Monday, February 29, 2016

Signaling that you can not anonymize data?
Mikkael A. Sekres, MD, MS and Brian J. Bolwell, MD have an OpEd on FoxNews of note as the issue they address goes beyond cancer patients and potentially affects all of us.
… Articles about cancer research in scholarly journals are the lifeblood of the fight against cancer. For doctors and researchers, flagship journals such as The New England Journal of Medicine, the Journal of the American Medical Association (JAMA) and The Lancet are critical for keeping up to date with the latest breakthroughs, establishing new standards of care, and improving treatments for patients.
In January, a proposal was put forward by the editors of these publications, the International Committee of Medical Journal Editors, that poses a serious threat to the privacy of patient data. In it, the editors would require that investigators of clinical trials make publically available within six months of publication de-identified (i.e., anonymous), individual patient data underlying the results presented in the trial.
Read more on FoxNews about the risks of re-identification and its impact on cancer patient privacy.




I've been trying to explain the First Amendment to my international students. (It relates to Apple v FBI) This should cloud the waters…
I’ve been hoping some lawyer(s) would discuss the lawsuit filed by Jason Pierre-Paul (“JPP”) against ESPN and Adam Schefter because frankly, although I wasn’t happy that Schefter posted a medical record – and Schefter later acknowledged there’s an issue of sensitivity here – I can’t see how any lawsuit against the journalist could prevail because…. freedom of press. Now sports lawyer Tony Iliakostas has offered his analysis and prognosis for the case. It provides a useful recap of the claims, Florida law, and Iliakostas’s predictions.
For those not familiar with the case, the short version is that Schefter somehow obtained JPP’s medical record showing surgery on JPP’s fingers after an accident JPP had. Schefter tweeted the actual image of the medical record showing surgery was performed. Not surprisingly, Jackson Memorial Hospital investigated to determine what employee(s) may have leaked the record to Schefter and subsequently fired two employees. JPP sued the hospital for breach of his privacy. The hospital settled. But this lawsuit against ESPN and Schefter is a separate lawsuit filed over the incident under Florida law.
Iliakostas writes that in suing ESPN and Schefter over the tweet, JPP alleges
that Adam Schefter violated Florida Statute § 456.057, which states in a nutshell that medical records maintained by hospital, clinical laboratories, and other health care practtioners shall be kept confidential. Specifically under subsection 7(a) of the Florida Statute, records shall only be provided to the patient, his/her legal representatives, and other health care providers. Medical records under this statute shall not be disclosed to anyone else without the patient’s written consent. The complaint specifically asserts that Schefter is in violation of § 456.057(11) which states that a third party in receipt of medical records is “prohibited from further disclosing any information in the medical record” without the patient’s express written consent. Likewise, the complaint holds Jackson Memorial Hospital accountable for disclosing the records in the first place without his consent.
So that’s different: Florida law imposes a duty to maintain confidentiality on a third party recipient of a medical record. If you are not a health care professional and received a medical record from a patient in Florida, would you know you had that duty to maintain confidentiality? I wouldn’t. [But the ESPN's lawyers probably did Bob] But let’s continue…
Jason Pierre-Paul also accuses Schefter of invading his privacy. Invasion of privacy is a common law tort offense that comes in various forms. Here, it comes in the form of public disclosure. Pierre-Paul alleges that this medical information about his amputated fingers was private and that publishing them on a very large scale was offensive to him. To prove any public disclosure-invasion of privacy claim, the plaintiff has the burden of proving that 1) private information pertaining to him was disseminated to a large audience and 2) the information that was shared is not of public concern.
The lawsuit also holds ESPN responsible for Schefter’s actions under the respondeat superior doctrine, which is a very fancy legal term which states that employers are held accountable for the actions of their employees that are performed in the course of their employment.
We’ve seen that last argument before in other lawsuits where employees of a clinic or hospital breached a patient’s privacy. The results have been mixed on that. In one case, Walmart was held liable for what its pharmacist did in breaching a patient’s privacy. In another case, a clinic was found not liable for what its employee did in snooping in a patient’s records and sharing that information with others.
Iliakostas does not think JPP will prevail on any of the claims. Keep in mind that the hospital is not a defendant in this suit, having settled already. He writes, in part, that JPP’s accident and surgery were matters of public concern, although he makes no attempt to distinguish between matters of public concern and matters that are just of public interest or curiosity. But here’s the part of his analysis I want to zoom in on:
No matter how you slice or dice this case, there is one defense that unequivocally protects Adam Schefter: under the First Amendment’s right to freedom of press, he had a right to share the medical records. Jason Pierre-Paul’s fireworks injury was certainly newsworthy because not only was he a staple in the New York Giants defense, but there was a very real possibility that his time in the NFL came to an end. Thankfully, he still will be in a Giants uniform playing.
Needless to say, Schefter was simply doing what any great journalist does best, which is to share the news. Whether it was right for him to tweet the medical records is more a matter of journalistic ethics. ProFootballTalk opined on this matter, questioning whether Adam Schefter really needed to share Jason Pierre-Paul’s medical records to the whole world. But as a matter of law, Schefter and ESPN seem to be in the clear and I would expect this case to be dismissed.
Will part of Florida’s statute be declared an unconstitutional infringement of freedom of press? This is an important case to follow for a number of reasons. Can JPP prove harm or injury from the tweeted medical records? And even if he could, doesn’t Schefter’s protections as a journalist trump that in this case?
Stay tuned…




