WEBVTT - “I’ve Given Up on the Idea of Privacy” 0:00:02.759 --> 0:00:05.960 Every day you're generating data about your health. You might 0:00:06.000 --> 0:00:08.600 not even be aware of it. Maybe your phone counts 0:00:08.600 --> 0:00:11.680 how many steps you take. Maybe your watch measures your 0:00:11.680 --> 0:00:14.920 pulse or your heart rhythm, or you use an app 0:00:14.960 --> 0:00:18.160 to track your exercise or diet, and that doesn't even 0:00:18.239 --> 0:00:22.000 count your medical data, the records that doctors and insurance 0:00:22.000 --> 0:00:25.680 companies and pharmacies keep about all of us. All that 0:00:25.760 --> 0:00:34.360 data goes somewhere, and it's valuable to someone. Welcome to Prognosis, 0:00:34.600 --> 0:00:38.440 Bloomberg's podcast about the intersection of health and technology and 0:00:38.479 --> 0:00:42.240 the unexpected places it's taking us. I'm your host Michelle 0:00:42.240 --> 0:00:46.680 fay Cortes. The amount of health data is increasing fast, 0:00:47.479 --> 0:00:50.800 from medical records, to health apps and devices, to our 0:00:50.840 --> 0:00:54.640 shopping habits and online browsing. Every day we leave digital 0:00:54.680 --> 0:00:59.240 footprints revealing intimate aspects of our lives. That comes with 0:00:59.280 --> 0:01:03.120 benefits and risks. But no one has sorted it all 0:01:03.120 --> 0:01:06.240 out yet and lost protect people haven't caught up with 0:01:06.280 --> 0:01:10.400 the advances in technology. Having all that data promises to 0:01:10.440 --> 0:01:13.440 help researchers come up with new treatments, and it can 0:01:13.480 --> 0:01:17.039 improve doctor's care. But the risk is that personal information 0:01:17.200 --> 0:01:21.320 you'd rather keep to yourself could be exposed. Here's Bloomberg's 0:01:21.319 --> 0:01:27.600 health reporter John Tazzi. Good afternoon, Thank you for calling 0:01:27.640 --> 0:01:32.119 Anthem Member services. My name is Kathy. How can I help? Hi, Kathy, 0:01:32.280 --> 0:01:35.440 my name is John Tazzi. I'm a reporter with Bloomberg 0:01:35.480 --> 0:01:37.839 News and I'm recording this for a story about medical 0:01:37.920 --> 0:01:41.080 data and privacy. Um. I'm an ANTHEM member and I'd 0:01:41.120 --> 0:01:43.600 like to request a list of who Anthem has shared 0:01:43.600 --> 0:01:50.280 my personal information with. So you're a reporter with Bloomberg correct, Okay, 0:01:50.400 --> 0:01:52.640 and you are inquired. I recently learned that I have 0:01:52.720 --> 0:01:55.600 the right to ask my health insurance company what they're 0:01:55.600 --> 0:01:58.680 doing with my data. It's one of the rights given 0:01:58.680 --> 0:02:02.400 to me under a law called HIPPA. HIPPA stands for 0:02:02.480 --> 0:02:06.720 the Health Insurance Portability and Accountability Act. It was passed 0:02:08.120 --> 0:02:10.440 and it's the main law in the United States that 0:02:10.560 --> 0:02:14.080 governs what medical providers and insurance companies can do with 0:02:14.120 --> 0:02:17.600 our healthcare data. HIPPA determines how medical data can be 0:02:17.639 --> 0:02:22.000 shared and what happens if it's shared improperly. It also 0:02:22.040 --> 0:02:24.560 gives people rights over their data, like the right to 0:02:24.560 --> 0:02:27.120 get a copy of your medical record or to find 0:02:27.160 --> 0:02:29.359 out how your data has been shared with other parties, 0:02:30.000 --> 0:02:33.840 but HIPPA doesn't cover everything. There is the idea, and 0:02:33.880 --> 0:02:39.600 it is extremely widespread that health information is inherently going 0:02:39.639 --> 0:02:43.560 to be protected by some law somewhere, but it's not true, 0:02:43.720 --> 0:02:46.400 not at all. This is Pam Dixon. I am the 0:02:46.440 --> 0:02:49.920 executive director of the World Privacy Forum, we're a public 0:02:49.960 --> 0:02:53.040 interest research group, and has been a privacy advocate for 0:02:53.120 --> 0:02:56.720 twenty years. She told me that people often assume there's 0:02:56.720 --> 0:03:00.400 some kind of automatic protection for health data. That's not 0:03:00.560 --> 0:03:04.920 the case. People universally believe that their health data, no 0:03:04.960 --> 0:03:08.960 matter where it is, has some form of legal protection 0:03:09.200 --> 0:03:14.000 and is somehow magically confidential. HIPPA applies to the records 0:03:14.040 --> 0:03:17.800 that your doctor, other medical providers, and your insurance plan hold, 0:03:18.560 --> 0:03:21.200 But more and more data about our health isn't just 0:03:21.320 --> 0:03:25.000 in medical records. HIPPO covered data is a smaller and 0:03:25.080 --> 0:03:28.679 smaller percentage of all of the health data that's out 0:03:28.680 --> 0:03:33.160 there now, And it is so so important for folks 0:03:33.200 --> 0:03:37.520 to understand this because much of the health data that's 0:03:37.720 --> 0:03:41.840 that we're working with today is not covered under HIPPO protections. 0:03:42.680 --> 0:03:46.720 Here's one famous example. Journalist Charles J. Hig reported that 0:03:46.840 --> 0:03:51.360 target used detailed profiles of customers to predict when women 0:03:51.400 --> 0:03:54.560 became pregnant, and then the company sent them promotions for 0:03:54.600 --> 0:03:57.880 baby cones or diapers. The result was creepy in the 0:03:57.880 --> 0:04:00.440 best case, and in the worst case, could have revealed 0:04:00.440 --> 0:04:05.040 information they may not have wanted public. Increasingly, health data 0:04:05.200 --> 0:04:09.800 is being collected by technology companies, data brokers, advertisers, and 0:04:09.920 --> 0:04:13.080 other entities that are not subject to hip hop, and 0:04:13.160 --> 0:04:16.320 it's being used and may be misused in ways that 0:04:16.400 --> 0:04:20.359 a lot of people don't understand. Think about the apps 0:04:20.360 --> 0:04:23.280 on your phone. Maybe you have something to track your 0:04:23.320 --> 0:04:26.040 steps or to log what foods you eat or when 0:04:26.080 --> 0:04:29.960 you exercise. Unless those apps come from your medical provider 0:04:30.080 --> 0:04:33.320 or health plan, they're not covered by HIPPA, and that 0:04:33.360 --> 0:04:36.000 means that the company is collecting your data are far 0:04:36.080 --> 0:04:39.040 less restricted in how they use it, and how they 0:04:39.160 --> 0:04:42.920 use it may not always be transparent. A study published 0:04:42.920 --> 0:04:46.160 in the journal Drama Network Open in April looked at 0:04:46.200 --> 0:04:49.200 thirty six top apps to help people with depression and 0:04:49.279 --> 0:04:53.320 quitting smoking. Of them, we're sending data to Google or 0:04:53.360 --> 0:04:58.600 Facebook for marketing, advertising, or analytics, But less than half 0:04:58.640 --> 0:05:03.200 of those apps disclosed that. The authors wrote most apps 0:05:03.320 --> 0:05:06.400 offered users no way to anticipate that data will be 0:05:06.440 --> 0:05:09.920 shared in this way. As a result, users are denied 0:05:09.960 --> 0:05:14.520 an informed choice about whether such sharing is acceptable to them. 0:05:14.560 --> 0:05:16.480 This is the kind of risk that has some people 0:05:16.680 --> 0:05:20.760 really worried. Even though some privacy advocates think hipp as 0:05:20.760 --> 0:05:24.960 protections should be stronger, they're a good start. It's the 0:05:25.000 --> 0:05:28.080 world of data beyond hip as reach that we need 0:05:28.120 --> 0:05:31.400 to pay a lot more attention to. Because of the 0:05:31.480 --> 0:05:36.359 lack of UH sort of a uniform standard across the 0:05:36.400 --> 0:05:39.480 country with regard to data that it isn't protected by 0:05:39.600 --> 0:05:44.400 hippa UM, there are concerns about the privacy, particularly of 0:05:44.480 --> 0:05:48.480 health data. This is Aleana Peters. I'm currently a shareholder 0:05:48.600 --> 0:05:52.040 at Pulsonelli, which is a national law firm. Aliana worked 0:05:52.040 --> 0:05:54.800 for the federal government for about twelve years. She wrote 0:05:54.800 --> 0:05:57.640 and enforced hippa regulations before she went to work for 0:05:57.680 --> 0:06:01.719 a private law firm in twenty bike PAM. She's concerned 0:06:01.760 --> 0:06:04.960 about the growing volume of health data that hippo doesn't cover. 0:06:05.360 --> 0:06:08.760 The information that your employer holds about you related to 0:06:08.800 --> 0:06:12.000 your health would not be protected by hippa UM. The 0:06:12.080 --> 0:06:15.200 information that you share with social media about your health 0:06:15.360 --> 0:06:19.040 or the groups that you participate in on social media 0:06:19.120 --> 0:06:23.279 about health issues is not protected. There are applications that 0:06:23.320 --> 0:06:26.840 are direct to consumer. That means they are marketed directly 0:06:26.880 --> 0:06:30.360 to consumers and have everything to do with you know, 0:06:30.839 --> 0:06:36.920 weight loss, to disease management, UM to disease prevention, because 0:06:36.920 --> 0:06:40.159 they're marketed directly to a consumer and don't ever interact 0:06:40.320 --> 0:06:43.159 with a healthcare provider on their behalf or with a 0:06:43.200 --> 0:06:46.720 health plan that would not be covered by hippa UM. 0:06:46.800 --> 0:06:50.479 So there's a there's a huge amount of healthcare data 0:06:51.080 --> 0:06:55.080 UM out there that isn't actually covered by a standard 0:06:55.200 --> 0:06:58.880 set of legal requirements. Here are some of the ways 0:06:58.880 --> 0:07:01.960 you might be revealing data without knowing it. You use 0:07:01.960 --> 0:07:04.159 a credit card to buy a pregnancy test at a 0:07:04.200 --> 0:07:07.840 retail drug store. You order new pants online, revealing your 0:07:07.839 --> 0:07:12.040 waist size. You search Google for symptoms of anxiety. You 0:07:12.080 --> 0:07:15.520 subscribe to a magazine about diabetes. You use an app 0:07:15.560 --> 0:07:18.400 to track your morning runs. You take a direct to 0:07:18.480 --> 0:07:22.120 consumer DNA test, You take an uber to your therapist's 0:07:22.200 --> 0:07:26.600 office at the same time each week. Just because information 0:07:26.640 --> 0:07:29.760 about your health could be gleaned from these activities doesn't 0:07:29.760 --> 0:07:33.240 mean it will be the problem is. We often don't 0:07:33.280 --> 0:07:35.960 have a very good idea of where this data ends 0:07:36.040 --> 0:07:39.440 up after it's collected. Some of it could end up 0:07:39.440 --> 0:07:42.360 in the hands of data brokers. Data brokers are a 0:07:42.440 --> 0:07:45.920 multibillion dollar industry made up of thousands of companies that 0:07:46.000 --> 0:07:49.520 you've probably never heard of. They compile information about people 0:07:49.560 --> 0:07:52.960 and sell it to marketers. They collect information from public 0:07:52.960 --> 0:07:55.880 records and even that data that you might not realize 0:07:55.880 --> 0:07:59.520 you're making, like your retail purchases, what groups you belong to, 0:07:59.600 --> 0:08:03.400 online magazines and services you subscribe to, and information you 0:08:03.440 --> 0:08:07.720 fill out in surveys or online registrations. They take all 0:08:07.760 --> 0:08:10.880 of this information and make lists of people for marketers 0:08:10.920 --> 0:08:14.120 to target. In testimony before the Senate Commerce Committee, in 0:08:15.280 --> 0:08:19.080 Pam the Privacy Advocate described how the data broker industry 0:08:19.200 --> 0:08:22.600 tracks people by the diseases they have and the medicines 0:08:22.680 --> 0:08:26.720 they take. There are lists of millions of people that 0:08:26.800 --> 0:08:30.960 are categorized by the diseases that they have, ranging from 0:08:31.000 --> 0:08:37.559 cancer to bed wedding, Alzheimer's terrible diseases, some of them benign, 0:08:37.640 --> 0:08:40.560 some of them relating to mental illness. There are lists 0:08:40.800 --> 0:08:45.400 of millions of people and what prescription drugs that they take, 0:08:46.559 --> 0:08:52.320 and these lists exist entirely outside of hip hop, outside 0:08:52.360 --> 0:08:55.720 of what hip hop o the any kind of federal 0:08:56.080 --> 0:09:00.280 health protection. Pam told Congress about some lists that the 0:09:00.360 --> 0:09:04.080 darker sides of this business model. They included lists of 0:09:04.200 --> 0:09:08.440 rape victims and people with genetic diseases. She found lists 0:09:08.480 --> 0:09:11.520 for sale of people who had HIV and aids, of 0:09:11.559 --> 0:09:14.920 people with dementia, and of people with alcohol or drug addiction. 0:09:15.600 --> 0:09:19.360 There were lists of domestic violence victims and police officers 0:09:19.400 --> 0:09:23.560 home addresses. The list of rape victims cost less than 0:09:23.600 --> 0:09:27.360 eight cents per name. Pam said that some of these 0:09:27.400 --> 0:09:29.840 lists were taken down within an hour or two of 0:09:29.880 --> 0:09:33.319 her testimony, but most of them have reappeared at some point, 0:09:33.600 --> 0:09:37.040 and six years after her testimony, she says not much 0:09:37.040 --> 0:09:41.040 has changed. The data. Broker dossiers are often described as 0:09:41.080 --> 0:09:44.720 marketing lists, but Pam said that doesn't necessarily mean the 0:09:44.760 --> 0:09:47.640 buyers or marketers, and it also doesn't mean that the 0:09:47.720 --> 0:09:52.280 lists are used as they're intended. For example, employers or 0:09:52.320 --> 0:09:55.760 insurance companies could also be buying and using this data. 0:09:55.960 --> 0:09:59.559 There's no law against this, So all of this points 0:09:59.600 --> 0:10:02.800 to a knee for more protection. The laws we have 0:10:03.120 --> 0:10:07.160 just don't reach far enough. But despite its limits, HIPPA 0:10:07.200 --> 0:10:14.240 does provide a good framework for where to start. Here's 0:10:14.280 --> 0:10:17.600 the good news. When data is covered by HIPPA, the 0:10:17.679 --> 0:10:22.520 law gives people important protections. Healthcare providers and insurance plans 0:10:22.520 --> 0:10:27.040 are barred from disclosing individually identifiable data under HIPPOP and 0:10:27.080 --> 0:10:30.240 it goes further. As you might remember, the law also 0:10:30.280 --> 0:10:34.640 grounds people rights over their data. It gives people seven 0:10:34.720 --> 0:10:39.000 different rights, and the rights are really important because before 0:10:39.080 --> 0:10:42.679 HIPPA there were huge problems. Pam says, it was really 0:10:42.720 --> 0:10:45.240 difficult to get a copy of your own medical records 0:10:45.280 --> 0:10:49.800 before HIPPA. Before HIPPA, good luck getting a consistent copy 0:10:50.040 --> 0:10:53.160 of your health file. It wasn't a legal requirement anywhere, 0:10:53.240 --> 0:10:56.320 so you you can predict what was happening prior to HIPPO. 0:10:56.360 --> 0:10:59.800 It was a disaster trying to get your health information. 0:11:00.120 --> 0:11:01.880 It also gives you the right to know if someone 0:11:01.920 --> 0:11:04.600 has subpoenaed your medical records, which might happen in a 0:11:04.679 --> 0:11:07.960 nasty divorce case, for example. And it gives you the 0:11:08.040 --> 0:11:11.800 right to request an accounting of disclosures that's the list 0:11:11.840 --> 0:11:13.920 of who your doctor or health plan has shared your 0:11:13.960 --> 0:11:16.760 medical records with. The list that I'm trying to get 0:11:16.840 --> 0:11:20.920 from Anthem. HIPPA also sets the rules for what those 0:11:21.040 --> 0:11:23.800 entities can do with your data. They can't just make 0:11:23.840 --> 0:11:26.880 it public. They can't tell a reporter or your employer 0:11:27.120 --> 0:11:30.280 or a family member about your diagnosis, your treatment, or 0:11:30.320 --> 0:11:34.920 any other private information without your permission. HIPPA does allow 0:11:35.000 --> 0:11:38.320 medical providers and health plans to release data if it's 0:11:38.520 --> 0:11:43.400 de identified. That means removing information like your name, address, 0:11:43.600 --> 0:11:48.240 precise zip code, and other details. This d identified data 0:11:48.360 --> 0:11:51.320 can be used for research. It can also be sold. 0:11:51.800 --> 0:11:54.680 For example, when drug companies want to know which doctors 0:11:54.679 --> 0:11:57.839 are writing the most prescriptions for their medications, they pay 0:11:57.960 --> 0:12:02.079 data brokers who collect that information. Then pharmaceutical companies can 0:12:02.120 --> 0:12:05.680 send their salespeople to doctors who are the highest volume prescribers. 0:12:06.840 --> 0:12:09.240 The data they're buying doesn't have your name on it, 0:12:09.720 --> 0:12:14.040 but it does represent you aggregated with other people, and 0:12:14.160 --> 0:12:19.720 once it's de identified, it's no longer bound by hippa's protections. 0:12:19.760 --> 0:12:23.280 Some privacy advocates I talked to described this as a 0:12:23.400 --> 0:12:27.160 violation of privacy. The fact that you can't control de 0:12:27.400 --> 0:12:31.439 identified versions of your data is really troubling to some people. 0:12:32.200 --> 0:12:35.160 It's especially concerning because of the risk that some de 0:12:35.320 --> 0:12:39.280 identified data could be re identified that it could be 0:12:39.320 --> 0:12:43.240 matched back to you as an individual. Most experts I 0:12:43.320 --> 0:12:47.360 talked to said that this risk is real, but small. Still, 0:12:47.520 --> 0:12:51.640 the odds of being reidentified have increased since HIPPA was 0:12:51.720 --> 0:12:56.679 first passed in the Here's PAM. The world has changed. 0:12:57.200 --> 0:13:01.400 So back then, I mean, the statistic chance of reidentifying 0:13:01.440 --> 0:13:06.560 records was enormously low. Now the chance of reidentifying records 0:13:06.679 --> 0:13:10.080 is a little bit easier because computing power has advanced 0:13:10.320 --> 0:13:13.600 so much and there's so many more data sets that 0:13:13.640 --> 0:13:18.400 allow for more identifiability. But there are also benefits to 0:13:18.480 --> 0:13:23.040 making de identified data available. Medical researchers rely on it 0:13:23.120 --> 0:13:27.120 to learn about how to improve care, public health officials 0:13:27.200 --> 0:13:30.760 use it to track epidemics and trends in population health, 0:13:31.280 --> 0:13:34.600 and as a journalist, I often cite research or findings 0:13:34.640 --> 0:13:37.240 based on this kind of data, from how common certain 0:13:37.280 --> 0:13:40.800 medical procedures are to how often a new drug is prescribed. 0:13:41.920 --> 0:13:45.400 I work in privacy and I definitely have an opinion 0:13:45.440 --> 0:13:49.720 on privacy. I'm I'm for privacy and something that was 0:13:49.880 --> 0:13:52.880 very hard for me to learn and it took years. 0:13:53.559 --> 0:13:58.760 UM was the value of releasing data. Pam said she's 0:13:58.760 --> 0:14:02.200 come to realize that trade offs between keeping data totally 0:14:02.240 --> 0:14:05.920 private and using some d identified pieces of it. If 0:14:05.920 --> 0:14:08.959 you want to cure diseases, you're going to have to 0:14:09.000 --> 0:14:12.400 study the disease, and you can't do that without information 0:14:12.440 --> 0:14:16.559 about the disease. Information about that disease resides in people's 0:14:16.600 --> 0:14:21.760 experience with that disease as patients. We might also benefit 0:14:21.800 --> 0:14:25.680 directly from having more of our healthcare data digitized to 0:14:25.800 --> 0:14:28.240 learn about these benefits. I paid a visit to the 0:14:28.240 --> 0:14:34.560 Commonwealth Fund. Welcome, Thank you. I was there to see 0:14:34.560 --> 0:14:39.000 a man named David Blumenthal. I'm president of the Commal Fund, 0:14:39.080 --> 0:14:43.200 which is a national health careful anthropy based in New 0:14:43.240 --> 0:14:47.120 York City, and our goal is create hard for regal 0:14:47.160 --> 0:14:49.880 system in the United States. David's office is in a 0:14:49.960 --> 0:14:53.280 landmarked hundred and eleven year old mansion on Manhattan's Upper 0:14:53.320 --> 0:14:56.840 east Side, overlooking Central Park. It used to belong to 0:14:56.880 --> 0:15:00.040 the Harkness family, which endowed the Commonwealth Fund ascend the 0:15:00.000 --> 0:15:03.200 three ago with money they made as investors in John D. 0:15:03.360 --> 0:15:07.400 Rockefeller's Standard Oil Company. David Blumenthal is a big name 0:15:07.400 --> 0:15:10.320 in healthcare. He worked as a primary care doctor at 0:15:10.360 --> 0:15:14.760 Massachusetts General Hospital. He advised Senator Ted Kennedy on healthcare 0:15:15.160 --> 0:15:18.160 and later worked for President Barack Obama as the country's 0:15:18.200 --> 0:15:21.320 top health I T official. He helped implement a lot 0:15:21.440 --> 0:15:24.800 called the High Tech Act, which updated some HIPPA rules. 0:15:25.280 --> 0:15:28.640 It also gave medical providers billions of dollars in federal 0:15:28.680 --> 0:15:33.520 subsidies to digitize paper records. The High Tech Act was 0:15:33.560 --> 0:15:38.360 intended to modernize America's paper based healthcare system. As recently 0:15:38.400 --> 0:15:41.680 as ten years ago, a majority of doctor's offices in 0:15:41.720 --> 0:15:46.000 the United States still used paper records. David's a big 0:15:46.040 --> 0:15:49.320 believer in how the accumulation of digital healthcare data can 0:15:49.360 --> 0:15:53.680 help people. As it grows, it begins to represent the 0:15:53.840 --> 0:16:01.760 healthcare experience of millions, are even billions of people, and 0:16:01.840 --> 0:16:06.920 that is incredibly valuable. He says. Apps that draw on 0:16:07.000 --> 0:16:09.800 patients data could help them take better care of themselves. 0:16:10.320 --> 0:16:12.920 They could prompt people to get flu shots or alert 0:16:12.960 --> 0:16:17.200 diabetics when their bud sugar gets out of whack. David 0:16:17.280 --> 0:16:20.080 says he sees the benefits of greater access to medical 0:16:20.160 --> 0:16:23.240 data as a physician and as a patient. Though he 0:16:23.320 --> 0:16:25.800 works in New York, he lives in Boston, and he 0:16:25.880 --> 0:16:28.840 still sees doctors at Mass General where he used to work, 0:16:28.920 --> 0:16:32.280 and it's affiliated hospitals in the Partners health care system. 0:16:32.360 --> 0:16:34.680 He finds it comforting that he can walk into any 0:16:34.680 --> 0:16:37.400 of the dozens of clinics or hospitals in the system 0:16:37.560 --> 0:16:40.800 and they'll still have his records. I have seen and 0:16:41.040 --> 0:16:47.720 use that that connectiveness with my own care, and it's 0:16:47.840 --> 0:16:52.760 enormously reassure um that you don't have to be you know, 0:16:53.040 --> 0:16:55.760 your medicines will be known, your results of all your 0:16:55.800 --> 0:17:00.920 tests will be known, and all that saving That could 0:17:00.920 --> 0:17:03.960 solve some big problems in the US health care system. 0:17:04.000 --> 0:17:06.480 There's a lot of evidence that patients are harmed all 0:17:06.480 --> 0:17:09.920 the time because their care is fragmented and not coordinated. 0:17:10.640 --> 0:17:13.159 A specialist who doesn't know all the medications you're on 0:17:13.400 --> 0:17:16.040 might prescribe a new drug that has a bad interaction 0:17:16.080 --> 0:17:19.440 with one you're already taking. One study of more than 0:17:19.440 --> 0:17:22.639 half a million patients with chronic illnesses like diabetes or 0:17:22.640 --> 0:17:25.920 heart disease found that people who had more fragmented care 0:17:26.160 --> 0:17:30.879 had higher costs, lower quality care, and more preventable hospital visits. 0:17:31.440 --> 0:17:33.359 This is a real problem that a lot of people 0:17:33.400 --> 0:17:36.919 in healthcare would like to solve. Policymakers are trying to 0:17:36.920 --> 0:17:39.760 make the whole country's health care system work better together. 0:17:39.960 --> 0:17:43.480 They're trying to encourage different electronic medical record systems to 0:17:43.600 --> 0:17:46.520 talk to each other. They're also making it easier for 0:17:46.600 --> 0:17:50.120 patients on government health insurance like medicare to get access 0:17:50.160 --> 0:17:52.640 to their health data. The goal is a health care 0:17:52.680 --> 0:17:57.000 system that seamlessly relays important information that could save your life. 0:17:57.640 --> 0:18:00.840 David gave me a classic example. You live in Austin, 0:18:01.000 --> 0:18:03.960 but you get into a car accident in Chicago. Once 0:18:04.000 --> 0:18:07.320 you get to the emergency room, maybe you're dazed or unconscious, 0:18:07.440 --> 0:18:10.520 or you forget to tell the physician about analergy. But 0:18:10.880 --> 0:18:13.919 if digital records were more widely accessible, that might not 0:18:14.000 --> 0:18:18.840 be an issue. The merger room physician finds your Apple 0:18:19.240 --> 0:18:21.439 phone and everything is on the Apple phone, or it 0:18:21.520 --> 0:18:24.800 can access your record in a cloud because there's an 0:18:24.840 --> 0:18:28.879 agreement to share those informations, and so that increases the 0:18:28.880 --> 0:18:31.560 reliability of your ka, reduces the chance of an error, 0:18:31.880 --> 0:18:36.840 reduces the chance of a of a bad outcome. That's 0:18:36.840 --> 0:18:43.600 the benefit. The risk is most promised, and the sicker 0:18:43.640 --> 0:18:48.119 people are the less concerned they are about price. But 0:18:48.200 --> 0:18:52.040 there are also downsides. Just as with app collected data, 0:18:52.440 --> 0:18:56.280 more traditional medical data sharing has its drawbacks. The risk 0:18:56.440 --> 0:18:59.879 is that nothing is ever truly private. As soon as 0:19:00.000 --> 0:19:05.520 your information is available electron reform, either in a server 0:19:05.760 --> 0:19:13.200 or in the cloud, it is potentially David has experienced 0:19:13.240 --> 0:19:17.840 this firsthand as a federal employee. His data was breached 0:19:17.920 --> 0:19:21.560 in a hack of the government's employee database. I've given 0:19:21.680 --> 0:19:26.640 up on the idea of privacy. It's just not feasible anymore. 