Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] If patients don't care about their privacy, should doctors?

Brian Behlendorf brian at behlendorf.com
Wed Sep 24 00:26:27 PDT 2014


On Tue, 23 Sep 2014, Kate Krauss wrote:
> I was chatting with a health care administrator at a conference who is 
> charged with rolling out a telehealth (read: Skype) clinical program for 
> patients to communicate with doctors.
[...]
> The health care administrator said that studies show that patients would 
> rather get expedient care than protect their privacy if they have to 
> choose.
[...]
> I glimpsed a yawning abyss in which the private health information of 
> hundreds of millions of people is in jeopardy because of clowns like 
> this guy at large healthcare organizations across the country/world. It 
> already is by neglect, but not yet by design.

Usually the "privacy is dead" types are financially incented to believe 
this due to ownership stakes in the surveillance industry, by which I also 
include social media companies.  I hope this person never comes down with 
a venereal disease (especially one their partner didn't have), or a future 
employer doesn't discover how expensive they'll be for the corporate 
health plan.  And in particular in your domain, AIDS policy work, there 
was a time when not only was it ignored as a disease at all, but those 
fighting for it to be recognized as a national health emergency were at 
risk of being shamed or outed against their will.

What's even more worrisome are comments like Larry Page's that 100k lives 
could be saved if only Google could analyze everyone's health data:

http://patientprivacyrights.org/2014/06/googles-larry-page-wants-save-100000-lives-analyzing-healthcare-data/

I'm a believer in the idea of using data to gain insights (if researchers 
can adequately correct for cognitive biases, which few can) but the risk 
of re-identificaton or spilling of confidential information is still too 
damn high for most.  I suspect this is why Google struggled with their 
personal-health-record platform, Google Health, because few people were 
motivated to turn their patient records over to a company whose business 
model is advertising.  Microsoft seems to be having more success with 
HealthVault, which is encouraging.

Fortunately in the brief moment I spent focused on healthcare 
(co-designing and launching HHS's "Direct Project" effort for 
health-records-sharing over SMTP/TLS), I got the sense that this view is 
not prevalent, that most practitioners understand the value of privacy, 
and that if it's come at the cost of progress in health IT and easy 
transfer of records between doctors and clinics, it's hard to say it's not 
been worth it.  Celebrity nude photos are one thing; celebrity (or non-) 
HIV test results something completely else.  Encryption at rest and in 
transit, ensuring that patient records are only shared with the patients 
themselves or licensed physicians, proper de-identification - those have 
not been constraints on setting up effective health IT systems or sharing 
between doctors and patients.  It's more the legacy of broken systems and 
silo-based thinking, compounded by the modern sense that "data is the new 
oil" and therefore should be hoarded rather than shared.  But those are 
afflictions less of the practitioners and more of the health IT software 
vendors themselves.

> I said:
> 
> 1. What are your principles for securing patient data offline? What are 
> the rights of the patient as a patient and as person? Figure those out 
> in writing and then work to encrypt data and secure patient privacy so 
> that those rights and principles are upheld. Even if it's difficult and 
> expensive to do it. 
> 
> 2. I said that asking patients to choose was a false choice--they 
> deserve good medical care and to keep their medical information private. 
> At the same time.
> 
> 3. I said that it's not acceptable to lower the standards for patients 
> (this would be tens of thousands of patients in his case alone) just 
> because they don't understand the implications of sharing their personal 
> data. I said that he was in a position of great responsibility to 
> protected patients and that he shouldn't give up without a fight. He was 
> unconvinced--probably because it's cheaper and easier to ignore privacy 
> concerns and he's under pressure to get the ball rolling.
> 
> What would you say in this situation?

If I'd had half the clarity as you did in saying what you said I would 
have considered myself lucky.  That was great.  I suspect this 
"administrator" wasn't actually a doctor bound to the Hippocratic oath 
earlier in their career, but should have been.  But absent the oath, I 
might remind them of their duties under HIPAA and if you have skin in this 
game you might want to talk to someone at HHS to look into this 
administrator's operations.  Perhaps he was scared by the 
paranoia-inducing "security researchers" at this conference, but such 
warnings are just a reminder to do his job, not abdicate responsibility 
for them.

More specifically, compromising Skype at this point is a feature of 
commercially-available products used by despotic regimes to surveil 
activists in countries like Egypt, and likely has come down market to 
organized crime at the very least.  I don't know if that means the 
encryption used in Skype would fail to be HIPAA-compliant - all encryption 
schemes are breakable given enough horsepower - but the administrator may 
want to consider the PR implications of a remote consultation between one 
of their doctors and a celebrity getting posted to 4Chan.  Tunnelling a 
WebRTC-based conferencing like BigBlueButton over a VPN (maybe it supports 
SSL natively now?) or using Jitsi or another similar trustworthy tool may 
be a way to reduce that risk.

Keep fighting the good fight on this.

Brian


More information about the liberationtech mailing list