Facebook Was in Talks With Top Hospitals Until Last Month To Share Data of Most Vulnerable Patients (cnbc.com) 108
Facebook was in talks with top hospitals and other medical groups as recently as last month about a proposal to share data about the social networks of their most vulnerable patients, CNBC reported on Thursday. From the story: Facebook was intending to match it up with user data it had collected, and help the hospitals figure out which patients might need special care or treatment. The proposal never went past the planning phases and has been put on pause after the Cambridge Analytica data leak scandal raised public concerns over how Facebook and others collect and use detailed information about Facebook users. "This work has not progressed past the planning phase, and we have not received, shared, or analyzed anyone's data," a Facebook spokesperson told CNBC. But as recently as last month, the company was talking to several health organizations, including Stanford Medical School and American College of Cardiology, about signing the data-sharing agreement.
Hashing and anonymity (Score:5, Interesting)
If it can be matched up with real-world profiles, it's no longer anonymous. If the hashing DOESN'T work correctly, the wrong people could be labeled with health conditions, and God forbid this data is re-sold to insurance corepirations.
This seems like a HIPAA nightmare, and if this goes forward, this needs to be slapped with a restraining order by HHS. This is a borderline criminal idea and should be treated as such.
Re: Hashing and anonymity (Score:2, Insightful)
HIPAA like most laws is around to be wield like whip towards the peons. Monied interests like Feciesbook have little to worry about.
Re: Hashing and anonymity (Score:4, Interesting)
Re: Hashing and anonymity (Score:5, Insightful)
Does he want to "destroy or slow down the growth" of these companies, or bend them to his will?
He didn't seem to have any "hatred for the tech industry" when it comes to what Robert & Rebekah Mercer are doing with Cambridge Analytica.
Re: (Score:2)
Re: (Score:3)
The definition of a useful idiot, in fact!
Re: (Score:3)
Frankly, Obama was less authoritarian, or at least in the right places.
He made an attempt to fix the corporate-infested parasitic US health insurance system. He hired Holder as AG, who (at least temporarily) rolled back civil forfeiture, also known as legalized theft by police. He pushed for sentencing reform and wasn't always on the side of law enforcement or the military. He chose to allow states to have their own marijuana policy.
Obama was a welcome change from the Bush era, though he didn't go far en
Re: (Score:2)
And how in the heck can you make the statement that he attempted to fix the health insurance when he actually handed MORE power to the insurance companies?
Re: (Score:3)
Re: (Score:3)
ACA got rid of the worst pricing excesses. The fine was a token penalty.
Limiting insurance rates to being based on age, location (county), and smoking status with no more than a 3:1 spread between top and bottom tiers of a given policy was a good thing. So was guaranteed issue.
They could no longer say, "you have epilepsy, you can buy our individual insurance policy at $3000 per month."
Re: (Score:2)
"attempted". Too long for you?
Re: (Score:3)
The mandate was essentially toothless.
The salient points were guaranteed issue and limitation of pricing disparity for a specific policies to a 3:1 ratio of highest to lowest price.
Oh, and subsidies.
Even without subsidies, I can still get a low-deductible policy for about $600/mo where my deductible is $600/yr, regardless of health status. As a self-employed person, that's a good thing. Then again, my state actually cares about keeping the ACA intact.
For $500/mo, I can raise the deductible to $2000/yr, wh
Re: (Score:2)
Re: (Score:1)
or at least in the right places
too many people like their dictator.
I rest my case.
Re: (Score:2)
What case? A bit over half of people don't like him.
Re: (Score:2)
The case that people like their dictator, but not the other guys. I didn't vote for either major party candidates.
Re: (Score:1)
Right-wingers: "Obama's gonna take our guuuuuuns."
Reality: Obama was very lax about firearm ownership
Trump: "Take the guns first, go through due process second."
Right-wingers: dead silence.
Re: (Score:2)
Re: (Score:2)
Trump is no more no less "authoritarian" than Obama, GWB, Clinton,GHWB ...
Cognitive Dissonance
Re: (Score:2)
My guy didn't win the election. I'm not the retard that voted for either criminal ;)
Re: (Score:3)
HIPAA like most laws is around to be wield like whip towards the peons. Monied interests like Feciesbook have little to worry about.
You are so right, it's scary.
In my city, the cops have a one way data flow from the hospital's computers. The idea that it is of some benefit, some 'special care or treatment' for the patient is absurd. And it's more than just data mining to match patients with crimes. It involves identity processing and crime prevention via predictive analytics, doing things like estimating emergent crime trends and matching them with pools of potential suspects. Hospital records aren't the only thing they v
Re: (Score:2)
Under HIPAA, this generally requires a warrant or specific exigent circumstances. "Open line to data" is illegal.
