One of the most interesting headlines covered by the recent news media is the subject of tech industry partnership with the government national health systems. Lately, British Broadcasting Corporation (BBC News) announced, amazon Alexa will soon be offering medical advice to consumers through joint collaboration with the British national health system (NHS). The comprehensive integration of government initiative with private entities is a big welcoming step by the British government. This radical movement has faced significant criticism from the public.
The idea of health information privacy and Health Insurance Portability and Accountability Act (HIPAA) violation is one of the major concerns, yet the government rationale for such a drastic step is evidently based on the administration’s hope by integrating amazon artificial intelligence technology, Alexa will reduce the human burden, thus will improve efficacy and subdue healthcare costs. The opponents of that measure are worried about its potential security and privacy flaws.
The future of healthcare is being shaped by a Big Tech invasion | Data Driven Investor
Last decade has seen a massive digital disruption across all sectors of the global economy and the Health sector is now…
The disceptation with respect to exponential emergence of technology within the medical space by the big data industry is too, a subject of multidimensional concerns. Issues, if not addressed soon can hold irreversible consequences. Some concerns are related to data storage and possession, quality and validity of algorithms used as well as information security and HIPAA compliance.
One of the most commonly used terms by the public to voice concerns relating to the health information is in fact HIPAA. We often witness people using it interchangeably for matters that have nothing to do with health information security and privacy. To put in place the right solution for the valid information security concern we must educate every user the difference between, Personal Information security, health information security, privacy, data and HIPAA compliance.
Big Money and Cutting Edge Technology: How Investment in AI/ML Will Revolutionize The Healthcare…
Among remarkable developments in Artificial Intelligence ( AI) and Machine Learning (ML) over the last couple of years…
In a technical sense any information irrespective of its nature, utility and content are considered data or specifically speaking “metadata”. What makes up data (in large scale big data) is defined by the domains of this metadata. For example, health information represents the summary of data generated, used and analyzed within the healthcare domain. Same applies to personal information and so on. Of course, we may experience convergence within the big data, as health information is also considered personal and vice versa.
The concept of defining the true definitions of types of data is the key, as it will help expose some mysteries behind its misconceptions as well as loopholes that most corporations take advantage of to legitimize their intention of accessing private and valuable selective information.
In the computing works, data is referred to information translated into a virtually basic (also called raw data) format. Protecting digital data, within the database, from destructive forces and the undesirable actions of unauthorized entities or people, like a cyberattack or a data breach is collectively referred to as data security. Personal information is the personal identifying entropy deemed sensitive and personal. Subcategory of the latter is the Health information, by means of the profile of data and the personal information associated with the individual’s personal medical history, including symptoms, diagnoses, procedures, and outcomes.
Accountability Act bill of 1996 or HIPAA was signed by President Bill Clinton, at the time primarily focused to modernize the flow of health information, stipulate specifically to how “Personal Identifiable Information” maintained, protected from fraud and theft by the healthcare organizations and health insurance industries, and how to hash out limitations on insurance coverage.
Imperative is to realize the definitions and their particular standing within the legal system and how the current definitions are used by the corporations and big industry to find leeway to navigate such a vastly growing, yet partially regulated space. For instance, despite what is being propagated; under the current legislative state strengthening the HIPAA rules will have little or no oversight on corporate entities or limit access to patient private information, because entities are interested in the raw data, which under the current definition they may access without necessarily beaching HIPAA rules or in theoretical sense disclosing the “identity of the patient”. Under the original ruling concealing the patient identifying personal information including name, discuss or social security number would suffice to prevent consequent profiling of that patient but under the modern digital information technologies sophisticated algorithms, IP addresses would make unsealing the traditional identifying information unnecessary and redundant. In short- the system with artificial intelligence support can extract a person’s information and match it with the identity by connecting the dots over the cyberspace.
Since the passage of HIPAA bill was originally intended for paper-based medical record and information handling, it will not only fail to cover the scope of its modern applications but also will fall short of keeping up with the scientific sophistication. No doubt, large corporations are moving faster and smarter on big data expansion and conquering citizens’ information than lawmakers can keep up with the information security policies. In all probability, they could if they would take time off political games and away from the corporate lobbyist.
Is Alexa Going to Violate HIPAA?
The short and simple answer would be, yes! — But to refine farther will need referring back to the definitions I shared earlier about data and data privacy. When initially implemented, the primary scope of HIPAA was to prevent inappropriate use of patient privacy information. But today patient info such as smoking history is accessible with a simple click of a mouse or spoken word through Alexa and matched with identifying information as well as IP addresses and subsequently shared with the insurance companies. Whether legal or not, that can affect the person’s healthcare premium solely based on that figure.
