Featured Post

Hacking Health in Hamilton Ontario - Let's hear that pitch!

What compelled me to register for a weekend Health Hackathon? Anyway, I could soon be up to my ears in it. A pubmed search on Health Hack...

Showing posts with label privacy. Show all posts
Showing posts with label privacy. Show all posts

Tuesday, October 3, 2017

Blockchain & eHealth: Towards Provable Privacy & Security in Data intensive Health Research




CALL FOR ABSTRACTS 
------------------ 

The First Workshop on "Blockchain & eHealth: Towards Provable Privacy & Security in Data intensive Health Research" will be held on: 

November 7, 2017, Markham (Greater Toronto area), Ontario 
https://www-01.ibm.com/ibm/cas/cascon/workshop.jsp 

The workshop is co-located with CASCON 2017: The Cognitive Era: Data, Systems and Society conference 
https://www-01.ibm.com/ibm/cas/cascon/ 

The registration for the conference and its workshops is free. 

The goal of this workshop is to bring together security, privacy and eHealth experts from academia, healthcare institutions, industry and public policy to focus on the challenges and opportunities of developing a blockchain enabled infrastructure that promotes trust between different stakeholders in health research and enables a provable privacy-aware path to real time access to patients data. 

We invite interested researchers to submit an abstract (limit of 500 words) reporting the state of their research relevant to the workshop objectives. Accepted abstract submissions will be invited to present in the workshop. Both research and application papers are solicited.  The submitted abstracts will be reviewed on the basis of technical quality, relevance, significance and clarity. We particularly encourage PhD students in the early stage of their research on blockchain and R&D managers who are planning the application of blockchain technology to submit an abstract to this workshop. 

Topics of this workshop include (but not limited to) the following: 

• Decentralized platforms for health information exchange 
• Public vs. private Blockchain for health research 
• Access control, anonymity and privacy issues among blockchain participants 
• Blockchain scalability issues and its solutions 
• Blockchain threat models, attacks, defenses and countermeasures 
• Network forensics in Blockchain 
• Blockchain trust verification models 
• Legal, ethical, and societal aspects of using blockchain in health research 
• Case studies (for adoption, attacks, etc.) 


WORKSHOP CHAIRS: 
- Reza Samavi, Department of Computing and Software, eHealth Program, McMaster University, Hamilton, Canada 
- Thomas Doyle, Department of Electrical and Computer Engineering, eHealth Program, McMaster University, Hamilton, Canada 
- Thodoros Topaloglou, Scarborough and Rouge Hospital, Toronto, Canada 

DEADLINES: 
- Oct. 23, 2017 Submission Deadline 
- Oct. 30, 2017 Acceptance Notification 
- Nov.   7, 2017 Presentation 

SUBMISSION: 
Please send your submissions, inquiries and correspondence on this workshop to (email to: samavir@mcmaster.ca) with the subject starting with "Workshop on Blockchain & eHealth:" 

Wednesday, April 6, 2016

Mobile Health Apps Interactive Tool - Which privacy laws apply?

This is an interesting and useful screening tool for health app developers who want to know which privacy laws they may be subject to. Developed in the US, but good for anyone to think about:
https://www.ftc.gov/tips-advice/business-center/guidance/mobile-health-apps-interactive-tool#which

Thursday, October 2, 2014

National Institutes of Health Informatics - Education Series Fall 2014

National Institutes of Health Informatics

Announcing eSafety Series: Ensuring the Safety of our eHealth Systems and Programs
eSafety Series
Ensuring the Safety of our eHealth Systems and Programs

November 19 & 26, 2014
Live, Interactive, Online Sessions - 12:00 -1:30 PM ET
A Joint COACH and NIHI Program
Click Here for More Information

Special Rates for COACH Members and NIHI Colleagues
Patient safety has become a major concern in health care. Key Institute of Medicine and Canadian reports starting as early as 1999, underscore the importance of being safety conscious and proactive in identifying safety risks in healthcare. Today’s eHealth systems are increasingly important in enabling improvements in patient safety, but they can also inadvertently introduce new risks into the healthcare environment.

