Advances in artificial intelligence have created new threats to the privacy of health data, a new UC Berkeley study shows.
The study, led by professor Anil Aswani of the Industrial Engineering & Operations Research Department (IEOR) in the College of Engineering and his team, suggests current laws and regulations are nowhere near sufficient to keep an individual’s health status private in the face of AI development. The research was released today on JAMA Network Open.
In the work, which was funded in part by UC Berkeley’s Center for Long-Term Cybersecurity, Aswani shows that by using artificial intelligence, it is possible to identify individuals by learning daily patterns in step data (like that collected by activity trackers, smartwatches and smartphones) and correlating it to demographic data. The mining of two years’ worth of data covering more than 15,000 Americans led to the conclusion that the privacy standards associated with 1996’s HIPAA (Health Insurance Portability and Accountability Act) legislation need to be revisited and reworked.
“We wanted to use NHANES (the National Health and Nutrition Examination Survey) to look at privacy questions because this data is representative of the diverse population in the U.S.,” Aswani says. “The results point out a major problem. If you strip all the identifying information, it doesn’t protect you as much as you’d think. Someone else can come back and put it all back together if they have the right kind of information.”
“In principle, you could imagine Facebook gathering step data from the app on your smartphone, then buying health care data from another company and matching the two,” he explains. “Now they would have health care data that’s matched to names, and they could either start selling advertising based on that or they could sell the data to others.”
Aswani makes it clear that the problem isn’t with the devices, but with how the information the devices capture can be misused and potentially sold on the open market.
“I’m not saying we should abandon these devices,” he says. “But we need to be very careful about how we are using this data. We need to protect the information. If we can do that, it’s a net positive.”
Though the study specifically looked at step data, Aswani says the results suggest a broader threat to the privacy of health data. “HIPAA regulations make your health care private, but they don’t cover as much as you think,” he says. “Many groups, like tech companies, are not covered by HIPAA, and only very specific pieces of information are not allowed to be shared by current HIPAA rules. There are companies buying health data. It’s supposed to be anonymous data, but their whole business model is to find a way to attach names to this data and sell it.”
Aswani says he is worried that as advances in AI make it easier for companies to gain access to health data, the temptation for companies to use it in illegal or unethical ways will increase. Employers, mortgage lenders, credit card companies and others could potentially use AI to discriminate based on pregnancy or disability status, for instance.
“Ideally, what I’d like to see from this are new regulations or rules that protect health data,” he says. “But there is actually a big push to even weaken the regulations right now. For instance, the rule-making group for HIPAA has requested comments on increasing data sharing. The risk is that if people are not aware of what’s happening, the rules we have will be weakened. And the fact is the risks of us losing control of our privacy when it comes to health care are actually increasing and not decreasing.”
The Latest on: Health data privacy
via Google News
The Latest on: Health data privacy
- Attorney General Morrisey Reaches Settlement in Medical Privacy Data Breach on June 4, 2019 at 1:31 am
The May 2015 data breach involved health records company Medical Informatics Engineering ... as well as comply with applicable privacy and security laws, take additional steps to protect personal ... […]
- Apple is taking on Facebook and Google by doubling down on privacy, but the plan could backfire in an epic way (AAPL) on June 3, 2019 at 10:00 pm
Apple announced a slew of new privacy promoting features at its annual ... which are designed to help them protect their sensitive personal information. But the new features could hurt Apple ... […]
- 12 Million People Just Had Their Medical Information Hacked in a Shocking Privacy Breach, and We're All So Numb We Don't Even Care on June 3, 2019 at 9:04 pm
But health information feels like a different category ... do what you can to protect your privacy, and maybe check out some of the private in-home medical testing startups that have arisen in the ... […]
- A Brief History of How Your Privacy Was Stolen on June 3, 2019 at 7:16 pm
Privacy did not become a problem until the widespread deployment ... including credit card transactions, location and health data, and browsing history? Why is it legal to gather any data at all about ... […]
- Quest Diagnostics says millions of patients' medical info may have been exposed in data breach on June 3, 2019 at 5:17 pm
“Quest is taking this matter very seriously and is committed to the privacy and security of our patients’ personal information,” the news release ... “We are committed to keeping our patients, health ... […]
- Here's Every New Privacy Feature Apple Announced Today on June 3, 2019 at 5:00 pm
That’s good news for users who work in loud environments and want to know if they’re potentially suffering long-term damage, but at the same time value their privacy. Apple’s policies toward health ... […]
- Apple iPhones, MacBooks, and Watches Get New Privacy, App Capabilities on June 3, 2019 at 4:37 pm
Apple is also overhauling the Apple Watch’s Health ... privacy-focused features that were announced is called Sign In With Apple, which let users sign into apps using a randomized email address ... […]
- Datavant Acquires Health Data Link to Expand Academic Ecosystem on June 3, 2019 at 7:30 am
"Bringing health data together without compromising patient privacy is the defining health policy issue of our time. Together, we can make integrated health data a reality, which means better ... […]
- Health Quest privacy breach exposed patient information on June 2, 2019 at 7:33 pm
A phishing scam targeting Health Quest employees may have resulted in the leak of patient information, according to a notice from the health care provider. John Nelson, director of public and ... […]
- Mining government data while protecting privacy on May 31, 2019 at 1:42 pm
The personally identifiable information government agencies hold on individuals must to be secured against hackers, but privacy policies also make it ... medical examiner records, mental health ... […]
via Bing News