According to a CNBC report, Facebook sent a doctor on a secret mission to ask hospitals to share patient data with them. The company’s aim was to match patient records to Facebook profiles, a potential violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Facebook’s Spy Doctor
The report said that Facebook has asked major hospitals and health organizations such as Stanford Medical School and American College of Cardiology to share “anonymized” data about their patients for a “research project.”
The proposal never went beyond the planning phase and it was put on pause once the Cambridge Analytica scandal revealed other privacy issues the Facebook platform had.
The effort to share patient data was led by interventional cardiologist called Freddy Abnousi, who describes his role on LinkedIn (opens in new tab) as "leading top-secret projects." The project was supervised by Regina Dugan, the head of Facebook's "Building 8" experiment projects group, before she left in October 2017.
Deanonymizing “Anonymized Data”
We already know from previous studies that the so-called anonymized data that advertising and data-tracking companies like to promote as a way to encourage people to give up their data, isn’t actually that anonymous. In fact, in many of these studies over 90% of the people can be easily identified from the anonymized data.
It seems Facebook already knew this, because according to the CNBC report, the company was already planning on matching the patient data with its own user profiles.
To comply with the federal and state medical privacy laws, Facebook planned to use cryptographic hashes to match the medical data set with the Facebook user base, while blurring the names of the patients in the medical data set.
However, the final result of this solution still seems to lead to deanonymization, if at the end of the whole process, the company can still match single users to certain medical data about them. At that point, the data is no longer anonymous, even if it may have been in the early stages of the process.
It seems Facebook has gotten into the habit of using its users data in whole new ways without asking for consent, and only apologize later, when discovered. The company had previously done some psychological experiments on its users, for which it later apologized.
Aneesh Chopra, president of CareJourney, a health software company specializing in patient data, seems to agree that Facebook is not approaching this issue the right way:
Consumers wouldn't have assumed their data would be used in this way. If Facebook moves ahead (with its plans), I would be wary of efforts that repurpose user data without explicit consent.
The new EU GDPR rules already require explicit consent for data collection in most cases, and Facebook has already promised to enable the same privacy controls for every user. It now remains to be seen if Facebook has actually learned anything from the Cambridge Analytica scandal, and whether or not the company will be more careful about not using its users' data for things its users didn't give their consent.
The Right Way?
I would use much much stronger language than that. From all the previous "problems" that Facebook has had I knew sooner or later they would go too far.
Something always rubbed me the wrong way about Zuckerberg. I'm not saying he was (or is) malicious but rather naive and/or sloppy or just downright irresponsible.
This should be very interesting to follow.
I understand that Facebook is the new means of communication between friends and family because it's convenient and has made email essentially obsolete, but they are clearly crossing civil rights boundaries now.
"Power tends to corrupt, and absolute power corrupts absolutely. Great men are almost always bad men." - Bishop Mandell Creighton, 1887
Patient information is one of the most prohibed information that you can have or accuire by the law in most civiliced countries...
Zuck bought a house in Palo Alto, and then proceeded to buy every home surrounding his so he could have his own privacy! He was on the verge of kicking the families in the surrounding homes out but the last I heard that was delayed. And he did a similar thing on the island of Kauai in Hawaii. Instead this time he bought acres of land surrounding his home and proceeded to build a stone wall around the entire holding. This pissed off the native Hawaiians who were denied access to lands they had farmed for decades.
My conspiratorial mind suspects that Facebook and Google may want heavy government regulation at this point. It would essentially freeze the status quo because only they could afford to comply with the onerous rules while sitting on their huge stash of valuable data and large market share. New entrants could never get started in the smothering regs and never dethrone them.
They may not be able to get bigger than they are now so it's time to lock in the win.
"Please, Please don't make me a regulated utility with guaranteed profit margins and no competition allowed."