MY SMART PHONE DOES WHAT WITH MY BLOOD PRESSURE DATA ??? Anita Fineberg, LL.B. CIPP/C Barrister & Solicitor President, Anita Fineberg & Associates Inc.

Slides:

Advertisements

Similar presentations

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Advertisements

PHIPA: The Year in Review Moderator: Debra Grant Panelists: Pam Slaughter Eric Holowaty Eric Holowaty Ron Heslegrave Ron Heslegrave PHIPA Summit: A Balancing.

Privacy and Information Security Training ( ) VUMC Privacy Website

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

Informed Consent.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

COSTS AGREEMENTS AND DISCLOSURES BAR ASSOCIATION CPD SEMINAR 2 AUGUST 2007 By Roger Traves SC.

PRIVACY A Consumer Reporting Agency Perspective. Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But.

Complying with Privacy to Enable Innovation & Research

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Top of Content Box Line Subtitle Line Title Line Right Margin Line Wearables: Panacea or Pandora’s Box – A Security Perspective Gary Davis | Chief Consumer.

Obtaining Informed Consent: 1. Elements Of Informed Consent 2. Essential Information For Prospective Participants 3. Obligation for investigators.

HEAVEN’S HANDS COMMUNITY SERVICE H.I.P.A.A. What is HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act, which was passed.

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;

1 Consent for treatment A summary guide for health practitioners about obtaining consent for treatment Bridie Woolnough Resolution Officer Health Care.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Contemporary Issues in Canadian Health Care Nola M. Ries, MPA, LLM Adjunct Assistant Professor, University of Victoria Research Associate, Health Law Institute,

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

Life Cycle Overview & Resources. Life Cycle Management What is it? Integrated concept for managing goods and services towards more sustainable production.

Workshop on Health Examination Surveys (HES) Legal and ethical issues Susanna Conti, M. Kanieff, G. Rago Istituto Superiore di Sanità (ISS) (National Public.

1 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.

Using the Internet to Conduct Research What Investigators and IRB Members Should Know -- January 29, Lisa Shickle, MS Analyst, VCU Massey Cancer.

Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Standard Operating Procedures Joe Wherton Queen Mary University of London

Smart Machines, Smart Privacy: Rules of the Road and Challenges Ahead The views expressed are those of the speaker and not necessarily those of the FTC.

Privacy, Quality and Electronic Health Information Royal New Zealand College of GPs Quality Forum 14 February 2009 Sebastian Morgan-Lynch

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.

Canadian English LING 202, Fall 2007 Dr. Tony Pi Research Ethics.

Beyond Privacy Policies: Assessing Inherent Privacy Risks of Consumer Health Services Jens Weber, PhD, PEng James Williams, JD, Msc, Phd (cand)

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 1 The Technical Services Stuff in IT Services A brief tour of the technical and service offering plethora.

The Internet of Things and Consumer Protection

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

Privacy Practices.

TRAINING COURSE. Course Objectives 1.Know how to handle a suspected case 2.Know how to care for a recognized trafficked person referred to you Session.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

Data protection—training materials [Name and details of speaker]

AssessPlanDo Review QuestionYesNo? Do I know what I want to evaluate and why? Consider drivers and audience Do I already know the answer to my evaluation.

The Health Information Protection Act. What is the Health Information Protection Act (HIPA)? HIPA is legislation that speaks to access to, and protection.

Mini Law Lesson: Law of Apps Brian Heidelberger

Final HIPAA Privacy Rule: The Research Provisions Julie Kaneshiro DHHS Office for Human Research Protections Phone: Fax:

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.

CONDUCTING AN ETHICAL ONLINE STUDY Janet Salmons, PhD Chapter 5.

UNHCR‘s Policy on the Protection of Personal Data of Persons of Concern - An introduction (October 2016)

East Carolina University

Privacy Education Session CMHA-WECB/CCHC Volunteers/Students

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)

Information Security.

Deployment Planning Services

Research Ethics Matthew Billington

Privacy & Access to Information

Move this to online module slides 11-56

Social Applications: The Mobile Imperative

Student Transcripts Service (STS): Sending Your Marks to Post-Secondary Institutions (PSI) November 2018.

Privacy Policy the Law….

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

Student Privacy in the age of big data

TRACE INITIATIVE: Confidentiality, Data Security, and Procedures for Protocol Violation or Adverse Event.

IoT: Privacy and Security

Student Transcripts Service (STS): Sending Your Marks to Post-Secondary Institutions (PSI) November 2018.

