Signaling that you can not anonymize data?
Mikkael A. Sekres, MD, MS and Brian J. Bolwell, MD
have an OpEd on FoxNews of note as the issue they address goes beyond
cancer patients and potentially affects all of us.
… Articles about cancer research in scholarly journals are the lifeblood of the fight against cancer. For doctors and researchers, flagship journals such as The New England Journal of Medicine, the Journal of the American Medical Association (JAMA) and The Lancet are critical for keeping up to date with the latest breakthroughs, establishing new standards of care, and improving treatments for patients.
In January, a proposal was put forward by the editors of these publications, the International Committee of Medical Journal Editors, that poses a serious threat to the privacy of patient data. In it, the editors would require that investigators of clinical trials make publically available within six months of publication de-identified (i.e., anonymous), individual patient data underlying the results presented in the trial.
Read more on FoxNews
about the risks of re-identification and its impact on cancer patient
privacy.
I've been trying to explain the First Amendment to
my international students. (It relates to Apple v FBI) This should
cloud the waters…
I’ve been hoping some lawyer(s) would discuss
the lawsuit
filed by Jason Pierre-Paul (“JPP”) against ESPN and Adam Schefter
because frankly, although I wasn’t happy that Schefter posted a
medical record – and Schefter
later acknowledged there’s an issue of sensitivity here – I
can’t see how any lawsuit against the journalist could prevail
because…. freedom of press. Now sports lawyer Tony Iliakostas has
offered his analysis and prognosis for the case. It provides a
useful recap of the claims, Florida law, and Iliakostas’s
predictions.
For those not familiar with the case, the short
version is that Schefter somehow obtained JPP’s medical record
showing surgery on JPP’s fingers after an accident JPP had.
Schefter tweeted the actual image of the medical record showing
surgery was performed. Not surprisingly, Jackson Memorial Hospital
investigated
to determine what employee(s) may have leaked the record to Schefter
and subsequently fired
two employees. JPP sued the hospital for breach of his privacy.
The hospital settled. But this lawsuit against ESPN and Schefter is
a separate lawsuit filed over the incident under Florida law.
Iliakostas
writes that in suing ESPN and Schefter over the tweet, JPP
alleges
that Adam Schefter violated Florida Statute § 456.057, which states in a nutshell that medical records maintained by hospital, clinical laboratories, and other health care practtioners shall be kept confidential. Specifically under subsection 7(a) of the Florida Statute, records shall only be provided to the patient, his/her legal representatives, and other health care providers. Medical records under this statute shall not be disclosed to anyone else without the patient’s written consent. The complaint specifically asserts that Schefter is in violation of § 456.057(11) which states that a third party in receipt of medical records is “prohibited from further disclosing any information in the medical record” without the patient’s express written consent. Likewise, the complaint holds Jackson Memorial Hospital accountable for disclosing the records in the first place without his consent.
So that’s different: Florida
law imposes a duty to maintain confidentiality on a third party
recipient of a medical record. If you are not a health
care professional and received a medical record from a patient in
Florida, would you know you had that duty to maintain
confidentiality? I wouldn’t. [But
the ESPN's lawyers probably did Bob] But let’s
continue…
Jason Pierre-Paul also accuses Schefter of invading his privacy. Invasion of privacy is a common law tort offense that comes in various forms. Here, it comes in the form of public disclosure. Pierre-Paul alleges that this medical information about his amputated fingers was private and that publishing them on a very large scale was offensive to him. To prove any public disclosure-invasion of privacy claim, the plaintiff has the burden of proving that 1) private information pertaining to him was disseminated to a large audience and 2) the information that was shared is not of public concern.
The lawsuit also holds ESPN responsible for Schefter’s actions under the respondeat superior doctrine, which is a very fancy legal term which states that employers are held accountable for the actions of their employees that are performed in the course of their employment.
We’ve seen that last argument before in other
lawsuits where employees of a clinic or hospital breached a patient’s
privacy. The results have been mixed on that. In one case, Walmart
was held liable for what its pharmacist did in breaching a patient’s
privacy. In another case, a clinic was found not liable for what its
employee did in snooping in a patient’s records and sharing that
information with others.