Perspective.
Kudos to Federal Times, who obtained a tremendous amount of data from HHS about security incidents involving their component systems. Aaron Boyd reports on their analysis of data, which was obtained through a Freedom of Information request. The analyses look at types of attacks by components of HHS. Here’s some of their analysis and findings:
The records — which include a tally of security incidents reported by HHS components between January 2013 and September 2015 — provide a very high-level view of the challenges the department faces. On the whole, HHS reported 26,381 incidents over a 30-month period: 40 percent of which were categorized as unauthorized access; 14 percent as scans, probes or attempted access; and 12 percent as malicious code.
But certain trends become apparent after parsing the data.
For instance, over that time period, CMS reported 7,600 incidents of unauthorized access, a category the National Institute of Standards and Technology defines as “a person [gaining] logical or physical access without permission to a network, system, application, data or other IT resource.” These incidents — accounting for 56 percent of all reported incidents — could signal a network breach by a malicious actor. More often than not though, such incidents are merely an employee or contractor accessing a system outside the scope of their work. That’s a violation of protocol perhaps, but not malicious.
In contrast, CMS only discovered 250 instances of malicious code embedded in its systems, the lowest among the major incident categories reported, accounting for less than 2 percent of its total reported incidents. The majority of HHS components followed this same track, though not to the same extreme.
CDC and NIH were exceptions. For both, malware stood as a predominant threat vector.
Read more on Federal Times. Then see their follow-up, where they make the data publicly available for download and for your own analyses. You can also create your own data visualization using DataWrapper.de.




Perspective. You can tell I'm an old geezer because I still wear a wrist watch. My students (who are not Uber drivers) use Uber to get to school.
Why buy the car when you can buy the trip? How the ‘Peak Car’ era is ending
One thing that is becoming obvious is that, at least in the bigger cities, the age of the automobile has passed its prime.
… “We’re seeing a phenomenon where younger people who finish college and get their first jobs in an urban area have accumulated a lot of student debt and they’re paying high rents,” Metz says. “They find that they don’t need a car for an urban lifestyle where they’ve got alternative means of transport available.”
… Even as large numbers of people make the decision to delay car buying or refuse ownership altogether, opportunities have flowered for distributed rental enterprises such as Zipcar and Car2Go, as well as freelance taxi services like Uber and Lyft.




Perspective.
Making Personalized Marketing Work
… The key to relevant messaging lies with data, but the challenge is no longer collecting it. Each day, we create 2.5 quintillion bytes of data. Today’s challenge is using data to deliver customers more contextual, personalized impressions.
… There are other techniques your company can use to make your marketing more personalized.
1. Get (more) social.




Perspective.
Pentagon plans huge, swift upgrade to Windows 10
Microsoft is highlighting the department’s plans in a pair of blogposts Wednesday, but the news emerged in a little-noticed November memo by Terry Halvorsen, the Pentagon’s chief information officer.
Halvorsen said the department must rapidly transition to Windows 10 to improve cybersecurity and streamline and lower the costs of its information-technology footprint. He set a goal of completing the migrations by January 2017. It’s unclear what the project will cost.




For my geeky students.
Supercharged Raspberry Pi 3 adds Wi-Fi, Bluetooth, and more speed, but still costs $35


No comments: