November 3, 2009

Do not be afraid, dear reader, I have not lost my way. The title of this fillip refers to health related data, not to health insurance. In my 2007 Halloween issue, I invoked Dr Deborah Peel's authority (1) to suggest this data may be already public. In a more sobber setting, Julia Reischel reminds us the federal mandate (2) to report security breaches concerning patient data will be enforced come February (*).

Shining the light upon the results of human failure and criminal piracy is a useful measure. While patients may soon succomb to breach fatigue, would my credit card company have replaced my card so often without the increased awareness which followed similar public disclosure rules?

Not that we should harbor too many illusions about the speed at which we can change the privacy debate.

Take Betty Ostergren's crusade against the carelessness of government agencies regarding Social Security Numbers. As a hook, she displays the SSN's of those responsible for the situation. Virginia passed a Lady Godiva law in 2008 to forbid her to publish SSN's it had itself released to the public. It is comforting to read Juge Robert E. Payne's opinion ruling in her favor (**). "If the State wishes to claim that the confidentiality of a certain piece of information is a State interest of the highest order, then the State should not make that information publicly available."

Please let the reality sink in. First it took a year for Mrs Ostergren to achieve her victory and Virginia has appealed, naturally. The situation on the ground meanwhile is depressing. True, Virginia now has a plan to scrub SSN's from its online records but lacks the money to implement it promptly and concedes, "even after completion, [it] will leave over 60,000 SSN's available for public view", mostly from overlooked land records.

Virginia is but another illustration that ePrivacy is all about money. "The impetus for placing [...] land records online came principally from the real estate industry because to do so facilitated real estate transactions of all sorts". Guess who pays the campaign bills of Virginia local officials?

That money matters is only natural. My own practical contribution to the debate has been to develop a software platform for confidential interactions over the Internet (3). The inescapable challenge is to find the right business model to deliver its benefits to users. Unfortunately, as long as privacy is perceived as a cost rather than a profit center, it will suffer the fate of SSN's in Virginia, innocent victims of larger economic struggles.

In response, these fillips attempt to understand what gives information its value. Isn't today's situation both frightening and paradoxical? Frightening, because too many current business models are unsustainable, either overcharging for information reproduction or appropriating personal data and reselling it wholesale, whether in fact or in hope per the Micawber variant. Paradoxical, for information has no exchange value unless it be difficult to find. As a result intellectual property creators grope for new sources of funding while insider trading rings prosper as long as they are not detected.

If my theoretic approach is impressionistic, it may be because I find inspiration in the news. It is also due to the progressive unfolding of the information revolution. Some news are old hat and then come news which suggest putting new brush strokes to my canvass.

At first glance the Galleon shipwreck is another case of insider trading. We know secret information can be worth millions before becoming public. But read Henny Sender's dispatch (***). The hedge fund also "paid hundreds of millions of dollars a year to its Wall Street banks and regularly received market information in return that would not have been disclosed to most investors". When John Gapper speaks of "conflicts of interest in investment banks managing an opaque cocktail of their own" (****), count on this valuable "market colour" to be part of the mix.

As long as capturing such meta information is legal, nothing prevents market intermediaries to resell it. Split from their proprietary trading arm, bank brokers would just externalize trades on "color" as they did with Galleon. But should market intermediaries allowed to observe market activity for their own gain? Aren't these intermediaries paid by their clients to serve them rather than themselves. This is the fundamental conflict of interest.

Markets are but one example, think of social networks. Our Information Age promotes sharing and the more we share the more meta information we generate. Shouldn't users be allowed to control those who control the sharing platform? Focusing our theoretic approach on health data, what about Sermo, the physicians' social site, what about medical studies? Can user data remain free when it profits those to whom it is entrusted?

Quoted by Natasha Singer (*****), George Hill, an analyst, estimates "by 2020, [...] data mining [of patient data in the United States] could generate sales of up to $5 billion". Based on Betty Ostergren's experience, HIPAA might be less about keeping health data private as it is about enabling its exploitation by public companies.

True, HIPAA requires patient data to be severely scrubbed to eliminate personally identifiable information (2). But, as Deborah Peel remarks, "there are no current federal laws against re-identification" even though data aggregation makes re-identification easier by the day. Under the pen name Dissent, a privacy advocate considers this threat unproven (******). "There is no example of a database that has been properly de-identified being re-identified". Dissent may well dispute the specific cases provided by Paul Ohm but his conclusion is too tautological to be trusted. Can one define "properly de-identified" other than by "not yet re-identified"?

In fact a data bubble inflates as we speak. HIPAA requires those under its purview not to "have actual knowledge that the information [released] could be used alone or in combination with other information to identify an individual who is a subject of the information" (2). But as Dissent says, there is no such actual knowledge today. So our health data can be legally released and, when Paul Ohm's warnings are finally fulfilled, it will be too late to keep it from the public. The bubble will burst and trust turn to bust.

If health data violation is bound to be a nosocomial disease, should we close the hospitals? As Paul Ohm suggests, the solution is rather to better balance the risks to privacy and the benefits of sharing. But how can a balance be struck when the risks are born by the patients and the benefits by the data processors? Some will argue that patients will reap benefits too. If so, why not give them authority over their own data? And if patient data is to be socialized "without just compensation", why allow those who process it to reap any profit from it?

Pending better business models, the public option is fast becoming a reality for health data in the US. And the public has no option about it.

Philippe Coueignoux

• (*) ........... New HIPAA regs require notice of a 'data breach', by Julia Reischel (Massachusetts Medical Law Report) - Autumn, 2009
• (**) ......... Betty J. Ostergren v. Robert F. McDonnell, by Judge Robert E. Payne (US District Court - Eastern District of Virginia) - June 2, 2009
• (***) ....... Galleon paid banks millions for 'edge', by Henny Sender (Financial Times) - October 29, 2009
• (****) ..... A three-way split is the most logical, by John Gapper (Financial Times) - October 29, 2009
• (*****) ... When 2+2 Equals a Privacy Question, by Natasha Singer (New York Times) - October 18, 2009
• (******) . Has there been a failure of anonymization?, by Dissent (PogoWasRight.org) - August 24, 2007
• (1) see Patient Privacy Rights, the advocacy site founded by Dr Deborah Peel
• (2) for details, check out the links listed in Handling of Medical Records from our lectures on Liabilities and Vulnerabilities in the Information Age.
• (3) see ePrio's summary presentation