OP-ED

HIPAA’s Broken Promises

SFox - LgIf you hate HIPAA, it’s your lucky day. Paul Ohm is handing you ammunition in his article, “Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization.” His argument: our current information privacy structure is a house built on sand.

“Computer scientists…have demonstrated they can often ‘reidentify’ or ‘deanonymize’ individuals hidden in anonymized data with astonishing ease.”

Ohm’s article describes HIPAA, in particular, as a fig leaf – or worse, as kudzu choking off the free flow of information.

“[I]t is hard to imagine another privacy problem with such starkly presented benefits and costs. On the one hand, when medical researchers can freely trade information, they can develop treatments to ease human suffering and save lives. On the other hand, our medical secrets are among the most sensitive we hold.”

Indeed, one might reformulate that statement:

“When e-patients can freely trade information (with fellow patients, with family members, with health professionals…), they can track symptoms, treatments, and outcomes that would otherwise go unobserved.

That’s the hope and the promise of participatory medicine. Yet there is a danger to all that health data floating around.

Ohm uses a haunting phrase to describe the possibility of re-identification: the database of ruin. It will reveal all our secrets to everyone, at any time, and follow us wherever we go (calm down, it doesn’t exist yet).

My take on his essential message is:

Fear the database of ruin, but don’t become paralyzed by it. Instead, work toward its prevention.

That call should be heard by everyone, not just those of us living with diagnoses we want to hide. Ohm argues that only people with absolutely no secrets and no connection to the modern world can live free of the threat of the database of ruin, but he delightfully calls them “the unicorns and mermaids of information privacy.” We live in glass houses and type at glass keyboards, people.

Another phrase that is sticking with me:

“Utility and privacy are, at bottom, two goals at war with one another.”

The more useful a data set, the less likely it is to be scrubbed of identifying information. Think about the implications. If we want useful data, we need to make trade-offs on what might be revealed in that data. Who should make those choices? E-patients? Health professionals? Regulators? Trade groups? What groups or types of data should get special treatment? (See: “Children and Population Biobanks” in Science, 14 August 2009: 818-819 – hat tip to Chris Hoofnagle).

Ohm focuses on a lawmaker’s conundrum: regulation of reidentification is “the latest example of the futility of attempting to foist privacy on an unappreciative citizenry.” Indeed, regulators might point to the millions of people flocking to MySpace and Facebook, or the thousands participating in even deeper personal experiments of data tracking, and ask, “Who am I to get in the way of all this sharing?” Ohm argues that this laissez-faire attitude would be irresponsible and I think e-patients should hear him out: “[T]oday’s petty indignity provides the key for unlocking tomorrow’s harmful secret.” In sum, Ohm’s article is a strong vote for data protection even as he eviscerates the current system.

You see, there is no such thing as “security through obscurity” when so many databases exist, containing all the clues someone might need to match your “25 Random Things About Me” with your search-term trail and, in turn, your financial or health records.

All of which leads us to this question:

“Once regulators choose to scrap the current HIPAA Privacy Rule – a necessary step given the rule’s intrinsic faith in deidentification—how should they instead protect databases full of sensitive symptoms, diagnoses, and treatments?”

Nobody is on the sidelines of this debate. Yes, your participation in an online health data-sharing site puts you at greater risk, but Ohm points out that “stored search queries often contain user-reported health symptoms” and indeed, Pew Internet research has consistently shown that 80% of internet users have looked for health information online and search is usually the first stop. Few people want to cut off access to the vital information found online, but what about the opportunities for advancement through data sharing?

Finally, as Jane Sarasohn-Kahn points out, “Americans feel dis-empowered when it comes to health information technology.” Frankly, most people don’t even know the half of what is going on in this debate — imagine how they would feel if they did!

So: If you care at all about health information technology: Read the article, form your own opinion, and get to work.

Livongo’s Post Ad Banner 728*90

Categories: OP-ED

Tagged as: , , ,

19
Leave a Reply

19 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
14 Comment authors
DukePhentermineMerle BushkinNateMD as HELL Recent comment authors
newest oldest most voted
Duke
Guest
Duke

I was amazed at what HIPPA meant when my wife and I recently paid to have calcium score CT done, at our expense. The center could provide the results to our physician no problem (although he had not asked for the test), but COULD NOT provide that information to us (the patient and the payer) without us signing a release form. duh?

Merle Bushkin
Guest

Hi Alexander, I agree with your public health concerns but think that our primary objective must be to improve the care individual patients receive while reducing its cost. We can do that now — and relatively easily. But if we muck up this primary objective with other nice-but-not-readily-doable objectives, such as forcing docs to adopt EMR systems so we can feed a web-focused network, trying to exchange information among EMR systems that can’t talk to one another, and/or satisfying the broad range of public health concerns, we will delay for years our ability to meet our primary goal. In a… Read more »

Alexander Saip
Guest

Merle, I agree with you that your care provider only need your PHR on any portable media type. But you will have to keep it on you at all times, just in case. Accidents happen… And if you allergic to latex or certain drug, I bet you want the ED doctor to be aware of that. You may also want to let him know your advance directives. Hopefully, our PHR does not become unusable in a car crash. Apart from your personal care, please consider public health needs, such as early epidemic detection and biosurveillance in general. Sure, we can… Read more »

Phentermine
Guest

Thank goodness Americans are seeing right through this hope ‘n change jackassery.

