Recent awareness that Google had made secret deals with various healthcare providers to gain access to patient health data, but without the agreement or knowledge of the patient themselves raised many eyebrows (previous articles in New York Times and Wall Street Journal).
Google insists that they are following all applicable US healthcare privacy laws. If that is accurate, it reinforces that current data protection laws across the US are insufficient to adequately protect Americans and their personal information.
In another interesting article that came out today from TechCrunch entitled, “The coming fight over who controls health data.” the reminder that health data put into consumer applications are not covered by HIPAA is stark and harsh reminder that your data is no longer yours to control
“The second that this data hits those shiny Silicon Valley apps, instead of being under HIPAA that’s covered, you become a user and you have no rights,” says one patient advocate.The coming fight over who controls health data
As referenced by Bloomberg Law in their piece entitled, “Facebook, Google Fund Nonprofits Shaping Federal Privacy Debate“, there is significant investment being made to ensure that privacy laws that are crafted at a federal (US) level are done in a manner that suits big technology vendors, and their data-rich approaches. Both companies are funding lobbyists and supporting privacy-focused non-profits to bolster their positions.
Bloomberg Law examined seven prominent nonprofit think tanks that work on privacy issues that received a total of $1.5 million over a 18-month period ending Dec. 31, 2018.Facebook, Google Fund Nonprofits Shaping Federal Privacy Debate
Google barely had a Washington, D.C., presence in its early years. Founded in 1998, it spent a little more than $1.5 million on lobbying in 2007, according to the Center for Responsive Politics. By the end of 2018, it spent nearly $22 million, its highest one-year total ever.
Facebook had an even faster increase, spending about $200,000 in 2009, a total that quickly climbed to a record $12.6 million by the end of 2018.Facebook, Google Fund Nonprofits Shaping Federal Privacy Debate
As any seasoned information security professional will tell you, it is very difficult to manage 52 distinct breach notification laws, and the same will be true if an equally large number of different privacy laws are passed by US states, but the resulting laws will have a much better chance of sufficiently protecting US citizens and consumers than that which would likely emerge at a national level.
There is a lot to be gained through the use of health data analysis to find trends in illness, public health and related epidemiology, but it should be done with consent and knowledge of the subject, not in secret projects with money being traded between entities that are not acting in the best interest of the data subjects themselves.