Law in the Internet Society
-- SharmilaAchari - 03 Dec 2008

We live in an era where millions of individuals willingly provide a seemingly infinite amount of private information about themselves on the Internet, where it may potentially be viewed by billions of strangers. For example, in 2008, it is estimated that there are almost 200 million active public blogs and social networking sites such as MySpace? and Facebook rank as the third and fifth most popular websites in the US. As sharing personal information widely becomes increasingly popular, why is there a current controversy over the increased use of digital personal health records (PHRs)? PHRs are digital repositories of medical information about a patient (medication history, lab results, diagnoses, etc.) designed to be used and controlled by the patient. PHRs are distinct from the more traditional electronic medical records (EMRs), which store similar information about patients but are typically designed to be used by doctors in either a hospital or physician’s office. Currently, both Google and Microsoft, two of the world’s largest corporations, offer platforms (Google Health and HealthVault? , respectively) that permit consumers to collect, organize, and analyze all their available digital health information, much of which will be provided through their medical and insurance providers. Several privacy watchdog groups, such as the World Privacy Forum, have voiced concerns that personal health data, when stored and accessed through such technology, has the potential to be compromised. Typically, EMR systems must adhere to federal privacy regulations such as the Health Insurance Portability and Accountability Act (HIPPA), which assists in protecting the privacy of patient-related data. However, this title does not apply to entities such as Google, Microsoft, and other large PHR platforms, which are designed to be HIPPA-exempt, because they are primarily used by consumers rather than providers. Thus, records stored on these systems may lose certain legal protections. Watchdog groups have also raised concerns as to the method of monetizing these platforms, since both Google and Microsoft plan to use contextual advertising. Of particular concern is using private health information to create user-targeted advertising. The privacy concerns of these watchdog groups can be examined through the lens of the three elements of privacy: secrecy, anonymity and autonomy. All three elements may be compromised in some way by the new PHR platforms. A secret is a fact shared between two people, not to be shared with anyone else. Its defining characteristic is the exclusivity of the communication, rather than the content. In the same way, online secrecy refers to the sharing of information between a user and a database, excluding all others. Since information stored on PHR systems is not HIPAA-protected, it loses many of the law’s safeguards. The HIPAA Privacy rule mandates that health information may only be shared with parties explicitly designated by the patient or with other healthcare professionals strictly within the scope of the patient’s care. The absence of this protection opens this information up to countless external parties, such as researchers, lawyers, or commercial interests. Though the PHR services pledge to keep user information secure and give the user control over information sharing, the truth is that they are not legally bound to do so because no law regulates them and it is the user’s choice to store their health information on the system. Such a prospect is understandably daunting to those concerned with maintaining patient privacy protections. The idea of anonymity in healthcare seemingly implies the confidentiality of communications between doctors and patients. Half the reason we can be honest with our doctors is the assurance that only he/she will know about your embarrassing foot fungus or that you have gonorrhea. However, in PHR systems, the third party to this communication can be advertisers, who may be able to provide tailored advertisements to users based on the information in their records. Diabetics may see advertisements for insulin devices while the obese get placements for cholesterol medication. This system violates the promise of anonymity because it allows advertisers to connect the dots between the patient and their condition to determine what they may need. Moreover, patients have no idea how many advertisers are given access to their information because those with contracts with the PHR systems can sell their lists to other companies. System administrators may attempt to circumvent this issue by only allowing advertisers to designate certain ads to be shown when certain tags appear in a file, without the advertiser actually seeing the file’s contents. However, this still leaves open the possibility that thousands of Google or Microsoft employees will be sifting through patients’ files with impunity, absorbing many of their personal and confidential details. Embedded advertising may also infringe on the user’s sense of autonomy. This term signals the ability to govern our own actions without restriction. Though viewing advertisements does not limit the user’s ability access or view records, these advertisements are still an invasion of personal space and impose an additional, an potentially unwanted, experience on the user. Such imposition can threaten autonomy as equally as a restriction because it does not allow the user to have full control over their experience. One counterargument is that these concerns are irrelevant because patients voluntarily store their sensitive information on these sites. No one objects to the public availability of information or embedded advertising on sites such as Facebook, or even within Gmail. However, personal medical information is a much more important type of knowledge to individuals than other personal details. Moreover, though PHR systems are subscribed to voluntarily now, it is feasible that in the next 20 years these systems will become the standard method for patients to communicate with their doctors and insurers about their care, rendering them a necessity. With such sensitive information at stake, it is imperative that the integrity of the storage systems cannot be compromised. PHR systems can benefit users and providers alike, but this benefit should not risk exposing our most personal information to scrutiny by system administrators and whoever else they allow into the communications between the individual, his body and his doctor.

Sharmila, this is an area that I've not thought about, and I thank you for enlightening us. I wonder, if information stored on these sites is not covered under HIPAA, does that make it discoverable in criminal and civil litigation without the usual protections? If so this seems to be an even greater cause for concern than targeted ads. -- JohnPowerHely - 09 Dec 2008

Sharmila, This is a great topic and I really enjoyed reading your essay. I wasn't entirely clear, though, about your position with respect to the counterargument raised toward the end, to the effect that the voluntary nature of these sites mitigates some of the privacy concerns. Are you taking the position that people should not be able to entrust their information to these sites at all as they are now set up or would you just argue that notice of the risks should be improved? If the former, I would be curious to know why people shouldn't be allowed to make that choice. Maybe there is an argument to be made on fairness grounds, because those with certain diseases or disabilities would have more to lose? I'm also not sure you've convinced me that medical information is different in kind from other kinds of personal information. Doesn't it just depend on the individual and the information? Couldn't the revelation of a medical condition, financial information, or a particularly personal email have equally damaging effect? As long as the taking of the privacy risk in exchange for the use of the service is voluntary and fully informed in each case, why should we treat them differently? -- DavidHambrick - 09 Dec 2008


Webs Webs

r3 - 10 Dec 2008 - 01:53:43 - DavidHambrick
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM