Tag Archives: Privacy and Health Care

University of California Berkeley study: Artificial intelligence advances threaten privacy of health data

6 Jan

Joseph Jerome, CIPP/US wrote in the 2016 article, Why artificial intelligence may be the next big privacy trend:

What that looks like will vary, but it is likely that the same far-reaching and broad worries about fairness and accountability that have dogged every discussion about big data — and informed the FTC’s January Big Data Report — will present serious concerns for certain applications of AI. While “Preparing for the Future of Artificial Intelligence” is largely an exercise in stage-setting, the report is likely a harbinger of the same type of attention and focus that emerged within the advocacy community in the wake of the White House’s 2014 Big Data Report. For the privacy profession, the report hints at a few areas where our attention ought to be directed.
First, AI is still a nascent, immature field of engineering, and promoting that maturation process will involve a variety of different training and capacity-building efforts. The report explicitly recommends that ethical training, as well as training in security, privacy, and safety, should become an integral part of the curricula on AI, machine learning, and computer and data science at universities. Moving forward, one could imagine that ethical and other non-technical training will also be an important component of our STEM policies at large. Beyond formal education, however, building awareness among actual AI practitioners and developers will be essential to mitigate disconcerting or unintended behaviors, and to bolster public confidence in the application of artificial intelligence. Policymakers, federal agencies and civil society will need more in-house technical expertise to become more conversant on the current capabilities of artificial intelligence.
Second, while transparency is generally trotted out as the best of disinfectants, balancing transparency in the realm of AI will be a tremendous challenge for both competitive reasons and the “black box” nature of what we’re dealing with. While the majority of basic AI research is currently conducted by academics and commercial labs that collaborate to announce and publish their findings, the report ominously notes that competitive instincts could drive commercial labs towards increased secrecy, inhibiting the ability to monitor the progress of AI development and raising public concerns. But even if we can continue to promote transparency in the development of AI, it may be difficult for anyone whether they be auditors, consumers, or regulators to understand, predict, or explain the behaviors of more sophisticated AI systems.
But even if we can continue to promote transparency in the development of AI, it may be difficult for anyone whether they be auditors, consumers, or regulators to understand, predict, or explain the behaviors of more sophisticated AI systems.
The alternative appears to be bolstering accountability frameworks, but what exactly that looks like in this context is anyone’s guess. The report largely places its hopes on finding technical solutions to address accountability with respect to AI, and an IEEE effort on autonomous systems that I’ve been involved with has faced a similar roadblock. But if we have to rely on technical tools to put good intentions into practice, we will need more discussion about what those tools will be and how industry and individuals alike will be able to use them.
The Sky(net) isn’t falling, but…                                                                https://iapp.org/news/a/why-artificial-intelligence-may-be-the-next-big-privacy-trend/

A University of California Berkeley study reported there could be problem with the use of AI and privacy issues in health data.

Science Daily reported in Artificial intelligence advances threaten privacy of health data:

Led by UC Berkeley engineer Anil Aswani, the study suggests current laws and regulations are nowhere near sufficient to keep an individual’s health status private in the face of AI development. The research was published Dec. 21 in the JAMA Network Open journal.
The findings show that by using artificial intelligence, it is possible to identify individuals by learning daily patterns in step data, such as that collected by activity trackers, smartwatches and smartphones, and correlating it to demographic data.
The mining of two years’ worth of data covering more than 15,000 Americans led to the conclusion that the privacy standards associated with 1996’s HIPAA (Health Insurance Portability and Accountability Act) legislation need to be revisited and reworked.
“We wanted to use NHANES (the National Health and Nutrition Examination Survey) to look at privacy questions because this data is representative of the diverse population in the U.S.,” said Aswani. “The results point out a major problem. If you strip all the identifying information, it doesn’t protect you as much as you’d think. Someone else can come back and put it all back together if they have the right kind of information.”
“In principle, you could imagine Facebook gathering step data from the app on your smartphone, then buying health care data from another company and matching the two,” he added. “Now they would have health care data that’s matched to names, and they could either start selling advertising based on that or they could sell the data to others.”
According to Aswani, the problem isn’t with the devices, but with how the information the devices capture can be misused and potentially sold on the open market.
“I’m not saying we should abandon these devices,” he said. “But we need to be very careful about how we are using this data. We need to protect the information. If we can do that, it’s a net positive.”
Though the study specifically looked at step data, the results suggest a broader threat to the privacy of health data…. https://www.sciencedaily.com/releases/2019/01/190103152906.htm

Citation:

Artificial intelligence advances threaten privacy of health data
Study finds current laws and regulations do not safeguard individuals’ confidential health information
Date: January 3, 2019
Source: University of California – Berkeley
Summary:
Advances in artificial intelligence, including activity trackers, smartphones and smartwatches, threaten the privacy of people’s health data, according to new research.

