Categories

Tag: Surveillance

The Secret Surveillance Capitalism That Suffuses Medicare

By MICHAEL MILLENSON

Imagine a government program where private contractors boost their bottom line by secretly mining participants’ personal information, such as credit reports, shopping habits and even website logins.

It’s called Medicare.

This is open enrollment season, when 64 million elderly and disabled Americans choose between traditional fee-for-service Medicare and private Medicare Advantage (MA) health plans. MA membership is soaring; within a few years it’s expected to encompass the majority of beneficiaries. That popularity is due in no small part to the extra benefits plans can provide to promote good health, ranging from gym membership and eyeglasses to meal delivery and transportation assistance.

There is, however, an unspoken price for these enhancements that’s being paid not in dollars but in privacy. To better target outreach, some plans are routinely accessing sophisticated analytics that draw upon what’s euphemistically labeled “consumer data.” One vendor boasts of having up to 5,000 “certified variables for every adult in America,” including “clinical, social, economic, behavioral and environmental data.” 

Yet while companies like Facebook and Google have faced intense scrutiny, health care firms have remained largely under the radar. The ethical issue is obvious. Since none of this sensitive personal information is covered by the privacy and disclosure rules protecting actual medical data, it is being deliberately used without disclosure to, or explicit consent by, consumers. That’s simply wrong.

But a more fundamental concern involves the analyses themselves.

Continue reading…

Universal Patient Identifiers for the 21st Century

Healthcare is abuzz with calls for Universal Patient Identifiers. Universal people identifiers have been around for decades and experience can help us understand what, if anything, makes patients different from people. This post argues that surveillance may be a desirable side-effect of access to a health service but the use of unique patient identifiers for surveillance needs to be managed separately from the use of identifiers in a service relationship. Surveillance uses must always be clearly disclosed to the patient or their custodian each time they are sent by the service provider or “matched” by the surveillance agency. This includes health information exchanges or research data registries.

As a medical device entrepreneur, physician, engineer, and CTO of Patient Privacy Rights, I have decades of experience with patient identifier practices and standards. I feel particularly qualified to discuss patient identifiers because I serve on the Board and Management Council of the NIST-founded Identity Ecosystems Steering Group (IDESG) where I am the Privacy and Civil Liberties Delegate. I am also a core participant to industry standards groups Kantara-UMA and OpenID-HEART working on personal data and I consult on patient and citizen identity with public agencies.

Continue reading…