Categories

Tag: Privacy

Privacy in the Age of Big Data

We live in an age of “big data.” Data has become the raw material of production, a new source of immense economic and social value. Advances in data mining and analytics and the massive increase in computing power and data storage capacity have expanded, by orders of magnitude, the scope of information available to businesses, government, and individuals.[1] In addition, the increasing number of people, devices, and sensors that are now connected by digital networks has revolutionized the ability to generate, communicate, share, and access data.[2] Data create enormous value for the global economy, driving innovation, productivity, efficiency, and growth. At the same time, the “data deluge” presents privacy concerns that could stir a regulatory backlash, dampening the data economy and stifling innovation.[3] In order to craft a balance between beneficial uses of data and the protection of individual privacy, policymakers must address some of the most fundamental concepts of privacy law, including the definition of “personally identifiable information,” the role of consent, and the principles of purpose limitation and data minimization.

Big Data: Big Benefits

The uses of big data can be transformative, and the possible uses of the data can be difficult to anticipate at the time of initial collection. For example, the discovery of Vioxx’s adverse effects, which led to its withdrawal from the market, was made possible by the analysis of clinical and cost data collected by Kaiser Permanente, a California-based managed-care consortium. Had Kaiser Permanente not connected these clinical and cost data, researchers might not have been able to attribute 27,000 cardiac arrest deaths occurring between 1999 and 2003 to use of Vioxx.[4] Another oft-cited example is Google Flu Trends, a service that predicts and locates outbreaks of the flu by making use of information—aggregate search queries—not originally collected with this innovative application in mind.[5] Of course, early detection of disease, when followed by rapid response, can reduce the impact of both seasonal and pandemic influenza.

Continue reading…

Sorrell vs. IMS Health: Not a Privacy Case

The Supreme Court’s decision in Sorrell vs. IMS Health is being touted in many quarters as a privacy case, and a concerning one at that. Example: Senator Patrick Leahy (D-VT) released a statement saying “the Supreme Court has overturned a sensible Vermont law that sought to protect the privacy of the doctor-patient relationship.” That’s a stretch.

The Vermont law at issue restricted the sale, disclosure, and use of pharmacy records that revealed the prescribing practices of doctors if that information was to be used in marketing by pharmaceutical manufacturers. Under the law, prescription drug salespeople—”detailers” in industry parlance—could not access information about doctors’ prescribing to use in focusing their efforts. As the Court noted, the statute barred few other uses of this information.

It is a stretch to suggest that this is a privacy law, given the sharply limited scope of its “protections.” Rather, the law was intended to advance the state’s preferences in the area of drug prescribing, which skew toward generic drugs rather than name brands. The Court quoted the Vermont legislature itself, finding that the purpose of the law was to thwart “detailers, in particular those who promote brand-name drugs, convey[ing] messages that ‘are often in conflict with the goals of the state.’” Accordingly, the Court addressed the law as a content- and viewpoint-oriented regulation of speech which could not survive First Amendment scrutiny (something Cato and the Pacific Legal Foundation argued for in their joint brief.)

 

Continue reading…

Hacking Your Heart

implanted pacemaker xray

If they can hack your home computer, your mobile phone, apps, your store, your social networks, your bank account, your gaming system, your medical records, your school records, the government and its records, and pretty much anything anyone sets their mind to – isn’t it is only a matter of time until someone finds a way to hack your heart?

Not through a musical hook or melody that you can’t shake. Or a well timed smile by someone your soul connects with. Or a box of chocolates. Or a poem. People have been penetrating the human heart with those Luddite-ish tools since the beginning of civilization.

I was thinking more about that electronic device your doctor might have implanted into your chest to keep your heart beating. Or the little box stuck in your gut to help you and your pancreas regulate your diabetes.  Or the mini-computer surgically inserted to keep your neurological systems on track.

Hacking the medical miracles put inside people to let them live longer with more normal lives.

While to my limited knowledge nobody has reported a single case and the likelihood is extremely low, it is a real enough concern that the New England Journal of Medicine published a paper about the need to improve security last year.

Continue reading…

The Identity Theft Smoke Screen

Personal data privacy once again has taken front stage in Sorrel v. IMS Health, Inc.[1] Vermont passed the Vermont Confidentiality of Prescription Information Law that allows doctors which prescribe drugs to patients, to decide whether pharmacies can sell their prescription drug prescription records.[2] IMS Health as well as other health information companies contested the law, arguing that the law poses a restriction on commercial speech as access to such information helps pharmaceutical companies market their drugs effectively to doctors. The Supreme Court is now tasked with determining the constitutionality of the restriction on access to prescription information with regards to our First Amendment. [3]

