Uncategorized

Why Privacy Must Die

Art Caplan 2I just finished my required training about the protection of patient privacy.  Every employee of New York University Langone Medical Center must take an online course and pass an admittedly not very difficult quiz as to our duties regarding patient privacy.  All other American medical centers have the same requirement.  I passed my quiz.  But, despite my certification, I think the effort to protect privacy in health care is a lost cause.  It is time to admit that privacy in health care is dead.  Confessing that privacy has passed on, while reporting a death is often very sad, has many benefits.  Not only is the continued effort to ensure privacy protection futile, it costs a lot of time and money, undermines trust in the health care system, causes confusion that interferes with family needs and, most importantly, likely gets in the way of giving greater benefit to the sick, soon to be sick and those who are not yet born but who will also become ill.

Much of the required teaching in the United States about privacy involves learning a bit about the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  The Federal Office for Civil Rights of the Department of Health and Human Services enforces the law that protects the privacy of health information that could identify a particular patient such as addresses, phone numbers, email address and medical record numbers.  I know from my training that hospitals and health care institutions must report any breach of information going to someone not providing care to a patient or paying for that care. 

Despite all the effort to protect it, these days privacy both in health care and in general is not doing well.

There have been privacy breaches galore in health care.  In 2015 alone, there were more than 720 data breaches.  The top seven cyberattacks exposed nearly 200 million personal records to fraud and identity theft. 

In February, 2014 as many as 80 million customers of the second-largest health insurance company in the U.S., Anthem Inc., had their account information stolen.  Hackers gained access to Anthem’s computer system and got personal information including names, birthdays, medical IDs, Social Security numbers, street addresses, e-mail addresses, employment information, and data on incomes. In the aftermath of the attack Anthem customers said their identities had been used to file fake tax returns, a common tactic for claiming fraudulent refunds. Some state officials warned that scammers were also targeting Anthem policyholders with fake credit-monitoring appeals. 

UCLA Health stated it was hit by a cyber-attack in 2015 that “may have put some personal information at risk” for as many as 4.5 million people.  Another insurer, Premera Blue Cross, was breached with 11 million customers’ records impacted.   Quest Diagnostics (DGX), the medical lab operator, revealed in 2016 that had been the victim of a computer hack, potentially impacting the personal data of 34,000 customers.

The compromised data included names, dates of birth, lab results and telephone numbers

That is barely the tip of a growing iceberg of cybercrime.  Hackers from anywhere in the world can access health systems and use the personal information they acquire to gain free access to costly medical services, for resale to other crooks, to procure drugs, or to defraud private insurers and government benefit programs.

Not only is privacy currently under assault by criminals breaking and entering with apparent abandon into health care databases, these assaults on privacy in health care are only going to get worse.  Healthcare data hacking is lucrative.  According to the credit rating company Experian, medical records can be worth up to ten times more than credit card information on the black market meaning bad guys have a lot of motivation to hack.  Plus hackers get more for their efforts due to more and more links between data. A hack of the computer systems at the U.S. government’s personnel office compromised the personal information of more than 21 million current, former and prospective federal employees, including highly sensitive data such as background investigations.  We now know more than a billion Yahoo user accounts were hacked in 2013.  As health systems press to link data sets to improve patient care, monitor quality and speed research there are many potential roads that hackers can use to find their way to health-related databases.  Digitization and electronic medical records mean that the bad guys who get in will get a lot more patient information for their trouble.

Efforts to protect against the bad guys mean that the good guys will be pushing privacy aside.  The NSA has already admitted that it is thinking about monitoring all manner of personal medical devices which means that since they are talking about it publicly they likely soon will be doing so.

Not only are hackers, spies and criminals making a bad joke of privacy, doctors and nurses are doing a good job of posting pictures and records of identifiable athletes, celebrities, those with horrific injuries and autopsies on social media.  Cell phones with cameras are ubiquitous in the hospital and nearly everything that happens in a hospital is now videotaped.  In a world under surveillance by ubiquitous cameras privacy does not stand a chance.

