Trusting Technology is Not the Same as Trusting its Architects: Has Alexa Earned that Reliance?!
One of the most compelling headlines covered by the recent news media is the subject of the tech industry's partnership with the government's national health systems. Lately, British Broadcasting Corporation (BBC News) announced, amazon Alexa will soon be offering medical advice to consumers through collaboration with the British national health system (NHS). The comprehensive integration of government initiatives with private entities is a big welcoming step by the British government. This radical movement has faced significant criticism from the public.
The idea of health information privacy and Health Insurance Portability and Accountability Act (HIPAA) violation is one of the major concerns. Yet, the government rationale for such a drastic step is based on the administration’s hope by integrating amazon’s artificial intelligence technology, Alexa will reduce the human burden, thus will improve efficacy and subduing healthcare costs. The opponents of that measure are worried about its potential security and privacy flaws.
The dissertation concerning the exponential emergence of technology within the medical space by the big data industry is, too, a subject of multidimensional concerns. Issues, if not addressed soon, can hold irreversible consequences. Some problems are related to data storage and possession, quality and validity of algorithms used, and information security and HIPAA compliance.
One of the most commonly used terms by the public to voice concerns relating to health information is, in fact, HIPAA. We often witness people using it interchangeably for matters with nothing to do with health information security and privacy. To put in place the right solution for the valid information security concern, we must educate every user on the difference between, Personal Information security, health information security, privacy, data, and HIPAA compliance.
In a technical sense, any information, irrespective of its nature, utility, and contents considered data or, specifically speaking, “metadata.” What makes up data (in large-scale big data) is defined by the domains of this metadata. For example, health information represents the summary of data generated, used, and analyzed within the healthcare domain. The same applies to personal information and so on. Of course, we may experience convergence within the big data, as health information is also considered private and vice versa.
The concept of defining the accurate definitions of types of data is the key, as it will help expose some mysteries behind its misconceptions and loopholes that most corporations take advantage of to legitimize their intention of accessing private and valuable selective information.
Data is referred to as information translated into a virtually basic (also called raw data) format in computing works. Protecting digital data, within the database, from destructive forces and the undesirable actions of unauthorized entities or people, like a cyberattack or a data breach, is collectively referred to as data security. Personal information is the personal identifying entropy deemed sensitive and confidential. A subcategory of the latter is Health information, employing the profile of data and the personal information associated with the individual’s personal medical history, including symptoms, diagnoses, procedures, and outcomes.
President Bill Clinton signed the accountability Act bill of 1996 or HIPAA, which primarily focused on modernizing the flow of health information.
HIPAA stipulated how “Personal Identifiable Information” is maintained, protected from fraud and theft by the healthcare organizations, and hash out limitations on insurance coverage.
It is imperative to realize the definitions and their standing within the legal system and how the corporations and big industries use the current reports to find leeway to navigate such a vastly growing yet partially regulated space. For instance, despite what is being propagated; under the current legislative state strengthening the HIPAA rules will have little or no oversight on corporate entities or limit access to patient private information because entities are interested in the raw data, which under the current definition they may access without necessarily beaching HIPAA rules or in theoretical sense disclosing the “identity of the patient.” Under the original ruling concealing the patient identifying personal information, including name, discuss, or social security number would suffice to prevent the consequent profiling of that patient. Still, under the modern digital information technologies and sophisticated algorithms, IP addresses would make unsealing the traditional identifying information unnecessary and redundant. In short- the system with artificial intelligence support can extract personal information and match it with the identity by connecting the dots over cyberspace.
Since the passage of the HIPAA bill was intended initially for paper-based medical records and information handling, it will fail to cover the scope of its modern applications and fall short of keeping up with the scientific sophistication. No doubt, large corporations are moving faster and wiser on Big data expansion and conquering citizens’ information than lawmakers can keep up with the information security policies. In all probability, they could if they would take time off political games and away from the corporate lobbyist.
Is Alexa Going to Violate HIPAA?
The short and simple answer would be yes! — But to refine further will need to refer back to the definitions I shared earlier about data and data privacy. When initially implemented, the primary scope of HIPAA was to prevent inappropriate use of patient privacy information. But today, patient info such as smoking history is accessible with a simple click of a mouse or spoken word through Alexa and matched with identifying information and IP addresses and subsequently shared with the insurance companies. Whether legal or not, that can affect the person’s healthcare premium solely based on that figure.