However, this post is focused on the secondary effects asserted in amici curiae briefs supporting the petitioners of allowing companies to purchase such information, specifically the concern of data privacy and patient re-identification. [4] Under the Health Information Portability and Accountability Act (HIPAA), personal health information is de-identified by your local pharmacy prior to such information being shared with any third party. By de-identifying the data, your personal data cannot, it is believed, be linked or traced back to you. De-identifying your health information is a way for covered entities to share your information without your consent or authorization and in accordance with the law. The information once shared is completely anonymized. After the transfer to a third party, like IMS Health, your information is solely data of zeros and ones that translate to dates of dispensing and drug names. No longer does your prescription record list your name or month or day of birth. [5]Continue reading…

Rethinking IMS Health v. Sorrell: Privacy as a First Amendment Value

Today the Supreme Court will hear oral arguments in IMS Health v. Sorrell. The case pits medical data giant IMS Health (and some other plaintiffs) against the state of Vermont, which restricted the distribution of certain “physician-identified” medical data if the doctors who generated the data failed to affirmatively permit its distribution.* I have contributed to an amicus brief submitted on behalf of the New England Journal of Medicine regarding the case, and I agree with the views expressed by brief co-author David Orentlicher in his excellent article Prescription Data Mining and the Protection of Patients’ Interests. I think he, Sean Flynn, and Kevin Outterson have, in various venues, made a compelling case for Vermont’s restrictions. But I think it is easy to “miss the forest for the trees” in this complex case, and want to make some points below about its stakes.**

Privacy Promotes Freedom of Expression

Privacy has repeatedly been subordinated to other, competing values. Priscilla Regan chronicles how efficiency has trumped privacy in U.S. legislative contexts. In campaign finance and citizen petition cases, democracy has trumped the right of donors and signers to keep their identities secret. Numerous tech law commentators chronicle a tension between privacy and innovation. And now Sorrell is billed as a case pitting privacy against the First Amendment.

There is an old tension between privacy and the First Amendment, best crystallized in Eugene Volokh’s effort to characterize privacy protections as the troubling right to stop others from speaking about you. Neil Richards has dissected the flaws in Volokh’s Lochneresque effort to reduce the complex societal dynamics of fair data practices to Hohfeldian trump cards held by individuals and corporations. Societies reasonably conclude that certain types of data shouldn’t influence certain types of decisions all the time. And courts have acquiesced, allowing much “of the vast universe of speech [to] remain[] untouched (and thus unprotected) by the First Amendment.”Continue reading…

The ACO Rules & Privacy

One day before the first of April, HHS published the much anticipated rules defining the creation and operations of Accountable Care Organizations (ACO) spanning 429 pages of business regulation, analysis of various options available, proposed solutions and ways to measure and reward (punish) success (failure) in achieving HHS seemingly incompatible goals of providing better care for less money. I am fairly certain that health policy experts, health care economists and the multitude of industry stakeholders will be dissecting and analyzing the hefty document in great detail in the coming weeks. I started reading the document with an eye towards the ACO implications for HIT, which as expected are many, but something on page 108 made me stop in my tracks. HHS is proposing to share personally identifiable health information (PHI) contained in Medicare claims with ACO providers unless patients “opt-out”.

Beginning on page 108 and through 22 pages of tortured arguments, HHS makes the case for the legality and benefits of providing ACOs with PHI contained in Medicare claims, unless the patient actively withdraws consent for this type of transaction. The argument for the legality of claim data sharing rests on the nebulous HIPAA clause which allows disclosure of PHI for “health care operations” within a web of covered entities and business associates connecting the ACO with Medicare and other providers of health care services for a particular patient. HHS is proposing to make available four types of medical information to participating ACOs:Continue reading…

Who Owns Patient Data?

Walgreens is being sued by customers who are not happy that their prescription information – even though it has been de-identified – is being sold by Walgreens to data-mining companies.

The data privacy and security concerns surrounding the transfer of de-identified data are significant.  To “de-identify” what is otherwise protected health information under HIPAA, some outfits will simply strip data of 18 types of identifiers listed in federal regulations.  However, the relevant regulation (45 CFR 164.514(b)(2)(ii)) also provides that this only works if “the covered entity does not have actual knowledge that the information could be used alone or in combination with other information to identify an individual who is a subject of the information.” Thus, the problem with this approach is that, these days, nobody can disclaim knowledge of the fact that information de-identified by removing this cookbook list of 18 identifiers may be re-identified by cross-matching data with other publicly-available data sources. There are a number of reported instances of this sort of thing happening. The bottom line is that our collective technical prowess has outstripped the regulatory safe harbor.

