- Proceedings of the National Academy of Sciences of the United States of America
- Published over 2 years ago
Since 2013, a stream of disclosures has prompted reconsideration of surveillance law and policy. One of the most controversial principles, both in the United States and abroad, is that communications metadata receives substantially less protection than communications content. Several nations currently collect telephone metadata in bulk, including on their own citizens. In this paper, we attempt to shed light on the privacy properties of telephone metadata. Using a crowdsourcing methodology, we demonstrate that telephone metadata is densely interconnected, can trivially be reidentified, and can be used to draw sensitive inferences.
Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients' stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting.
With rising smartphone ownership, mobile health applications (mHealth apps) have the potential to support high-need, high-cost populations in managing their health. While the number of available mHealth apps has grown substantially, no clear strategy has emerged on how providers should evaluate and recommend such apps to patients. Key stakeholders, including medical professional societies, insurers, and policy makers, have largely avoided formally recommending apps, which forces patients to obtain recommendations from other sources. To help stakeholders overcome barriers to reviewing and recommending apps, we evaluated 137 patient-facing mHealth apps-those intended for use by patients to manage their health-that were highly rated by consumers and recommended by experts and that targeted high-need, high-cost populations. We found that there is a wide variety of apps in the marketplace but that few apps address the needs of the patients who could benefit the most. We also found that consumers' ratings were poor indications of apps' clinical utility or usability and that most apps did not respond appropriately when a user entered potentially dangerous health information. Going forward, data privacy and security will continue to be major concerns in the dissemination of mHealth apps.
Through the widespread availability of location-identifying devices, geolocalisation could potentially be used to place athletes during out-of-competition testing. In light of this debate, the WADA Ethics Panel formulated the following questions: (1) should WADA and/or other sponsors consider funding such geolocalisation research projects?, (2) if successful, could they be proposed to athletes as a complementary device to Anti-Doping Administration and Management System to help geolocalisation and reduce the risk of missed tests? and (3) should such devices be offered on a voluntary basis, or is it conceivable that they would be made mandatory for all athletes in registered testing pools? In this position paper, the WADA Ethics Panel concludes that the use of geolocalisation could be useful in a research setting with the goal of understanding associations between genotype, phenotype and environment; however, it recognises that the use of geolocalisation as part of or as replacement of whereabouts rules is replete with ethical concerns. While benefits remain largely hypothetical and minimal, the potential invasion of privacy and the data security threats are real. Considering the impact on privacy, data security issues, the societal ramifications of offering such services and various pragmatic considerations, the WADA Ethics Panel concludes that at this time, the use of geolocalisation should neither be mandated as a tool for disclosing whereabouts nor implemented on a voluntary basis.
- Journal of the American Medical Informatics Association : JAMIA
- Published about 4 years ago
Mobile health (mHealth) customers shopping for applications (apps) should be aware of app privacy practices so they can make informed decisions about purchase and use. We sought to assess the availability, scope, and transparency of mHealth app privacy policies on iOS and Android. Over 35 000 mHealth apps are available for iOS and Android. Of the 600 most commonly used apps, only 183 (30.5%) had privacy policies. Average policy length was 1755 (SD 1301) words with a reading grade level of 16 (SD 2.9). Two thirds (66.1%) of privacy policies did not specifically address the app itself. Our findings show that currently mHealth developers often fail to provide app privacy policies. The privacy policies that are available do not make information privacy practices transparent to users, require college-level literacy, and are often not focused on the app itself. Further research is warranted to address why privacy policies are often absent, opaque, or irrelevant, and to find a remedy.
To examine the ethical and legal issues physicians face when evaluating and managing athletes with sports-related concussions, and to offer guidance to physicians as they navigate these situations.RESULTS: This position paper reviews and compares the components of sports-related concussion laws, including education, removal from play, and clearance for return to play. It highlights the challenges privacy laws present relevant to providing care to concussed athletes and suggests ways to help physicians overcome these obstacles. The report also explores the ethical considerations physicians should bear in mind as they evaluate and manage concussed athletes, addressing them through a framework that includes considerations of professionalism, informed decision-making, patient autonomy, beneficence, nonmaleficence, conflicts of interest, and distributive justice.CONCLUSIONS: Physicians caring for concussed athletes have an ethical obligation to ensure that their primary responsibility is to safeguard the current and future physical and mental health of their patients. Physicians have a duty to provide athletes and their parents with information about concussion risk factors, symptoms, and the risks for postconcussion neurologic impairments. Physicians should facilitate informed and shared decision-making among athletes, parents, and medical teams while protecting athletes from potential harm. Additionally, including concussion evaluation and management training in neurology residency programs, as well as developing a national concussion registry, will benefit patients by the development of policies and clinical guidelines that optimize prevention and treatment of concussive head injury.
Adverse drug reactions (ADRs) are an important cause of morbidity and mortality. Classical Pharmacovigilance process is limited by underreporting which justifies the current interest in new knowledge sources such as social media. The Adverse Drug Reactions from Patient Reports in Social Media (ADR-PRISM) project aims to extract ADRs reported by patients in these media. We identified 5 major challenges to overcome to operationalize the analysis of patient posts: (1) variable quality of information on social media, (2) guarantee of data privacy, (3) response to pharmacovigilance expert expectations, (4) identification of relevant information within Web pages, and (5) robust and evolutive architecture.
- Journal of the American Medical Informatics Association : JAMIA
- Published over 2 years ago
We describe use cases and an institutional reference architecture for maintaining high-capacity, data-intensive network flows (e.g., 10, 40, 100 Gbps+) in a scientific, medical context while still adhering to security and privacy laws and regulations.
This study aims to understand the influence of the ethical and legal issues on cloud computing adoption in the field of genomics research. To do so, we adapted Diffusion of Innovation (DoI) theory to enable understanding of how key stakeholders manage the various ethical and legal issues they encounter when adopting cloud computing. Twenty semi-structured interviews were conducted with genomics researchers, patient advocates and cloud service providers. Thematic analysis generated five major themes: 1) Getting comfortable with cloud computing; 2) Weighing the advantages and the risks of cloud computing; 3) Reconciling cloud computing with data privacy; 4) Maintaining trust and 5) Anticipating the cloud by creating the conditions for cloud adoption. Our analysis highlights the tendency among genomics researchers to gradually adopt cloud technology. Efforts made by cloud service providers to promote cloud computing adoption are confronted by researchers' perpetual cost and security concerns, along with a lack of familiarity with the technology. Further underlying those fears are researchers' legal responsibility with respect to the data that is stored on the cloud. Alternative consent mechanisms aimed at increasing patients' control over the use of their data also provide a means to circumvent various institutional and jurisdictional hurdles that restrict access by creating siloed databases. However, the risk of creating new, cloud-based silos may run counter to the goal in genomics research to increase data sharing on a global scale.
The collapse of confidence in anonymization (sometimes also known as de-identification) as a robust approach for preserving the privacy of personal data has incited an outpouring of new approaches that aim to fill the resulting trifecta of technical, organizational, and regulatory privacy gaps left in its wake. In the latter category, and in large part due to the growth of Big Data-driven biomedical research, falls a growing chorus of calls for criminal and penal offences to sanction wrongful re-identification of “anonymized” data. This chorus cuts across the fault lines of polarized privacy law scholarship that at times seems to advocate privacy protection at the expense of Big Data research or vice versa. Focusing on Big Data in the context of biomedicine, this article surveys the approaches that criminal or penal law might take toward wrongful re-identification of health data. It contextualizes the strategies within their respective legal regimes as well as in relation to emerging privacy debates focusing on personal data use and data linkage and assesses the relative merit of criminalization. We conclude that this approach suffers from several flaws and that alternative social and legal strategies to deter wrongful re-identification may be preferable.