HIPAA may not cover personal health data disclosed by patients online

HIPAA may not cover personal health data disclosed by patients online

HIPAA may not cover personal health data disclosed by patients online

Many patients share personal health data when they register and use medical apps and websites or share details of their health issues with others on social media. Digital medicine companies and social media platforms may track this information and use it to develop targeted advertisements for individuals with specific medical problems or generate leads for future marketing purposes. The authors of a recent study published in the journal patterns He says most individuals are not fully aware of how they are being followed and manipulated by digital medicine companies and social media platforms.

HIPAA rules bar for “covered entities” such as Medical practices and hospitals From disclosing PHI without patients’ consent. But for data generated outside the “digital walls” of these included entities, he wrote, “Patients are often on their own in terms of understanding how companies use their personal and health data, particularly when asking questions about their health conditions on social media.” Investigators Andrea Downing of The Light Collective, an advocacy group based in Eugene, Oregon, and Eric Peracles, PhD, chief science and digital officer at the Duke Clinical Research Institute in Durham, North Carolina.

The team explored this issue in a study of health advertising tactics for five digital medicine companies, focusing on 5 clinical services. They recruited 10 patient advocates in the genetic cancer community and asked them to share data on how their online activities were tracked. Participants download and share JavaScript Object Notation (JSON) files, which reveal how data is shared between web servers and web applications. Investigators used these files to determine how information from health-related websites and apps flowed to Facebook to target ads.

Continue reading

Downing and Dr. Peraxless reviewed the companies’ websites for third-party ad trackers and considered whether the use of these ad trackers complied with the companies’ privacy policies. They also looked at each participant’s Facebook ad library to determine whether health data obtained through these companies affected the types of ads the participants viewed.

“We have shown that personal data and personal health data can be easily obtained without the aid of highly sophisticated cyber attack techniques but using fairly common third-party propaganda tools,” the authors wrote in a paper published in the journal. patterns.

As they noted, “While the tools we have identified are not inherently good or bad, implementing a common advertising graphic designed for social media marketing can reveal sensitive health information in the form of leads. These marketing tools reveal a dark pattern used to track the journeys of exposed patients. at risk across platforms as they browse online, which is in some ways unclear to companies and patient groups who share via Facebook.”

The authors say they hope this new data will lead to a long-awaited conversation about health privacy and how it affects certain groups of patients.

In an interview, Dr. Peracles noted that the role of clinicians with respect to protected health information is under HIPAA, but that this is not the case for marketing programs designed to disseminate data as widely as possible. “Everyone should be really careful about what software they use,” Dr. Peracles said. “Most people don’t know what apps do, and many people have hundreds [of apps]. “

The five companies included in the analysis provide information or services (including genetic testing) related to inherited cancer risks. Investigators found that 2 of the companies’ targeted ads complied with their privacy policies. The other three did not comply with their own privacy policies and claims.

Angie Raymond, MD, PhD, director of the Data Governance and Information Governance Program at Indiana University and with the Department of Business Law and Ethics at Kelly School of Business, Bloomington, Indiana, said the privacy community has done a fantastic job in moving HIPAA into common vernacular. However, it did a rather poor job of explaining the limitations of the two key terms ‘health’ and ‘included entity’. This is where things start to fall apart, Dr. Raymond said. In fact, it leaves people and their health data vulnerable. “We need to do a much better job,” Dr. Raymond said.

Dr. Raymond believes that privacy protections should be built into the technologies people use. “We need to move existing protections into a digital world,” he said. “We may need to think about building safeguards in some of the new areas that have emerged due to the ubiquitous nature of the digital world and data aggregation. But without design we will likely continue to chase our tails.”

When HIPAA was created, Congress wasn’t thinking about the issue of “mining” PHI from a patient portal or system Essential to PHI – often without their knowledge or consent – for advertising purposes. Dr. Sinha would like to see new federal legislation passed that specifically addresses patient privacy rights.

“This is an emerging health privacy problem,” said Dr. Sinha. “Technology has advanced, real problems have emerged, and it is time for policy makers to act. Passing comprehensive new health privacy legislation that addresses these critical issues by closing privacy loopholes is an important next step.”

#HIPAA #cover #personal #health #data #disclosed #patients #online

مقالات ذات صلة

اترك تعليقاً

لن يتم نشر عنوان بريدك الإلكتروني. الحقول الإلزامية مشار إليها بـ *

زر الذهاب إلى الأعلى
سيتات آورج 2022 سيتات آورج 2022