Beyond Privacy Policies: Assessing Inherent Privacy Risks of Consumer Health Services
-
Upload
nicole-david -
Category
Documents
-
view
19 -
download
1
description
Transcript of Beyond Privacy Policies: Assessing Inherent Privacy Risks of Consumer Health Services
Beyond Privacy Policies:Assessing Inherent Privacy Risks of
Consumer Health Services
Jens Weber, PhD, PEngJames Williams, JD, Msc, Phd (cand)
ContextWork performed for the Privacy Commissioner of Canada.
Examining consumer health informatics applications.
Contributions:
1)Taxonomy of offerings2)Ratings tools from a consumer perspective3)Evaluation of certification regimes.
Overview
What are consumer health applications? What schemes exist to rate privacy/security
concerns? A new rating methodology.
Consumer Health Applications
prime objective of CHI: “to empower consumers by putting health information into their hands..... such as diagnoses, lab results, personal risk factors, and prescribed drugs.”
Not necessarily electronic.
Consumer Health Applications
Taxonomy:
(1) information aids
(2) decision aids
(3) education aids
(4) management aids
(5) health sales services
(6) meta/ratings services
CHA – Information Aids
Information aids provide consumers with services to:
(a) access
(b) store
(c) control
(d) distribute their PHI.
CHA – Decision Aids
computer-supported services that take into account PHI in order to aid consumers in making health-related decisions.
Eg: telemediated or automated clinics, questionnaires.
CHA – Education Aids
Services that promote health literacy. Eg, medical blogs, serious games, story
collections, static websites.
CHA- Management Aids
Applications that support consumers in the ongoing longterm management of aspects of their health
Support group services: forums, chat rooms, etc.
Telemonitoring.
CHA- Rating Services
Provider rating services: allow consumers to rate care providers.
Application rating services.
Special case: application certification. ie. HONcode.
Rating Schemes
What about rating privacy risks? Most privacy risk assessment methods are
designed for organizations that manage PHI. (i.e., IPC Ontario, David Flaherty).
Rating Schemes
Buffet and Kosa: assess consumer privacy risk using
assignment of probability and utility values to statements in privacy policies.
the probability represents the degree that users agree with a particular policy statement
Utility represents the degree that the users endorse a particular policy statement.
Rating Schemes
Patient Privacy Rights (PPR) foundation. Uses 'report card' metaphor to assess how
well privacy policies cover criteria from sources like common law, statutory law, etc.
Rating Schemes
Policy-based risk assessment methods are effective tools for assisting consumers to assess the privacy risks that are apparent from privacy policies.
Do not address the inherent risks of an entire spectrum of different service types.
Do not catch more subtle privacy threats, such as indirect information disclosure due to targeted advertisements and social computing
Rating Schemes
Our approach: a complementary tool to aid consumers in gauging the inherent privacy risks associated with consumer health services.
The tool was developed based on a systematic review of the types of services and their associated privacy risks.
Our Approach
How did we come up with this?
Risk identification based on CSA model code.
Systematic literature review. Legal research (case law, admin law)
Our Approach
Example: Identifying Purposes and OPPs OPPs are often not prominently presented
to users of CHI applications. OPPs are often presented as lengthy “fine
print”, written in a language and structure that may obscure important aspects.
OPPs are often ‘hidden’ as part of even longer legal documents on the general terms of agreement for use of the online service.
Our Approach
four main risk criteria are determined by:
(1) the business model of the CHI application
(2) the CHI service types provided within the application
(3) the service delivery model
(4) the company ownership
Risks – Business Model
Marketing funded: (high) revenue depends on exploiting PHI. Poss. for leaks, misuse.
Research funded: (high) possibility for secondary use. (PatientsLikeMe)
Employer/insurer: (med) secondary uses, data portability.
Consumer funded: (low) vendor profits from subscription fees.
Risks – Service Type
App ratings services, education aids: low Provider ratings: moderate Decision/management aids: high, since
they use PHI. Telemonitoring, etc. Support service (social networks): highest. Information aids: high. PHRs include
comprehensive information.
Risks – Delivery Model
Locally installed: (user's pc) lowest Mobile device: elevated risk due to
possibility for theft or loss. Hosted services: high risk. Breaches affect
multiple consumers. Cloud-based: highest. Third party service
providers in other jurisdictions.
Risks – Company Ownership
Canadian companies: subject to legislation, relatively easy to challenge.
Foreign controlled Canadian companies: elevated risk.
Entirely foreign: highest risk.