marcus comiter, "data policy for internet of things healthcare devices: aligning patient,...
Upload: the-petrie-flom-center-for-health-law-policy-biotechnology-and-bioethics
Post on 23-Jan-2018
266 views
TRANSCRIPT
![Page 1: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/1.jpg)
Data Policy for Internet of Things Healthcare Devices:
May 6, 2016
Marcus ComiterHarvard University
Aligning Patient, Industry, and Privacy Goals in the Age of Big Data
![Page 2: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/2.jpg)
Digital
Physical
![Page 3: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/3.jpg)
Sense
Internet of Things (IoT)
Network
Take Actions
![Page 4: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/4.jpg)
Components of an IoT Healthcare System
Data Layer
Devices
Applications
![Page 5: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/5.jpg)
Types of Healthcare Data
Electronic Health Records
New data modalities:activity and sleeptrackers, daily bloodchemistry analyzers,24/7 heart ratemonitors
Internet of Things
Digital version ofexisting datamodalities
![Page 6: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/6.jpg)
Ramifications of the Healthcare IoT and Data Layer
• Fundamentally transform aspects of chronic disease prevention and treatment
• Medical Research• Long-‐term collection• Large-‐scale studies• New modalities
• New economic models• Provision of immediate incentives for healthy living via market forces
![Page 7: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/7.jpg)
Potential Futures
Innovation and Advancement
Misuse and Abuse Nothing at All
![Page 8: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/8.jpg)
>
Main Points
Comparative Approach: Looking to the Internet as a Model
The data collected from IoT healthcare devices is fundamentally different in nature from traditional sources of healthcare data, such as medical records, and far more similar to data characterized by the development of the Internet.
> Third Party Data Auditors (TPDAs) as a Solution
TPDAs are specialized, highly technical third party actors hired by individuals to audit the use of their healthcare data by data owners such as insurance companies, data brokers, and researchers. TPDAs address the shortcomings of the data policy regulation on the Internet by building in both a technical and policy regime to the Healthcare IoT and Data Layer itself that is aimed at explicitly aligning the incentives of patients, researchers, insurers, and government with the end goal of treating and preventing chronic disease while giving users full control over and understanding of their data.
![Page 9: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/9.jpg)
Outline of Talk
1. Considerations in Designing Policy for Data as a Healthcare Platform
1. Third Party Data Auditors: A New Solution
2. TPDAs Address Important Considerations in Data Policy
1. Policy Recommendations for Precipitating TPDAs
![Page 10: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/10.jpg)
Policy Considerations
![Page 11: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/11.jpg)
Consideration One
Individual Awareness
![Page 12: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/12.jpg)
Individual Awareness
• The ability of individuals to be cognizant of what data has been collected, and how it could possibly be used.
• Even when privacy may not exist, an awareness of this lack of privacy has utility
![Page 13: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/13.jpg)
Individual Awareness on the Internet
• The current model of data collection on the Internet greatly complicates, if not destroys, the concept of individual awareness.
• Structurally, the Internet has developed into a de facto surveillance state.
• The data collection happens surreptitiously: technology facilitates tremendous amounts of data collection without ever needing to inform or interact with its target• Incidental• Purposeful• Systematic
• Data brokers
![Page 14: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/14.jpg)
Individual Awareness in the Healthcare IoT
• The same challenges to consumer awareness discussed in the previous section, as well as additional ones, apply just as strongly to the Healthcare IoT and Data Layer
• Lack of consent mechanism for IoT devices (Activity Tracker example)
• Phone as the core of a Personal Area Net (PAN)
![Page 15: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/15.jpg)
Consideration Two
Accountability through Transparency
![Page 16: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/16.jpg)
Accountability
• Accountability of actions taken on the data layer rely on transparency of practices
• This lack of accountability is strikingly out of line with existing policy in similar matters
• The FCRA attached accountability to these organizations by requiring them to “provide notice when an adverse action, such as the denial of credit, is taken based on the content of [their] report.”
