Discussion in 'other security issues & news' started by ronjor, Jul 22, 2015.
Moot as far as I'm concerned - I fully expect the UK Health Secretary - Jeremy Richard Streynsham Hunt - to try again to sell all NHS health records in the UK to insurance companies - he last tried in 2013, reportedly planning to sell them for £1 a go. Apparently he was not too concerned with the lawfulness of such a move, or its effect on privacy and doctor-patient confidentiality, but it would certainly destroy the market for anyone stealing the information.
It's one of the most galling and damaging of misuses of data IMO, because the public health benefit of anonymised searchable healthcare records would be huge, if you could trust that the use of the data would be just for that purpose.
We have to be careful about dismissing one exposure simply because there is some other grossly similar exposure. There are numerous ways a commercial insurance|other company could abuse healthcare records, but would those companies use the information within those records to carryout identity theft, for example? A hacker who has gained access to such records might do so or sell them to someone who would. I think this particularly true in the US, where absolutely ridiculous simple questions are used to gain access to credit histories and some other sensitive info.
I would also point out that healthcare records are, by nature, specific to an individual and therefore difficult to anonymize. Especially if the intent is to preserve detail that might be of interest to some researchers. Such as a detailed chronology of exams and tests, test results, treatments, prescriptions, etc plus some demographic information like sex, age, general location (in case there is a localized environmental cause), type of employment (in case that factors in), sports/activities (in case that factors in), etc, etc. Even at a high level, such information could be used to fingerprint an individual and to recognize them in other contexts where they share their history and other information. In addition to that there are often test timestamps, facility identifiers, and [potentially unique to a geographic area] equipment identifiers that can act as breadcrumbs and lead to the specific patient. Plus, there is all the patient specific test data (images, blood test results and possibly genetic markers, etc, etc).
Yes, formidably hard to anonymise healthcare records properly - and quite likely that one would have to trade some utility for anonymity. But it seems to me that you can gain the majority of the value and keep anonymity high by reducing some specifics (like precise location, age etc.).
And quite agree, I'm not advocating fatalism with the data - only bemoaning that governments are not just careless but also complicit in allowing it into the wild. Whereas I have a choice in terms of what data I choose to give to commercial services, my healthcare records are mine and private, and were there way before these issues became prominent, but the deal has always been that they were confidential and only used for purpose. I have not consented to their (ab)use by a government I'm right not to trust.
what kind of moron would even think of doing such a thing unless he thought he could get away with it or there would be minimal punishment at best. no accountability by those in govt.
I just received my Medicare Card 2 months ago. I hope I'm alive to get the new card. Our Government fast at work.
Separate names with a comma.