0:19:27.400 --> 0:19:31.040 It hasn't that I know, have happened to my health, 0:19:32.200 --> 0:19:35.960 but it could um and I expected mine. Once data 0:19:36.040 --> 0:19:38.760 is digitized and stored, there's a risk it might end 0:19:38.840 --> 0:19:43.760 up somewhere you don't want it to. HIPPA requires medical 0:19:43.800 --> 0:19:46.480 providers and health plans to tell you when your data 0:19:46.520 --> 0:19:49.760 has been breached, and under the High Tech Act, if 0:19:49.800 --> 0:19:52.919 a breach affects more than five people, the companies have 0:19:53.040 --> 0:19:56.359 to report it to the federal government, which publishes a list. 0:19:57.200 --> 0:20:00.920 Since two tho nine, when the reporting requirement into effect, 0:20:01.280 --> 0:20:05.080 HIPPO covered entities have reported more than two thousand, five 0:20:05.200 --> 0:20:10.040 hundred breaches that affected almost two hundred million individuals health records. 0:20:10.720 --> 0:20:14.280 Health data breaches happen so frequently now that they rarely 0:20:14.359 --> 0:20:18.160 make the news their routine. On average, there's a breach 0:20:18.200 --> 0:20:22.439 of HIPPO protected health data every thirty one hours, and 0:20:22.520 --> 0:20:25.600 that's only the data breaches that companies have detected and 0:20:25.640 --> 0:20:28.200 that we know about. We know about them because the 0:20:28.280 --> 0:20:31.879 law requires entities covered by HIPPA to tell us, but 0:20:32.000 --> 0:20:35.840 under federal law, entities not covered by HIPPA generally don't 0:20:35.840 --> 0:20:38.359 have to tell us when a data breach happens. The 0:20:38.520 --> 0:20:42.399 state laws may require them to report breaches. They also 0:20:42.440 --> 0:20:45.720 aren't bound by any of the other requirements of HIPPA. 0:20:45.800 --> 0:20:48.240 They're mostly bound by the promises they make to you 0:20:48.359 --> 0:20:52.080 in their terms of service, those long passages of legal 0:20:52.160 --> 0:20:54.639 ease that you click through after you download an app 0:20:54.880 --> 0:20:57.640 or sign up for a new service, and that's where 0:20:57.680 --> 0:21:00.560 a lot of the privacy concerns about health data are growing. 0:21:01.040 --> 0:21:03.080 There's not only the risk that your data might get 0:21:03.080 --> 0:21:06.199 breached in an illegal hacking operation or stolen by a 0:21:06.200 --> 0:21:09.240 crooked employee. There's also the risk that it might get 0:21:09.280 --> 0:21:12.920 shared or sold in a way that's not necessarily illegal 0:21:13.440 --> 0:21:18.000 but isn't completely transparent. Either. Facebook and Amazon can do 0:21:18.000 --> 0:21:21.240 anything they want with your data or any other any 0:21:21.280 --> 0:21:24.720 company that's not a covered can do anything they want 0:21:25.880 --> 0:21:29.159 unless they have assured you in that fine print that 0:21:29.240 --> 0:21:32.800 they won't. But since none of us need that fine print, 0:21:33.040 --> 0:21:36.399 will never get around suing. So under HIPPA, we have 0:21:36.480 --> 0:21:39.080 certain rights, the right to get a copy of our data, 0:21:39.400 --> 0:21:41.880 the right to know how it's being shared and when 0:21:41.920 --> 0:21:45.800 it is shared improperly, and it requires healthcare providers to 0:21:45.920 --> 0:21:49.800 keep our identifying data close to not disclose it without 0:21:49.800 --> 0:21:53.040 our permission. We don't have those rights over the data 0:21:53.080 --> 0:21:55.280 we give to some app we download, or a new 0:21:55.320 --> 0:21:58.719 fitness device or a social media service. We don't have 0:21:58.800 --> 0:22:01.800 those rights over what with our credit card purchasing data 0:22:02.320 --> 0:22:06.640 or our online searches. Partly because we don't