Online Safety; Privacy and Sharing

Presentation transcript:

MY SMART PHONE DOES WHAT WITH MY BLOOD PRESSURE DATA ??? Anita Fineberg, LL.B. CIPP/C Barrister & Solicitor President, Anita Fineberg & Associates Inc. Privacy by Design Ambassador eHealth 2013: Accelerating Change May 29, 2013

CONCEPTS Consumer concerns The mobile ecosystem Data collected by mobile apps App “privacy gaps” The vicious cycle Recommendations Conclusions Contact information

CONSUMER CONCERNS  The three-quarters of Canadians who use mobile devices are increasingly likely to use privacy protection measures.  The majority of these people are likely to use a password to lock it (56%) and to adjust settings of the device or apps to limit the amount of personal information they share with others (53%).  This reflects significant increases in the use of such measures since 2011.

CONSUMER CONCERNS  The majority of mobile users (55%) have decided not to install, or have uninstalled, an app because of the amount of personal information they would have to provide.  A smaller proportion (38%) have turned off the location tracking feature on their mobile device because they were concerned about others accessing that information.. Source:Survey of Canadians on Privacy-Related Issues, Phoenix Strategic Perspectives, Conducted for the Office of the Privacy Commissioner of Canada, January, 2013

CONSUMER CONCERNS Source:U.S. Consumer Privacy Attitudes and Business Implications: TRUSTe®, July 2012

CONSUMER CONCERNS  Consumers are particularly concerned about their confidential health information falling into the hands of employers or others Source:Blue Chip Patient Recruitment, Leveraging Mobile Health Technology for Patient Recruitment: 2012 [cited 2012 October], Cited in Deloitte: mHealth in an mWorld How Mobile Technology is Transforming Health Care – Deloitte 2012

THE MOBILE ECOSYSTEM

DATA COLLECTED CAN INCLUDE Contacts Photo Library Videos Camera/Video Sensor Microphone Text Messages Dialer Calendar Items Location Reminders Social Integration Features Source:A Brief Overview of the Mobile App Ecosystem: FPF (Future of Privacy Forum)/World Privacy Forum, September 2012 User entered info

“PRIVACY GAP”IMPACT ON CONSUMERS Lack of a privacy policyNo information on what information the app collects, uses, discloses, to whom and for what purposes and for how long Failure to seek express consent for the collection of PHI (initially and when the purpose of the use and/or disclosure changes) Sensitive information may be collected, used and/or disclosed for purposes unexpected by the consumer Inability to change default settingsNo choice with respect to the use of their information; i.e. no ability to “opt- out” APP “PRIVACY GAPS”

“PRIVACY GAP”IMPACT ON CONSUMERS Failure to inform consumer if app accesses local resources (e.g. device address book, contacts, camera, photos), for what purposes and obtain consent prior to access Unaware that other PI/PHI may be collected and used, other than that required for the operation of the app No contact information so that a user may have their privacy questions and/or concerns addressed Uncertainty related to whether the app is collecting, using and/or disclosing their information in a manner consistent with their understanding and/or expectations

THE VICIOUS CYCLE

RECOMMENDATIONS Developers  Understand the environment in which the app will be used, by whom and the type of information required for its operation  Obtain privacy advice before development begins  Assess “proof of concept” against legal requirements, best practices and user expectations  Build in privacy controls from the beginning  Ensure the app functions as stated in its privacy policy BOTTOM LINE WHAT PHI IS BEING COLLECTED, USED AND DISCLOSED, BY WHOM AND FOR WHAT PURPOSES?

RECOMMENDATIONS Consumers  Research mobile apps before installing them – credibility from development agreements; BlackBerry’s privacy notices service  Just because you pay for it doesn’t mean it is more privacy protective  Look for app “permissions” and opt-out features to verify that the app will collect PHI for purposes and perform only functions of which you are aware and approve  Watch out for collection of location data  Encrypt your phone data if storing PHI on the device  Understand the risks you are introducing to your mobile device

CONCLUSIONS  Consumer concerns over privacy affect both their initial downloading and continued use of health apps  Potential benefits of mHealth for both consumers and the health system more generally may be squandered if concerns are not addressed  Both the developer community and consumers have a role to play in creation of a trusted mHealth ecosystem

CONTACT INFORMATION ANITA FINEBERG, LL.B., CIPP/C BARRISTER & SOLICITOR PRESIDENT ANITA FINEBERG & ASSOCIATES INC (B) (C)