-
Nature Medicine Jan 2019Big data has become the ubiquitous watch word of medical innovation. The rapid development of machine-learning techniques and artificial intelligence in particular has... (Review)
Review
Big data has become the ubiquitous watch word of medical innovation. The rapid development of machine-learning techniques and artificial intelligence in particular has promised to revolutionize medical practice from the allocation of resources to the diagnosis of complex diseases. But with big data comes big risks and challenges, among them significant questions about patient privacy. Here, we outline the legal and ethical challenges big data brings to patient privacy. We discuss, among other topics, how best to conceive of health privacy; the importance of equity, consent, and patient governance in data collection; discrimination in data uses; and how to handle data breaches. We close by sketching possible ways forward for the regulatory system.
Topics: Big Data; Delivery of Health Care; Health Insurance Portability and Accountability Act; Humans; Privacy; United States
PubMed: 30617331
DOI: 10.1038/s41591-018-0272-7 -
Mathematical Biosciences and... Jan 2022Smart meters allow real-time monitoring and collection of power consumption data of a consumer's premise. With the worldwide integration of smart meters, there has been...
Smart meters allow real-time monitoring and collection of power consumption data of a consumer's premise. With the worldwide integration of smart meters, there has been a substantial rise in concerns regarding threats to consumer privacy. The exposed fine-grained power consumption data results in behaviour leakage by revealing the end-user's home appliance usage information. Previously, researchers have proposed approaches to alter data using perturbation, aggregation or hide identifiers using anonymization. Unfortunately, these techniques suffer from various limitations. In this paper, we propose a privacy preserving architecture for fine-grained power data in a smart grid. The proposed architecture uses generative adversarial network (GAN) and an obfuscator to generate a synthetic timeseries. The proposed architecture enables to replace the existing appliance signature with appliances that are not active during that period while ensuring minimum energy difference between the ground truth and the synthetic timeseries. We use real-world dataset containing power consumption readings for our experiment and use non-intrusive load monitoring (NILM) algorithms to show that our approach is more effective in preserving the privacy level of a consumer's power consumption data.
Topics: Algorithms; Computer Systems; Privacy
PubMed: 35341255
DOI: 10.3934/mbe.2022155 -
Briefings in Bioinformatics Mar 2020In recent times, the reduced cost of DNA sequencing has resulted in a plethora of genomic data that is being used to advance biomedical research and improve clinical... (Review)
Review
In recent times, the reduced cost of DNA sequencing has resulted in a plethora of genomic data that is being used to advance biomedical research and improve clinical procedures and healthcare delivery. These advances are revolutionizing areas in genome-wide association studies (GWASs), diagnostic testing, personalized medicine and drug discovery. This, however, comes with security and privacy challenges as the human genome is sensitive in nature and uniquely identifies an individual. In this article, we discuss the genome privacy problem and review relevant privacy attacks, classified into identity tracing, attribute disclosure and completion attacks, which have been used to breach the privacy of an individual. We then classify state-of-the-art genomic privacy-preserving solutions based on their application and computational domains (genomic aggregation, GWASs and statistical analysis, sequence comparison and genetic testing) that have been proposed to mitigate these attacks and compare them in terms of their underlining cryptographic primitives, security goals and complexities-computation and transmission overheads. Finally, we identify and discuss the open issues, research challenges and future directions in the field of genomic privacy. We believe this article will provide researchers with the current trends and insights on the importance and challenges of privacy and security issues in the area of genomics.
