Tuesday, July 28, 2015

Back to the Future Garden of Eden

The very first thing Adam and Eve did after acquiring the wisdom to distinguish between good and evil was to cover themselves up and hide from view. Privacy was the first concern of a newly enlightened humanity. The punishment for acquiring this peculiarly human self-awareness was harsh, swift and unforgiving. Yes, it is legend, but you should never underestimate the genius of an author whose collection of stories has been the number one global bestseller for almost six millennia and counting. Today, a new legend is forming. If we agree to take off our loincloth and step out from the shadows of our privacy, the eternal punishment of blood, toil, sweat and tears will be rescinded by a new generation of supreme beings.

Is it possible for us to unbite the proverbial apple? Is it possible for us to revert to naked grazing among the magnificent bounty offered by the new gods, completely oblivious to benevolent surveillance and unobtrusive discipline? Our government thinks so. The billionaire class thinks so. And many of us agree and think it’s for the best. After all, honest people have nothing to hide, nothing to be ashamed of, and privacy has no tangible benefits anyway. Better yet, a little less privacy, and a little more supervision, for criminal elements and people we don’t like, is probably a good thing. Insisting on an archaic “right to be let alone” in a globally interconnected world, other than being laughable, is hindering the democratization, simplification, cheapification and commoditization of all life’s endeavors, including prevention of disease and curing cancer. Privacy is the last barrier to an eternal life of leisure and joy.

There is currently a well-coordinated, well-funded and extremely successful campaign to help us shed the ball and chains of privacy. Whereas three quarters of a century ago we realized that work made us free, today we recognize that sharing our private information will bring us personal liberty. Freedom and liberty, contrary to what you may have learned in kindergarten, are earned by hard work and individual publicness. Since the innocent days of prancing naked on the banks of the Euphrates, we learned the hard way that free markets are the engine, the heart and soul, of humanity, and free markets are hampered by the original sin of privacy, which introduces an information asymmetry that makes the markets anything but free. To liberate ourselves, we must liberate our markets first.  

America, as usual, is leading the way in liberating international markets. Our unique form of government with its three famous branches of corporate, lobbyist and executive is best suited for freeing humanity, because our government has evolved from representing a small group of citizens to representing global markets. For those too old to see the glory, rest assured that there are large checks flowing freely between the three government branches and balances are meticulously calculated by our leaders. The Singularity, you see, is not a nebulous prophecy about cyborgs. The Singularity is here and now, as this is the precise moment in human history where governance, technology, apathy and savvy leadership are perfectly aligned to take us back to the future Garden of Eden.

On Friday, July 10, 2015 the 21st Century Cures Act was passed by the House of Representatives of the U.S. Congress with overwhelming bipartisan support. Relatively speaking, the bill is rather short and concise at 362 pages, so one can be certain that our wise representatives have read every syllable and understood all the technical intricacies of this groundbreaking legislation before casting a vote. Having been a skeptic in the past, I must admit that I am particularly awed by the mathematical prowess of our legislators who empowered the Secretary of Health and Human Services to require that scientists use Bayesian statistics in their pharmaceutical research.

The Act that will cure us in the present century is the culmination of a gigantic effort by the corporate and lobbyist branches of our government to bring potentially lifesaving medicines to the market faster, in larger numbers and at lower costs to the manufacturers. To accomplish this the Act is cutting through the useless regulatory red tape of the Food and Drug Administration (FDA) and bypassing the obsessive scientific insistence on rigorous clinical trials, which can take decades to produce an approved medication, while people continue to needlessly die. Instead, an iterative and more agile process is being put in place by the Act. Do a little research, a little testing, a little checking and regulating, fail soon, fail often, and pivot quickly based on post-market laboratory surveillance.

Sure, people will continue to die (not necessarily the same ones and perhaps a few more), but now they will die for a good cause. The road to heaven, you know, is paved with necessary atrocities. Privacy of course is not congruent with the needs of a learning laboratory system, and the Act has taken the first steps to remove some of the anachronistic obstacles erected by the privacy sections of HIPAA. Once the Cures Act becomes the law of the land, personal health information will become shareable for research purposes, and the cumbersome need to obtain informed consent from human research subjects will be waived if illustrious researchers estimate that the experiment poses “minimal risk” to those experimented upon. Illustrious researchers have always been humanitarians first, and scientists second (savage sadists was a distant third), so we should be fine.

Less than a fortnight after the Cures Act swished through Congress, the lobbyist branch came up with a whitepaper to guide the next steps in our road to redemption.  Calling it as Oracle, IBM, Intel and PhRMA, all esteemed members of the corporate branch, see it, the lobbyist prescription is to dismiss any shreds of privacy and self-determination laws left standing, including the Common Rule which protects the rights of human subjects of medical research. The Common Rule is the American implementation of the Declaration of Helsinki, which was developed by the World Medical Association, following the peculiar events that led to the creation of the Nuremberg Code. The Common Rule is thus a relic, an overreaction to a bunch of idiots who thought they could somehow engineer a perfect race of humans, and among other things engaged in ample exploratory research. Stuff like that cannot happen anymore, because now we have Internet, so it’s time to get over it, put it all behind us and move forward.