Merle Bushkin
Guest

There is a simple way to ensure medical record privacy and security. Don’t store patient records on web servers — and that includes health record bank servers. Put them exclusively in the hands of the patients. Notwithstanding assurances from well intentioned people like Deborah Peel, Microsoft, Google, John Halamka, et al., absolutely no one can guarantee that web-based records accessible over the Internet are inviolate! If you are gullible enough to believe them, I’d lke to talk with you. I have a bridge or two I’d like to sell! The White House, DOD, Fort Knox, and other government offices —… Read more »

Nate
Guest
Nate

HIPAA is used as a way to stop quality control efforts at almost all levels. Even if you had access, they can say you didn’t and get away with squashing you.
HIPAA = #1 Legal Method for Bashing a Whistleblower

Margalit Gur-Arie
Guest
Margalit Gur-Arie

It’s not about digging dirt. If you obtain a database of voters registration from, say, a particular county, and combine that with a deidentified database (or query results) of admissions to the county hospital, you can come up with a name and address for most admissions in that county with very “reasonable” accuracy.

inchoate but earnest
Guest
inchoate but earnest

It really isn’t a THCB post without an MD as Hell non sequitur entry…. The Ohm paper Ms Fox references unwittingly serves 2 purposes: it highlights the ease with which personal data may be re-assembled with REASONABLE accuracy, and the difficulty of wielding any personal health data, whether de-or -re-anonymized, with CERTAINTY. When it comes to health care, there’s a big difference between reasonable accuracy and certainty. Ask your doctor how prepared s/he is to diagnose and/or operate on you based on a reasonable assurance s/he is working from your personal health data, as opposed to being certain s/he has… Read more »

MD as HELL
Guest
MD as HELL

Government like a cancer grows.

Alexander Saip
Guest

Interestingly, the Business Week article, Dr. Peel refers to, doesn’t mention any data mining by or at the request of a third party. In its concept, a health record bank is similar to cloud-based PHR systems Google and Microsoft already have, where everybody can store his/her electronic health records for free. I am sure both companies have certain ideas about generating some revenue from the use of that data, that is why creating a legislative and regulatory framework regarding access control and patient privacy should not be far behind.

Margalit Gur-Arie
Guest
Margalit Gur-Arie

Dr. Peel, your objectives are admirable and I support them wholeheartedly, however your proposed solution is (as incohate wrote) disastrous.
Queries against databases return data. The same exact data that you propose not to give “researchers” outright. There is no difference, unless you come up with elaborate restrictions on allowed queries. Success in deidentifying data is reversely proportional to the amount of data your deidentifying. The more you have in the bank, the worse it gets, particularly if you add personal information regarding lifestyle, occupation, etc.
There is no Fort Knox, if the doors are locked, but the windows are open.

inchoate but earnest
Guest
inchoate but earnest

Dr Peel’s post suggests that she is well-intentioned, but startlingly naive concerning information technology. Her absolute statements concerning the powers of “health record banks” with “DoD level security” are – well, they’re just plain silly.
Issues concerning health records privacy/security are as much matters of human behavior as technology, and her bank vaults just don’t have room to house every variant of the former.
Whomever is putting her up to such foolish utterances knows better. They should respect her dignity & let her in on their little secrets.

Deborah C. Peel, MD
Guest

The solution to having robust data for research AND privacy (personal control over the use of our sensitive health records) is to use health record banks and informed consent. See op-ed on the subject at: http://www.businessweek.com/bwdaily/dnflash/content/dec2008/db20081218_385824.htm Individuals are entitled to free copies of ALL their electronic health records they can put in a health bank account AND add so much more information on diet, exercise, alternative treatments, occupation, environment, etc. The beauty of health bank accounts is ONLY YOU CONTROL your personal data and your records can never be used or data mined without your permission. So health banks will… Read more »

buy soma online
Guest

Tough times for now regarding our health care policy but what can we do? We don’t have the power and all we have to do is to follow. We are just ordinary people and hoping for a better future for our children’s health care system.I hope our president will realize what do we really need and not what their pockets want.

Susannah Fox
Guest

Just to be clear, I am not suggesting that HIPAA is going away – that quote is from Ohm’s article, which I hope everyone is inspired to read for themselves.
This post originally appeared on e-patients.net with links to other source material:
http://e-patients.net/archives/2009/09/hipaas-broken-promise.html
I left Friday’s hearing feeling rather optimistic too, mostly b/c of the sharp questions asked by the committee members and the testimony provided by two of them, Deven McGraw and Latanya Sweeney.
Here’s a garbly draft transcript of the hearing:
http://bit.ly/HITpol9-18
Read the #HITpol tweets for more discussion of the issues raised that day.