[liberationtech] If patients don't care about their privacy, should doctors?

Wed Sep 24 03:47:15 PDT 2014

I'd just explain that if they reveal patient data, patients will be able
to sue them.

Moral arguments are good, but sometimes fear and compliance are the best
ways of getting things done :/

[I've not looked, but presumably the EFF or someone similar will have
some documentation on the legal situation that you can wave in their face]

On 24/09/14 03:15, Kate Krauss wrote:
> Hi,
> 
> I was chatting with a health care administrator at a conference who is
> charged with rolling out a telehealth (read: Skype) clinical program for
> patients to communicate with doctors.
> 
> He said he'd just met with a cool "cyber security" organization--if I
> understood correctly, it's part of the government (?)---and later with a
> senior person at a large, well-known insurance company. Both said that
> it's so easy to breach patient data (the government person bragged that
> he could do it in six minutes; probably true) that we are in a new era
> and that given sufficient determination, almost any patient data can be
> owned. I got the impression that the insurance company is not trying
> very hard to protect patient data (even thought HIPAA is supposed to
> protect this data). 
> 
> The health care administrator said that studies show that patients would
> rather get expedient care than protect their privacy if they have to
> choose. He said that we need to adjust to this lack of secure
> communication and go ahead with telehealth and not worry so
> much--patients don't even care! It's clear that he is listening to
> "experts" and doesn't know much about information security independently.
> 
> I glimpsed a yawning abyss in which the private health information of
> hundreds of millions of people is in jeopardy because of clowns like
> this guy at large healthcare organizations across the country/world. It
> already is by neglect, but not yet by design.
> 
> I said:
> 
> 1. What are your principles for securing patient data offline? What are
> the rights of the patient as a patient and as person? Figure those out
> in writing and then work to encrypt data and secure patient privacy so
> that those rights and principles are upheld. Even if it's difficult and
> expensive to do it. 
> 
> 2. I said that asking patients to choose was a false choice--they
> deserve good medical care and to keep their medical information private.
> At the same time.
> 
> 3. I said that it's not acceptable to lower the standards for patients
> (this would be tens of thousands of patients in his case alone) just
> because they don't understand the implications of sharing their personal
> data. I said that he was in a position of great responsibility to
> protected patients and that he shouldn't give up without a fight. He was
> unconvinced--probably because it's cheaper and easier to ignore privacy
> concerns and he's under pressure to get the ball rolling.
> 
> What would you say in this situation?
> 
> Thanks,
> 
> Katie
> 
> -- 
> Kate Krauss
> Executive Director
> AIDS Policy Project
> Tel 1.215.939.7852
> www.AIDSPolicyProject.org <http://www.AIDSPolicyProject.org>
> Facebook: www.Facebook.com/AIDSPolicyProject
> <http://www.Facebook.com/AIDSPolicyProject>
> Follow us on Twitter: @AIDSPol
> Make a donation to the AIDS Policy Project!
> <https://aidspolicyproject.nationbuilder.com/donate>
> 
> 
> I prefer to use encrypted email. My public key fingerprint is
> FD77 DC45 7406 292F 7AF8 2AC5 736F 783C A9E2 7E03.
> Learn how to encrypt your email with the Email Self Defense guide
> <https://emailselfdefense.fsf.org/en/>.
> 
> 
> 

-- 
Dan O'Huiginn

daniel at ohuiginn.net
http://ohuiginn.net @danohu
http://investigativedashboard.org
http://reportingproject.net
skype: danohuiginn