This online program introduces the COACH eSafety Guidelines: a comprehensive resource for health information professionals and others with a responsibility to ensure that eHealth systems are built and operated in a manner that reduces the risk to patient safety. The Guidelines provide a sound basis for implementing an eSafety Management Program including the assessment of risks using the eHealth Safety Case.
Session 1: Introduction to eSafety & the eSafety Management Program - November 19, 2014
This session will provide a foundation for understanding the issues and opportunities for addressing safety issues in eHealth systems and cover the main steps in setting up an eSafety management program .

Session 2: The eSafety Case - November 26, 2014
This session will introduce the eHealth safety case. The safety case is the safety equivalent of the privacy impact assessment and threat and risk assessment.

Register for eSafety and get 25% off of the coilbound edition COACH eSafety Guidelines. Email Cheryl, ccornelio @ coachorg.com to arrange this discount.  Available only to eSafety session registrants until November 18.
COACH
Canada's Health Informatics Association
NIHI
National Institutes of Health Informatics

Fall 2014 eHealth Education Line-Up
eHealth Future Trends
October 23, 30 & November 6, 2014
Usability Testing Essentials
November 13, 2014

 

National Institutes of Health Informatics
Website:
www.nihi.ca
Contact Us: info@nihi.ca; 1-800-860-7901

Unsubscribe

Sunday, April 13, 2014

Awesome Wearable Intelligence Google Glass in the ER Video


http://geekdoctor.blogspot.ca/2014/04/google-glass-details.html

John Halamka posted this video on his blog about the Wearable Intelligence software using Google Glass technology for healthcare (ER). It is awesome to see this from a Health Informatics perspective. They are experimenting with Google Glass in their ER. I like that he said:

"After several months of testing, we have deployed the product to clinical providers in the ED and are completing the first IRB approved study (to our knowledge) of the technology’s impact on clinical medicine."

The devices using the Wearable Intelligence software are medical devices and need to be tested clinical and cleared by the IRB. Evaluating the efficacy and patient safety over a longer term will also be interesting. I wonder how how they designed the clinical trial methodologically.

One commenter on the blog post on their experience with the efficacy of Google Glass over EHR/EMR has an excellent article:
http://www.acutecarecontinuum.com/Home/tabid/84/entryid/245/Slow-Death-by-EMR-or-How-I-Learned-to-Stop-Clicking-and-Love-Google-Glass.aspx


There are other stories on Google Glass I have picked up recently:

http://www.theverge.com/2014/4/7/5589940/google-glass-and-the-specter-of-instant-facial-recognition

http://www.prweb.com/releases/2014/04/prweb11740581.htm

The International Association for Privacy Professionals had this news item posted:
https://www.privacyassociation.org/publications/google_glass_surgeon_saves_lives_with_it_bar_bans_it


FACIAL RECOGNITION
Google Glass: Surgeon Saves Lives with It, Bar Bans It
Livestream has released its first piece of Glass software, PC Magazine reports, which allows users to tap the headset and say, “Okay Glass, Livestream,” and then livestream the event to viewers. Meanwhile, The Verge reports on the multitude of facial recognition apps on the market today, including “NameTag,” which links a user’s face to “a single, unified online presence.” And The New York Times reports on both the opportunities and the challenges inherent in Google Glass, with some welcoming the technology enthusiastically—such as one lung surgeon who recently used Glass to help perform a procedure—and others banning it entirely, such as one California nightclub.
Full Story


Tuesday, February 25, 2014

The "sousveillance" world of Steve Mann

When I studied the use of RFID in healthcare I was amazed at the possibilities for this technology and it's essential humanness. An RFID barcode is much safer for an infirm patient because the identification or drug dosage on the RFID signal can be picked up without having to move the patient. A barcode, on the other hand, might be on a wrist under a sleeping patient, so they would have to be turned over in order to scan the bar code in line of sight. RFID technology was also great for keeping track of physical assets like infusion pumps, and inventory replenishment systems. On the other hand, keeping track of people presented some ethical and privacy concerns because people would be under the impression that they would be constantly under surveillance. When the word "surveillance" is used, Big Brother rears its ugly head.

Surveillance needn't be a fearful word even though it has a strong presence in security organizations and anti-terrorism. There are forms of surveillance in public health that can be beneficial for the health and welfare of society, such as syndromic surveillance, even though that too may have had some origins in state security, i.e. finding out where that anthrax threat was.