Iliakostas does not think JPP will prevail on any
of the claims. Keep in mind that the hospital is not a defendant in
this suit, having settled already. He writes, in part, that JPP’s
accident and surgery were matters of public concern,
although he makes no attempt to distinguish between matters of public
concern and matters that are just of public interest or
curiosity. But here’s the part of his analysis I want to zoom
in on:
No
matter how you slice or dice this case, there is one defense that
unequivocally protects Adam Schefter: under the First Amendment’s
right to freedom of press, he had a right to share the medical
records. Jason Pierre-Paul’s fireworks injury was certainly
newsworthy because not only was he a staple in the New York Giants
defense, but there was a very real possibility that his time in the
NFL came to an end. Thankfully,
he still will be in a Giants uniform playing.
Needless to say, Schefter was simply doing what any great journalist does best, which is to share the news. Whether it was right for him to tweet the medical records is more a matter of journalistic ethics. ProFootballTalk opined on this matter, questioning whether Adam Schefter really needed to share Jason Pierre-Paul’s medical records to the whole world. But as a matter of law, Schefter and ESPN seem to be in the clear and I would expect this case to be dismissed.
Will part of Florida’s statute be declared an
unconstitutional infringement of freedom of press? This is an
important case to follow for a number of reasons. Can JPP prove harm
or injury from the tweeted medical records? And even if he could,
doesn’t Schefter’s protections as a journalist trump that in this
case?
Stay tuned…
Perspective.
Kudos to Federal Times, who obtained a
tremendous amount of data from HHS about security incidents involving
their component systems. Aaron Boyd reports on their analysis of
data, which was obtained through a Freedom of Information request.
The analyses look at types of attacks by components of HHS. Here’s
some of their analysis and findings:
The records — which include a tally of security incidents reported by HHS components between January 2013 and September 2015 — provide a very high-level view of the challenges the department faces. On the whole, HHS reported 26,381 incidents over a 30-month period: 40 percent of which were categorized as unauthorized access; 14 percent as scans, probes or attempted access; and 12 percent as malicious code.
But certain trends become apparent after parsing the data.
For instance, over that time period, CMS reported 7,600 incidents of unauthorized access, a category the National Institute of Standards and Technology defines as “a person [gaining] logical or physical access without permission to a network, system, application, data or other IT resource.” These incidents — accounting for 56 percent of all reported incidents — could signal a network breach by a malicious actor. More often than not though, such incidents are merely an employee or contractor accessing a system outside the scope of their work. That’s a violation of protocol perhaps, but not malicious.
In contrast, CMS only discovered 250 instances of malicious code embedded in its systems, the lowest among the major incident categories reported, accounting for less than 2 percent of its total reported incidents. The majority of HHS components followed this same track, though not to the same extreme.
CDC and NIH were exceptions. For both, malware stood as a predominant threat vector.
Read more on Federal
Times. Then see their follow-up, where they
make the data publicly available for download and for your own
analyses. You can also create your own data visualization using
DataWrapper.de.
Perspective. You can tell I'm an old geezer
because I still wear a wrist watch. My students (who are not Uber
drivers) use Uber to get to school.
http://www.digitaltrends.com/cars/traffic-drives-reduced-urban-auto-usage/?google_editors_picks=true
Why buy the
car when you can buy the trip? How the ‘Peak Car’ era is ending
One thing that is becoming obvious is that, at
least in the bigger cities, the age of the automobile has passed its
prime.
… “We’re seeing a phenomenon where younger
people who finish college and get their first jobs in an urban area
have accumulated a lot of student debt and they’re paying high
rents,” Metz says. “They find that they don’t need a car for
an urban lifestyle where they’ve got alternative means of transport
available.”
… Even as large numbers of people make the
decision to delay car buying or refuse ownership altogether,
opportunities have flowered for distributed rental enterprises such
as Zipcar and Car2Go, as well as freelance taxi services like Uber
and Lyft.
Perspective.
Making
Personalized Marketing Work
… The key to relevant messaging lies with
data, but the challenge is no longer collecting it. Each day, we
create 2.5
quintillion bytes of data. Today’s challenge is using data to
deliver customers more contextual, personalized impressions.
… There are other techniques your company can
use to make your marketing more personalized.
1. Get
(more) social.
Perspective.
Pentagon
plans huge, swift upgrade to Windows 10
Microsoft is highlighting the department’s plans
in a pair of blogposts Wednesday, but the news emerged in a
little-noticed November memo by Terry Halvorsen, the Pentagon’s
chief information officer.
Halvorsen said the department must rapidly
transition to Windows 10 to improve cybersecurity and streamline and
lower the costs of its information-technology footprint. He set a
goal of completing the migrations by January 2017. It’s unclear
what the project will cost.
For my geeky students.
Supercharged
Raspberry Pi 3 adds Wi-Fi, Bluetooth, and more speed, but still costs
$35
No comments:
Post a Comment