If you're aware of this situation, I strongly encourage you to leak it to the press and also file a report with HHS. Anonymously if needed. Whistleblowers are heroes.
Re: (Score:2)
Yes, either Humbubba is total BS or that hospital and PD are in big trouble. There is a pass through for law enforcement, but only to prevent a crime from occurring or to help with patient care in specific instances. No way can you have a 'one way data flow'.
Re: (Score:2)
Re: (Score:3)
Under HIPAA, this generally requires a warrant or specific exigent circumstances. "Open line to data" is illegal.
I am outraged at this as much as I am awestruck by these practices. If I'm reading this wrong, and this line to hospital records is illegal, someone please let me know. I am pro-privacy, in spite of the times we live in. None the less, this is how I read the law:
Under HIPAA, medical information can be disclosed without an individual's permission to "any government official at any level of government authorized to either investigate or prosecute a violation of the law." This applies to doctor
Re: (Score:2)
"HIPAA permits the police to use an administrative subpoena or other written request with no court involvement, as long as police include a written statement that the information they want is relevant, material, and limited in scope, and that de-identified information is insufficient."
Giving police a "direct line" to hospital systems sounds like it's NOT limited in scope, and does NOT require a written statement of relevancy. Correct me if I'm wrong. If the police and/or their software are li
Re: (Score:2)
There is a lot more. Considering this and my limited abilities, perhaps an attorney is the way to go.
Re: (Score:2)
"Upon demand" means a properly formatted, WRITTEN demand stating valid reasons why the information is needed, and the specific, narrow range of information required.
i.e. "We require any blood alcohol test results you may have on John Q. Doe, male, DOB 3/4/1956, due to him being involved in a fatal motor vehicle accident with suspected DWI."
Also, HIPAA applies nationally -- state law can't be LESS restrictive than its requirements. In any case, responding to specific requests is legal. Giving cops authoriz
Re: (Score:2)
'Upon demand' is going to be generally require that properly-formatted, WRITTEN demand be in the form of a warrant--if this isn't technically required by the local laws, the people who are legally responsible for keeping those records private will insist on one for their own protection. As long as they can say they were legally compelled to release the records, they're in the clear.
Re: Hashing and anonymity (Score:2)
Bullshit. I've read the HIPPA disclosures from a major couple major hospital systems. They explicitly state that they WILL share your "private" data with the pigglies, Uncle Sam, insurance companies, and pretty much any other evil institution that asks.
The only group who are prevented by HIPPA from accessing your medical data are... medical researchers. You know, the one group that most people *want* their data shared with.
HIPPA is a crock of shit. It does very very very little of benefit to patients. But i
Re: (Score:3)
Re:Hashing and anonymity (Score:5, Informative)
Indeed, HIPAA will do nothing to protect your privacy in these situations.
HIPAA prevents your Medical Provider, Insurance company, or other covered entity from RELEASING or DISTRIBUTING your medical records/Protected Health Information. It does NOTHING to restrain them from GATHERING or IMPORTING records/data about you from other sources such as Facebook.
Facebook is not a covered entity under HIPAA, because they aren't any kind of medical provider ---- so they aren't regulated in any way by HIPAA; therefore if you post something related to your own health there on your own Facebook page: they can share it however they want according to the Terms of Use that users agree to when using Facebook's website. There's nothing that would prevent Facebook from distributing your information to a
Hospital.
Re:Hashing and anonymity (Score:5, Informative)
Re: (Score:1)
So, here's the problem with that ... information theory tells us that as soon as a medical provider downloads that information, it will leak information about you.
That you are a patient of that facility is now known to Facebook. If that clinic is a specialist they can infer the nature of your condition. Which means Facebook can now start selling you ads for pharmacies, or possibly for d
Re: (Score:2)
Except that Facebook would quickly become a covered entity if they did this. They would be awfully close to a 'Health Care Clearinghouse'
[quote]Clearinghouses include organizations that process nonstandard health information to conform to standards for data content or format, or vice versa, on behalf of other organizations.[/quote].
Even if they got a pass on that, they would certainly be a 'business associate' which are generally bound by HIPAA rules.
Re: (Score:2)
Except that Facebook would quickly become a covered entity if they did this. They would be awfully close to a 'Health Care Clearinghouse'
They would not be a clearinghouse. Clearinghouses perform processing of information on behalf of other organizations. This means that they receive health data from a covered entity such as a healthcare provider, process the information On behalf of the other entities, and return it.
