Thank you, ONC for the opportunity you gave me to speak in June. Also, thank you for the format of your August meeting where the Zoom chat feature offered a wonderful venue for an inclusive commentary and discussion as the talks were happening. Beats lining up at the microphone any day.
Here is a brief recap of my suggestions, in no particular order:
With COVID-19 continuing to rampage throughout the country, there is a need for the contact tracing and other technology applications to assess public health. At the same time, changing HHS rules are giving Americans more access and control over their own health data. Both availability and the promise of positive impact of data on people’s lives has never been greater.
Despite the critical need and incredible potential, there is still a great deal of confusion, lack of awareness and heightened concern among consumers. Studies show that the vast majority of Americans think the potential risks of data collection outweighs the potential benefits.
Clamping down on data privacy stifles innovation, and moving forward as we’ve been doing presents a potential privacy minefield. So, what should the healthcare industry do about it?
Until scientists discover a vaccine or treatment for COVID-19, our economy and our privacy will be at the mercy of imperfect technology used to manage the pandemic response.
Contact tracing, symptom capture and immunity assessment are essential tools for pandemic response, which can benefit from appropriate technology. However, the effectiveness of these tools is constrained by the privacy concerns inherent in mass surveillance. Lack of trust diminishes voluntary participation. Coerced surveillance can lead to hiding and to the injection of false information.
But it’s not a zero-sum game. The introduction of local community organizations as trusted intermediaries can improve participation, promote trust, and reduce the privacy impact of health and social surveillance.
Balancing Surveillance with Privacy
Privacy technology can complement surveillance technology when it drives adoption through trust borne of transparency and meaningful choice.
This piece is part of the series “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?” which explores whether it’s possible to advance interoperability while maintaining privacy. Check out other pieces in the series here.
Early in 2019 the Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare and Medicaid Services (CMS) proposed rules intended to achieve “interoperability” of health information.
In this post we point
out why extending HIPAA is not a viable solution and would potentially
undermine the purpose of enhancing patients’ ability to access their data more
seamlessly: to give them agency over
health information, thereby empowering them to use it and share it to meet
While patients can often find comfort, compassion, and support in Facebook Groups dedicated to their health conditions, they don’t realize that their identity, location, and email addresses can be found quite easily by other members of their closed group — some of whom may not have well-meaning purposes for that information. Called a Strict Inclusion Closed Group Reverse Lookup (SICGRL) attack, this is a privacy violation of unprecedented magnitude.
Fred Trotter is one of the leaders of a group of activists co-led by Andrea Downing and David Harlow that is taking on Facebook to correct this health data privacy violation.
While this interview was filmed at Health Datapalooza in the Spring of this year, Fred has just published an update that details how Facebook continues to ignore the issue and remains unwilling to collaborate on a solution.
Catch up on the background behind this data privacy issue — currently, one of the most important opportunities we as healthcare innovators have to learn about what NOT to do when it comes to user privacy and sensitive data.