Add to the challenges of uncontrollable theft, security recording and gossipy disclosure the reality of human error—leaving a computer in a taxi, not turning off computers with sensitive information on them, throwing away old drives containing plenty of personal health information and misplacing a few gazillion thumb drives and you have a world in which the only people who really believe their health care information will remain private are those who teach the subject in law schools and the leadership of the ACLU.

And to this dismal picture concerning privacy protection in health care the fact that few actually fully understand existing privacy requirements making privacy an obstacle rather than a benefit.  After the horrendous mass shooting at a gay dance club in Orlando, Florida hospitals in the area were not sure if HIPPA restrictions would permit them to release information on the dead and the injured to partners who were not legal spouses or next-of-kin.

Do people care about their privacy in a world in which one nation taps another’s deepest secrets every month, whistleblowers flood the internet with all manner of top-secret stuff including accidently acquired identifiable patient records and patrons of dating sites for those seeking illicit liaisons find their names splashed all over the media?  My informal polling of my colleagues and students reveals that the older you are the more you care.  Younger people like their privacy but seem resigned to having it given away, stolen or sold.  As those used to a world of paper records head off to their final endpoints—a point at which a great deal of privacy completely disappears —it is hard to imagine the next generation trying as hard to protect what they think and most likely is beyond protection.

As if that were not enough of a case to pull the plug on privacy there are the public health benefits to be had by giving up on efforts to protect the quaint concept.  Those big genetic data sets when linked to identified patient records and lifestyle behaviors really could make a huge difference to making health care more efficient, safer and cheaper.  Personalized medicine will go much faster when your whole genome is a part of your easily shared medical records.  Putting a readily accessible chip on a watch, ring, eyeglasses or under your skin that carries intimate details about your health status could save your life in an accident or terror attack, even if it could fall into the hands of snooping third parties. 

The critics will howl that all I have done is shown that we must redouble our efforts to hide our health secrets.  We ought not give in to theft, accidents and irresponsible behavior they say. Build better locks—don’t just leave your door open!   But, the incredible cost of trying and the documented futility of clinging to the illusion of privacy make those arguments more rhetorical than real. 

It is hard to admit failure but sometimes the best course of action is to admit that nothing more can be done.  Patients, doctors, health systems, insurers and other health providers ought to assume that third parties will have access to personal, identifiable medical information and behave accordingly.  The hopeless and hugely expensive quest to protect what cannot be protected while losing the benefits of readily accessible identifiable health information for prevention, research and therapy ought to be abandoned.  We need to create rules, expectations and appropriate penalties for a world in which privacy cannot be guaranteed to any patient.

It is time to grudgingly say goodbye to privacy—we hardly ever knew ye.

Categories: Uncategorized

8 replies »

  1. Aside from the trolling title, the author confuses security and privacy and provides no new insight for either.

    Bad security is only a distant cousin to privacy. Is the author advocating that security must die? I can’t even begin to imagine.

    The only part of this troll post that could be taken as a proposal is that killing privacy would somehow improve public health more than it harms individual outcomes and human dignity (as others have already commented below). This is a dystopian vision where we are each absorbed into the Borg consciousness with no individual personality or where we begin to think of farming humans the way we do cattle.

    What’s the alternative to privacy?

  2. There is so much stolen medical data out there that people are going to be organizing markets to sell and buy it. I.e. an employer will routinely review the health status of a potential employee; a political party will routinely investigate the health records of its nominees for office; a bride-to-be may want to check on her future spouse; A business partner-to-be may be wise to do a little checking on his future associates. Soon-to-be divorced couples in custofy fights may need ammunition. Does my new lover have an STD?…On and on, good uses will sprout. It will be as routine as a credit check.

    We used to be in this huge imperfect network where information flow had lots of friction. It was difficult to get a patient’s chart and more difficult to read it and understand it and send it.

