Legal Solutions in Health Reform: Privacy and Health Information Technology

Identifies gaps in the federal health privacy standard and proposes options for strengthening the legal framework for privacy protections in order to build public trust in health information technology. Presents arguments for and against each option

Privacy and Health Information Technology

The increased use of health information technology (health IT) is a common element of nearly every health reform proposal because it has the potential to decrease costs, improve health outcomes, coordinate care, and improve public health. However, it raises concerns about security and privacy of medical information. This paper examines some of the “gaps” in privacy protections that arise out of the current federal health privacy standard, the Health Insurance Portability and Accountability (HIPAA) Privacy Rule, the main federal law which governs the use and disclosure of health information. Additionally, it puts forth a range of possible solutions, accompanied by arguments for and against each. The solutions provide some options for strengthening the current legal framework of privacy protections in order to build public trust in health IT and facilitate its use for health reform. The American Recovery and Reinvestment Act (ARRA) enacted in February 2009 includes a number of changes to HIPAA and its regulations, and those changes are clearly noted among the list of solutions (and ARRA is indicated in the Executive Summary and paper where the Act has a relevant provision)

Creation of public use files: lessons learned from the comparative effectiveness research public use files data pilot project

In this paper we describe lessons learned from the creation of Basic Stand Alone (BSA) Public Use Files (PUFs) for the Comparative Effectiveness Research Public Use Files Data Pilot Project (CER-PUF). CER-PUF is aimed at increasing access to the Centers for Medicare and Medicaid Services (CMS) Medicare claims datasets through PUFs that: do not require user fees and data use agreements, have been de-identified to assure the confidentiality of the beneficiaries and providers, and still provide substantial analytic utility to researchers. For this paper we define PUFs as datasets characterized by free and unrestricted access to any user. We derive lessons learned from five major project activities: (i) a review of the statistical and computer science literature on best practices in PUF creation, (ii) interviews with comparative effectiveness researchers to assess their data needs, (iii) case studies of PUF initiatives in the United States, (iv) interviews with stakeholders to identify the most salient issues regarding making microdata publicly available, and (v) the actual process of creating the Medicare claims data BSA PUFs

Hacking HIPAA: Best Practices for Avoiding Oversight in the Sale of Your Identifiable Medical Information

In light of the confusion invited by applying the label de-identified to information that can be used to identify patients, it is paramount that regulators, compliance professionals, patient advocates and the general public understand the significant differences between the standards applied by HIPAA and those applied by permissive de-identification guidelines. This Article discusses those differences in detail. The discussion proceeds in four Parts. Part II (HIPAA’s Heartbeat: Why HIPAA Protects Identifiable Patient Information) examines Congress’s motivations for defining individually identifiable health information broadly, which included to stop the harms patients endured prior to 1996 arising from the commercial sale of their medical records. Part III (Taking the I Out of Identifiable Information: HIPAA’s Requirements for De-Identified Health Information) discusses HIPAA’s requirements for de-identification that were never intended to create a loophole for identifiable patient information to escape HIPAA’s protections. Part IV (Anatomy of a Hack: Methods for Labeling Identifiable information De-Identified ) examines the goals, methods, and results of permissive de-identification guidelines and compares them to HIPAA’s requirements. Part V (Protecting Un-Protected Health Information) evaluates the suitability of permissive de-identification guidelines, concluding that the vulnerabilities inherent in their current articulation render them ineffective as a data protection standard. It also discusses ways in which compliance professionals, regulators, and advocates can foster accountability and transparency in the utilization of health information that can be used to identify patients

Not So Private

Federal and state laws have long attempted to strike a balance between protecting patient privacy and health information confidentiality on the one hand and supporting important uses and disclosures of health information on the other. To this end, many health laws restrict the use and disclosure of identifiable health data but support the use and disclosure of de-identified data. The goal of health data de-identification is to prevent or minimize informational injuries to identifiable data subjects while allowing the production of aggregate statistics that can be used for biomedical and behavioral research, public health initiatives, informed health care decision making, and other important activities. Many federal and state laws assume that data are de-identified when direct and indirect demographic identifiers such as names, user names, email addresses, street addresses, and telephone numbers have been removed. An emerging reidentification literature shows, however, that purportedly de-identified data can—and increasingly will—be reidentified. This Article responds to this concern by presenting an original synthesis of illustrative federal and state identification and de-identification laws that expressly or potentially apply to health data; identifying significant weaknesses in these laws in light of the developing reidentification literature; proposing theoretical alternatives to outdated identification and de-identification standards, including alternatives based on the theories of evolving law, nonreidentification, non-collection, non-use, non-disclosure, and nondiscrimination; and offering specific, textual amendments to federal and state data protection laws that incorporate these theoretical alternatives

