Just as big data and analytics are leading to advances in healthcare delivery, they too are opening new ways for bad actors to exploit privacy holes and steal patient data.
Governments around the world have been releasing huge troves of “anonymized” patient data in an effort to jumpstart a healthcare revolution. But researchers have found that such anonymized data can now also be further massaged to re-identify individuals.
Tehilla Shwartz Altshuler makes the case for tougher medical privacy protections in this post from TechCrunch:
The working assumption of the policy documents is that as long as we are dealing with an anonymized data set, there is no need to require the active consent of individuals whose data is contained in it, but only to allow deletion from the data set upon explicit request. Let’s face it: Most of us are not experts in this domain, will not be aware of the dangers involved and will not be interested in something that seems to be complicated. How convenient…
The ability to take an anonymized data set of cellphone locations, for example, and use it to identify individuals was already demonstrated in 2013 in an article published in Nature. In Germany, researchers discovered that an anonymous internet search history could be linked to an actual identity. An extensive investigation by The New York Times recently showed how it is possible to reconstruct identifying information from anonymous smartphone app data. As the trail of digital crumbs we leave behind grows longer, the ability to re-identify “anonymous” data sets increases.
In the best-case scenario, those who extract information about us will be our bosses, who want to know if we were really home with the flu the day we called in sick; or law-enforcement agencies searching for a criminal. In the worst, politicians seeking to embarrass an opponent, insurance agents or advertising executives who want to convince us to buy a specific product or change our views of a candidate for office.
To put it bluntly, anyone who releases a medical database today without obtaining individuals’ consent for the use of their health records, with the excuse that the information is anonymous, is conning us. What validity can there be to a promise of anonymity in a world of ready re-identification? Decision-makers need to re-evaluate the risks involved, weighing the costs against the benefits, while considering privacy to be an immutable value, a basic human right and a precondition for the ability to realize one’s autonomy, independent thought and the democratic process — not a constraint.