTP should consider a broad range of big data privacy issues, including but not limited to:
(1) What potential harms arise from big data collection and how are these risks currently addressed?
(2) What are the legal frameworks currently governing big data, and are they adequate?
(3) How could companies and government agencies be more transparent in the use of big data, for example, by publishing algorithms?
(4) What technical measures could promote the benefits of big data while minimizing the privacy risks?
(5) What experience have other countries had trying to address the challenges of big data?
(6) What future trends concerning big data could inform the current debate?”

For more information, see EPIC, Coalition Urge White House to Listen to Public on “Big Data and Privacy”

To view a copy of the letter, please visit Petition for OSTP to Conduct Public Comment Process on Big Data and the Future of Privacy

Transparency: Brand Reputation and Patient Trust

Agreed: transparency is critical for patient trust. With so few HIT corporations putting patients in charge of personal health information (PHI), it is rare good news to see a companies like Jericho working on consent directives.

From the Article:

 
Keeping a solid brand in healthcare requires trust. Trust is important no matter the industry. However, in healthcare, trust is more personal. When it comes to patient care, much private, personal information is given by individuals and also received through physician engagement and various clinical tests. Patient information needs to be safeguarded, just as a patient intends it to be.

Recently, The University of Texas at Austin Health Information Technology Program, Jericho Systems Corporation, and Conemaugh Health System undertook a pilot to test if protected health information (PHI) can adhere to consent directives. The good news is they proved the integrity of a patient’s consent directive through the health information exchange. With this test, greater confidence in patient data security and privacy is gained. The work doesn’t stop here, as there are many practices necessary to support patient privacy and security as networks expand and exchanges broaden.

Equally important are practices to support data transparency in healthcare. Transparency should mean that patients know what data is being collected and who their data is being shared with.

The points are straightforward here, too.

  • Trustworthy brands in healthcare embrace transparency. Open communication about what information is being collected and shared rises to the same standard of protecting the privacy of designated PHI.
  • Brands build relationships, and relationships are built on trust. Transparency builds trust, as does consistently delivering on your promises made.

To read the full article, please visit: Transparency: Brand Reputation and Patient Trust

ONC: Looking for ‘realistic’ ways to account for disclosures

“ONC’s Health IT Policy Committee Tiger Team held a virtual hearing Sept. 30 to gather information about the rule and explore ‘realistic ways to provide patients with greater transparency about the uses and disclosures of their digitized, identifiable information,’ according to a Sept. 23 blog post by Committee Chair Devon McGraw. The Tiger Team asked for answers to specific questions, such as what patients want to know and how transparency technologies currently are being used by covered entities.”

“Deborah Peel, Founder and Chair of the Patient Privacy Rights coalition, suggested in her testimony that accounting for disclosures needs to include all of the detailed information about all uses of a patient’s electronic health information; she added that the rule could be implemented by ‘piggybacking’ onto existing initiatives, such as the Blue Button movement.”

Read more: ONC: Looking for ‘realistic’ ways to account for disclosures – FierceEMR

To read Dr. Peel’s testimony on Accounting for Disclosures click here

Patient Privacy Rights Presses HHS for Greater Safeguards and Transparency to Protect Patient Data

Last Thursday, September 12, PPR sent a letter to U.S. Health and Human Services (HHS) Secretary Kathleen Sebelius, urging the immediate implementation of tough new patient privacy protections for digital health records.  With privacy now leading the the list of major issues troubling the public in the digital age, PPR believes meaningful and comprehensive data privacy protections are critical components when it comes to restoring patient trust.

In the letter, PPR recommends that HHS:

  • Allocate 1% of HIE (Health Information Exchange) funding to ensure all patients can choose an “HIE of One” a program that directs all personal data disclosures, which are visible to the patient without restriction or delay.
  • Mandate portals for patients and physicians and require the use of voluntary patient email addresses be used for Record Locator Services (RLS). With these technologies, every state can easily and inexpensively offer an “HIE of One” to those who want to decide who may use their data.
  • Require health IT systems to build technology so patients can segment their data for privacy, research, and any other disclosures – allowing patients to decide whether any sensitive data may be used.
  • Provide funding to build and maintain a complete health data map, a service that allows patients to see and understand data flows across the nation and throughout the world. As present, Americans have no “chain of custody” for personal health data and no way to know who is collecting and using health data.

Read the full letter here.

Read the press release here.

Snowden Took a Job To Leak NSA Secrets? Cool. Let’s Have More Like Him at the DOJ, IRS …

Jul. 2, 2013  Reason.com

Much has been made of Edward Snowden telling the South China Morning Post that he deliberately took a job with Booz Allen to gather up evidence of National Security Agency spying so he could leak it to the world. This makes the international man of government officials’ mysteries even more traitorish to the authority-worshippers who already didn’t like his revealing widespread surveillance by the U.S. For the rest of us, it means he set out to do a thorough job before giving the state a well-deserved kick in the ‘nads. This is a guy who apparently deliberately infiltrated the security apparatus, got hold of its dark secrets, and imposed a little of that “transparency” we’d been promised. We could use a few thousand more like him at the IRS, the Justice Department, the DEA, in the Obamacare bureaucracy, local police forces …

To view the full article please visit Snowden Took a Job To Leak NSA Secrets? Cool.