Privacy Matters
Privacy Hub's fortnightly synthesis of the major news items
affecting and shaping health data privacy,
with expert analysis and commentary
To subscribe to our newsletter, click here.
The last few weeks in a flash:
- Recent studies indicate that sharing health data enables innovation and comes with low risks to patient privacy.
- Big players outside of healthcare face legal consequences for the alleged collection of biometric data without consent.
- Data security takes center stage for the Federal Trade Commission.
Leading Stories
Study finds the risks of sharing health care data are lowMIT News (October 6, 2022)
"In a new study, a team of researchers led by MIT Principal Research Scientist Leo Anthony Celi has quantified the potential risk of [patient re-identification from means outside of an anonymized dataset] and found that it is currently extremely low relative to the risk of data breach. In fact, between 2016 and 2021, the period examined in the study, there were no reports of patient re-identification through publicly available health data."
- Leo Anthony Celi is the clinical research director and principal research scientist at the MIT Laboratory of Computational Physiology (LCP).
Texas sues Google for allegedly capturing biometric data of millions without consent
Reuters (October 20, 2022)
"Texas has filed a lawsuit against Alphabet's Google for allegedly collecting biometric data of millions of Texans without obtaining proper consent, the attorney general's office said in a statement on Thursday. The complaint says that companies operating in Texas have been barred for more than a decade from collecting people's faces, voices or other biometric data without advanced, informed consent."
Senator Questions Zuckerberg About Facebook’s Collection of “Sensitive Health Information”
The Markup (October 20, 2022)
"On Thursday—days after millions of patients across the country learned that their hospital may have leaked their medical information to Meta—Sen. Mark Warner (D-VA) requested that the tech giant answer questions about its pixel tracking tool and the sensitive personal data it collects."
$228 Million Privacy Ruling Against Rail Giant Is ‘Wake-Up Call’ for Third-Party Risk
The Wall Street Journal (October 21, 2022)
"Companies have paid out eye-popping sums in recent years to settle claims they violated Illinois’s biometric privacy law. Last week, a historic legal judgment against BNSF Railway Co. highlighted that data lapses by third-party contractors also don’t come cheap. A jury’s award of $228 million to truck drivers whose fingerprints were scanned without proper consent signaled that businesses can’t blame data violations on vendors, privacy lawyers say."
Government Watcher
Federal Trade Commission's Advance Notice of Proposed Rule on Commercial Surveillance and Data Security- Background: Unveiled on August 11, 2022, by the Federal Trade Commission (FTC) and published on August 22, 2022, in the Federal Register, this proposed rule on commercial surveillance and data security practices that harm consumers and competition is the first step toward creating national privacy and security rules that, if finalized, would apply across most sectors of the U.S. economy.
- Latest Developments:
FTC Extends Comment Deadline for ANPR Commercial Surveillance
The National Law Review (October 18, 2022)
"On October 14, 2022, the Federal Trade Commission announced it is extending the deadline by one month to submit comments on its Advanced Notice of Proposed Rulemaking (ANPRM) on commercial surveillance and lax data security practices." - Engage: The ANPRM asks for public comment on 95 questions, ranging from topics such as targeted advertising, security of personal information, algorithmic discrimination, and protection of children and teens.
- Deadline for ANPRM Comments is now November 21, 2022.
Experts Expound
Jamie Blackport, President of Privacy Hub by Datavant, offers a leadership perspective on the current state of privacy:
"It’s a daunting time for privacy—but that’s precisely because it’s also an exciting time. While the need to keep abreast of evolving laws and regulations does present a complex challenge for privacy professionals, the advent of new technological advancements and privacy-preserving technologies has amplified our impact in unprecedented ways. We see increasing possibilities of leveraging automation to ensure human experts can reach audiences of magnitudes several times larger than ever before—and that’s only one example of the burgeoning interconnectivity that presently characterizes our field. Because, today, I see the privacy world as a whole coming together. Instead of struggling independently, privacy professionals from around the globe are resorting to collaboration in order to create solutions and answers to the most pressing questions surrounding the protection of sensitive information. It's deeply invigorating, to witness our community’s unity in the service of crafting a world where the highest possible standards for privacy are upheld."
Food for Thought
Global healthcare fairness: We should be sharing more, not less, dataPLOS Digital Health (October 6, 2022)
Article by Kenneth P. Seastedt, Patrick Schwab, Zach O’Brien, Edith Wakida, Karen Herrera, Portia Grace F. Marcelo, Louis Agha-Mir-Salim, Xavier Borrat Frigola, Emily Boardman Ndulue, Alvin Marcelo, and Leo Anthony Celi
"The availability of large, de-identified health datasets has enabled significant innovation in using machine learning (ML) to better understand patients and their diseases. However, questions remain regarding the true privacy of this data, patient control over their data, and how we regulate data sharing in a way that that does not encumber progress or further potentiate biases for underrepresented populations. After reviewing the literature on potential reidentifications of patients in publicly available datasets, we argue that the cost—measured in terms of access to future medical innovations and clinical software—of slowing ML progress is too great to limit sharing data through large publicly available databases for concerns of imperfect data anonymization. This cost is especially great for developing countries where the barriers preventing inclusion in such databases will continue to rise, further excluding these populations and increasing existing biases that favor high-income countries. Preventing artificial intelligence’s progress towards precision medicine and sliding back to clinical practice dogma may pose a larger threat than concerns of potential patient reidentification within publicly available datasets. While the risk to patient privacy should be minimized, we believe this risk will never be zero, and society has to determine an acceptable risk threshold below which data sharing can occur—for the benefit of a global medical knowledge system."
- Authored by professionals in the areas of medicine, machine learning & AI, epidemiology, science & technology, and quality & patient safety, among others.
- Affiliations include Harvard Medical School, Harvard-MIT Division of Health Sciences & Technology, Northeastern University's Department of Journalism, Mbarara University of Science and Technology in Uganda, and Monash University in Australia.
BMC Medical Ethics (October 31, 2022)
Article by Phaik Yeong Cheah and Jan Piasecki
"The ownership status of individual-level health data affects the manner in which it is used. In this paper we analyze two competing models of the ownership status of the data discussed in the literature recently: private ownership and public ownership."
- Phaik Yeong Cheah is a Professor of Global Health and bioethicist at the University of Oxford. She is the founder and current head of Bioethics and Engagement at the Mahidol Oxford Tropical Medicine Research Unit (MORU).
- Jan Piasecki is an assistant professor at Jagiellonian University Medical College. He holds Master of Bioethics from Erasmus Mundus, a higher education cooperation program funded by the European Commission.
Best of the Rest
- BLOG:
Everything that happened in the synthetic data space in 2022
Medium (October 6, 2022)
"Over the past year, we saw notable growth in the synthetic data space and exciting market shifts. In this article, I’ve compiled updates from a year of market monitoring. Read about the new players, developments, and perspectives on how the ecosystem evolved."
Reach us at privacymatters.privacyhub@datavant.com
