AI Chatbots and Challenges of HIPAA Compliance for AI Developers and Vendors

Developers and vendors of large language models ("LLMs") - such as ChatGPT, Google Bard, and Microsoft's Bing at the forefront-can be subject to Health Insurance Portability and Accountability Act of 1996 ("HIPAA") when they process protected health information ("PHI") on behalf of the HIPAA covered entities. In doing so, they become business associates or subcontractors of a business associate under HIPAA.

Sensitive Data Detection with High-Throughput Machine Learning Models in Electrical Health Records

In the era of big data, there is an increasing need for healthcare providers, communities, and researchers to share data and collaborate to improve health outcomes, generate valuable insights, and advance research. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law designed to protect sensitive health information by defining regulations for protected health information (PHI). However, it does not provide efficient tools for detecting or removing PHI before data sharing. One of the challenges in this area of research is the heterogeneous nature of PHI fields in data across different parties. This variability makes rule-based sensitive variable identification systems that work on one database fail on another. To address this issue, our paper explores the use of machine learning algorithms to identify sensitive variables in structured data, thus facilitating the de-identification process. We made a key observation that the distributions of metadata of PHI fields and non-PHI fields are very different. Based on this novel finding, we engineered over 30 features from the metadata of the original features and used machine learning to build classification models to automatically identify PHI fields in structured Electronic Health Record (EHR) data. We trained the model on a variety of large EHR databases from different data sources and found that our algorithm achieves 99% accuracy when detecting PHI-related fields for unseen datasets. The implications of our study are significant and can benefit industries that handle sensitive data.

De-identification of free text data containing personal health information: a scoping review of reviews

Introduction

Using data in research often requires that the data first be de-identified, particularly in the case of health data, which often include Personal Identifiable Information (PII) and/or Personal Health Identifying Information (PHII). There are established procedures for de-identifying structured data, but de-identifying clinical notes, electronic health records, and other records that include free text data is more complex. Several different ways to achieve this are documented in the literature. This scoping review identifies categories of de-identification methods that can be used for free text data.

Methods

We adopted an established scoping review methodology to examine review articles published up to May 9, 2022, in Ovid MEDLINE; Ovid Embase; Scopus; the ACM Digital Library; IEEE Explore; and Compendex. Our research question was: What methods are used to de-identify free text data? Two independent reviewers conducted title and abstract screening and full-text article screening using the online review management tool Covidence.

Results

The initial literature search retrieved 3,312 articles, most of which focused primarily on structured data. Eighteen publications describing methods of de-identification of free text data met the inclusion criteria for our review. The majority of the included articles focused on removing categories of personal health information identified by the Health Insurance Portability and Accountability Act (HIPAA). The de-identification methods they described combined rule-based methods or machine learning with other strategies such as deep learning.

Conclusion

Our review identifies and categorises de-identification methods for free text data as rule-based methods, machine learning, deep learning and a combination of these and other approaches. Most of the articles we found in our search refer to de-identification methods that target some or all categories of PHII. Our review also highlights how de-identification systems for free text data have evolved over time and points to hybrid approaches as the most promising approach for the future.

Systemic Risk Management Plan for Electronic Medical Records (EMR): Why and How?

Electronic patient data use and handling are critical issues in terms of privacy, confidentiality, security, and the Health Insurance Portability and Accountability Act (HIPAA) regulations. The risks associated with electronic patient data are not limited to identity theft but rather include a person's social, economic, and psychological well-being. However, there have not been many studies that have focused on the associated risk factors that could lead to these situations. This paper identifies those risks related to electronic patient data breaches by means of a grounded theory approach and develops a systemic risk management plan that enables engineering managers and risk managers to more effectively and efficiently overcome risks associated with electronic patient data. Purpose: The purpose of this paper is to identify the risks associated with electronic patient data breach using a grounded theory approach and also to recommend a set of guidelines to support a better, effective, and efficient system and thereby overcome these risks. Patients and methods: No patients were involved either to participate in this study or any of their opinions are reflected with this research.

Embedding research study recruitment within the patient portal preCheck-in

OBJECTIVE

Patient portals are increasingly used to recruit patients in research studies, but communication response rates remain low without tactics such as financial incentives or manual outreach. We evaluated a new method of study enrollment by embedding a study information sheet and HIPAA authorization form (HAF) into the patient portal preCheck-in (where patients report basic information like allergies).

MATERIALS AND METHODS

Eligible patients who enrolled received an after-visit patient-reported outcomes survey through the patient portal. No additional recruitment/messaging efforts were made.

RESULTS

A total of 386 of 843 patients completed preCheck-in, 308 of whom signed the HAF and enrolled in the study (37% enrollment rate). Of 93 patients who were eligible to receive the after-visit survey, 45 completed it (48% completion rate).

CONCLUSION

Enrollment and survey completion rates were higher than what is typically seen with recruitment by patient portal messaging, suggesting that preCheck-in recruitment can enhance research study recruitment and warrants further investigation.

