On Tue, 23 Sep 2014, Kate Krauss wrote:
I was chatting with a health care administrator at a conference who is
charged with rolling out a telehealth (read: Skype) clinical program for
patients to communicate with doctors.
[...]
The health care administrator said that studies show that patients would
rather get expedient care than protect their privacy if they have to
choose.
[...]
I glimpsed a yawning abyss in which the private health information of
hundreds of millions of people is in jeopardy because of clowns like
this guy at large healthcare organizations across the country/world. It
already is by neglect, but not yet by design.
Usually the "privacy is dead" types are financially incented to believe
this due to ownership stakes in the surveillance industry, by which I also
include social media companies. I hope this person never comes down with
a venereal disease (especially one their partner didn't have), or a future
employer doesn't discover how expensive they'll be for the corporate
health plan. And in particular in your domain, AIDS policy work, there
was a time when not only was it ignored as a disease at all, but those
fighting for it to be recognized as a national health emergency were at
risk of being shamed or outed against their will.
What's even more worrisome are comments like Larry Page's that 100k lives
could be saved if only Google could analyze everyone's health data:
http://patientprivacyrights.org/2014/06/googles-larry-page-wants-save-100000-lives-analyzing-healthcare-data/
I'm a believer in the idea of using data to gain insights (if researchers
can adequately correct for cognitive biases, which few can) but the risk
of re-identificaton or spilling of confidential information is still too
damn high for most. I suspect this is why Google struggled with their
personal-health-record platform, Google Health, because few people were
motivated to turn their patient records over to a company whose business
model is advertising. Microsoft seems to be having more success with
HealthVault, which is encouraging.
Fortunately in the brief moment I spent focused on healthcare
(co-designing and launching HHS's "Direct Project" effort for
health-records-sharing over SMTP/TLS), I got the sense that this view is
not prevalent, that most practitioners understand the value of privacy,
and that if it's come at the cost of progress in health IT and easy
transfer of records between doctors and clinics, it's hard to say it's not
been worth it. Celebrity nude photos are one thing; celebrity (or non-)
HIV test results something completely else. Encryption at rest and in
transit, ensuring that patient records are only shared with the patients
themselves or licensed physicians, proper de-identification - those have
not been constraints on setting up effective health IT systems or sharing
between doctors and patients. It's more the legacy of broken systems and
silo-based thinking, compounded by the modern sense that "data is the new
oil" and therefore should be hoarded rather than shared. But those are
afflictions less of the practitioners and more of the health IT software
vendors themselves.
I said:
1. What are your principles for securing patient data offline? What are
the rights of the patient as a patient and as person? Figure those out
in writing and then work to encrypt data and secure patient privacy so
that those rights and principles are upheld. Even if it's difficult and
expensive to do it.
2. I said that asking patients to choose was a false choice--they
deserve good medical care and to keep their medical information private.
At the same time.
3. I said that it's not acceptable to lower the standards for patients
(this would be tens of thousands of patients in his case alone) just
because they don't understand the implications of sharing their personal
data. I said that he was in a position of great responsibility to
protected patients and that he shouldn't give up without a fight. He was
unconvinced--probably because it's cheaper and easier to ignore privacy
concerns and he's under pressure to get the ball rolling.
What would you say in this situation?
If I'd had half the clarity as you did in saying what you said I would
have considered myself lucky. That was great. I suspect this
"administrator" wasn't actually a doctor bound to the Hippocratic oath
earlier in their career, but should have been. But absent the oath, I
might remind them of their duties under HIPAA and if you have skin in this
game you might want to talk to someone at HHS to look into this
administrator's operations. Perhaps he was scared by the
paranoia-inducing "security researchers" at this conference, but such
warnings are just a reminder to do his job, not abdicate responsibility
for them.
More specifically, compromising Skype at this point is a feature of
commercially-available products used by despotic regimes to surveil
activists in countries like Egypt, and likely has come down market to
organized crime at the very least. I don't know if that means the
encryption used in Skype would fail to be HIPAA-compliant - all encryption
schemes are breakable given enough horsepower - but the administrator may
want to consider the PR implications of a remote consultation between one
of their doctors and a celebrity getting posted to 4Chan. Tunnelling a
WebRTC-based conferencing like BigBlueButton over a VPN (maybe it supports
SSL natively now?) or using Jitsi or another similar trustworthy tool may
be a way to reduce that risk.
Keep fighting the good fight on this.
Brian
--
Liberationtech is public & archives are searchable on Google. Violations of
list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change
to digest, or change password by emailing moderator at [email protected].