One thing I like about the wearable computer work of Steve Mann is his bold claim that the eye-tap or video glasses he created and wears present to society a form of what he calls "sousveillance", which is a much more nuanced, benign or human form of it's evil cousin - mentioned above. Sousveillance is an understated way of trying to balance the power of who is watching who. For some totally unknown reason it reminds me of the anti-sus dub poetry of Linton Kwesi Johnson. The anti-sus laws, or suspected person vagrancy laws in 19th century Britain might have nothing to do with sousveillance, but I am sure Steve Mann has had that feeling of being considered a suspicious and unwelcome person. Racial profiling for cyborgs? His McVeillance experience is indicative of that.

Now try to imagine a year in the future when everyone is wearing eye-tap video devices of that type Steve Mann and then Google developed. Maybe this is in 2020,( appropriate for seeing perfectly), and maybe it is not, but won't this mean that everyone we see on the street, and their dog, will be the equivalent of a Google Street View with a 24/7 refresh rate? And then ask yourself what does this do for for privacy laws, and you will have to wonder why the privacy commissioner of Canada wrote a letter to the lawyers at Google in 2007 to say that Google Street View would break all of Canada's privacy laws if it was implemented! It is interesting to try and imagine this future and one science fiction book I read by Charles Stross, called Halting State did exactly that. It was a murder mystery inside a video game but the real life police all had video recording visors they were obligated and/or controlled to wear on the job, recording all the visual details of their day to day investigations. Surveillance technology may not have been extended to all citizenry, but now the details are slipping away on me - read it a few years ago.

Notions of privacy will be changing beyond a doubt. Even now in different cultures there are different notions of privacy and proxemics. I think it was Iceland that lists your tax return information in the phone book or something like that. Imagine if we all started using Augmented Reality eye-tap devices, like the ones on the veillance.org website which are tied into redundantly backed-up servers. Imagine people walking through hospitals with such wearable devices scanning people sitting in the STD clinic waiting rooms. Personal space is being violated in terms of personal health information (PHI). The technology is wonderful though. As Personal Health Records are being developed (even with HL7 standards) a problem area is how to capture and store personal information submitted by the patient, not the physician, and how to make that information intelligible. Streams of data from daily blood tests, BP, and now possibly wearable computer video images, needs to managed and made relevant somehow. On the other hand, IT and policy specialists in healthcare have mostly normalized the Bring Your Own Device (BYOD) phenomenon.

Another notion of privacy that might need to change is the idea that PHI is always private. Some people are already posting their PHI on facebook and they don't care if it is public. In rare cases we have even heard that this has saved lives. I have personally heard research participants with rare and chronic health conditions who are posting their personal health records as widely on the internet as possible in order to obtain possible help or insight for future research. It is technologically possible I suppose to put PHI and other forms of identification into Augmented Reality "fields of vision" for other persons with wearable devices to readily pick up. The only thing stopping people from doing that is the notions of privacy and their willingness to consent to have that out there in the public domain.

I like Steve's distinction (on wikipedia - or brilliant IEEE article ) between surveillance and sousveillance:

Personal sousveillance is the art, science, and technology of personal experience capture, processing, storage, retrieval, and transmission, such as lifelong audiovisual recording by way of cybernetic prosthetics, such as seeing-aids, visual memory aids, and the like. Even today's personal sousveillance technologies like camera phones and weblogs tend to build a sense of community, in contrast to surveillance that some have said is corrosive to community.[29]
The legal, ethical, and policy issues surrounding personal sousveillance are largely yet to be explored, but there are close parallels to the social and legal norms surrounding recording of telephone conversations. When one or more parties to the conversation record it, we call that sousveillance, whereas when the conversation is recorded by a person who is not a party to the conversation (such as a prison guard violating a client-lawyer relationship), we call the recording "surveillance".

It is within this realm of "personal sousveillance" that the work of Steve Mann as applied to health informatics, is really to going to shine. Steve  was one of the original group who helped secure funding for the Centre for Global eHealth Innovation at the University of Toronto, which is a world leading health informatics incubator. Steve has also done some research using sousveillance on hand hygiene to reduce hospital infections. There are other more bold applications, of course, like using google glass in surgeries or dentistries for training and/or assisted learning.