Is this the basis of the lawsuit brought against Walgreens?  An objection to trafficking in health information that should remain private?  No.  The plaintiff group of customers is suing to share in the profits realized by Walgreens from trading in the de-identified data.Continue reading…

FTC Proposes New Safeguards for Online Privacy

Yesterday the Federal Trade Commission proposed a broad framework for protecting consumer privacy both on the Web and offline. The framework is meant to help guide policymakers in crafting legislation to prevent the tracking and wholesale collection and sale of consumer information that is practiced by large online companies like Google, Mozilla, and Microsoft. Yesterday I wrote about health information “data mining;” (see post here) the collection and sale specifically of web user’s health data, including the conditions they suffer from, medications used and identification information like name, age, gender and even personal doctor. As the FTC notes in its proposal; “The more information that is known about a consumer, the more a company will pay to deliver a precisely-targeted advertisement to him.”

The FTC noted that current privacy efforts by most online companies were inadequate. Some did not alert consumers to the fact that data was being collected in the first place, others provided lengthy and incomprehensible warnings that most Web users ignore and others did offer the chance for individuals to block collection of their personal data, but this action has to be repeated at the beginning of every transaction.

Instead, the FTC framework proposes a “Do Not Track” option that consumers can chose to activate on their browsers. Similar to a “Do Not Call” list that prevents most (but not all) telemarketers from contacting you by phone, the “Do Not Track” option would prevent most data miners from surreptitiously collecting personal information online. The FTC says that the Do Not Call registry currently contains 200 million telephone numbers.

Continue reading…

Privacy Paradigms: From Consent to Reciprocal Transparency

Computational innovation may improve health care by creating stores of data vastly superior to those used by traditional medical research. But before patients and providers “buy in,” they need to know that medical privacy will be respected. We’re a long way from assuring that, but new ideas about the proper distribution and control of data might help build confidence in the system.

William Pewen’s post “Breach Notice: The Struggle for Medical Records Security Continues” is an excellent rundown of recent controversies in the field of electronic medical records (EMR) and health information technology (HIT). As he notes,

Many in Washington have the view that the Health Insurance Portability and Accountability Act (HIPAA) functions as a protective regulatory mechanism in medicine, yet its implementation actually opened the door to compromising the principle of research consent, and in fact codified the use of personal medical data in a wide range of business practices under the guise of permitted “health care operations.” Many patients are not presented with a HIPAA notice but instead are asked to sign a combined notice and waiver that adds consents for a variety of business activities designed to benefit the provider, not the patient. In this climate, patients have been outraged to receive solicitations for purchases ranging from drugs to burial plots, while at the same time receiving care which is too often uncoordinated and unsafe. It is no wonder that many Americans take a circumspect view of health IT.

Privacy law’s consent paradigm means that, generally speaking, data dissemination is not deemed an invasion of privacy if it is consented to. The consent paradigm requires individuals to decide whether or not, at any given time, they wish to protect their privacy. Some of the brightest minds in cyberlaw have focused on innovation designed to enable such self-protection. For instance, interdisciplinary research groups have proposed “personal data vaults” to manage the emanations of sensor networks. Jonathan Zittrain’s article on “privication” proposed that the same technologies used by copyright holders to monitor or stop dissemination of works could be adopted by patients concerned about the unauthorized spread of health information.Continue reading…

Privacy Paradigms: From Consent to Reciprocal Transparency

Computational innovation may improve health care by creating stores of data vastly superior to those used by traditional medical research. But before patients and providers “buy in,” they need to know that medical privacy will be respected. We’re a long way from assuring that, but new ideas about the proper distribution and control of data might help build confidence in the system.

William Pewen’s post “Breach Notice: The Struggle for Medical Records Security Continues” is an excellent rundown of recent controversies in the field of electronic medical records (EMR) and health information technology (HIT). As he notes,

Many in Washington have the view that the Health Insurance Portability and Accountability Act (HIPAA) functions as a protective regulatory mechanism in medicine, yet its implementation actually opened the door to compromising the principle of research consent, and in fact codified the use of personal medical data in a wide range of business practices under the guise of permitted “health care operations.” Many patients are not presented with a HIPAA notice but instead are asked to sign a combined notice and waiver that adds consents for a variety of business activities designed to benefit the provider, not the patient. In this climate, patients have been outraged to receive solicitations for purchases ranging from drugs to burial plots, while at the same time receiving care which is too often uncoordinated and unsafe. It is no wonder that many Americans take a circumspect view of health IT.

Privacy law’s consent paradigm means that, generally speaking, data dissemination is not deemed an invasion of privacy if it is consented to. The consent paradigm requires individuals to decide whether or not, at any given time, they wish to protect their privacy. Some of the brightest minds in cyberlaw have focused on innovation designed to enable such self-protection. For instance, interdisciplinary research groups have proposed “personal data vaults” to manage the emanations of sensor networks. Jonathan Zittrain’s article on “privication” proposed that the same technologies used by copyright holders to monitor or stop dissemination of works could be adopted by patients concerned about the unauthorized spread of health information.Continue reading…

Registration

Forgotten Password?