Advances in artificial intelligence have created new threats to the privacy of health data, a new UC Berkeley study shows.
The study, led by professor Anil Aswani of the Industrial Engineering & Operations Research Department (IEOR) in the College of Engineering and his team, suggests current laws and regulations are nowhere near sufficient to keep an individual’s health status private in the face of AI development. The research was released today on JAMA Network Open.
In the work, which was funded in part by UC Berkeley’s Center for Long-Term Cybersecurity, Aswani shows that by using artificial intelligence, it is possible to identify individuals by learning daily patterns in step data (like that collected by activity trackers, smartwatches and smartphones) and correlating it to demographic data. The mining of two years’ worth of data covering more than 15,000 Americans led to the conclusion that the privacy standards associated with 1996’s HIPAA (Health Insurance Portability and Accountability Act) legislation need to be revisited and reworked.
“We wanted to use NHANES (the National Health and Nutrition Examination Survey) to look at privacy questions because this data is representative of the diverse population in the U.S.,” Aswani says. “The results point out a major problem. If you strip all the identifying information, it doesn’t protect you as much as you’d think. Someone else can come back and put it all back together if they have the right kind of information.”
“In principle, you could imagine Facebook gathering step data from the app on your smartphone, then buying health care data from another company and matching the two,” he explains. “Now they would have health care data that’s matched to names, and they could either start selling advertising based on that or they could sell the data to others.”
Aswani makes it clear that the problem isn’t with the devices, but with how the information the devices capture can be misused and potentially sold on the open market.
“I’m not saying we should abandon these devices,” he says. “But we need to be very careful about how we are using this data. We need to protect the information. If we can do that, it’s a net positive.”
Though the study specifically looked at step data, Aswani says the results suggest a broader threat to the privacy of health data. “HIPAA regulations make your health care private, but they don’t cover as much as you think,” he says. “Many groups, like tech companies, are not covered by HIPAA, and only very specific pieces of information are not allowed to be shared by current HIPAA rules. There are companies buying health data. It’s supposed to be anonymous data, but their whole business model is to find a way to attach names to this data and sell it.”
Aswani says he is worried that as advances in AI make it easier for companies to gain access to health data, the temptation for companies to use it in illegal or unethical ways will increase. Employers, mortgage lenders, credit card companies and others could potentially use AI to discriminate based on pregnancy or disability status, for instance.
“Ideally, what I’d like to see from this are new regulations or rules that protect health data,” he says. “But there is actually a big push to even weaken the regulations right now. For instance, the rule-making group for HIPAA has requested comments on increasing data sharing. The risk is that if people are not aware of what’s happening, the rules we have will be weakened. And the fact is the risks of us losing control of our privacy when it comes to health care are actually increasing and not decreasing.”
The Latest on: Health data privacy
via Google News
The Latest on: Health data privacy
- CMS Releases Proposed Rule to Advance Interoperability and the Exchange of Medical Record and Plan Information on February 20, 2019 at 12:05 pm
The API technology must meet health information technology standards established by the ... CMS is particularly interested in public comment on the security and privacy risks associated with patient m... […]
- Medical-record software companies are selling your health data on February 20, 2019 at 11:12 am
There is no legal obligation to tell patients about, or to compensate patients for, the sale of their anonymized data. Article Continued Below The system operates in a grey zone of privacy rules. Once ... […]
- Facebook Accused of Exposing User Health Data in FTC Complaint on February 20, 2019 at 11:04 am
Further, the company failed to protect uploaded sensitive health data and exposed the information to the public. Facebook’s privacy policies are unclear, and users are uninformed as to how their ... […]
- Facebook 'failed to protect’ health data in private groups on February 20, 2019 at 10:54 am
Using Facebook patient health groups is "effectively a game of privacy roulette in which users are unable to know in advance which 'connections' will hurt them by downloading the data from posts in cl... […]
- More consumers turn to digital tools to manage health on February 20, 2019 at 9:57 am
The report also explored consumer commitment to digital health devices and the issue of data privacy. The findings are part of a new report by Rock Health, a digital health venture fund that has surve... […]
- Google health-related searches double a week before ER visit, study says on February 20, 2019 at 9:26 am
"As it turns out, people are fairly willing to share this information for health research. And with the right privacy and use protections, it's a great thing. People use digital resources constantly, ... […]
- FTC complaint accuses Facebook of exposing sensitive health data in groups on February 20, 2019 at 7:52 am
They claim Facebook then failed to protect the sensitive health information users uploaded and also exposed that information to the public. The complaint argues that Facebook's privacy policies are no... […]
- The Technology 202: House Democrats want answers from Facebook on privacy of 'closed' health groups on February 20, 2019 at 6:16 am
House Democrats are pressing Facebook on the privacy protections it has in place for people who share sensitive health information in forums for group discussion on the site. House Energy and Commerce ... […]
- Is AI Putting the Privacy of Health Data at Risk? on February 20, 2019 at 4:26 am
The tremendous potential for health data to feed AI systems and improve healthcare is a topic I've touched upon numerous times in the past few years, but a central concern for many is that the ... […]
- Facebook faces questions from lawmakers about privacy of health groups on February 19, 2019 at 2:29 pm
"The consumer complaint raises a number of concerns about Facebook's privacy policies and practices," lawmakers said in the letter to Zuckerberg. Facebook, they said, may have failed to inform users t... […]
via Bing News