Which information locations in covered entities under HIPAA must be secured first? A multi-criteria decision-making approach

Creating adequate safeguards for physical and online locations (e.g., desktop computers, network servers) where protected health information (PHI) may be breached is critical for management within entities compliant with the Health Information Portability and Accountability Act (HIPAA). With the increasing complexity of cyber breaches and budgetary issues, prioritizing which locations require the most immediate attention by top management through a data-driven model is more important than ever. Using CORAS threat modeling and five methods for multi-criteria decision-making, these locations were ranked from greatest to least risk of data breaches. Statistical methods were subsequently used for consistency and robustness checks. The findings illustrate that each type of covered entity under HIPAA must prioritize a different set of locations to safeguard first: health care providers must focus on the security of network servers, other portable electronic devices, and category of others (i.e., miscellaneous locations); health plans must focus on the security of paper and films, network servers, and others; and business associates must focus on the security of category of others, network servers, and other portable electronic devices. Combined with data on the source of the breaches (external vs. internal) and type of threats (e.g., hacking, theft), these findings provide recommendations for risk identification for privacy officers across health care.

Return of Results in Genomic Research Using Large-Scale or Whole Genome Sequencing: Toward a New Normal

Genome sequencing is increasingly used in research and integrated into clinical care. In the research domain, large-scale analyses, including whole genome sequencing with variant interpretation and curation, virtually guarantee identification of variants that are pathogenic or likely pathogenic and actionable. Multiple guidelines recommend that findings associated with actionable conditions be offered to research participants in order to demonstrate respect for autonomy, reciprocity, and participant interests in health and privacy. Some recommendations go further and support offering a wider range of findings, including those that are not immediately actionable. In addition, entities covered by the US Health Insurance Portability and Accountability Act (HIPAA) may be required to provide a participant's raw genomic data on request. Despite these widely endorsed guidelines and requirements, the implementation of return of genomic results and data by researchers remains uneven. This article analyzes the ethical and legal foundations for researcher duties to offer adult participants their interpreted results and raw data as the new normal in genomic research.

Nonspecific deidentification of date-like text in deidentified clinical notes enables reidentification of dates

To facilitate the secondary usage of electronic health record data for research, the University of California, San Francisco (UCSF) recently implemented a clinical data warehouse including, among other data, deidentified clinical notes and reports, which are available to UCSF researchers without Institutional Review Board approval. For deidentification of these notes, most of the Health Insurance Portability and Accountability Act identifiers are redacted, but dates are transformed by shifting all dates for a patient back by the same random number of days. We describe an issue in which nonspecific (ie, excess) transformation of nondate, date-like text by this deidentification process enables reidentification of all dates, including birthdates, for certain patients. This issue undercuts the common assumption that excess deidentification is a safe tradeoff to protect patient privacy. We present this issue as a caution to other institutions that may also be considering releasing deidentified notes for research.

Securing Your Radiology Practice: Evidence-Based Strategies for Radiologists Compiled From 10 Years of Cyberattacks and HIPAA Breaches Involving Medical Imaging

While there is significant literature discussing physical and cybersecurity risks around health information technology in general, the number of publications that specifically address medical imaging is much smaller, and many of these focus on the technical security requirements for the exchange of medical images over public networks rather than practical guidelines for radiologists and technicians. This study examines the US Department of Health and Human Services database of reported breaches involving medical imaging from 2010-2020, identifies the most common contributing factors to those breaches, and offers recommendations for radiology practices to prevent each, based on the National Institute of Standards and Technology (NIST) guidelines as well as measures proposed in the literature on health information technology.

Synergies between centralized and federated approaches to data quality: a report from the national COVID cohort collaborative

OBJECTIVE

In response to COVID-19, the informatics community united to aggregate as much clinical data as possible to characterize this new disease and reduce its impact through collaborative analytics. The National COVID Cohort Collaborative (N3C) is now the largest publicly available HIPAA limited dataset in US history with over 6.4 million patients and is a testament to a partnership of over 100 organizations.

MATERIALS AND METHODS

We developed a pipeline for ingesting, harmonizing, and centralizing data from 56 contributing data partners using 4 federated Common Data Models. N3C data quality (DQ) review involves both automated and manual procedures. In the process, several DQ heuristics were discovered in our centralized context, both within the pipeline and during downstream project-based analysis. Feedback to the sites led to many local and centralized DQ improvements.

RESULTS

Beyond well-recognized DQ findings, we discovered 15 heuristics relating to source Common Data Model conformance, demographics, COVID tests, conditions, encounters, measurements, observations, coding completeness, and fitness for use. Of 56 sites, 37 sites (66%) demonstrated issues through these heuristics. These 37 sites demonstrated improvement after receiving feedback.

DISCUSSION

We encountered site-to-site differences in DQ which would have been challenging to discover using federated checks alone. We have demonstrated that centralized DQ benchmarking reveals unique opportunities for DQ improvement that will support improved research analytics locally and in aggregate.