have those rights, 0:22:06.680 --> 0:22:10.000 sometimes our names and contact details wind up for sale 0:22:10.000 --> 0:22:14.360 on data brokers lists labeling us as diabetics or dementia 0:22:14.480 --> 0:22:19.800 sufferers or victims of domestic violence. Right now, the law 0:22:19.840 --> 0:22:22.600 doesn't do a very good job of making companies be 0:22:22.840 --> 0:22:26.280 really clear about what they're doing with our data and 0:22:26.320 --> 0:22:30.040 making sure customers are okay with it. So what should 0:22:30.040 --> 0:22:32.399 we do? I think it's a really good question, and 0:22:32.400 --> 0:22:36.320 it's a tough question. Here's Ileana Peters the attorney and 0:22:36.359 --> 0:22:40.440 former HIPPO official. Trying to decide what's best for all 0:22:40.560 --> 0:22:43.400 industries with regard to the privacy and security of data 0:22:43.480 --> 0:22:47.560 is extremely difficult. I think, certainly there are some things 0:22:47.600 --> 0:22:49.520 we can all agree on, and maybe that's where we 0:22:49.560 --> 0:22:52.440 need to start. Certainly, I think individual rights is one 0:22:52.480 --> 0:22:55.040 of those things, you know. I think everybody should have 0:22:55.160 --> 0:22:57.240 rights to their own data and should be able to 0:22:57.280 --> 0:23:01.720 be at least participatory and how they're data maybe um 0:23:01.840 --> 0:23:04.800 used or disclosed, why it should be deleted, how that 0:23:04.840 --> 0:23:07.600 should happen? Um, you know, when they can get copies 0:23:07.680 --> 0:23:12.800 of it, how that should happen. One possible model for 0:23:12.840 --> 0:23:16.440 people looking to improve privacy policy in the United States 0:23:16.720 --> 0:23:18.959 is a new law that recently took effect in the 0:23:18.960 --> 0:23:23.000 European Union. It's called the General Data Protection Regulation, and 0:23:23.000 --> 0:23:26.800 its strengthens privacy protections for consumers. It covers all sorts 0:23:26.840 --> 0:23:30.560 of personal data, not just healthcare. The law mix companies 0:23:30.560 --> 0:23:33.280 get more explicit consent from people about the data they 0:23:33.320 --> 0:23:35.840 want to collect. It also gives people a right to 0:23:35.840 --> 0:23:38.000 get a copy of their data, and it's supposed to 0:23:38.000 --> 0:23:41.119 give them more control over what happens to it. The 0:23:41.200 --> 0:23:44.520 United States doesn't have anything like it yet, and there's 0:23:44.560 --> 0:23:47.840 no clear path to passing a new umbrella privacy law 0:23:47.920 --> 0:23:52.280 in the US anytime soon. That means that even companies 0:23:52.440 --> 0:23:55.400 trying to do the right thing don't have good standards 0:23:55.400 --> 0:24:00.480 to follow. Pam Dixon, the privacy advocate, said, we've start 0:24:00.480 --> 0:24:03.480 by creating a set of standards that companies adhere to 0:24:03.640 --> 0:24:07.480 voluntarily that would give consumers more trust and how their 0:24:07.520 --> 0:24:11.159 data is being used. So ideally, what I'd like to 0:24:11.200 --> 0:24:14.800 see at a minimum, is some kind of structure that 0:24:14.840 --> 0:24:19.360 allows for um privacy standards to be built. Is there 0:24:19.400 --> 0:24:23.080 a privacy standard we could write for health data outside 0:24:23.080 --> 0:24:25.320 of HIPPA. I think there is, and I think we 0:24:25.359 --> 0:24:29.360 could find a lot of agreement amongst the stakeholders. As 0:24:29.400 --> 0:24:31.439 I said, I think there's a lot of people who 0:24:31.520 --> 0:24:33.240 want to do the right thing. It's just there's not 0:24:33.320 --> 0:24:36.240 a standard yet. In the meantime, what can we do 0:24:36.400 --> 0:24:40.679 as individuals to have more control over our data? First, 0:24:40.920 --> 0:24:44.240 you can exercise the rights you already have under HIPPA. 0:24:44.560 --> 0:24:47.680 Pam recommends everyone get a copy of their medical records 0:24:47.760 --> 0:24:51.600 from their providers. If someone tries to steal your identity 0:24:51.720 --> 0:24:54.840 later on, it will be important to have your original files. 0:24:55.680 --> 0:24:58.080 If you have kids, get copies for your kids too. 0:24:58.680 --> 0:25:01.240 You can also pay attention to what you're agreeing to 0:25:01.600 --> 0:25:05.400