If you hate HIPAA, it’s your lucky day. Paul Ohm is handing you ammunition in his article, “Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization.” His argument: our current information privacy structure is a house built on sand.
“Computer scientists…have demonstrated they can often ‘reidentify’ or ‘deanonymize’ individuals hidden in anonymized data with astonishing ease.”
Ohm’s article describes HIPAA, in particular, as a fig leaf – or worse, as kudzu choking off the free flow of information:
“[I]t is hard to imagine another privacy problem with such starkly presented benefits and costs. On the one hand, when medical researchers can freely trade information, they can develop treatments to ease human suffering and save lives. On the other hand, our medical secrets are among the most sensitive we hold.”
Indeed, one might reformulate that statement:
When e-patients can freely trade information (with fellow patients, with family members, with health professionals…), they can track symptoms, treatments, and outcomes that would otherwise go unobserved.
That’s the hope and the promise of participatory medicine. Yet there is a danger to all that health data floating around.
Ohm uses a haunting phrase to describe the possibility of re-identification: the database of ruin. It will reveal all our secrets to everyone, at any time, and follow us wherever we go (calm down, it doesn’t exist yet).
My take on his essential message is:
Fear the database of ruin, but don’t become paralyzed by it. Instead, work toward its prevention.
That call should be heard by everyone, not just those of us living with diagnoses we want to hide. Ohm argues that only people with absolutely no secrets and no connection to the modern world can live free of the threat of the database of ruin, but he delightfully calls them “the unicorns and mermaids of information privacy.” We live in glass houses and type at glass keyboards, people.
Another phrase that is sticking with me:
“Utility and privacy are, at bottom, two goals at war with one another.”
The more useful a data set, the less likely it is to be scrubbed of identifying information. Think about the implications. If we want useful data, we need to make trade-offs on what might be revealed in that data. Who should make those choices? E-patients? Health professionals? Regulators? Trade groups? What groups or types of data should get special treatment? (See: “Children and Population Biobanks” in Science, 14 August 2009: 818-819 – hat tip to Chris Hoofnagle)
Ohm focuses on a lawmaker’s conundrum: regulation of reidentification is “the latest example of the futility of attempting to foist privacy on an unappreciative citizenry.” Indeed, regulators might point to the millions of people flocking to MySpace and Facebook, or the thousands participating in even deeper personal experiments of data tracking, and ask, “Who am I to get in the way of all this sharing?” Ohm argues that this laissez-faire attitude would be irresponsible and I think e-patients should hear him out: “[T]oday’s petty indignity provides the key for unlocking tomorrow’s harmful secret.” In sum, Ohm’s article is a strong vote for data protection even as he eviscerates the current system.
You see, there is no such thing as “security through obscurity” when so many databases exist, containing all the clues someone might need to match your “25 Random Things About Me” with your search-term trail and, in turn, your financial or health records.
All of which leads us to this question:
“Once regulators choose to scrap the current HIPAA Privacy Rule – a necessary step given the rule’s intrinsic faith in deidentification—how should they instead protect databases full of sensitive symptoms, diagnoses, and treatments?”
Nobody is on the sidelines of this debate. Yes, your participation in an online health data-sharing site puts you at greater risk, but Ohm points out that “stored search queries often contain user-reported health symptoms” and indeed, Pew Internet research has consistently shown that 80% of internet users have looked for health information online and search is usually the first stop. Few people want to cut off access to the vital information found online, but what about the opportunities for advancement through data sharing?
Finally, as Jane Sarasohn-Kahn points out, “Americans feel dis-empowered when it comes to health information technology.” Frankly, most people don’t even know the half of what is going on in this debate — imagine how they would feel if they did!
So: If you care at all about health information technology: Read the article, form your own opinion, and get to work.