270 likes | 374 Views
Beyond Privacy Policies: Assessing Inherent Privacy Risks of Consumer Health Services. Jens Weber, PhD, PEng James Williams, JD, Msc, Phd (cand). Work performed for the Privacy Commissioner of Canada. Examining consumer health informatics applications. Contributions: Taxonomy of offerings
E N D
Beyond Privacy Policies:Assessing Inherent Privacy Risks of Consumer Health Services Jens Weber, PhD, PEng James Williams, JD, Msc, Phd (cand)
Work performed for the Privacy Commissioner of Canada. Examining consumer health informatics applications. Contributions: Taxonomy of offerings Ratings tools from a consumer perspective Evaluation of certification regimes. Context
Overview • What are consumer health applications? • What schemes exist to rate privacy/security concerns? • A new rating methodology.
Consumer Health Applications • prime objective of CHI: “to empower consumers by putting health information into their hands..... such as diagnoses, lab results, personal risk factors, and prescribed drugs.” • Not necessarily electronic.
Consumer Health Applications • Taxonomy: • (1) information aids • (2) decision aids • (3) education aids • (4) management aids • (5) health sales services • (6) meta/ratings services
CHA – Information Aids • Information aids provide consumers with services to: • (a) access • (b) store • (c) control • (d) distribute their PHI.
CHA – Decision Aids • computer-supported services that take into account PHI in order to aid consumers in making health-related decisions. • Eg: telemediated or automated clinics, questionnaires.
CHA – Education Aids • Services that promote health literacy. • Eg, medical blogs, serious games, story collections, static websites.
CHA- Management Aids • Applications that support consumers in the ongoing longterm management of aspects of their health • Support group services: forums, chat rooms, etc. • Telemonitoring.
CHA- Rating Services • Provider rating services: allow consumers to rate care providers. • Application rating services. • Special case: application certification. ie. HONcode.
Rating Schemes • What about rating privacy risks? • Most privacy risk assessment methods are designed for organizations that manage PHI. (i.e., IPC Ontario, David Flaherty).
Rating Schemes • Buffet and Kosa: • assess consumer privacy risk using assignment of probability and utility values to statements in privacy policies. • the probability represents the degree that users agree with a particular policy statement • Utility represents the degree that the users endorse a particular policy statement.
Rating Schemes • Patient Privacy Rights (PPR) foundation. • Uses 'report card' metaphor to assess how well privacy policies cover criteria from sources like common law, statutory law, etc.
Rating Schemes • Policy-based risk assessment methods are effective tools for assisting consumers to assess the privacy risks that are apparent from privacy policies. • Do not address the inherent risks of an entire spectrum of different service types. • Do not catch more subtle privacy threats, such as indirect information disclosure due to targeted advertisements and social computing
Rating Schemes • Ourapproach: a complementary tool to aid consumers in gauging the inherent privacy risks associated with consumer health services. • The tool was developed based on a systematic review of the types of services and their associated privacy risks.
Our Approach • How did we come up with this? • Risk identification based on CSA model code. • Systematic literature review. • Legal research (case law, admin law)
Our Approach • Example: Identifying Purposes and OPPs • OPPs are often not prominently presented to users of CHI applications. • OPPs are often presented as lengthy “fine print”, written in a language and structure that may obscure important aspects. • OPPs are often ‘hidden’ as part of even longer legal documents on the general terms of agreement for use of the online service.
Our Approach • four main risk criteria are determined by: • (1) the businessmodel of the CHI application • (2) the CHI servicetypes provided within the application • (3) the service deliverymodel • (4) the company ownership
Risks – Business Model • Marketingfunded: (high) revenue depends on exploiting PHI. Poss. for leaks, misuse. • Researchfunded: (high) possibility for secondary use. (PatientsLikeMe) • Employer/insurer: (med) secondary uses, data portability. • Consumerfunded: (low) vendor profits from subscription fees.
Risks – Service Type • App ratings services, education aids: low • Provider ratings: moderate • Decision/management aids: high, since they use PHI. Telemonitoring, etc. • Support service (social networks): highest. • Information aids: high. PHRs include comprehensive information.
Risks – Delivery Model • Locally installed: (user's pc) lowest • Mobile device: elevated risk due to possibility for theft or loss. • Hosted services: high risk. Breaches affect multiple consumers. • Cloud-based: highest. Third party service providers in other jurisdictions.
Risks – Company Ownership • Canadian companies: subject to legislation, relatively easy to challenge. • Foreign controlled Canadian companies: elevated risk. • Entirely foreign: highest risk.
Future Work • Implications of CHA: privacy law, law of evidence. Much to be done. • Empirical studies: use our model. Focus groups, case studies, or in practice. • Risk levels: much more to be done in refining our risk assessment.