Monday, May 23, 2016

When data fluxes collide: random thoughts on privacy and security.

When data fluxes collide...

"The privacy of your data is very close to our heart" is something the medical device industry likes to repeat over and over. Historically, they haven't done a great job. Some hilarious XOR loops managed to get HIPAA approval in the past, introducing additional vulnerabilities to the system they supposedly protected (http://www.securiteam.com/windowsntfocus/5HP0L152BA.html). Recent efforts haven't fared much better.

But lets go back in time a bit. Back in 1994 - I had just completed my military service as a MD in the Belgian Army stationed in Germany - I was still hesitating between Medicine and IT Security. That mix of competences was a bit unusual at the time and this led me to write regularly about IT and IT security issues in medical magazines.

The times were very different in 1994. A tech savvy MD might have had some DBASE based medical software, advanced ones were beginning to use modems to connect to labs and get their results through BBS software... Security was non existent. The only defense was the general ignorance.

This is also the first time (I had no connection to T1D back then) I considered what could happen if an insurance company got its hands on a HbA1c database. Back then, all the HbA1c values values of the patients treated at the large university hospital where I studied where one database query and a floppy disk away.

My Medipractice column in 1994
That scenario - someone stealing the Hb1c database and selling it to an insurance company - raised eyebrows and was generally considered too horrible to even be considered.

Fast forward to 2016 and, we have this

Theoretically, we could walk into Cigna and say, "You have 22,312 patients on our system. Here's how they're doing, and here's your 500 problem patients, and boom, b-boom, b-boom." Kevin Sayer - Dexcom (Motley Fool's Interview) - March 2013

Yeah, "boom, b-boom, b-oom"... 22 years later, the hypothetical scenario I feared could happen even if it sounded too blatantly criminal at the time, has not only become acceptable but is also, supposedly a sign of progress... so much that medical device makers, who hold "the privacy of your data so close to their heart" are willing, well, to peddle it around. "Theoretically, they could walk".  In practice, when it comes to patient access to their own data, they can also walk - backwards - and put all kind of limitations on your access to you data streams (remember, it is not yours, it is licensed to you).

But where does that lead us? Back in 1994, it seemed I was quite decent at spotting trends and risks. Today, I am getting old and am not so sure. One thing we know is that patients should be happy to pay a lot to get good treatments (Lily has this to say Yes, they (drugs) can be expensive, but disease is a lot more expensive,” Lechleiter, told analysts.) We also know that, thanks to our smartphones, we are leaking tons of data fluxes, apparently unrelated. Where could that lead us? I considered a few ideas, conjured awful total surveillance scenarios... Then, suddenly, I had a Eureka moment... UBER riders are apparently willing to accept 9.9x surge pricing when their phone battery is about to die.
 

(http://thenextweb.com/insider/2016/05/20/uber-riders-will-pay-9-9-times-surge-pricing-phone-battery-low/#gref)

I think there are a few lessons here.

  • your data will be locked up and secured as much as possible... from your eyes. While the concept will be sold to you as an obvious need for the security and privacy of your medical data, the real goal will be to limit access and monetize it. It's a variant of the "terrorists and pedophiles" argument in the total surveillance debate.
  • likewise, it is often stated that, if you are a good citizen, you have nothing to fear when it comes to total surveillance. I guess that you could as well say "if you are a good diabetic, you have nothing to fear about your data being sold".
  • and what if we transpose the Uber surge pricing model to the pricing of Insulin? Or the complexity of the hosted/concierged Artifical Pancreas algorithms? Or the number of adjustment scenarios? How much would you pay for an optional advanced algorithm if you have been hovering above 300 mg/dL for days, with no end in sight? Should Insulin cost more for people who don't exercise enough per their accelerometer data?
Do those scenarios sound as absurd or criminal in 2016 as the sharing of HbA1c with insurance companies sounded in 1994? Time will tell I guess.

"Yeah, we just increased the price of your insulin, but you know, being high carries a lot of risks"

"We're sorry Sir, your CGM company told us you are the problematic one".

Fortunately, all hope isn't lost. Just like in 1994, medical device security, algorithm obfuscation remains a field where the one eyed guys lead the blind...












No comments:

Post a Comment