    Now our information flows zippity doo dah as whisps of electrons–the most friction-free media one could imagine. And it gets into the vasculature system of almost everyone and institution on the planet. Some miracle.

    Some unintended consequence by ideologues. But…

    There is some data that is so delicate–say a spouse having an abortion and her partner didn’t even know she was pregnant–that we are going to have to evolve some kind of double system where patients can own some data and keep it forever in a vault.

    Might as well start thinking about this now.

  3. Privacy has been horribly abused and one of the biggest offenders is the government itself which hides behind a weak privacy law called HIPAA which pretty much keeps patients and family members from getting information when they need it and takes control of health care data distribution to others out of the hands of the patient. That does not mean it needs to stay that way. We need to allow patients to control who has access or nobody is going to be willing to talk openly with their physicians any more. The genetic data being released is of even greater concern because not only is the patient’s privacy breached, but so is the privacy of their genetic relatives. With big data, soon your relatives genetic information on line will be affecting what premiums you pay for your life, long term care and disability insurance.

    So privacy is in poor shape, but we need to be taking it back for ourselves and our loved ones, not throwing in the towel.

  4. Easily, the best essay about the depth and breadth of our diminishing commitment to HUMAN DIGNITY as an attribute of a person’s HEALTH.

    I just retired from Primary Healthcare along with my associate, after 41 years. The records of @ 20,000 persons are located in a ‘secure’ storage facility, organized on a pre-planned, 22 year shredding cycle. Its access is defined by a file indicating the year that a person’s Family file entered the storage facility. The facility sits on high ground in a secure, unobtrusive building. I sleep well at night.

    You say: “What is a FAMILY?” I say: another good story.

  5. A thought-provoking article. What would be helpful to making the case are examples where, for example, fighting the Zika virus might have been more effective if we were not shackled with privacy restrictions. What other examples are there from a public health perspective where we could save lives, etc.? Three or four solid examples could be persuasive. Perhaps a follow-up?

    On the flip side, what are some of the worst case uses that can be made of personally identifiable CHI? Getting bothered with ads because someone knows I have say depression is troublesome but not a disaster. The ability to change records is life-threatening. But what else are we protecting against?

    Then weight the two, understanding that we are fighting a losing battle here and that the costs of shoring up security are extreme. This then becomes a resource allocation issue; is this the best spend of our money? Likely not.

    Good job.

  6. The issue isn’t privacy – of course that’s dead. The issue is trust – and what happens when consumer/patient data is used for other agendas (both legal and illegal). Just ask someone who’s had to correct a credit card report. It’s not easy – or cheap – or quick. Medical data is life long – and has the potential to kill (if, for example, it’s been tampered with).

    The race to monetize data has left some pretty gaping holes in medical safety. Anthem is a great example. They saw no impact on their revenue, stock price, profits or even number of customers after the theft of about 80 million records – and that translates to a very powerful message to the whole industry. Consequence? What consequence.

  7. Privacy is dead.

    I’ve long argued that HIPAA must die too.

    I’m not happy about these things, but at this point it’s pretty clear that we need a radical solution.

    Think about it: we regulate the key relationships in arguably the most complex sector of the economy with legislation that was written shortly/before after the Internet’s creation. Lawmakers had very little idea what the long term consequences of their makeshift fix would be.

  8. Everyone thinks that HIPAA was enacted as a “privacy law.” As medical economist JD Kleinke points out, though, the “privacy” provisions were an 11th hour add tossed in to horse trade for some liberal congressional votes. Only 13 pages of the 167 page law speak to “privacy.” HIPAA (” Kennedy–Kassebaum Act”) was principally yet one more piece of insurance “reform.”

    Moreover, notwithstanding ‘federal primacy” in general, under the ensuing HIPAA CFRs, the “privacy” provisions (45.CFR.164.5) are trumped by state laws and regs where the latter are more “stringent.”

    Q: Does the author think we should scrap GINA as well?