3:00—4:30 p.m., Room 102B
The Administration’s initiative to release government data to stimulate the development of innovative health technologies presents important new opportunities to improve individual and population health. At the same time, the increased access, use and disclosure of personal information characterized by the new health data ecosystem introduces risks to the privacy and security of this data. Failure to appropriately address these risks through policies and best practices could jeopardize the public’s willingness to trust and take advantage of new health technologies. The session will explore the current state of the law, new federal consumer privacy policy initiatives, and recommended best practices that will build trust and enable us to leverage data for individual and public benefit.
Facilitator:
Deven McGraw, J.D., L.L.M., M.P.H., Director of the Health Privacy Project, Center for Democracy & Technology
Panelists:
Cora Tung Han, J.D., Attorney, Division of Privacy and Identity Protection, Federal Trade Commission
Marcia Tal, Founder, Tal Solutions
Fred Trotter, Director of Technology, Cautious Patient Foundation; Author, Meaningful Use and Beyond
Colin Zick, J.D., Partner and Co-Chair of Security and Privacy Practice, Foley Hoag L.L.P.
Colin Zick: HIPAA was about Electronic Data Interchange and the Privacy aspects were a sop to privacy advocates.
Watch out for the term: PII (Personally Identifiable Information)
FTC: the question is when information can be linked to a person or device.
Data is not reasonably linkable if:
- De-identifies data
- Doesn't try to re-constitute the data
- Prevent downstream users from re-identifying data.
Principles:
1. Privacy by Design
2. Reasonable collection limits
3. Sound management and disposal rules
Fred Trotter: People don't care about privacy because they don't understand the implications of a lack of privacy.
Doesn't this create a growing conflict of interest as we see the emergence of mega banks that offer a range of services that can benefit from knowing a detailed background on their customers.
Fair Credit Reporting Act: protects against data-based discrimination.
If in 2012 we still have doctor's practices that are refusing to share a patient's health data with a patient then we still have a big challenge ahead.
Facebook are now asking if you are an organ donor. That is a health decision that is then being shared with friends.
Is location the last bastion of privacy? It is the data that can pull everything else together.
New HIPAA rules could extend the requirements for patients to have access to report that discloses who has accessed their Health Record.
- The access report provision.
The technology can't distinguish between access and disclosure.
Closing Thoughts:
Fred: We want control but we want data to flow easily.
Marcia: Let the trusted experts take care of it
Colin: Eat your broccoli, don't get sick and ask for a copy of your medical record,