CONCLUSION

By combining rapid, continual assessment of DQ with a large volume of multisite data, it is possible to support more nuanced scientific questions with the scale and rigor that they require.

De-identifying Socioeconomic Data at the Census Tract Level for Medical Research Through Constraint-based Clustering

Numerous studies have shown that a person's health status is closely related to their socioeconomic status. It is evident that incorporating socioeconomic data associated with a patient's geographic area of residence into clinical datasets will promote medical research. However, most socioeconomic variables are unique in combination and are affiliated with small geographical regions (e.g., census tracts) that are often associated with less than 20,000 people. Thus, sharing such tract-level data can violate the Safe Harbor implementation of de-identification under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In this paper, we introduce a constraint-based k-means clustering approach to generate census tract-level socioeconomic data that is de-identification compliant. Our experimental analysis with data from the American Community Survey illustrates that the approach generates a protected dataset with high similarity to the unaltered values, and achieves a substantially better data utility than the HIPAA Safe Harbor recommendation of 3-digit ZIP code.

Natural Language Processing for Enterprise-scale De-identification of Protected Health Information in Clinical Notes

Patient privacy is a major concern when allowing data sharing and the flow of health information. Hence, de-identification and anonymization techniques are used to ensure the protection of patient health information while supporting the secondary uses of data to advance the healthcare system and improve patient outcomes. Several de-identification tools have been developed for free-text, however, this research focuses on developing notes de-identification and adjudication framework that has been tested for i2b2 searches. The aim is to facilitate clinical notes research without an additional HIPAA approval process or consent by a clinician or patient especially for narrative free-text notes such as physician and nursing notes. In this paper, we build a scalable, accurate, and maintainable pipeline for notes de-identification utilizing the natural language processing and REDCap database as a method of adjudication verification. The system is deployed at an enterprise-scale where researchers can search and visualize over 45 million de-identified notes hosted in an i2b2 instance.

Privacy protection of medical data in social network

BACKGROUND

Protection of privacy data published in the health care field is an important research field. The Health Insurance Portability and Accountability Act (HIPAA) in the USA is the current legislation for privacy protection. However, the Institute of Medicine Committee on Health Research and the Privacy of Health Information recently concluded that HIPAA cannot adequately safeguard the privacy, while at the same time researchers cannot use the medical data for effective researches. Therefore, more effective privacy protection methods are urgently needed to ensure the security of released medical data.

METHODS

Privacy protection methods based on clustering are the methods and algorithms to ensure that the published data remains useful and protected. In this paper, we first analyzed the importance of the key attributes of medical data in the social network. According to the attribute function and the main objective of privacy protection, the attribute information was divided into three categories. We then proposed an algorithm based on greedy clustering to group the data points according to the attributes and the connective information of the nodes in the published social network. Finally, we analyzed the loss of information during the procedure of clustering, and evaluated the proposed approach with respect to classification accuracy and information loss rates on a medical dataset.

RESULTS

The associated social network of a medical dataset was analyzed for privacy preservation. We evaluated the values of generalization loss and structure loss for different values of k and a, i.e. [Formula: see text] = {3, 6, 9, 12, 15, 18, 21, 24, 27, 30}, a = {0, 0.2, 0.4, 0.6, 0.8, 1}. The experimental results in our proposed approach showed that the generalization loss approached optimal when a = 1 and k = 21, and structure loss approached optimal when a = 0.4 and k = 3.

CONCLUSION

We showed the importance of the attributes and the structure of the released health data in privacy preservation. Our method achieved better results of privacy preservation in social network by optimizing generalization loss and structure loss. The proposed method to evaluate loss obtained a balance between the data availability and the risk of privacy leakage.

A Revised ICD-10-CM Surveillance Case Definition for Injury-related Emergency Department Visits

Background-Administrative data from medical claims are often used for injury surveillance. Effective October 1, 2015, hospitals covered by the Health Insurance Portability and Accountability Act were required to use the International Classification of Diseases, 10th Revision, Clinical Modification (ICD-10-CM) to report medical information in administrative data. In 2017, the National Center for Health Statistics (NCHS) and the National Center for Injury Prevention and Control (NCIPC) published a proposed ICD-10-CM surveillance case definition for injuryrelated emergency department (ED) visits. At the time, ICD-10-CM coded data were not available for testing. When data became available, NCHS and NCIPC collaborated with the Council of State and Territorial Epidemiologists and epidemiologists from state and local health departments to test and update the proposed definition. This report summarizes the results and presents the 2021 revised ICD-10-CM surveillance case definition.

The digital doctor: telemedicine in facial plastic surgery

PURPOSE OF REVIEW

In the setting of the COVID-19 global pandemic, the demand for and use of telemedicine has surged in facial plastic and reconstructive surgery. This review aims to objectively review and summarize the existing evidence for the use of telemedicine within facial plastic surgery.