Given the current technological advances, to support optimal data privacy- is necessary more than ever for the algorithm designed by the tech industry to be transparent. One needs to keep in mind that enforcing the transparency on proprietary algorithms will open up the door of more challenges relating intellectual property rights and proprietary laws.
Misleading the public and lawmakers along with the convenience of the algorithms used to extract every aspect of public information from the centralized database guarantees the corporate entities the upper hand over the government entities.
Tech companies are not bound by HIPAA by virtue of not being considered a healthcare entity and not having access to the ripe patient identity or disclosing patient identifying information. But they indeed indirectly invade user privacy and jeopardize the patient interest. Hence this means nothing short of double standard within the current data privacy scandal.
Can you trust technology?
In other words, can you trust Alexa listening to your conversation and sharing your health information with the centralized system, thus mathematically enabled to further analyze, distribute and do actions that are meant for profiteering? Those of us who are often exposed to everyday news must have noticed the level of distrust healthcare holds towards the technology. This growing attitude by itself is irrelevant to the actual problem, as technology is nothing but a sophisticated instrument. It functions through what was aimed by their architects. Under the current trend of corporatism, it would be more justified to place the burden of distrust on to the innovators of the technology. The innovators without high-level transparency and accountability towards its tactical mission are inclined to pivot the business model by strategizing their missions to focus solely on maximizing the revenue stream. Trusting technology or the technocracy has developed significant appeal among millennial, but among the baby boomers, it has suffered a significant backlash over the past decades- Possible cause, the discrepancy between expectations, knowledge, and policies.
Increasing regulations and implementing harsh punishment without the proper scope of regulatory process resembles protecting a house from theft by guarding the front door access while leaving the rare door wide open for the thief to enter the premise, hence signifying that tighter regulation is not identical as superior regulation. The traditional HIPAA regulation enforcement is irrelevant to preventing data piracy.
The core essence of the problem is not necessarily insufficient regulation or poor regulation per se. In an open competitive market, excessive regulation is utterly counterproductive. What is compulsory is closing lobbyist loopholes and misinterpretation of what implies to the invasion of patient sovereignty. Poor interpretation of HIPAA, information and health data is the facilitator of the Diversion of attention from the actual issue.
Centralization vs decentralization why is it important?
If we consider an industry having full control over storing, maintaining and analyzing your data, even if they carry out the greatest security possible through layers of technologies it will flunk to prevent hackers from accessing the information. Besides, the centralized nature of the stored data by itself makes it attractive to hacking like storing millions of dollars in a central bank. Centralization irrespective of the level of security would still serve as a one hard stop shop for data hackers. Now imagine dividing the same volume of data among one thousand of its legitimate owners! In order for a hacker or the corporation access to the same volume of information, they must access the data through individual owners or users. Irrespective of the security level hacking the decentralized system carries less inducement as it takes more efforts to do so.
Centralize with government-run technology
In a country or a system where the government administration is in full control of its healthcare and database, the centralized system could be a practical choice as long as the government adopts and manages its own technologies because it will cut the data breach and abuse. But if the same administration creates a hybrid model by partnering with a private for-profit entity, then the public must have a major cause of concern. Sharing important data without individual citizen control and consent is considered severance of individual right.
The decentralized system with giving the ownership of the data to its sovereign individual owners is by far the most efficient approach even though considered imperfect, but is the most workable choice. It Increases individual value by transferring the worth of data earning potential to the patient. Decentralization is a tool because it motivates patients to increase their earnings by staying healthy and contributing to the empowerment of global healthcare.
The Vital is to show transparency at all levels of technology algorithms and hold the stakeholders accountable for breaching what their system was envisioned to do or pivoting for an alternate purpose. Empowering the domain owner of discipline by engaging them in the business process, validation, quality assurance is vital, equally so for the functional requirement for that particular industry is as important. Within that concept, the Government’s obligation would be to oversee corporate business strategies and its deviations by making sure proper adherence to predefined tactical approach.
The public’s insufficient basic knowledge on technologies is by far more damaging than insufficient technology because it would resemble operating a machine gun without learning how to use it. Indeed, it would be like shooting oneself in the foot.
This is what we are facing today on health information security and public perception of data science. Data security and HIPAA — The responsibility is on us, as corporate entities have one mission, profiteering that includes but not limited to the Alexa technology of Amazon.