Topics: Computer Security; Genetic Privacy; Genome, Human; Genome-Wide Association Study; Genomics; Humans
PubMed: 30759195
DOI: 10.1093/bib/bbz013 -
Journal of Bioethical Inquiry Jun 2023The recently passed Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022 (Cth) introduced important changes to the Australian Privacy Act 1988 (Cth)... (Review)
Review
The recently passed Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022 (Cth) introduced important changes to the Australian Privacy Act 1988 (Cth) which increase penalties for serious and repeated interferences with privacy and strengthen the investigative and enforcement powers of the Information Commissioner. The amendments were made subsequent to a number of high profile data breaches and represent the first set of changes to the Privacy Act following the review of the Act commenced by the Attorney-General in October 2020. The submissions made to the review emphasized the need for more effective enforcement mechanisms to increase individuals' control over their personal information and as a form of deterrence. This article reviews the recent amendments to the Privacy Act and explains their effect. It comments upon the relevance of the amendments for health and medical data and other data collected in the context of healthcare, and refers to the Attorney-General's Department's review of the Privacy Act regarding other proposals relating to enforcement which have not as yet been put into effect in legislation.
Topics: Humans; Privacy; Australia; Personally Identifiable Information; Confidentiality
PubMed: 37432509
DOI: 10.1007/s11673-023-10249-4 -
Journal of Telemedicine and Telecare Apr 2023Data privacy in telemedicine has been extensively considered and reviewed in the literature, such as explorations of consent, who can access information, and the... (Review)
Review
Data privacy in telemedicine has been extensively considered and reviewed in the literature, such as explorations of consent, who can access information, and the security of electronic systems. However, privacy breaches are also a potential concern in the physical setting and surroundings of the patient. Here we review clinical situations in which there is unanticipated loss of privacy, as well as potential physical and psychological safety concerns for the patient and others when privacy is limited. We identify ethical concerns and explore the challenges of supporting full true autonomous decision-making in this situation. We close with preliminary recommendations at the patient, clinician, and systems levels to help ensure privacy is maintained.
Topics: Humans; Privacy; Telemedicine; Confidentiality
PubMed: 36349356
DOI: 10.1177/1357633X221134952 -
EPJ Data Science 2021Data visualizations are a valuable tool used during both statistical analysis and the interpretation of results as they graphically reveal useful information about the...
Data visualizations are a valuable tool used during both statistical analysis and the interpretation of results as they graphically reveal useful information about the structure, properties and relationships between variables, which may otherwise be concealed in tabulated data. In disciplines like medicine and the social sciences, where collected data include sensitive information about study participants, the sharing and publication of individual-level records is controlled by data protection laws and ethico-legal norms. Thus, as data visualizations - such as graphs and plots - may be linked to other released information and used to identify study participants and their personal attributes, their creation is often prohibited by the terms of data use. These restrictions are enforced to reduce the risk of breaching data subject confidentiality, however they limit analysts from displaying useful descriptive plots for their research features and findings. Here we propose the use of anonymization techniques to generate privacy-preserving visualizations that retain the statistical properties of the underlying data while still adhering to strict data disclosure rules. We demonstrate the use of (i) the well-known -anonymization process which preserves privacy by reducing the granularity of the data using suppression and generalization, (ii) a novel deterministic approach that replaces individual-level observations with the centroids of each nearest neighbours, and (iii) a probabilistic procedure that perturbs individual attributes with the addition of random stochastic noise. We apply the proposed methods to generate privacy-preserving data visualizations for exploratory data analysis and inferential regression plot diagnostics, and we discuss their strengths and limitations.
PubMed: 33442528
DOI: 10.1140/epjds/s13688-020-00257-4 -
Health Informatics Journal 2021Although data protection is compulsory when personal data is shared, there is no systematic method available to evaluate to what extent each individual is at risk of a...
Although data protection is compulsory when personal data is shared, there is no systematic method available to evaluate to what extent each individual is at risk of a privacy breach. We use a collection of measures that quantify how much information is needed to uncover sensitive information. Combined with visualization techniques, our approach can be used to perform a detailed privacy analysis of medical data. Because privacy is evaluated per variable, these adjustments can be made while incorporating how likely it is that these variables will be exploited to uncover sensitive information in practice, as is mandatory in the European Union. Additionally, the analysis of privacy can be used to evaluate to what extent knowledge on specific variables in the data can contribute to privacy breaches, which can subsequently guide the use of anonymization techniques, such as generalization.
