3:00???4:30 p.m., Room 102B
Deven McGraw, J.D., L.L.M., M.P.H., Director of the Health Privacy Project, Center for Democracy & Technology
Cora Tung Han, J.D., Attorney, Division of Privacy and Identity Protection, Federal Trade Commission
Marcia Tal, Founder, Tal Solutions
Fred Trotter, Director of Technology, Cautious Patient Foundation; Author, Meaningful Use and Beyond
Colin Zick, J.D., Partner and Co-Chair of Security and Privacy Practice, Foley Hoag L.L.P.
Colin Zick: HIPAA was about Electronic Data Interchange and the Privacy aspects were a sop to privacy advocates.
Watch out for the term: PII (Personally Identifiable Information)
FTC: the question is when information can be linked to a person or device.
Data is not reasonably linkable if:
– De-identifies data
– Doesn’t try to re-constitute the data
– Prevent downstream users from re-identifying data.
1. Privacy by Design
2. Reasonable collection limits
3. Sound management and disposal rules
Fred Trotter: People don’t care about privacy because they don’t understand the implications of a lack of privacy.
People equate HIPAA with Privacy.
The notion of the single doctor is going away as doctors consolidate.
In the Health Data world: Accuracy should trump privacy. We should be demanding an ability to correct errors.
All the people who are looking to save costs are incorporated in to the “Team” and therefore have insight to your data.Devin: How do we create an environment of trust.
Marsha:Financial Services has had plenty of experience dealing with privacy.
An industry commitment in Financial Services to protecting consumer privacy. This culture continues today.
Doesn’t this create a growing conflict of interest as we see the emergence of mega banks that offer a range of services that can benefit from knowing a detailed background on their customers.
Fair Credit Reporting Act: protects against data-based discrimination.
If in 2012 we still have doctor’s practices that are refusing to share a patient’s health data with a patient then we still have a big challenge ahead.
Facebook are now asking if you are an organ donor. That is a health decision that is then being shared with friends.
Is location the last bastion of privacy? It is the data that can pull everything else together.
We have to differentiate between Privacy and Security. WE know how to secure systems “relatively” well.
New HIPAA rules could extend the requirements for patients to have access to report that discloses who has accessed their Health Record.
– The access report provision.
The technology can’t distinguish between access and disclosure.
Fred: We want control but we want data to flow easily.
Marcia: Let the trusted experts take care of it
Colin: Eat your broccoli, don’t get sick and ask for a copy of your medical record,