How safe is our health data?

Written By Seena Williams

No. 56: Bringing you the news that matters in video privacy and security

eHealth is a booming sector - between online medical consultations, health apps, the metaverse, and more, many of us have outsourced a lot of our medical needs to the digital space. 

With this comes privacy concerns, fear of company overreach, data breaches, or worse. Medical data is at the heart of digital health, and companies who collect this data need to ensure they do so legally and ethically, with proper data protection systems in place. 

The US Senate has recently introduced the Upholding Protections for Health and Online Location Data (UPHOLD) Privacy Act, which looks to protect personal health data. This law comes in the aftermath of the Roe v. Wade repeal and the consequent fear over abortion rights in the US. The Act, among other things, looks to resolve concerns over the online safety of patients seeking abortions and prevent personally identifiable health data from being used for targeted advertising. 

The US Congress has also recently suffered a large-scale data breach whereby the health data - and more - of over 56,000 people has been compromised and potentially leaked online. 

The online therapy app, BetterHelp, has been found to have improperly shared sensitive user health data with other platforms for advertising purposes, despite assurances the data was safe. The organisation have been hit with a massive $7.8 million penalty by the Federal Trade Commission (FTC). 

Our health data is some of the most sensitive information we hold. The public need to feel confident that health organisations recognise people's needs around health, care and privacy first - and protect this data accordingly. 

As always, please send any feedback or topics of interest you would like to be covered. 

Seena, Editor

News

Largescale health data breach affects members of US Congress

The D.C. Health Benefit Exchange Authority has revealed that the data of over 56,000 people was stolen during the hack of the online health insurance marketplace. The data included social security numbers, health plan information, and other personal information, e.g. addresses, phone numbers, and citizenship status.

The New York Times: D.C. Data Breach That Included Members of Congress Affected More Than 56,000

CyberScoop: Hacker posts more D.C. Health Link data online, exposing lawmakers’ personal information

 

Online therapy app, BetterHelp, faces class action lawsuit for allegedly selling user data 

The online therapy app, BetterHelp, has agreed to pay a $7.8 million penalty to the Federal Trade Commission after allegations it improperly shared sensitive user data with companies like Facebook and Snapchat. Despite promising not to disclose personal health data except for limited purposes, the company allegedly revealed email addresses, IP, addresses, and health questionnaire information to external parties for advertising purposes.

The Verge: BetterHelp shared customer data while promising it was private, says FTC

IAPP: Online therapy app sued in class-action lawsuit for allegedly selling user data

 

Sports Direct receives pushback for installing facial recognition in stores

Sports Direct has received significant pushback after revelations that they used facial recognition in stores to identify shoplifters and potential offenders. The ICO commented that they were investigating whether the use is lawful, while this move has been criticised by civil liberties campaigners as "Orwellian".

Retail Gazette: Sports Direct slammed over use of facial recognition tech in stores

Charged Retail: Sports Direct slammed over use of facial recognition tech in stores

 

Swiss rail network increases investment in video surveillance systems to improve safety

The Swiss Federal Railways has recently seen a large-scale increase in video surveillance investment, with roughly 25,000 cameras in operation nationwide. This move has been part of a push to improve security and the safety of both passengers and staff, and potentially be used as a "customer frequency measurement system".

IFSEC Global: Swiss rail network increases investment in video surveillance cameras

Swiss Info: More Swiss trains fitted with video surveillance

 

YouTube accused of collecting young children’s data in breach of the age-appropriate design code

A member of advocacy group 5Rights has filed a complaint with the ICO accusing YouTube of collecting the data of under-13s - which is in violation of the age-appropriate design code. They called for the ICO to order Google to stop collecting children’s data - including watch history, devices, and location - and potentially fine the organisation.

BBC: YouTube accused of collecting UK children's data

Computing: YouTube breached child protection laws, suit claims

AI Snippet of the Week

Denmark's welfare auditing system under scrutiny by privacy advocates

Denmark’s machine learning-powered welfare auditing system has been accused of expanding “systematic surveillance” and collecting a disproportionate amount of data on recipients. The scheme, which looked to tackle welfare fraud, has been scrutinised by the Danish Institute of Human Rights and Denmark’s data protection authority.

Wired: How Denmark’s Welfare State Became a Surveillance Nightmare

IAPP: Denmark's welfare auditing system under scrutiny by privacy advocates

Policy Updates

US Senate introduces bill to protect personal health data following Roe v Wade repeal

The US Senate has introduced The Upholding Protections for Health and Online Location Data (UPHOLD) Privacy Act, which prevents companies from profiting from personally identifiable health data for advertising purposes. The law would give consumers greater access and ownership over their personal health information and restrict companies’ ability to collect or use data without user consent. 

Mashable: A new Senate bill aims to protect health data privacy in light of Roe reversal

The Verge: After Dobbs, Democrats roll out health and location data protections

To subscribe to our fortnightly newsletter, please click here

Thanks for reading, if you have any suggestions for topics or content that you want to see covered in future please drop a note to: info@secureredact.co.uk

Seena Williams
Previous

We’re going to ISC West!
Next

What - or who - is balancing the wobbly scale of surveillance data?