RECENT FINDINGS

Telemedicine has been successfully implemented among subsets of facial plastic surgery patients, with high patient and provider satisfaction. Although the technology to facilitate telemedicine exists and preliminary studies demonstrate promise, multiple technological, financial, and medical barriers may persist in the postpandemic era.

SUMMARY

Telemedicine will likely continue to grow and expand within facial plastic surgery moving forward, and we should continue to critically evaluate patient selection, access to care, and strategies for effective implementation to enhance current clinical practices.

Radiological Imaging Transmission via Smartphones by Neurosurgery Residents in the United States

BACKGROUND

Neurosurgery requires the communication of radiological imaging. Smartphones are increasingly used for this purpose because of the efficiency and convenience of integrated cameras and native Multimedia Messaging Service (MMS) functionality. There is inconsistency among hospitals regarding policies addressing this use as it relates to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Some hospitals offer a HIPAA-compliant secure messaging application (SMA) as a substitute. The authors hypothesized that the use of smartphones for sharing radiological imaging would be commonplace among residents. We sought to characterize usage patterns, resident awareness of policies and HIPPA, and the effectiveness of SMAs as a means of avoiding HIPAA violations.

METHODS

An electronic dynamic questionnaire was sent to all 116 Accreditation Council for Graduate Medical Education-accredited US neurosurgery residency program directors and coordinators to be forwarded to their residents.

RESULTS

A total of 100 responses were received, representing 49 residency programs. Ninety-two (92%) residents reported using MMS to transmit radiological imaging. Twenty-six (26%) reported doing so with patient identifiers. Roughly half (48%) of residents were unaware of policies regarding imaging transmission via MMS at their institutions. Among the 17 (35%) programs providing SMAs, only 3 of 27 (11%) residents in these programs did not use MMS for image transmission.

CONCLUSIONS

The data suggest that there is widespread resident use of MMS for image transmission, regardless of policy and the availability of alternative HIPAA-compliant applications. Knowledge of local institutional policies and HIPAA privacy rules is poor. Alternative strategies are needed to prevent HIPAA-noncompliant transmission of imaging by residents.

Sharing ICU Patient Data Responsibly Under the Society of Critical Care Medicine/European Society of Intensive Care Medicine Joint Data Science Collaboration: The Amsterdam University Medical Centers Database (AmsterdamUMCdb) Example

OBJECTIVES

Critical care medicine is a natural environment for machine learning approaches to improve outcomes for critically ill patients as admissions to ICUs generate vast amounts of data. However, technical, legal, ethical, and privacy concerns have so far limited the critical care medicine community from making these data readily available. The Society of Critical Care Medicine and the European Society of Intensive Care Medicine have identified ICU patient data sharing as one of the priorities under their Joint Data Science Collaboration. To encourage ICUs worldwide to share their patient data responsibly, we now describe the development and release of Amsterdam University Medical Centers Database (AmsterdamUMCdb), the first freely available critical care database in full compliance with privacy laws from both the United States and Europe, as an example of the feasibility of sharing complex critical care data.

SETTING

University hospital ICU.

SUBJECTS

Data from ICU patients admitted between 2003 and 2016.

INTERVENTIONS

We used a risk-based deidentification strategy to maintain data utility while preserving privacy. In addition, we implemented contractual and governance processes, and a communication strategy. Patient organizations, supporting hospitals, and experts on ethics and privacy audited these processes and the database.

MEASUREMENTS AND MAIN RESULTS

AmsterdamUMCdb contains approximately 1 billion clinical data points from 23,106 admissions of 20,109 patients. The privacy audit concluded that reidentification is not reasonably likely, and AmsterdamUMCdb can therefore be considered as anonymous information, both in the context of the U.S. Health Insurance Portability and Accountability Act and the European General Data Protection Regulation. The ethics audit concluded that responsible data sharing imposes minimal burden, whereas the potential benefit is tremendous.

CONCLUSIONS

Technical, legal, ethical, and privacy challenges related to responsible data sharing can be addressed using a multidisciplinary approach. A risk-based deidentification strategy, that complies with both U.S. and European privacy regulations, should be the preferred approach to releasing ICU patient data. This supports the shared Society of Critical Care Medicine and European Society of Intensive Care Medicine vision to improve critical care outcomes through scientific inquiry of vast and combined ICU datasets.

Use of Telemedicine and Smart Technology in Obstetrics: Barriers and Privacy Issues

While telemedicine had been utilized in varying ways over the last several years, it has dramatically accelerated in the era of the COVID-19 pandemic. In this article we describe the privacy issues, in relation to the barriers to care for health care providers and barriers to the obstetric patient, licensing and payments for telehealth services, technological issues and language barriers. While there may be barriers to the use of telehealth services this type of care is feasible and the barriers are surmountable.