In my own small way I am also trying to think through the "legal, ethical and policy issues", as Steve says, here on this blog. Those at the Institute for Ethics of Emerging Technology are also doing that "in spades", and there is a recent article about Steve Mann and sousveillance on it (here). Steve has recently argued for "legal" rights for sousveillance in an editorial for MIT technology review. Veilliance has become a study in itself, in all it's various forms, as Steve leads a Veillance conference and research group, which it would appear I made a blog post about last year< here >.

I could also blend in here a discussion related to the ethics of self-experimentation (and hat tip again to the folks on the CAREB Linkedin group for that article). Mostly we have known about clinical self-experimentation, and in social sciences/humanities there are '"autoethnographies", but now with the development of new technologies people are trying their own DYI experiments.  I saw an TVO Agenda program (Mysteries of the Mind - Tomorrow's Brain ) that discussed the health benefits for improving cognitive function and mental health using Transcranial Magnetic Stimulation (TMS)  where the panel experts played a youtube video they had discovered and discussed the guy in it who hooked his brain up to his own home-made TMS device. In the video we see the guy, when he turns on the electricity, explaining: "Just saw a white flash". So don't do this at home kids!

Steve Mann is not a guinea pig. He isn't a research subject. He is the subject of his own research. Developing and wearing computers is something he has done since he was a kid, so he is just using evolutionary momentum for whatever agile developments that improve his cybernetic state of well being. An oversight committee at his place of employment might recommend a technology ethics review, but we have to think that Steve is largely "self-employed" with this system, "dug in like a tick", and there ain't no separating him from this life experiment with digitally enhanced awareness. Anyway, Steve would fight back against anything "oversight". The dangers of any research involving humans is that researchers to a certain extent "have blinders on" and are biased towards their own methodologies and perceptions of risk, and thus lose objectivity.

I don't know who said "the pull of the future is greater than the push from the past", but I do remember the person who I heard it from. Whoever it was must have imagined some strange and distant world waiting to be born. That is the sousveillance world of Steve Mann.






Thursday, January 16, 2014

Google broke Canada’s privacy laws with targeted health ads

This story is currently receiving a lot of media attention currently and I reposted they headline and story from The Globe and Mail:

http://www.theglobeandmail.com/technology/tech-news/google-broke-canadas-privacy-laws-with-targeted-ads-regulator-says/article16343346/?cmpid=rss1

I left the word "watchdog" off the headline because the Canadian Privacy Commissioner isn't a watchdog. There is no privacy police but there is a privacy policy. Not a police dog, but a policy dog. Google might pay a fine? No problem for Google probably. Not many privacy statutes have teeth is what they say.

This story reminds me again that I want to write more about the face-off between Public Health and Consumer Health. This is a prime illustration: Google is consumer health using targeted health ads based on your browsing search inquiries, and the Government of Canada is Public Health, the collective servant of protective measures based on principles that come somewhere other than making a profit - serving the common good by way of utilitarian ethics.

Most of the time when it comes to health information, I am highly sympathetic to "Dr. Google".  I will pick up this thread later because I want to say more about how I see the differences between Public Health and Consumer Health will have an impact on informatics.

If anyone wants me to remove the AdSense ads from this blog, because you are offended by the personally invasive use of targeted ads relating to your personal health search on Google, please let me know. That's the way the cookie crumbles, as they say.




Thursday, December 5, 2013

Data in Electronic Health Records for Medical Research

The Institute for Ethics and Emerging Technology had an excellent article by Donna Hanrahan entitled "Data Mining, Meaningful Use, Secondary Use, & Potential Misuse of Electronic Health Records". It has an excellent synopsis of what many clinical researchers, ethicists, and privacy experts have been saying for many years, about how data in the EHR can be used for medical research purposes.

There are ways to do that, like consent management, audit record logs, and increasingly better means to de-identify data and prevent it from being re-identifed. This latter work is really being pioneered by Dr. Khalid El-Emam. That is, before one would be able donate the data in the EHR to science, post-mortem.

