Browsing by Subject "health privacy"

Now showing 1 - 3 of 3
  • Thumbnail Image
    Item
    Big Data Proxies and Health Privacy Exceptionalism
    (2014) Terry, Nicolas P.; Robert H. McKinney School of Law
    This article argues that, while “small data” rules protect conventional health care data (doing so exceptionally, if not exceptionally well), big data facilitates the creation of health data proxies that are relatively unprotected. As a result, the carefully constructed, appropriate, and necessary model of health data privacy will be eroded. Proxy data created outside the traditional space protected by extant health privacy models will end exceptionalism, reducing data protection to the very low levels applied to most other types of data. The article examines big data and its relationship with health care, including the data pools in play, and pays particular attention to three types of big data that lead to health proxies: “laundered” HIPAA data, patient-curated data, and medically-inflected data. It then reexamines health privacy exceptionalism across legislative and regulatory domains seeking to understand its level of “stickiness” when faced with big data. Finally the article examines how health privacy exceptionalism maps to the currently accepted rationales for health privacy and discusses the relative strengths of upstream and downstream data models in curbing what is viewed as big data’s assault of health privacy.
  • Thumbnail Image
    Item
    Health Privacy Is Difficult but Not Impossible in a Post-HIPAA Data-Driven World
    (2014) Terry, Nicolas P.
    In the 13 years since their promulgation, the Health Insurance Portability and Accountability Act (HIPAA) rules and their enforcement have shown considerable evolution, as has the context within which they operate. Increasingly, it is the health information circulating outside the HIPAA-protected zone that is concerning: big data based on HIPAA data that have been acquired by public health agencies and then sold; medically inflected data collected from transactions or social media interactions; and the health data curated by patients, such as personal health records or data stored on smartphones. HIPAA does little here, suggesting that the future of health privacy may well be at the state level unless technology or federal legislation can catch up with state-of-the-art privacy regimes, such as the latest proposals from the European Commission.
  • Thumbnail Image
    Item
    Protecting Patient Privacy in the Age of Big Data
    (2012) Terry, Nicolas P.
    This essay discusses the threats to health privacy posed by “big data;” an ongoing revolution in data collection and processing. The essay takes the position that big data poses an exceptional group of problems for health care, its providers, researchers, and patients. Faced with increased privacy risks an exhaustive overhaul of HIPAA/HITECH is not proposed. Rather, this essay suggests an incremental approach, adopting aspects of the recent privacy proposals published by the White House and the Federal Trade Commission. The essay suggests that the battle to preserve health privacy needs to be fought on three fronts. First, while HIPAA/HITECH provides increasingly robust protections against unauthorized uses of health information by a relatively narrow set of traditional health care provider data stewards, it does almost nothing to regulate the collection of health data. It is time that the federal government put real limits on the collection and processing of personal information. Second, the U.S. has adopted a sector-based approach to data protection. HIPAA, as amended by HITECH, and the “privacy” and security regulations made thereunder apply only to a narrowly constructed version of the vertical health care market. Such sector-based approaches to regulation are frequently flawed because of poor calibration. Further, the very concept of health sector specific regulation is flawed because health related or medically inflected data frequently circulates outside of the traditionally recognized health care sector. Third, there is great value in patient information that could be extracted and used by responsible medical and public health researchers. Responsible public policy suggests that researchers should be able to request that information from patients. Many of the existing HIPAA and HITECH security and confidentiality protections apply here but are fundamentally flawed. Neither current policy nor regulations supply the key component: a coherent choice architecture for dealing with appropriate patient decision-making regarding research use of personal or familial health data.