Given the current technological advances, to support optimal data privacy- it is necessary more than ever for the algorithm designed by the tech industry to be transparent. One needs to keep in mind that enforcing the transparency on proprietary algorithms will open up the door to more challenges relating to intellectual property rights and proprietary laws.
Misleading the public and lawmakers and the convenience of the algorithms used to extract every aspect of public information from the centralized database guarantees the corporate entities the upper hand over the government entities.
HIPAA does not bind tech companies under not being considered a healthcare entity and not having access to the ripe patient identity or disclosing patient identifying information. But they indeed indirectly invade user privacy and jeopardize the patient’s interest. Hence this means nothing short of a double standard within the current data privacy scandal.
Can you Trust Technology?
In other words, can you trust Alexa to listen to your conversation and share your health information with the centralized system, thus mathematically enabled to analyze further, distribute and do actions that are meant for profiteering? Those who are often exposed to daily news must have noticed the distrust healthcare holds towards the technology. This growing attitude is irrelevant to the actual problem, as technology is nothing but a sophisticated instrument. It functions through what was aimed by its architects. Under the current trend of corporatism, it would be more justified to place the burden of distrust on technology innovators. Without high-level transparency and accountability towards their tactical mission, the innovators are inclined to pivot the business model by strategizing their tasks to focus solely on maximizing the revenue stream. Trusting technology or technocracy has developed significant appeal among millennials. Still, it has suffered a significant backlash among the baby boomers over the past decades- A possible cause, is the discrepancy between expectations, knowledge, and policies.
Tightening Regulations
Increasing regulations and implementing harsh punishment without the proper scope of regulatory process resembles protecting a house from theft by guarding the front door access while leaving the rare door wide open for the thief to enter the premises. That Signifies that tighter regulation is not identical to superior rule. The traditional HIPAA regulation enforcement is irrelevant to preventing data piracy.
The essence of the problem is not necessarily insufficient regulation or poor regulation per se. In an open competitive market, excessive regulation is utterly counterproductive. What is compulsory is closing lobbyist loopholes and misinterpretation of what implies the invasion of patient sovereignty. Flawed interpretation of HIPAA, information and health data diverges attention from the actual issue.
Centralization vs. Decentralization why is it Important?
Suppose we consider an industry having complete control over storing, maintaining, and analyzing your data, even if they carry out the most significant security possible through layers of technologies. In that case, it will flop to prevent hackers from accessing the information. Besides, the centralized nature of the stored data makes it attractive to hacking, like holding millions of dollars in a central bank. Centralization, irrespective of security, would still serve as one hard-stop shop for data hackers. Now imagine dividing the same volume of data among one thousand of its legitimate owners! For a hacker or a corporation to access the same quantity of information, they must access the data through individual owners or users. Irrespective of the security level hacking, the decentralized system carries less inducement as it takes more effort.
Centralize with Government-run Technology
In a country or a system where the government administration is fully controlled by its healthcare and database, the centralized system could be a practical choice as long as the government adopts and manages its technologies because it will cut the data breach and abuse. But if the same administration creates a hybrid model by partnering with a private for-profit entity, then the public must have a significant cause of concern. Sharing important data without individual citizen control and consent is considered a severance of individual rights.
The decentralized system giving the ownership of the data to its sovereign owners is the most efficient approach, even though considered imperfect, but is the most workable choice. It Increases personal value by transferring the worth of data earning potential to the patient. Decentralization is a tool because it motivates patients to increase their earnings by staying healthy and contributing to the empowerment of global healthcare.
The Vital shows transparency in all technology algorithms and holds the stakeholders accountable for breaching what somebody envisioned their system to do or pivoting for an alternate purpose. Empowering the domain owner of discipline by engaging them in the business process, validation, and quality assurance is vital, equally so for the functional requirement for that particular industry is as important. Within that concept, the Government’s obligation would be to oversee corporate business strategies and their deviations by making sure proper adherence to a predefined tactical approach.
The public’s insufficient basic knowledge of technologies is far more damaging than inadequate technology because it would resemble operating a machine gun without learning how to use it. Indeed, it would be like shooting oneself in the foot. That is what we are facing today on health information security and public perception of data science. Data security and HIPAA — The responsibility is on us, as corporate entities have one mission, profiteering that includes but is not limited to the Alexa technology of Amazon.