• Realize the relevancy of this legislation to the current situation of the data layer: a non-‐consumer facing industry (credit agencies) that had substantial powers over consumers (the public) but little accountability, was legislatively mandated to increase its accountability to consumers.
• This situation mirrors the data layer, and bears special resemblance to data brokers.
![Page 17: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/17.jpg)
Accountability on the Internet
• Many data layer firms are not consumer-‐facing firms (i.e., the firms collecting, selling, and using the data of a particular individual do not necessarily have a relationship with that individual)• E.g., data brokers have virtually no relationship with subjects
• Many individuals are completely unaware even of the existence of data brokers, let alone do they understand how their data is being used.
![Page 18: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/18.jpg)
Accountability in the Healthcare IoT
• Just as in the Internet economy, data brokers have already emerged combining and selling anonymized healthcare data.
• As individuals and their medical care will be increasingly affected by the data associated with them, they have a fundamental right to ensure attributes such as the accuracy, collection standards, and use of this data are appropriately held to societal standards.
• These ideas are certainly not novel: they have underscored the FTC’s Fair Information Practice Principles (FIPPs) since the 1970s.
![Page 19: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/19.jpg)
Consideration Three
Enforcement of Existing Laws
![Page 20: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/20.jpg)
Enforcement on the Internet
• Data points, when combined and used with inference algorithms, can be used to create de facto indicators of race, ethnicity, religion, sexual orientation, and other markers that have traditionally been avenues for discrimination
• A White House report on Big Data cites an instance of racial discrimination on the Internet (search result example)
![Page 21: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/21.jpg)
Enforcement on the Healthcare IoT
• Firms may hide behind complicated algorithms that are able to create discriminatory or harmful behavior automatically.
• This firm may create an algorithm which, when given data as input, automatically learns discriminatory behavior.• Many ethnic, religious, and racial groups have particular health
issues that can be traced not only to genetic causes, but also to cultural and societal causes. Algorithms may potentially create de facto indicators for these lawfully protected groups
• This can even happen without the knowledge of the firm itself
![Page 22: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/22.jpg)
Consideration Four
Protecting Innovation
![Page 23: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/23.jpg)
Protecting Innovation
• Previously discussed advancements
• Maintaining consumer confidence in the Healthcare IoT and Data Layer itself
• With the power the data provides firms, there are a number of incentives for firms with access to this data to act poorly in order to turn a quick profit
![Page 24: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/24.jpg)
Third Party Data Auditors (TPDAs)
![Page 25: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/25.jpg)
What are TPDAs?
• TPDAs are a class of highly technical, skilled, private market organizations that are hired by individuals to monitor and audit the collection and use of their data.
• After collecting all of the data that has been collected on their clients by data layer firms, TPDAs analyze the data that was collected, how the data was collected, and how it was used.
• Once finished with this analysis, the TPDAs present their findings to the client in an easy to comprehend report, as well as alerting them to potentially harmful, unscrupulous, or unlawful collections or uses of data.
• By empowering individuals, TPDAs will allow the citizenry to regain control of their lives on the data layer.
![Page 26: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/26.jpg)
What are TPDAs?
• TPDAs are entirely devoted to protecting the citizenry on the healthcare data layer• A regulatory policy creating TPDAs are essentially instantiating a
permanent citizen advocate in the data layer.
• TPDAs will embody policy goals without top down regulation
• TPDAs market-‐based structure allows them to address the rapidly changing technology sector
• TPDAs can address data layer regulation by leveraging the same entrepreneurial spirit, energy, and zeal that has itself created the technology sector (fighting fire with fire)
![Page 27: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/27.jpg)
How TPDAs will Operate
![Page 28: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/28.jpg)
1. Certification
• Similar structure to other trusted groups
• Doctors
• Lawyers
• Credit Reporting Agencies
![Page 29: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/29.jpg)
2. Initial TPDA Setup
• Choose which data layer firms (i.e. which data brokers, for example) the TPDA will offer as part of its auditing services
• Write software to be able to interact with these firms’ data systems, allowing the TPDA to work with the data it receives on its clients from the data layer firms.
• Begin creating the software they will use to analyze and audit their clients’ data. • Using highly technical data processing, machine learning, and
statistical techniques, each TPDA will design its own “secret sauce” with which to understand how data is used.
![Page 30: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/30.jpg)
3. Client Hires
• The client provides the appropriate level of identification, as well as authorization to request their data from data layer firms.
![Page 31: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/31.jpg)
4. TPDA Requests Data
• TPDA uses the identification and authorization provided by its client to pull, or request, the client’s data from all data layer firms with which the TPDA offers auditing services.
![Page 32: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/32.jpg)
5. The TPDA Parses and Analyzes the Data
• Using the proprietary algorithms and methods it has previously designed, the TPDA begins analyzing how the client’s data has been used.
• By searching for common patterns, understanding use cases, and tracking data flow between all of the firms being audited, the TPDA attempts to find all of the relevant information regarding the use of the data.
• This is a very powerful idea, as TPDAs directly allow technology, rather than just policy, to regulate the data layer.
![Page 33: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/33.jpg)
6. Formulating a Report
• The TPDA produces a detailed report for each of its clients that is both informative and actionable
• Each report contains information regarding how the client’s data has been used, and will alert clients to any potential sensitive, illegal, or abusive uses of data.
• This report may also make suggestions as to changes in use of technologies, tracking opt-‐out opportunities not currently utilized, and other potential suggestions of import.
![Page 34: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/34.jpg)
How TPDAs Address Policy Considerations
![Page 35: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/35.jpg)
Individual Awareness
• The cornerstone of TPDAs is in providing individual awareness as a service
• Through the report and advisory roles TPDAs play, consumers are empowered to understand what data has and is being collected, and how this data is being used, shared, and sold within the data layer
![Page 36: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/36.jpg)
Accountability through Transparency
• TPDAs create an accountability mechanism by creating a window through which consumers may examine data layer firms.
• Importantly, this window is a meaningful one through which consumers may draw useful and actionable information, and is well suited to the current and future state of the data layer.
![Page 37: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/37.jpg)
Enforcement of Laws
• On an individual level, consumers can now see what information has been collected and shared with particular organizations, as well as the data based inferences made from it by data layer firms such as data brokers.
• Once empowered with this information, consumers, either by their own impetus or on recommendation of their TPDA, may further examine potential misuses of data.
![Page 38: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/38.jpg)
Protecting Innovation
• Realize that there is little if any burden placed on data layer firms
• Rather than recommending top down, broad regulatory policy for the data industry as a whole, TPDAs empower better decision making through empowering consumers and regulators to better understand the data industry and how it operates.
![Page 39: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/39.jpg)
1. Mandate Data Access
2. Create TPDA Regulations and Certification Process
3. Educate the Citizenry
Policy Recommendations
![Page 40: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/40.jpg)
Congress should mandate that all Healthcare IoT andData Layer firms must oblige consumer requests foraccess to any data held on them by a firm, regardless ifthat firm collected or purchased that data. Data includesboth facts directly collected on an individual, as well asinferences made about that individual.
Mandate Data Access
![Page 41: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/41.jpg)
Congress should create a task force to create thenecessary regulations regarding the legal responsibilitiesof TPDAs, or task the FTC with this responsibility.Following this, Congress should task the FTC with settingup the mechanism to create the TPDA certificationprocess.
Create TPDA Regulations and Certification Process
![Page 42: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/42.jpg)
Congress should create a task force to educate the citizenry regarding the existence of TPDAs and the services they offer.
Educate the Citizenry
![Page 43: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/43.jpg)
Given the means, knowledge, and ability to exercise meaningful control over their digital lives, citizens will be able to make the most of the great opportunities the Healthcare IoT presents.
Closing thought
![Page 44: Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Aligning Patient, Industry, and Privacy Goals in the Age of Big Data"](https://reader038.vdocuments.us/reader038/viewer/2022110110/587598d71a28ab6d198b48fd/html5/thumbnails/44.jpg)
Thank You