Privacy Preservation in Releasing Patient Data

When patient data are shared for studying a specific disease, a privacy disclosure occurs as long as an individual is known to be in the shared data. Individuals in such specific disease data are thus subject to higher disclosure risk than those in datasets with different diseases. This problem has been overlooked in privacy research and practice. In this study, we analyze disclosure risks for this problem and identify appropriate risk measures. An efficient algorithm is developed for anonymizing the data. An experimental study is conducted to demonstrate the effectiveness of the proposed approach

Sharing Patient Disease Data with Privacy Preservation

When patient data are shared for studying a specific disease, a privacy disclosure occurs as long as an individual is known to be in the shared data. Individuals in such specific disease data are thus subject to higher disclosure risk than those in datasets with different diseases. This problem has been overlooked in privacy research and practice. In this study, we analyze disclosure risks for this problem and identify appropriate risk measures. An efficient algorithm is developed for anonymizing the data. An experimental study is conducted to demonstrate the effectiveness of the proposed approach

The Data Breach Dilemma: Proactive Solutions for Protecting Consumers’ Personal Information

Data breaches are an increasingly common part of consumers’ lives. No institution is immune to the possibility of an attack. Each breach inevitably risks the release of consumers’ personally identifiable information and the strong possibility of identity theft. Unfortunately, current solutions for handling these incidents are woefully inadequate. Private litigation like consumer class actions and shareholder lawsuits each face substantive legal and procedural barriers. States have their own data security and breach notification laws, but there is currently no unifying piece of legislation or strong enforcement mechanism. This Note argues that proactive solutions are required. First, a national data security law—setting minimum data security standards, regulating the use and storage of personal information, and expanding the enforcement role of the Federal Trade Commission—is imperative to protect consumers’ data. Second, a proactive solution requires reconsidering how to minimize the problem by going to its source: the collection of personally identifiable information in the first place. This Note suggests regulating companies’ collection of Social Security numbers, and, eventually, using a system based on distributed ledger technology to replace the ubiquity of Social Security numbers

Going Rogue: Mobile Research Applications and the Right to Privacy

This Article investigates whether nonsectoral state laws may serve as a viable source of privacy and security standards for mobile health research participants and other health data subjects until new federal laws are created or enforced. In particular, this Article (1) catalogues and analyzes the nonsectoral data privacy, security, and breach notification statutes of all fifty states and the District of Columbia; (2) applies these statutes to mobile-app-mediated health research conducted by independent scientists, citizen scientists, and patient researchers; and (3) proposes substantive amendments to state law that could help protect the privacy and security of all health data subjects, including mobile-app-mediated health research participants

Citizen Science: The Law and Ethics of Public Access to Medical Big Data

Patient-related medical information is becoming increasingly available on the Internet, spurred by government open data policies and private sector data sharing initiatives. Websites such as HealthData.gov, GenBank, and PatientsLikeMe allow members of the public to access a wealth of health information. As the medical information terrain quickly changes, the legal system must not lag behind. This Article provides a base on which to build a coherent data policy. It canvasses emergent data troves and wrestles with their legal and ethical ramifications. Publicly accessible medical data have the potential to yield numerous benefits, including scientific discoveries, cost savings, the development of patient support tools, healthcare quality improvement, greater government transparency, public education, and positive changes in healthcare policy. At the same time, the availability of electronic personal health information that can be mined by any Internet user raises concerns related to privacy, discrimination, erroneous research findings, and litigation. This Article analyzes the benefits and risks of health data sharing and proposes balanced legislative, regulatory, and policy modifications to guide data disclosure and use