Movies and Medical Records
(Editor's note: The following blog was written by Mark McGraw, an associate editor on staff at ADVANCE.)
It's movie night, and you're not interested in subtitles or surrealism.
Maybe next week you'll go for the one with the "Winner: Best Foreign Language Film, 2008 Venice Film Festival" sticker on it. But tonight you're in the mood for a poorly acted and painfully predictable slasher film; the one where the band of promising, carefree teens head for a harmless weekend retreat at idyllic Camp Killmore.
And there's nothing wrong with enjoying the sugar high that comes from such cinematic junk food. But it's also common to feel a bit ashamed when the buzz wears off, and you may not want others to find out about the B-movie bender you went on over the weekend.
A little embarrassment aside, would you feel comfortable knowing that total strangers could find out what flicks you pick on Friday nights? Or worse, they could take a look at your sensitive health information? If recent research is any indication, it may not be that difficult to get access to either.
Netflix, the popular online DVD and Blu-Ray disc rental service, recently held a competition to improve its recommendation software. Contestants received a training data set containing the movie preferences of 480,000-plus customers who had been "de-identified," according to a recent New York Times article.
A pair of computer scientists at the University of Texas at Austin (UT) recently conducted a privacy experiment to see if it was possible to determine the identities of those supposedly anonymous film buffs.
By comparing the preferences of some unnamed Netflix customers with personal profiles on Internet movie database www.imdb.com/, the researchers said they "easily re-identified some people because they had posted their e-mail addresses or other distinguishing information online," the Times reported.
The Los Gatos, Calif.-based service disputed the study's findings, claiming that Netflix had altered the data set before sending it to contestants, according to the Times. The researchers, however, said they were indeed able to positively ID Netflix customers by analyzing users' public postings and connecting them to their Netflix preferences, the article said.
In any case, the study adds fuel to the debate over how private electronic data -- including electronic health records -- can truly be.
"As our research shows, pretty much any information that distinguishes one person from another can be used to re-identify records," Vitaly Shmatikov, associate professor of computer science at UT and co-author of the study, told the Times.
A scary thought. With ARRA legislation signed months ago, and billions of that money earmarked to encourage the adoption of electronic health records (EHRs), we could be well on our way to building a health care system where medical errors are fewer, costs are lower, and fraud, waste and duplication are greatly reduced.
Indeed, the potential of EHRs to improve the delivery of health care has been well-documented. As have the shortcomings of current laws governing the privacy of digital health records.
Regulations currently in place require that patients be notified if their personal medical information has been released without their authorization, and the selling of protected health records is prohibited.
But "de-identified" health care data? That's still fair game, and can be sold without the patient's consent to interested parties such as insurance companies and pharmaceutical marketers, for example, to target very specific groups of patients -- some with illnesses or conditions they'd prefer to keep as private as possible. Online patient records can also be viewed by any and all individuals within the health care system allowed to do so by law.
So, while EHRs may ultimately offer patients and health care providers greater access to vital data, questions of how to best protect that information clearly remain.
What questions do you have? In your opinion, what should digital privacy laws entail? How can health care providers ensure that their patients' information is adequately protected? Leave a comment below, and tell us what you think.