Journal Reference:
Liangyuan Na, Cong Yang, Chi-Cheng Lo, Fangyuan Zhao, Yoshimi Fukuoka, Anil Aswani. Feasibility of Reidentifying Individuals in Large National Physical Activity Data Sets From Which Protected Health Information Has Been Removed With Use of Machine Learning. JAMA Network Open, 2018; 1 (8): e186040 DOI: 10.1001/jamanetworkopen.2018.6040

Here is a portion of the JAMA abstract:

Original Investigation
Health Policy
December 21, 2018
Feasibility of Reidentifying Individuals in Large National Physical Activity Data Sets From Which Protected Health Information Has Been Removed With Use of Machine Learning
Liangyuan Na, BA1; Cong Yang, BS2; Chi-Cheng Lo, BS2; et al Fangyuan Zhao, BS3; Yoshimi Fukuoka, PhD, RN4; Anil Aswani, PhD2
Author Affiliations Article Information
JAMA Netw Open. 2018;1(8):e186040. doi:10.1001/jamanetworkopen.2018.6040
Thomas H. McCoy Jr, MD; Michael C. Hughes, PhD
Key Points
Question Is it possible to reidentify physical activity data that have had protected health information removed by using machine learning?
Findings This cross-sectional study used national physical activity data from 14 451 individuals from the National Health and Nutrition Examination Surveys 2003-2004 and 2005-2006. Linear support vector machine and random forests reidentified the 20-minute-level physical activity data of approximately 80% of children and 95% of adults.
Meaning The findings of this study suggest that current practices for deidentifying physical activity data are insufficient for privacy and that deidentification should aggregate the physical activity data of many people to ensure individuals’ privacy.
Abstract
Importance Despite data aggregation and removal of protected health information, there is concern that deidentified physical activity (PA) data collected from wearable devices can be reidentified. Organizations collecting or distributing such data suggest that the aforementioned measures are sufficient to ensure privacy. However, no studies, to our knowledge, have been published that demonstrate the possibility or impossibility of reidentifying such activity data.
Objective To evaluate the feasibility of reidentifying accelerometer-measured PA data, which have had geographic and protected health information removed, using support vector machines (SVMs) and random forest methods from machine learning.
Design, Setting, and Participants In this cross-sectional study, the National Health and Nutrition Examination Survey (NHANES) 2003-2004 and 2005-2006 data sets were analyzed in 2018. The accelerometer-measured PA data were collected in a free-living setting for 7 continuous days. NHANES uses a multistage probability sampling design to select a sample that is representative of the civilian noninstitutionalized household (both adult and children) population of the United States.
Exposures The NHANES data sets contain objectively measured movement intensity as recorded by accelerometers worn during all walking for 1 week.
Main Outcomes and Measures The primary outcome was the ability of the random forest and linear SVM algorithms to match demographic and 20-minute aggregated PA data to individual-specific record numbers, and the percentage of correct matches by each machine learning algorithm was the measure…. https://jamanetwork.com/journals/jamanetworkopen/fullarticle/2719130?resultClick=3

Here is the press release from UC Berkeley:

PUBLIC RELEASE: 3-JAN-2019
Artificial intelligence advances threaten privacy of health data
Study finds current laws and regulations do not safeguard individuals’ confidential health information
Advances in artificial intelligence have created new threats to the privacy of people’s health data, a new University of California, Berkeley, study shows.
Led by UC Berkeley engineer Anil Aswani, the study suggests current laws and regulations are nowhere near sufficient to keep an individual’s health status private in the face of AI development. The research was published Dec. 21 in the JAMA Network Open journal.
The findings show that by using artificial intelligence, it is possible to identify individuals by learning daily patterns in step data, such as that collected by activity trackers, smartwatches and smartphones, and correlating it to demographic data.
The mining of two years’ worth of data covering more than 15,000 Americans led to the conclusion that the privacy standards associated with 1996’s HIPAA (Health Insurance Portability and Accountability Act) legislation need to be revisited and reworked.
“We wanted to use NHANES (the National Health and Nutrition Examination Survey) to look at privacy questions because this data is representative of the diverse population in the U.S.,” said Aswani. “The results point out a major problem. If you strip all the identifying information, it doesn’t protect you as much as you’d think. Someone else can come back and put it all back together if they have the right kind of information.”
“In principle, you could imagine Facebook gathering step data from the app on your smartphone, then buying health care data from another company and matching the two,” he added. “Now they would have health care data that’s matched to names, and they could either start selling advertising based on that or they could sell the data to others.”
According to Aswani, the problem isn’t with the devices, but with how the information the devices capture can be misused and potentially sold on the open market.
“I’m not saying we should abandon these devices,” he said. “But we need to be very careful about how we are using this data. We need to protect the information. If we can do that, it’s a net positive.”
Though the study specifically looked at step data, the results suggest a broader threat to the privacy of health data.
“HIPAA regulations make your health care private, but they don’t cover as much as you think,” Aswani said. “Many groups, like tech companies, are not covered by HIPAA, and only very specific pieces of information are not allowed to be shared by current HIPAA rules. There are companies buying health data. It’s supposed to be anonymous data, but their whole business model is to find a way to attach names to this data and sell it.”
Aswani said advances in AI make it easier for companies to gain access to health data, the temptation for companies to use it in illegal or unethical ways will increase. Employers, mortgage lenders, credit card companies and others could potentially use AI to discriminate based on pregnancy or disability status, for instance.
“Ideally, what I’d like to see from this are new regulations or rules that protect health data,” he said. “But there is actually a big push to even weaken the regulations right now. For instance, the rule-making group for HIPAA has requested comments on increasing data sharing. The risk is that if people are not aware of what’s happening, the rules we have will be weakened. And the fact is the risks of us losing control of our privacy when it comes to health care are actually increasing and not decreasing.”
###
Co-authors of the study are Liangyuan Na of MIT; Cong Yang and Chi-Cheng Lo of UC Berkeley; Fangyuan Zhao of Tsinghua University in China; and Yoshimi Fukuoka of UCSF.
Disclaimer: AAAS and EurekAlert! are not responsible for the accuracy of news releases posted to EurekAlert! by contributing institutions or for the use of any information through the EurekAlert system.

RAND Corporation has information about health care privacy at https://www.rand.org/topics/health-information-privacy.html

StaySafeOnline described health care privacy issues in the article, Health Information Privacy – Why Should We Care?

• Health data is very personal and may contain information we wish to keep confidential (e.g., mental health records) or potentially impact employment prospects or insurance coverage (e.g., chronic disease or family health history).
• It is long living – an exposed credit card can be canceled, but your medical history stays with you a lifetime.
• It is very complete and comprehensive – the information health care organizations have about their patients includes not only medical data, but also insurance and financial account information. This could be personal information like Social Security numbers, addresses or even the names of next of kin. Such a wealth of data can be monetized by cyber adversaries in many ways.
• In our digital health care world, the reliable availability of accurate health data to clinicians is critical to care delivery and any disruption in access to that data can delay care or jeopardize diagnosis.
The privacy and security of health information is strictly regulated in the U.S. under federal laws, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), but also through various state laws and laws protecting individuals against discrimination based on genetic data….
For health care providers and insurers, there is typically no limitation for patients to disclose information about their health. Just as any patient can (and mostly should) share concerns about their health with family and friends, any patient can now easily share anything they want with the world via social media or join an online support group. Although these are generally positive steps that help an individual with health concerns find support and receive advice, we now need to be much more conscious about what
However, concerns about your health care provider’s ability to protect your data should not lead to patients withholding information. Even in this digital age, the patient-doctor trust relationship is still the most important aspect of our health care system – and that trust goes both ways: patients need to trust their providers with often intimate and personal information, and providers need to know that their patients are not withholding anything due to privacy concerns.
We have entered the new age of digital medicine and almost universal availability of information, leading to better diagnosis and more successful treatments, ultimately reducing suffering and extending lives. However, this great opportunity also comes with new risks and we all – health care providers and patients alike – need to be conscious about how we use this new technology and share information…. https://staysafeonline.org/blog/health-information-privacy-care/

Resources:

Artificial Intelligence Will Redesign Healthcare https://medicalfuturist.com/artificial-intelligence-will-redesign-healthcare

9 Ways Artificial Intelligence is Affecting the Medical Field https://www.healthcentral.com/slideshow/8-ways-artificial-intelligence-is-affecting-the-medical-field#slide=2

Where information leads to Hope. © Dr. Wilda.com

Dr. Wilda says this about that ©

Blogs by Dr. Wilda:

COMMENTS FROM AN OLD FART©
http://drwildaoldfart.wordpress.com/

Dr. Wilda Reviews ©
http://drwildareviews.wordpress.com/

Dr. Wilda ©
https://drwilda.com/