Everyone worries about data privacy. And, looking at the state of the industry, they have every reason to be. The truth is big data generates big money. Data privacy at this moment seems to be something that’s not even a possibility anymore. As almost every application that you interact with has the ability to collect data on your actions, and that isn’t just what you do on social media. Data is for sale in almost any scenario.
Your data, including demographics, preferences and other key information, is for sale in many situations. The one dominating media outlets right now is the Cambridge Analytica and Facebook scandal. Many Facebook users were at least somewhat aware their data was generating revenue for the social media platform. Consider all the ads you see in your feed and how many of them are actually pretty relevant to you as a buyer. There’s no sixth sense involved here, rather Facebook tracks what you like, what you do and who you are in the digital world. This information then helps their advertisers target you better. Sounds mostly harmless, right. Except with the Cambridge Analytica scenario, this wasn’t a company creating ads on Facebook to target people that had certain characteristics. They were harvesting data and taking it without consent.According to a Cambridge Analytics whistleblower, the company gathered data from 50 million Facebook users. Then they developed a software program to profile these 50 million individuals and advertise them in a way to influence their voting decisions. However, there was no authorization for the data to be used in this way. The firm exploited Facebook to harvest profiles, but this isn’t a data breach. Cambridge Analytica acquired the initial data from users that used an app to take a personality test and agreed to share it. However, the app then went further, accumulating the data of the test taker’s friends as well.
This has put Facebook and CEO Mark Zuckerberg firmly in the crosshairs of the US Federal Trade Commission (FTC). The FTC is looking at whether Facebook violated the terms of a 2011 settlement to enhance privacy policies so third parties could not acquire data without permission of the user.Facebook is currently in crisis mode, trying to prove to its users that it can secure your data, saying “We have a responsibility to protect your information. If we can’t, we don’t deserve it.” Since the scandal unfolded, Facebook shares have seen a hit, and at least a small percentage of users have deleted their accounts.As this was all blowing up, more data privacy issues were raised regarding Facebook tracking call and SMS history. Facebook fired back saying that the logging is part of an opt-in feature for those using Messenger on Android devices. As it’s allegedly something users have agreed to, they can also opt out of it. Facebook released a recent publication about making privacy setting tools easier to find for users, as a means to allow them more control. This may be a big eye-opener for many, citizens and companies, about what data privacy really looks like in the 21st century. The bottom line is any application or platform that you use as an individual or an employee that stores your data has the potential to sell it. The only solution is not allowing third parties to store your data, which seems impossible.
Social media platforms and Google aren't the only data sellers. Unfortunately, healthcare providers do it as well. The adoption and use of electronic health records (EHR) have certainly benefited the entire industry and have been a tool for better patient care. It’s also led to lots of data providers popping up, as there is a low barrier to entry in the market. So with more competition and options, this should be a win. Yet, that’s not how it’s playing out. In fact, according to a Harvard Business Review article, the majority of HCIT (healthcare IT) is being streamed to startups that sell data. For these firms, data is the product. Yet, it’s also a commodity, with the Centers for Medicare and Medicaid (CMS) now publishing enrollment and utilization data. Stakeholders in the industry, of course, understand the value of data, especially in how it can offer insights on specific ailments as well as how diseases progress, management of pain and treatment options.
The data sold by these type of firms is anonymized. However, data miners and brokers can create detailed profiles by cross-referencing with other sources. The data in its raw form strips out identifiers, leaving gender, age, ailments, and neighborhood. Data miners then cross-reference this with pharmaceutical data, also up for sale. This data combines with data from a variety of other sources like search engines. While this process is not technically a violation of HIPAA; it can render the protections of HIPAA useless. A lot of this hinges on the legal right of a business to harvest and sell the information of individual patients without their permission and was upheld in the U.S. Supreme Court case of Vermont’s Attorney General v. IMS Health. The justices ruled in favor of IMS Health. So, what options do patients and healthcare providers if they don’t want their data on the selling block? A cloud pass-through architecture is an answer.
If the application or provider you work with stores or saves any of your data then it’s probably fair game. That’s the revolutionary thing about cloud pass-through architecture. An application lets the data pass through its server, but it never stores. This means all data lives only on your servers. No PHI is stored by the service provider. Industry leaders and regulators are contemplating this way of using the cloud as the way to go. The organization is the custodian of the data. Centralizing has not worked for privacy. This can work because if they never have your data, they can’t sell it.At QliqSOFT, we are one of very few HCIT companies that use cloud pass-through architecture, creating our own proprietary Cloud Pass-Thru product. We use this in our secure communication application, working for text, documents, and photos. With QliqSOFT, you are the keeper of your own data. You can learn more about our security and compliance initiatives here.