Andy Oram writes:
Strange that a conference on health privacy has never been held before, so I’m told. Privacy in health care is the first topic raised whenever someone talks about electronic health records–and dominates the discussion from then on–or, on the other hand, is dismissed as an overblown concern not worthy of criticism. But today a conference was held on the subject, prepared by the University of Texas’s Lyndon B. Johnson School of Public Affairs and held just a few blocks from the Capitol building at the Georgetown Law Center as a preconference to the august Computers, Freedom & Privacy conference.
The Goldilocks dilemma in health privacy
Policy experts seem to fall into three camps regarding health privacy. The privacy maximalists include the organizers of this conference, notably the Patient Privacy Rights, as well as the well-known Electronic Privacy Information Center and a number of world-renowned experts, including Alan Westin, Ross Anderson from Cambridge University, Canadian luminary Stephanie Perrin, and Carnegie Mellon’s indefatigable Latanya Sweeney (who couldn’t attend today but submitted a presentation via video). These people talk of the risks of re-identifying data that was supposed to be identified, and highlight all the points in both current and proposed health systems where intrusions can occur.
On the other side stand a lot of my closest associates in the health care area, who intensely dislike Patient Privacy Rights and accuse it of exaggerations and mistruths. The privacy minimalists assert that current systems provide pretty good protection, that attacks on the average person are unlikely (except from other people in his or her life, which are hard to fight systematically), and that an over-concern for privacy throws sand in the machinery of useful data exchange systems that can fix many of the problems in health care. (See for instance, my blog on last week’s Health Data Initiative Forum)
Read more on O’Reilly Radar.
Full Disclosure: PHIprivacy.net was a sponsor of the conference, although I was unable to attend due to other commitments.
Correction to your post: There are three camps, and the third camp, for which Latanya Sweeney advocates in the middle of the other two camps you describe. The third camp uses scientific knowledge and facts to ground discussions. My presentation is available online at dataprivacylab.org/projects/sorrell/Sweeney.mp4 and it describes the tension between the two extreme sides in a recent case before the U.S. Supreme Court and reports on re-identification experiments to add clarity and facts.
Thanks for jumping in Latanya. It was Adam’s post/description, not mine, but I’m glad you took the opportunity to clarify where you stand on the issues.