I will copy in here just the section on how data in EHR can be used for medical research:

Beneficence of Electronic Data in Medical Research
Despite the ethical concerns addressed above, the use of electronic health data is critical to ensuring patient health, improving our healthcare system, and making new scientific discoveries in this technological age. Critics may question whether EHRs are truly meaningful or whether it is an “excessive bureaucratic requirement to spend public dollars on doctors’ computer systems.”xxxii This answer to this question can be discussed through the principle of justice. It is ethical, one could argue, to expend public funds for EHR systems that provides for the greater good and benefits for the public as a whole. Having data that is structured and easily retrievable benefits clinicians, patients, and the greater population. These benefits include safer prescribing, prevention of medication errors, epidemiological tracking to protect population health, and public medical error reporting. Furthermore, there is a clear need to switch from outdated, burdensome, and inefficient clinical charting traditions to electronic format.
EHR adoption aims to reduce cost, which is a primary goal of health reform in the United States. The increase in information available to clinicians can help prevent redundant or unnecessary tests and imaging. Furthermore, EHRs can provide point-of-care clinical decision support (CDS) as doctors prescribe tests, medications, and imaging requests, which can also help reduce costs. Lastly, “shared savings,” or “gain-sharing,” allows hospitals and healthcare providers to collaborate to reach quality metrics.xxxiiiAccordingly, EHRs enable users to measure desired outcomes and report this data more quickly and easily, saving both time and money. With regard to the costs associated with EHRs, studies have documented the strong return on financial investment that may be achieved following EHR implementation.xxxiv Other financial benefits include increased revenues due to improved care coordination, averted costs of paperwork, chart pulls, and billing errors, and fee-for-service savings including the rate of new procedures and charge capture. Furthermore, the secondary use of health record information is anticipated to become one of the healthcare industry’s greatest assets and the key to greater quality and cost savings over the next five years.xxxv In fact, a recent report by the McKinsey Global Institute, estimates the potential annual value to the healthcare industry at over 300 billion dollars.xxxvi These savings in cost benefit both the patient and provider.
There are also several patient-centered benefits that result from the “meaningful use” EHR data. Perhaps one of the most promising results of EHR data mining is the use of predictive modeling techniques to identify medical conditions and promote interventions before the onset of symptoms. Furthermore, retrospective analysis of the health data mined from EHRs could expedite scientific discovery in medicine by providing valuable information for research. In addition, physicians’ access to data and analysis could demonstrate the efficacy of different treatment options across large populations, which could help treat and prevent chronic conditions. Lastly, such data can be used to identify evidence-based best practices, identify potential patients for clinical trials, and monitor patient compliance and drug safety. These measures show beneficence towards the patient by providing better more individualized care.



Sunday, December 1, 2013

Is US Homeland Security Accessing Canadian Personal Health Information?

There is a disturbing story about how more than several Canadians have been denied entry to the United States by Homeland Security because of the information they held on their medical condition. You can read an instance of the story < here >. Ontario Privacy Commission Dr. Ann Cavoukian says it is a "matter of grave concern". I find it quite shocking too. Actual facts may point to Homeland Security receiving the medical condition information through 911 call records, and not somehow directly accessing medical records (as the story might suppose), but still...

Thursday, June 6, 2013

IEEE conference in Toronto: Theme - SmartWorld

If I find the pocket change for registration - I am there in a heartbeat. Two panelists or speakers  of interest to eHealth students are Dr. Ann Cavoukian, Privacy Commissioner of Ontario, and Dr. Alex Jadad, who is founder for the Centre for Globale eHealth Innovation lab at the University of Toronto. Having Ray Kuzweil, Steve Mann, Marvin Minsky, et al there is just "icing on the cake".

Website for IEEE ISTAS'13: http://veillance.me

Theme - "Smartworld"