Even if they got a pass on that, they would certainly be a 'business associate' whi
Re: (Score:2)
Plus it doesn't matter what the company does.. The second PHI is passed to it, they fall under the HIPAA umbrella.
The information is not PHI if it came from a source that is not a covered entity.
HIPAA does not magically apply to any organization which has something that looks like Health Info; there are specific organizations it applies to, and Facebook isn't any of those.
Re: (Score:2)
...therefore if you post something related to your own health there on your own Facebook page
The most pressing concern is that Facebook is getting info on people that DON'T post things on Facebook on their own. With Facebook talking to hospitals directly, isn't there a bit of a concern as to HOW they collect data on people without their knowledge, let alone consent?
Re: (Score:2)
With Facebook talking to hospitals directly, isn't there a bit of a concern as to HOW they collect data on people without their knowledge, let alone consent?
If the project had gotten off the ground; it's possible the project could have collected data from both Facebook and the Hospitals, but
Facebook itself wouldn't have been able to collect health data on people from the hospitals or the combined dossier to use for their own purposes, because of compliance issues.
Of course the project never actually go
not surprised (Score:1)
I have a magazine subscription that is dedicated to getting around HIPAA :(
Scary just how much you CAN do and still stay legal....
FB probably found out the Hospital networks already outdid them on data collection and there was nothing legal left to find !
Re: (Score:2)
Yeah, that's not going to happen. [wikipedia.org]
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Facebook versus HIPAA (Score:4, Interesting)
Jenny Johnson is currently in Virginia Mason hospital, room 1231! If you know Jenny, click "Like" to send her your best wishes.
Re:Facebook versus HIPAA (Score:5, Funny)
I'll text her instead. The number is still 867-5309, right?
Re: (Score:3)
! If you know Jenny, click "Like" to send her your best wishes.
If she gets enough "Likes" . . . she will receive proper treatment . . . otherwise, the nurses have plastic bags that fit over heads . . .
On the Bright Side (Score:4, Interesting)
On the bright side, such an agreement could work towards furthering our understanding of the root causes of a variety of medical and psychological problems.
Facebook is nothing but an ad-funded spy network. It gathers information about billions of people. If there is any good to come from that colossal invasion of privacy, it would be preventative care.
Re: (Score:3)
Any such study can be undertaken with customer permission.
Medical studies on unwilling subjects conducted by various authoritarian governments also helped us understand things like radiation poisoning, starvation, and hypothermia. The ends don't justify the means.
Re: (Score:2)
On the bright side, such an agreement could work towards furthering our understanding of the root causes of a variety of medical and psychological problems.
slashdot story, 2019: ".... the study concluded that the root cause of the psychological and medical problems so endemic in society was: Facebook. in the opinion of the professionals consulted (those professionals willing to work ethically with the handful of *voluntarily* submitted and properly anonymised sources of data for the purposes of the study) they noted in particular that it was severely cognitively dissonant for people to know that their privacy was being regularly and routinely violated, yet t
Re: (Score:2)
Like I said, understanding the root cause of psychological problems is something we can achieve through data sharing.
Re: (Score:2)
Facebook is nothing but an ad-funded spy network. It gathers information about billions of people. If there is any good to come from that colossal invasion of privacy, it would be preventative care.
Um... doesn't the first sentence preclude the possibility of the last?
Re: (Score:2)
Garbage in, garbage out.
All of life's ills will be reduced to issues surrounding cat videos.
Re: (Score:2)
An ad company just saw a way to dell data back to anyone who would pay.
Medical care was not the result.
Profit is the only factor.
Computers made me a luddite. (Score:1)
I stay with my same old doctor because he refuses to put patient records down on anything but paper. Doesn't take insurance. Voting and health care need to go back-to-the-future and use paper! They should damn sure not be networked. That's how the Iranians hid their nuclear reactor for two years before Israel blew it up. They used paper. When they stopped and a scientist traveled through Europe with a laptop, they snagged it and found out. Networked computers are one of the least secure places to put any in
Re: (Score:2)
Re: (Score:2)
Then again, electronic medical records systems IF PROPERLY IMPLEMENTED can reduce error and make sure records are legible. BTW, the computers don't have to be networked to the outside world. Perfectly feasible to run everything on an airgapped Ethernet network with encrypted daily backup to a set of rotating SSD cartridges. Hardware is cheap in 2018, cloud or client/server isn't the only viable solution.
