We Really Have Very Little Privacy Anymore
They're just constant now, the revelations that this entity or that has either allowed our data to be stolen or has sold or given it away.
From Mind Matters:
In an op-ed at a British newspaper, Anonymous explains what led to telling the world that Google has been gathering identifying data on tens of millions of Americans in 21 states who use the Ascension health care system without doctors or patients knowing or giving consent....One thing that spooked Anonymous was that the data of the 50 million Americans was not even "de-identified" when handed over (that is, personal identifies were not removed). Anonymous closes by stressing that AI in medicine can be a good thing, if handled right. But that's where the evidence is pretty much wanting. The U.S. Senate is investigating. Stay tuned.
I think we need to assume our data will be mishandled and then -- here's an idea -- set up payment tiers for victims when it is.
How Anonymous sees things:
I can see the advantages of unleashing Google's huge computing power on medical data. Applications will be faster; data more accessible to doctors; new channels will be opened that might in time find cures to certain conditions.But the disadvantages prey on my mind. Employees at big tech companies having access to personal information; data potentially being handed on to third parties; adverts one day being targeted at patients according to their medical histories.
I'd like to hope that the result of my raising the lid on this issue will be open debate leading to concrete change. Transfers of healthcare data to big tech companies need to be shared with the public and made fully transparent, with monitoring by an independent watchdog.
Patients must have the right to opt in or out. The uses of the data must be clearly defined for all to see, not just for now but for 10 or 20 years into the future.
Full HIPAA compliance must be enforced, and boundaries must be put in place to prevent third parties gaining access to the data without public consent.
In short, patients and the public have a right to know what's happening to their personal health information at every step along the way. To quote one of my role models, Luke Skywalker: "May the force be with you."
via @robertlufkinmd
Judge rules the FBI can't hide their use of social media snooping tools.
https://www.courthousenews.com/judge-rules-fbi-cannot-hide-use-of-social-media-surveillance-tools/
Gog_Magog_Carpet_Reclaimers at November 20, 2019 10:54 PM
I used to work with "big data" at a grocery chain. We had layers of privacy protections, including, but not limited to, anonymous identifiers on accounts.
The data tables holding identifying data were strictly controlled. If I was allowed access to the tables that held the identity of the account holders, that access was granted temporarily for only a few days at a time and I had to justify my need for that access each time - e.g., why it was pertinent to a specific project or research endeavor. My usage was closely monitored - i.e., no downloading large portions of the table to a non-secured table/database for later.
Even when the chain switched to automated coupon rewards tied to prior purchases, the sales history was card number based and no identifying data were used. No Target-pregancy fiascos for us.
Senior management must inculcate privacy concerns throughout the organization, something Google's senior management apparently has not done.
Our senior management continually expressed very strong concerns about safeguarding customer privacy and insisted on putting into place a system that would protect that privacy. It can be done. After all, privacy concerns are the main reason people are hesitant to sign up for grocery store club cards and any breach could cost us customers.
i don't know if Google's fast-and-loose approach to people's privacy will cost it enough users to hurt; but it may energize the public to insist the government exercise more control over the digital world, something that may not be beneficial in the long run.
Conan the Grammarian at November 21, 2019 4:34 AM
I'm not sure how giving access to Google is HIPAA kosher.
On the other hand, if they do have personally identifying information (PII) and it is related to medical data, when they have a major breach they will be facing a major fine. That should give them some "fear of God" and their data handling practices. At least WRT HIPAA.
I R A Darth Aggie at November 21, 2019 6:20 AM
Judge rules the FBI can't hide their use of social media snooping tools.
Well, obviously the FBI doesn't have those tools. They just call up their buddies at the NSA to do the dirty work for them.
Just assume that everything you email, post, tweet or text is vacuumed up by the NSA, at least in terms of the metadata.
Don't use "free" VPNs. I assume more than a few are operated by nation-state intelligence services. I would not be surprised they also operate legitimate paid VPNs, too.
Yeah, I'm saying trust no one.
I R A Darth Aggie at November 21, 2019 6:26 AM
"I'm not sure how giving access to Google is HIPAA kosher."
I'm seeing claims that their lawyers and lobbyists got themselves a loophole built in when HIPAA was passed. However, I also know (because I've talked to them) that there are a lot of health care workers who have been inconvenienced by HIPAA, and businesses who have seen their compliance costs go up due to HIPAA, who are absolutely steaming about this.
If you're on the Internet, you can't avoid Google. Their analytics are embedded in all of the popular Web sites, and if you try to filter them out (which is extremely difficult), you'll find that most of the Web sites you use won't load. Even the U.S. military is unable to block Google, except by building networks that are completely disconnected from the public Internet. (And yes, it's an issue that the OPSEC people are aware of.)
Cousin Dave at November 21, 2019 6:36 AM
IMO our medical info is absolutely not private in any meaningful way. For starters, you must disclose completely to third parties in order to get things like life insurance. The average person deals with many medical entities--different doctors, specialists, hospitals, clinics, pharmacies--and there is usually a requirement that you agree they may access and share. Then there's the fact that it's very easy to subpoena someone's medical records for civil and criminal purposes. Finally we have the ever-increasing density of internet data being collected, abused, hacked etc. Let's just say that I don't feel free to tell my physicians everything that they may ask because it's none of their darned business and I don't care to have some things written down on a permanent record. Privacy-schmivacy!
RigelDog at November 21, 2019 7:53 AM
> Full HIPAA compliance must be
> enforced, and boundaries must
> be put in place to prevent
> third parties gaining access
> to the data without public
> consent.
"Public consent" seems like a loophole. How about private consent, by which I mean my own for my own information, in each case?
Crid at November 21, 2019 7:18 PM
Hmm. You who go on about medical info --- it's worse than that.
You're being hoaxed, constantly.
Radwaste at November 22, 2019 5:01 AM
"I'm not sure how giving access to Google is HIPAA kosher."
Heh. Here's a tidbit I betcha didn't know:
Every Federal agency using Microsoft Office 365 has put every agency email on Microsoft servers.
Including their histories. Mine went back more than 15 years.
Hey, hackers! If you want to know about Federal employees, or possibly Federal programs including the disposition of fissile material, just hack the Microsoft Exchange cloud devices.
Radwaste at November 22, 2019 12:43 PM
Leave a comment