Living in a Smart World - People as Sensors
ISTAS'13 presenters  and panellists will address the implications of living in smartworlds - smart grids, smart infrastructure, smart homes, smart cars, smart fridges, and with the advent of body-worn sensors like cameras, smart people.
The environment around us is becoming "smarter". Soon there will be a camera in nearly every streetlight enabling better occupancy sensing, while many appliances and everyday products such as automatic flush toilets, and faucets are starting to use more sophisticated camera-based computer-vision technologies.  Meanwhile, what happens when people increasingly wear these same sensors?  
A smart world where people wear sensors such as cameras, physiological sensors (e.g. monitoring temperature, physiological characteristics), location data loggers, tokens, and other wearable and embeddable systems presents many direct benefits, especially for personal applications. However, these same "Wearable Computing" technologies and applications have the potential to become mechanisms of control by smart infrastructure monitoring those individuals that wear these sensors.
There are great socio-ethical implications that will stem from these technologies and fresh regulatory and legislative approaches are required to deal with this new environment.
This event promises to be the beginning of outcomes related to:
  1. Consumer awareness
  2. Usability
  3. A defined industry cluster of new innovators
  4. Regulatory demands for a variety of jurisdictions
  5. User-centric engineering development ideas
  6. Augmented Reality design
  7. Creative computing
  8. Mobile learning applications
  9. Wearables as an assistive technology
"Smart people" interacting with smart infrastructure means that intelligence is driving decisions. In essence, technology becomes society.
Professor Mann University of Toronto will be speaking in the opening keynote panel with acclaimed Professor of MIT Media Arts and Sciences, Marvin Minsky who wrote the groundbreaking book The Society of Mind  and has helped define the field of Artificial Intelligence (AI) among his major contributions.
General Chair of ISTAS13 and formerly a member of the MIT Media Lab under the guidance of Nicholas Negroponte in the 1990s Mann is long considered to be the Father of Wearable Computing and AR in this young field.


Saturday, November 17, 2012

Now that's getting personal: how small data is the new oil

I am not sure what to make of the personal.com company and application. There is a health information component, making it relevant to this blog. I am not sure I am so hyper concerned about personal information that I would use the personal login to access my facebook account. I suppose I am more of an exponent of open data, and even big data for that matter. Don't get me wrong. I understand the need for privacy and security of data. But "small data is the new oil"? They really might have something here:


Small data puts the power and tools of big data into the hands of people. It is based on the assumption that people have a significant long-term competitive advantage over companies and governments at aggregating and curating the best and most complete set of structured, machine-readable data about themselves and their lives – the “golden copy”. With proper tools, protections and incentives, small data allows each person to become the ultimate gatekeeper and beneficiary of their own data.
Built on privacy by design and security by design principles, small data can help people become smarter, healthier, and make better, faster decisions. It can help people discover new experiences more easily, reclaim time in their busy lives, and enjoy deeper, more positive relationships with others.

Saturday, October 27, 2012

COACH Privacy Guides now available for Healthcare Organizations from eHealth Ontario

I knew eHealth Ontario was licensing the patient portal guidelines from COACH, because I was working with the COACH Expert Group that was writing them when it was announced. The recent news announcement that all 3 privacy and security of personal health information guidelines are being offered for free to Healthcare organizations in Ontario is wonderful.  I am now working on updates to the 2011 EMR guideline and the special edition of implementing the EMR with a COACH Expert Group again. Unfortunately, I am not as much as an expert this time because a lot of it is about legislation - not my speciality.  I knew more about patient portals at the time.  If you work in healthcare, you can apparently download them for free here.  So far, however, the download has not worked for me.  Not sure what the problem is.  Maybe it recognized my name and somehow knew I already have copies of these:
http://www.ehealthontario.on.ca/en/privacy/guides/


Privacy Guides

The 2011 Guidelines for the Protection of Health Information is an easy-to-use guide that covers topics such as accountability, consent, collection and security safeguards. This guide reflects the core principles of the Canadian Standards Association Model Code for the Protection of Personal Information and the content is aligned with Canada Health Infoway requirements and standards (international and national) such as the ISO 27002 Security Management Standards.
  • 2011 Guidelines for the Protection of Health Information
    A comprehensive resource on privacy and security best practices that helps health care professionals protect the PHI that they require to do their day-to-day work. This resource is designed as a stepping stone to help health care organizations address common concerns, avoid confusion and prevent misunderstandings related to the protection of PHI.
  • Privacy & Security for Patient Portals 2012 Guidelines for the Protection of Health Information Special Edition
    Developed for use by those designing, implementing and maintaining a patient portal system, this helpful guide is appropriate for organizations of all sizes—from a physician’s office to a large hospital. Topics include: choosing a portal model, Canadian privacy legislation and privacy and security risks/controls related to patient portals.
  • Putting it into Practice: Privacy and Security for Healthcare Providers Implementing Electronic Medical Records COACH Guidelines for the Protection of Health Information Special Edition
    Provides health care providers with up-to-date privacy and security considerations and best practices related to the procurement, implementation, setup and maintenance of an electronic medical record system in a community practice setting.