How US law will evaluate artificial intelligence for covid-19

Daniel E Ho and colleagues explore the legal implications of using artificial intelligence in the response to covid-19 and call for more robust evaluation frameworks

Can caregivers trust information technology in the care of their patients? A systematic review

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires that healthcare providers allow patients to engage in their healthcare by allowing access to their health records. Often patients need informal caregivers including family members or others to help them with their care. This paper explores whether trust is a key factor for informal caregivers' decision to use health information technologies (HIT) including electronic health records (EHR), patient portals, mobile apps, or other devices to care for their patient. Six reviewers conducted a comprehensive search of four literature databases using terms that pertained to a caregiver and trust to investigate the role trust plays when caregivers use HIT. While trust is a key factor for the use of HIT, it the researchers only identified ten articles that met the research question thresholds. Four main topics of trust surfaced including perceived confidentiality, perceived security, technological malfunction, and trustworthiness of the information. Trust is a critical factor for informal caregivers when using HIT to assist in the care of their patient (child, loved one, parent, or acquaintance). Based on the findings, it is clear that more research on the use of HIT by caregivers is needed.

Health Information Privacy Laws in the Digital Age: HIPAA Doesn't Apply

The notion of health information privacy has evolved over time as the healthcare industry has embraced technology. Where once individuals were concerned about the privacy of their conversations and financial information, the digitization of health data has created new challenges for those responsible for ensuring that patient information remains secure and private. Coupled with the lack of updated, overarching legislation, a critical gap exists between advancements in technology, consumer informatics tools and privacy regulations. Almost twenty years after the HIPAA (Health Insurance Portability and Accountability Act) compliance date, the healthcare industry continues to seek solutions to privacy challenges absent formal contemporary law. Since HIPAA, a few attempts have been made to control specific aspects of health information including genetic information and use of technology however none were visionary enough to address issues seen in today's digital data focused healthcare environment. The proliferation of digital health data, trends in data use, increased use of telehealth applications due to COVID-19 pandemic and the consumer's participatory role in healthcare all create new challenges not covered by the existing legal framework. Modern efforts to address this dilemma have emerged in state and international law though the United States healthcare industry continues to operate under a law written two decades ago. As technology continues to advance at a rapid pace along with consumers playing a greater role in the management of their healthcare through digital health the privacy guidance provided by federal law must also shift to reflect the new reality.

Ethical and Legal Implications of Remote Monitoring of Medical Devices

Policy Points Millions of life-sustaining implantable devices collect and relay massive amounts of digital health data, increasingly by using user-downloaded smartphone applications to facilitate data relay to clinicians via manufacturer servers. Our analysis of health privacy laws indicates that most US patients may have little access to their own digital health data in the United States under the Health Insurance Portability and Accountability Act Privacy Rule, whereas the EU General Data Protection Regulation and the California Consumer Privacy Act grant greater access to device-collected data. Our normative analysis argues for consistently granting patients access to the raw data collected by their implantable devices.

CONTEXT

Millions of life-sustaining implantable devices collect and relay massive amounts of digital health data, increasingly by using user-downloaded smartphone applications to facilitate data relay to clinicians via manufacturer servers. Whether patients have either legal or normative claims to data collected by these devices, particularly in the raw, granular format beyond that summarized in their medical records, remains incompletely explored.

METHODS

Using pacemakers and implantable cardioverter-defibrillators (ICDs) as a clinical model, we outline the clinical ecosystem of data collection, relay, retrieval, and documentation. We consider the legal implications of US and European privacy regulations for patient access to either summary or raw device data. Lastly, we evaluate ethical arguments for or against providing patients access to data beyond the summaries presented in medical records.

FINDINGS

Our analysis of applicable health privacy laws indicates that US patients may have little access to their raw data collected and held by device manufacturers in the United States under the Health Insurance Portability and Accountability Act Privacy Rule, whereas the EU General Data Protection Regulation (GDPR) grants greater access to device-collected data when the processing of personal data falls under the GDPR's territorial scope. The California Consumer Privacy Act, the "little sister" of the GDPR, also grants greater rights to California residents. By contrast, our normative analysis argues for consistently granting patients access to the raw data collected by their implantable devices. Smartphone applications are increasingly involved in the collection, relay, retrieval, and documentation of these data. Therefore, we argue that smartphone user agreements are an emerging but potentially underutilized opportunity for clarifying both legal and ethical claims for device-derived data.

CONCLUSIONS

Current health privacy legislation incompletely supports patients' normative claims for access to digital health data.

US Privacy Laws Go Against Public Preferences: Impeding Public Health and Research (Preprint)

Background

Reaping the benefits from massive volumes of data collected in all sectors to improve population health, inform personalized medicine, and transform biomedical research requires the delicate balance between the benefits and risks of using individual-level data. There is a patchwork of US data protection laws that vary depending on the type of data, who is using it, and their intended purpose. Differences in these laws challenge big data projects using data from different sources. The decisions to permit or restrict data uses are determined by elected officials; therefore, constituent input is critical to finding the right balance between individual privacy and public benefits.

Objective

This study explores the US public’s preferences for using identifiable data for different purposes without their consent.

Methods

We measured data use preferences of a nationally representative sample of 504 US adults by conducting a web-based survey in February 2020. The survey used a choice-based conjoint analysis. We selected choice-based conjoint attributes and levels based on 5 US data protection laws (Health Insurance Portability and Accountability Act, Family Educational Rights and Privacy Act, Privacy Act of 1974, Federal Trade Commission Act, and the Common Rule). There were 72 different combinations of attribute levels, representing different data use scenarios. Participants were given 12 pairs of data use scenarios and were asked to choose the scenario they were the most comfortable with. We then simulated the population preferences by using the hierarchical Bayes regression model using the ChoiceModelR package in R.

Results

Participants strongly preferred data reuse for public health and research than for profit-driven, marketing, or crime-detection activities. Participants also strongly preferred data use by universities or nonprofit organizations over data use by businesses and governments. Participants were fairly indifferent about the different types of data used (health, education, government, or economic data).

Conclusions

Our results show a notable incongruence between public preferences and current US data protection laws. Our findings appear to show that the US public favors data uses promoting social benefits over those promoting individual or organizational interests. This study provides strong support for continued efforts to provide safe access to useful data sets for research and public health. Policy makers should consider more robust public health and research data use exceptions to align laws with public preferences. In addition, policy makers who revise laws to enable data use for research and public health should consider more comprehensive protection mechanisms, including transparent use of data and accountability.

Medical Records: More Than the Health Insurance Portability and Accountability Act

It is the responsibility of each organization, including private practice businesses, to maintain a comprehensive medical records retention policy. While registered dietitian nutritionists (RDNs) are qualified and competent business owners, navigating through the challenges of proper medical record management can be difficult without a sound policy. A comprehensive medical record retention policy consists of 4 major components: creation, utilization, maintenance, and destruction as well as a retention schedule. Successful implementation of a comprehensive medical record retention policy promotes positive clinician-patient interaction and avoidance of potential legal ramifications.

Participation in patient support forums may put rare disease patient data at risk of re-identification

BACKGROUND

Rare disease patients often struggle to find both medical advice and emotional support for their diagnosis. Consequently, many rare disease patient support forums have appeared on hospital webpages, social media sites, and on rare disease foundation sites. However, we argue that engagement in these groups may pose a healthcare data privacy threat to many participants, since it makes a series of patient indirect identifiers 'readily available' in combination with rare disease conditions. This information produces a risk of re-identification because it may allow a motivated attacker to use the unique combination of a patient's identifiers and disease condition to re-identify them in anonymized data.

RESULTS

To assess this risk of re-identification, patient direct and indirect identifiers were mined from patient support forums for 80 patients across eight rare diseases. This data mining consisted of scanning patient testimonials, social media sites, and public records for the collection of identifiers linked to a rare disease patient. The number of people in the United States that may share each patient's combination of marital status, 3-digit ZIP code, age, and sex, as well as their rare disease condition, was then estimated, as such information is commonly found in health records which have undergone de-identification by HIPAA's 'Safe Harbor.' The study showed that by these estimations, nearly 75% of patients could be at high risk for re-identification in healthcare datasets in which they appear, due to their unique combination of identifiers.

CONCLUSIONS

The results of this study show that these rare disease patients, due to their choice to provide support for their community, are putting all their healthcare data at risk of re-identification. This paper demonstrates how simple adjustments to participation guidelines in such support forums, in combination with improved privacy measures at the organizational level, could mitigate this risk of re-identification. Additionally, this paper suggests the potential for future investigation into consideration of certain 'risky' International Classification of Diseases (ICD) codes as quasi-identifiers in de-identified datasets to further protect patients' privacy, while maintaining the utility of such rare disease support groups.

Developments in Privacy and Data Ownership in Mobile Health Technologies, 2016-2019

OBJECTIVES

To survey international regulatory frameworks that serve to protect privacy of personal data as a human right as well as to review the literature regarding privacy protections and data ownership in mobile health (mHealth) technologies between January 1, 2016 and June 1, 2019 in order to identify common themes.

METHODS

We performed a review of relevant literature available in English published between January 1, 2016 and June 1, 2019 from databases including PubMed, Google Scholar, and Web of Science, as well as relevant legislative background material. Articles out of scope (as detailed below) were eliminated. We categorized the remaining pool of articles and discrete themes were identified, specifically: concerns around data transmission and storage, including data ownership and the ability to re-identify previously de-identified data; issues with user consent (including the availability of appropriate privacy policies) and access control; and the changing culture and variable global attitudes toward privacy of health data.

RESULTS

Recent literature demonstrates that the security of mHealth data storage and transmission remains of wide concern, and aggregated data that were previously considered "de-identified" have now been demonstrated to be re-identifiable. Consumer-informed consent may be lacking with regard to mHealth applications due to the absence of a privacy policy and/or to text that is too complex and lengthy for most users to comprehend. The literature surveyed emphasizes improved access control strategies. This survey also illustrates a wide variety of global user perceptions regarding health data privacy.

CONCLUSION

The international regulatory framework that serves to protect privacy of personal data as a human right is diverse. Given the challenges legislators face to keep up with rapidly advancing technology, we introduce the concept of a "healthcare fiduciary" to serve the best interest of data subjects in the current environment.

Using word embeddings to improve the privacy of clinical notes

OBJECTIVE

In this work, we introduce a privacy technique for anonymizing clinical notes that guarantees all private health information is secured (including sensitive data, such as family history, that are not adequately covered by current techniques).

MATERIALS AND METHODS

We employ a new "random replacement" paradigm (replacing each token in clinical notes with neighboring word vectors from the embedding space) to achieve 100% recall on the removal of sensitive information, unachievable with current "search-and-secure" paradigms. We demonstrate the utility of this paradigm on multiple corpora in a diverse set of classification tasks.

RESULTS

We empirically evaluate the effect of our anonymization technique both on upstream and downstream natural language processing tasks to show that our perturbations, while increasing security (ie, achieving 100% recall on any dataset), do not greatly impact the results of end-to-end machine learning approaches.

DISCUSSION

As long as current approaches utilize precision and recall to evaluate deidentification algorithms, there will remain a risk of overlooking sensitive information. Inspired by differential privacy, we sought to make it statistically infeasible to recreate the original data, although at the cost of readability. We hope that the work will serve as a catalyst to further research into alternative deidentification methods that can address current weaknesses.

CONCLUSION

Our proposed technique can secure clinical texts at a low cost and extremely high recall with a readability trade-off while remaining useful for natural language processing classification tasks. We hope that our work can be used by risk-averse data holders to release clinical texts to researchers.

Confidentiality and Capacity

This article focuses on confidentiality and capacity issues affecting patients receiving care in the emergency department. The patient-physician relationship begins with presumed confidentiality. The article also clarifies instances where a physician may be required to break confidentiality for the safety of patients or others. This article then discusses risk management issues relevant to determining a patient's capacity to accept or decline medical care in the emergency department setting. Situations pertaining to refusal of care and discharges against medical advice are examined in detail, and best practices for mitigating risk in informed consent and barriers to consent are reviewed.

Mobile Point-of-Care Medical Photography: Legal Considerations for Health Care Providers

Medical photographs have been used for decades to document clinical findings. The ease with which medical photographs can be captured and integrated into the electronic health record (EHR) has increased as digital cameras obviated the need for the film development process. Today, cameras integrated into smartphones allow for high-resolution images to be instantly uploaded and integrated into the EHR. With major EHR vendors offering mobile smartphone applications for the conduct of point-of-care medical photography, health care providers and institutions need to be aware of legal questions that arise in the conduct of medical photography. Namely, (1) what are the requirements for consent when taking medical photographs, and how may photographs be used after consent is obtained, (2) are medical photographs admissible as evidence in court, and (3) how should a provider respond to a request by a patient or parent requesting that a photograph be deleted from the medical record? Herein, we review relevant laws and legal cases in the context of accepted standards of medical practice pertaining to point-of-care medical photography. This review is intended to aid health care providers and institutions seeking to develop or revise policies regarding using a mobile application at their clinical practice.

Integrating Rules for Genomic Research, Clinical Care, Public Health Screening and DTC Testing: Creating Translational Law for Translational Genomics

Human genomics is a translational field spanning research, clinical care, public health, and direct-to-consumer testing. However, law differs across these domains on issues including liability, consent, promoting quality of analysis and interpretation, and safeguarding privacy. Genomic activities crossing domains can thus encounter confusion and conflicts among these approaches. This paper suggests how to resolve these conflicts while protecting the rights and interests of individuals sequenced. Translational genomics requires this more translational approach to law.

The Perils of Parity: Should Citizen Science and Traditional Research Follow the Same Ethical and Privacy Principles?

The individual right of access to one's own data is a crucial privacy protection long recognized in U.S. federal privacy laws. Mobile health devices and research software used in citizen science often fall outside the HIPAA Privacy Rule, leaving participants without HIPAA's right of access to one's own data. Absent state laws requiring access, the law of contract, as reflected in end-user agreements and terms of service, governs individuals' ability to find out how much data is being stored and how it might be shared with third parties. Efforts to address this problem by establishing norms of individual access to data from mobile health research unfortunately can run afoul of the FDA's investigational device exemption requirements.

From Genetics to Genomics: Facing the Liability Implications in Clinical Care

Health care is transitioning from genetics to genomics, in which single-gene testing for diagnosis is being replaced by multi-gene panels, genome-wide sequencing, and other multi-genic tests for disease diagnosis, prediction, prognosis, and treatment. This health care transition is spurring a new set of increased or novel liability risks for health care providers and test laboratories. This article describes this transition in both medical care and liability, and addresses 11 areas of potential increased or novel liability risk, offering recommendations to both health care and legal actors to address and manage those liability risks.

The Streetlight Effect: Regulating Genomics Where the Light Is

Regulatory policy for genomic testing may be subject to biases that favor reliance on existing regulatory frameworks even when those frameworks carry unintended legal consequences or may be poorly tailored to the challenges genomic testing presents. This article explores three examples drawn from genetic privacy regulation, oversight of clinical uses of genomic information, and regulation of genomic software. Overreliance on expedient regulatory approaches has a potential to undercut complete and durable solutions.

Protecting Participants in Genomic Research: Understanding the "Web of Protections" Afforded by Federal and State Law

Researchers now commonly collect biospecimens for genomic analysis together with information from mobile devices and electronic health records. This rich combination of data creates new opportunities for understanding and addressing important health issues, but also intensifies challenges to privacy and confidentiality. Here, we elucidate the "web" of legal protections for precision medicine research by integrating findings from qualitative interviews with structured legal research and applying them to realistic research scenarios involving various privacy threats.

Hospitals should act now to notify patients about research use of their data and biospecimens

Private industry is increasingly soliciting hospitals to sell or share health data and biospecimens, but current laws offer more disclosure and consent protections for research participants than for patients receiving clinical care. Hospitals can offer more protections than required by law, however, and should move toward greater transparency with their patients about the research use of clinical health data and biospecimens to respect patients and avoid distrust.

Privacy and Security Issues with Mobile Health Research Applications

This article examines the privacy and security issues associated with mobile application-mediated health research, concentrating in particular on research conducted or participated in by independent scientists, citizen scientists, and patient researchers. Building on other articles in this issue that examine state research laws and state data protection laws as possible sources of privacy and security protections for mobile research participants, this article focuses on the lack of application of federal standards to mobile application-mediated health research. As discussed in more detail below, the voluminous and diverse data collected by some independent scientists who use mobile applications to conduct health research may be at risk for unregulated privacy and security breaches, leading to dignitary, psychological, and economic harms for which participants have few legally enforceable rights or remedies under current federal law. Federal lawmakers may wish to consider enacting new legislation that would require otherwise unregulated health data holders to implement reasonable data privacy, security, and breach notification measures.

Hacking HIPAA: "Best Practices" for Avoiding Oversight in the Sale of Your Identifiable Medical Information

In light of the confusion invited by applying the label "de-identified" to information that can be used to identify patients, it is paramount that regulators, compliance professionals, patient advocates and the general public understand the significant differences between the standards applied by HIPAA and those applied by permissive "de-identification guidelines." This Article discusses those differences in detail. The discussion proceeds in four Parts. Part II (HIPAA's Heartbeat: Why HIPAA Protects Identifiable Patient Information) examines Congress's motivations for defining individually identifiable health information broadly, which included to stop the harms patients endured prior to 1996 arising from the commercial sale of their medical records. Part III (Taking the "I" Out of Identifiable Information: HIPAA's Requirements for De-Identified Health Information) discusses HIPAA's requirements for de-identification that were never intended to create a loophole for identifiable patient information to escape HIPAA's protections. Part IV (Anatomy of a Hack: Methods for Labeling Identifiable information "De-Identified") examines the goals, methods, and results of permissive "de-identification guidelines" and compares them to HIPAA's requirements. Part V (Protecting Un-Protected Health Information) evaluates the suitability of permissive "de-identification guidelines," concluding that the vulnerabilities inherent in their current articulation render them ineffective as a data protection standard. It also discusses ways in which compliance professionals, regulators, and advocates can foster accountability and transparency in the utilization of health information that can be used to identify patients.

California Takes the Lead on Data Privacy Law

In the early 1970s, Congress considered enacting comprehensive privacy legislation, but it was unable to do so. In 1974, it passed the Privacy Act, applicable only to information in the possession of the federal government. In the intervening years, other information privacy laws enacted by Congress, such as the Health Insurance Portability and Accountability Act, have been weak and sector specific. With the explosion of information technology and the growing concerns about an absence of effective federal privacy laws, the legal focus has shifted to the states. Signaling a new direction in state data privacy and consumer protection law, the California Consumer Privacy Act establishes important rights and protections for California residents with regard to the collection, use, disclosure, and sale of their personal information. The CCPA is certain to spur similar legislation and to affect national and international businesses that collect data from California's residents. Understanding the new law is important for all data-driven industries, including health care.

Becoming a Hybrid Entity: A Policy Option for Public Health

When Congress passed HIPAA, it did not intend to constrain public health's data sharing in the same way as clinical or payers. In fact, HIPAA recognizes data sharing with public health as a matter of national priority and shields this function from its reach. However, a health department may offer services that bring it within HIPAA's purview, such as running a Children's Health Insurance Program or a laboratory that bills electronically. When this is the case, HIPAA requires all information and departments be subject to HIPAA unless the public health authority chooses to hybridize. Health departments might re-assess their coverage and elect to become a hybrid entity, thereby restricting HIPAA to only where required and removing barriers to information sharing with communities.