We already know there are many ways to breach air gaps. Merely getting the required update for whatever database/billing/etc. software you run will involve you breaching the air gap. And of course, modern Intel CPUs come with built in, ON CPU WiFi / cell connections (yes, the antennas are good enough, no, you don't have control over it).
And no, hardware is NOT cheap in 2018. And it won't be cheap in 2118. Cheap is relative. Remember - you're comparing to paper.
Re: (Score:2)
Let me repeat... hardware is cheap in 2018. A decent Intel NUC system with SSD can be had for under $500 and will last 5-7 years at least. Use them as part of a modular system with some acting as workstations, others as servers and backup devices. You can even buy them Ethernet-only, no built-in WiFi.
Sure, an airgap can be breached with some work. It's also a hell of a lot less likely than an Internet-connected or cloud-connected system being breached. Technically, paper records can also be breached or
Re: (Score:2)
Let me repeat... hardware is cheap in 2018.
No, it isn't.
A decent Intel NUC system with SSD can be had for under $500 and will last 5-7 years at least.
An NUC is a laptop in a box. They don't last 5-7 years. They're good for about 3 years.
Use them as part of a modular system with some acting as workstations, others as servers and backup devices.
You're a nut. Who's going to design such a system and maintain all the machines? How many NUCs do you need? Don't forget the monitor, keyboard, mouse, operating system, etc. for each one.
You can even buy them Ethernet-only, no built-in WiFi.
Not when the WiFi is built into the CPU. https://arstechnica.com/inform... [arstechnica.com]
That shit has been standard in most Intel CPUs over the last few years. It's exposed/hidden based on SKU, like the ME shit.
Sure, an airgap can be breached with some work. It's also a hell of a lot less likely than an Internet-connected or cloud-connected system being breached. Technically, paper records can also be breached or destroyed -- burglaries of medical offices happen.
Airgaps don't exist when
Re: (Score:2)
(1) NUC has one moving part: the fan. If they're securely mounted to a wall or desk, there's little change of drop damage. They can easily last 5-7 years.
(2) Who will design it and maintain it? Same people as design as maintain local (non-cloud) EMR systems now.
(3) Doubt it about the wifi -- some NUCs still use a separate WiFi card. Besides, they'd need an open WiFi net to connect to.
(4) You print on non-network USB printers or network printers that don't need Clown Print to work, same as people did
Re: (Score:2)
Paper is actually kind of expensive.
Storage, secure disposal, filing.
Don't forget filing. In a given year how many man hours are spent looking through a filing cabinet for so and so's file? God forbid if gets misplaced.
Re:Computers made me a luddite. (Score:4, Interesting)
from New Hampshire: A doctor who won't use a computer loses her license to practice medicine [cnn.com]
Re:Computers made me a luddite. (Score:5, Interesting)
Remember (Score:2)
Q told us "MZ" (Zuck the Cuck) would be stepping down from his position (willingly or not).
When Q is proven to be correct yet again, what will you blue pillers do?
Could be useful (Score:2)
So the hospital could see from his FB-posts, that he not just has a broken leg but suffers from WhiteSupremitis and AntiSemitis and needs a few antiracism drips.
Borderline HIPPA violation (Score:1)
Not a Data Leak, Normal Business (Score:1)
From what I've read so far the whole Cambridge Anayltica thing wasn't a "data leak". It was business as usual except someone decided they didn't like how the data got used. That is becoming more apparently true as more stories like this one come out.
after a decade (Score:2)
Facebooks business model is selling your data and access to the data via an search API. That is what you use to identify target groups and special people, like influencer, to coerce them into using certain services and buy products. While this is disgusting, it is not new. They did that before Cambridge Analytics and they do it now. And they are not the only ones doing so. All these platforms must be regulated heavily.
Mr Zuckerberg (Score:2)
Consumer protections were nice while we had them (Score:2)
If we had an administration which was working for The People rather tha Big Corp and Oligarchs, these companies would be fined big money for each and every individual HIPAA violation, and the fines would be measured at minimum in tens of billions USD.
Wake up, people! (Score:1)
- Do NOT click any links in any emails.
- Do NOT send money to any Nigerian prince needing help.
- And definitely do NOT put ANYTHING up on the web that you are NOT willing to have shared with any other party.
In case you haven't figured it out by now, trust very few people, and absolutely trust NO corporation or politician.
Re: (Score:3)
He's one of those Russian spy trolls sent here to make Democrats look even dumber, ensuring Trump is reelected in 2020.
Re: Well, Trump will die in prison anyway (Score:2)
Maybe Shareblue should stop posting recruitment ads on Grindr....
Re: (Score:2)
Don't feed the trolls.