Search Mailing List Archives
[liberationtech] If patients don't care about their privacy, should doctors?
katie at critpath.org
Wed Sep 24 20:11:40 PDT 2014
Thank you to Andrew, Dan, Brian and those who communicated off-list for
your good ideas and analysis. Based on Brian's suggestion, I found a
section on the EFF website on Medical Privacy:
I also found a section of HIPAA regulations that mandates encryption and
other (inadequate?) technical safeguards for protected health information:
Some states are passing laws on the breach of online information; my state
has a law that requires companies that have major breaches to inform their
A national health system was breached last month and the medical records of
4.5 million people were stolen. Think about that for a moment.
It's unclear to me what the repercussions are to an organization that
encrypts and is still hacked--it seems like the law is not settled in this
But the ability of a patient to sue (for negligence?) seems like a
promising incentive to spur health organizations to try to do the right
thing--if not for the good of their patients, now and in the future.
Not a lawyer, but feeling better informed,
ps: It's worth noting that the administrator I spoke to at the conference
was indeed a doctor--a doctor dazzled by the cool "privacy is dead" folks
he met at a cyber security agency and at a health insurance company--who
seemed to be the experts.
On Wed, Sep 24, 2014 at 3:26 AM, Brian Behlendorf <brian at behlendorf.com>
> On Tue, 23 Sep 2014, Kate Krauss wrote:
>> I was chatting with a health care administrator at a conference who is
>> charged with rolling out a telehealth (read: Skype) clinical program for
>> patients to communicate with doctors.
>> The health care administrator said that studies show that patients would
>> rather get expedient care than protect their privacy if they have to choose.
>> I glimpsed a yawning abyss in which the private health information of
>> hundreds of millions of people is in jeopardy because of clowns like this
>> guy at large healthcare organizations across the country/world. It already
>> is by neglect, but not yet by design.
> Usually the "privacy is dead" types are financially incented to believe
> this due to ownership stakes in the surveillance industry, by which I also
> include social media companies. I hope this person never comes down with a
> venereal disease (especially one their partner didn't have), or a future
> employer doesn't discover how expensive they'll be for the corporate health
> plan. And in particular in your domain, AIDS policy work, there was a time
> when not only was it ignored as a disease at all, but those fighting for it
> to be recognized as a national health emergency were at risk of being
> shamed or outed against their will.
> What's even more worrisome are comments like Larry Page's that 100k lives
> could be saved if only Google could analyze everyone's health data:
> I'm a believer in the idea of using data to gain insights (if researchers
> can adequately correct for cognitive biases, which few can) but the risk of
> re-identificaton or spilling of confidential information is still too damn
> high for most. I suspect this is why Google struggled with their
> personal-health-record platform, Google Health, because few people were
> motivated to turn their patient records over to a company whose business
> model is advertising. Microsoft seems to be having more success with
> HealthVault, which is encouraging.
> Fortunately in the brief moment I spent focused on healthcare
> (co-designing and launching HHS's "Direct Project" effort for
> health-records-sharing over SMTP/TLS), I got the sense that this view is
> not prevalent, that most practitioners understand the value of privacy, and
> that if it's come at the cost of progress in health IT and easy transfer of
> records between doctors and clinics, it's hard to say it's not been worth
> it. Celebrity nude photos are one thing; celebrity (or non-) HIV test
> results something completely else. Encryption at rest and in transit,
> ensuring that patient records are only shared with the patients themselves
> or licensed physicians, proper de-identification - those have not been
> constraints on setting up effective health IT systems or sharing between
> doctors and patients. It's more the legacy of broken systems and
> silo-based thinking, compounded by the modern sense that "data is the new
> oil" and therefore should be hoarded rather than shared. But those are
> afflictions less of the practitioners and more of the health IT software
> vendors themselves.
> I said:
>> 1. What are your principles for securing patient data offline? What are
>> the rights of the patient as a patient and as person? Figure those out in
>> writing and then work to encrypt data and secure patient privacy so that
>> those rights and principles are upheld. Even if it's difficult and
>> expensive to do it.
>> 2. I said that asking patients to choose was a false choice--they deserve
>> good medical care and to keep their medical information private. At the
>> same time.
>> 3. I said that it's not acceptable to lower the standards for patients
>> (this would be tens of thousands of patients in his case alone) just
>> because they don't understand the implications of sharing their personal
>> data. I said that he was in a position of great responsibility to protected
>> patients and that he shouldn't give up without a fight. He was
>> unconvinced--probably because it's cheaper and easier to ignore privacy
>> concerns and he's under pressure to get the ball rolling.
>> What would you say in this situation?
> If I'd had half the clarity as you did in saying what you said I would
> have considered myself lucky. That was great. I suspect this
> "administrator" wasn't actually a doctor bound to the Hippocratic oath
> earlier in their career, but should have been. But absent the oath, I
> might remind them of their duties under HIPAA and if you have skin in this
> game you might want to talk to someone at HHS to look into this
> administrator's operations. Perhaps he was scared by the paranoia-inducing
> "security researchers" at this conference, but such warnings are just a
> reminder to do his job, not abdicate responsibility for them.
> More specifically, compromising Skype at this point is a feature of
> commercially-available products used by despotic regimes to surveil
> activists in countries like Egypt, and likely has come down market to
> organized crime at the very least. I don't know if that means the
> encryption used in Skype would fail to be HIPAA-compliant - all encryption
> schemes are breakable given enough horsepower - but the administrator may
> want to consider the PR implications of a remote consultation between one
> of their doctors and a celebrity getting posted to 4Chan. Tunnelling a
> WebRTC-based conferencing like BigBlueButton over a VPN (maybe it supports
> SSL natively now?) or using Jitsi or another similar trustworthy tool may
> be a way to reduce that risk.
> Keep fighting the good fight on this.
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated: https://mailman.stanford.edu/
> mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change
> password by emailing moderator at companys at stanford.edu.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech