Monetizing Privacy

Publisher's Window

WHAT IS DISTURBING TO ME is how an individual’s privacy is being compromised of late. It seems like a day doesn’t pass without reading about ransomware dealing with a person’s medical information. Hackers have fine-tuned the art of invading the computer networks of clinics and hospitals in the quest for making a profit from the theft. To underscore our vulnerability, the April 30 issue of Bloomberg Businessweek showed the results of Verizon Communication Inc.’s 2018 Data Breach Investigations Report. The top three most likely threats are personal, payment, and medical. This was based on data collected by Verizon from 67 organizations around the world for the 12 months ended Oct. 31, 2017.

A person’s medical record has monetary value. But a person’s personal data is being monetized in other quarters as well. Facebook has gotten a lot of negative press for the use of its data by Cambridge Analytica (which has since shut down), — a classic example of how personal data can be monetized. In this case it involved the data on some 87 million Facebook accounts. This is called data mining. And a company by the name of Palantir Technologies, founded by Peter Thiel, a Stanford Law School graduate and one of the co-founders of PayPal, has developed highly sophisticated algorithms that can be used to monitor an employee’s every move, inside and outside the place of employment.

In the healthcare world we have HIPAA to contend with. One aspect of this federal legislation is to protect a person’s medical record information. HIPAA also details the security procedures that covered entities must comply with to protect the person’s privacy. I advise every pharmacy owner to have his or her security procedures in compliance with the HIPAA requirements well-documented and routinely refreshed, to avoid any penalties that might be incurred by the Office for Civil Rights should the pharmacy be subjected to an audit as a result of a security breach. The Office for Civil Rights is cleaning up with the fines it is levying on covered entities that fail to comply with HIPAA.

There are two aspects to the privacy issue. One is data that is hacked, and the other is data that is mined. Combined, these are the forces behind a person’s life no longer being private. We also live in a world where identity theft lurks in the shadows. The Equifax and Target data breaches were headline news. We just do not know how many people were adversely affected as a result.

It is amazing what companies know about us. What products we buy, when we buy them, our demographics. Our lives seem to be an open book. And there have been countless stories about people who post things on their Facebook page that have caused lost employment opportunities. One caveat is to watch what you post so it doesn’t come back to haunt you.

Is there a quick fix to the privacy issue? I doubt it. CT