Topics: Computer Security; Data Anonymization; Humans; Privacy
PubMed: 34075842
DOI: 10.1177/1460458220983398 -
Human Genetics Aug 2018Canada's regulatory frameworks governing privacy and research are generally permissive of genomic data sharing, though they may soon be tightened in response to public... (Review)
Review
Canada's regulatory frameworks governing privacy and research are generally permissive of genomic data sharing, though they may soon be tightened in response to public concerns over commercial data handling practices and the strengthening of influential European privacy laws. Regulation can seem complex and uncertain, in part because of the constitutional division of power between federal and provincial governments over both privacy and health care. Broad consent is commonly practiced in genomic research, but without explicit regulatory recognition, it is often scrutinized by research or privacy oversight bodies. Secondary use of health-care data is legally permissible under limited circumstances. A new federal law prohibits genetic discrimination, but is subject to a constitutional challenge. Privacy laws require security safeguards proportionate to the data sensitivity, including breach notification. Special categories of data are not defined a priori. With some exceptions, Canadian researchers are permitted to share personal information internationally but are held accountable for safeguarding the privacy and security of these data. Cloud computing to store and share large scale data sets is permitted, if shared responsibilities for access, responsible use, and security are carefully articulated. For the moment, Canada's commercial sector is recognized as "adequate" by Europe, facilitating import of European data. Maintaining adequacy status under the new European General Data Protection Regulation (GDPR) is a concern because of Canada's weaker individual rights, privacy protections, and regulatory enforcement. Researchers must stay attuned to shifting international and national regulations to ensure a sustainable future for responsible genomic data sharing.
Topics: Canada; Computer Security; Databases, Genetic; Genetic Privacy; Genetic Research; Humans; Personally Identifiable Information
PubMed: 30014188
DOI: 10.1007/s00439-018-1905-0 -
International Journal of Environmental... Apr 2022The objective of this study was to explore the impact of a perceived privacy breach by pharmaceutical e-retailers on customer boycott intention, especially the mediating...
The objective of this study was to explore the impact of a perceived privacy breach by pharmaceutical e-retailers on customer boycott intention, especially the mediating role of emotional violation and the moderating effect of customer previous trust. Data were collected via a questionnaire survey of 335 customers of pharmaceutical e-retailers from China. Our research results showed that a perceived privacy breach by a pharmaceutical e-retailer had no direct effect on customer boycott intention; a perceived privacy breach positively affected emotional violation; emotional violation led to customer boycott intention; emotional violation played a mediating role in the relationship between a perceived privacy breach and customer boycott intention; and customer previous trust positively moderated the mediating effect of emotional violation.
Topics: Big Data; China; Intention; Pharmaceutical Preparations; Privacy
PubMed: 35457697
DOI: 10.3390/ijerph19084831 -
Patterns (New York, N.Y.) Sep 2022In this study, we analyzed health-advertising tactics of digital medicine companies (n = 5) to evaluate varying types of cross-site-tracking middleware (n = 32) used...
In this study, we analyzed health-advertising tactics of digital medicine companies (n = 5) to evaluate varying types of cross-site-tracking middleware (n = 32) used to extract health information from users. More specifically, we examine how browsing data can be exchanged between digital medicine companies and Facebook for advertising and lead generation and advertising purposes. Our analysis focused on companies offering services to patient advocates in the cancer community who frequently engage on social media. We co-produced this study with public cancer advocates leading or participating in breast cancer groups on Facebook. Following our analysis, we raise policy questions about what constitutes a health privacy breach based on existing federal laws such as the Health Breach Notification Rule and The HIPAA Privacy Rule. We discuss how these common marketing practices enable surveillance and targeting of medical ads to vulnerable patient populations without consent.
PubMed: 36124307
DOI: 10.1016/j.patter.2022.100561