Privacy rules, you see, have “opportunity costs” for the corporate branch of government, and as such are strongly affecting the movement of checks between the branches, and the size of balances everywhere. The lobbyist whitepaper is making an exceedingly compelling argument for permitting unchecked collection and trade in all sorts of personal information, not just medical or genomic. The banks have been doing it forever and it's all working just fine, other than a little innocuous leakage into marketing databases. Why should other corporate clients be treated differently than the banks? It’s simply not fair, and “lives are being lost” because of our failure to equally protect all corporate members from undue regulatory burdens. A stark example of unfairness is the preferential treatment afforded to the Centers for Medicare and Medicaid Services (CMS). 

On November 13, 2014, the CMS published a final rule regarding its physician fee schedule for 2015. Tucked neatly inside it, there is a little section promising to “provide clear legal authority for Health Insurance Portability and Accountability Act (HIPAA) Covered Entities to disclose any required protected health information” to the CMS. The “required” disclosure is for information ranging from clinical to “health behaviors” to a catchall “other data”, such as “participant employment status, participant educational degrees pursued/achieved, and income”, all “with identifiers that allow linkages across time and datasets”. The subjects of said disclosure are all entities “participating in the testing of past, present, and future models” funded by the CMS, including people not covered by the CMS, which is pretty much all people in this country.

The CMS needs the information to evaluate results of research projects, which by its own admission could have adverse effects on participants, with no mention of informed consent being needed from test subjects. How is this fair? If the CMS is asserting such latitude, why shouldn’t the corporate branch enjoy equal opportunities? What has the CMS done for you lately? If you are going to trust someone, why not trust a good solid brand-name, like say, the Coca-Cola polar bear, or the Marlborough man? If somehow doctors came to your mind in this context, the lobbyist whitepaper is quick to point out that, by winning Jeopardy, IBM’s Watson proved once and for all that “doctors are no longer the experts they once were”. And no whitepaper can be complete without reminding us that if we don’t get our act together quickly, China is going to eat us for lunch.

So that as they say is that. We must comply. Yes, for some of us it will be a little awkward in the beginning, but many have already made the transition, and frankly they seem to be just fine. This is after all an inevitable stage in human development. After losing our innocence, we began eking out a meager and perilous living by scratching food from the dirt beneath our feet. We looked underneath the dirt and discovered carbonized dead vegetation and digging deeper we found other fossilized lifeforms. We sustained ourselves comfortably on the dead bodies of those who came before us. For a brief moment, we looked up and considered the infinite bounty of the universe, but that seemed too hard.  The disruptive innovation of our times is to fast forward to a distant past and turn on each other to extract untold fortunes from mass digital cannibalism.


  1. Ah yes. Why wait for those who came before us to have the decency to die and fossilize before we start extracting fortunes from them?

    1. :-) there are more efficient ways.....

      Somewhat related, I just read this https://medium.com/matter/did-big-pharma-test-your-meds-on-homeless-people-a6d8d3fc7dfe

  2. Thanks Margalit. I think you've nailed the privacy perspective on the asymmetry between individual humans and the institutional deities of technology. The singularity may well be here but in a different way.

    Technology is now accessible to the individual, as owner. The Maker movement gets that. The buzz around interacting personal drones is bringing the concept to the masses. In healthcare, patient-driven interoperability http://thehealthcareblog.com/blog/2015/07/20/standards-alone-are-not-the-answer-for-interoperability/ is now possible. The asymmetry of the technology-based panopticon you envision can be reversed by making owned and accessible technology the 21st Century fig leaf.

    1. Hi Adrian,
      I do understand the concept of personally-owned technology, and I do believe that it could be used the way you envision. However, I think most of the "personally-owned" "stuff" out there is not. I thought my email was personally owned (and paid for) until I started seeing Linkedin suggestions to connect to folks that I emailed 5 years ago.

      Patient directed interoperability addresses the top layer of data movement between medical facilities. It does not address bulk database transactions, such as the ones CMS is asserting it has a right to demand. It does not address involuntary collection of consumer data and its linkage to medical data for the purposes of profiling "risk", which has spread far and wide beyond insurance companies and is now standard MO in ACOs and health system "analytics" and is influencing the actual provision of medical care.

      I think we certainly need personally-owned tech and patient-directed exchange, but without appropriate legislation, it may all be just window dressing.

    2. Modern technology such as policy-based User Managed Access (UMA) and HEART http://openid.net/wg/heart/ can absolutely address all of the current bulk database transactions you mention. The friction this introduces is negligible in terms of cost but invaluable in the degree of cybersecurity and fraud prevention that it would introduce. We began to demonstrate this with the Privacy on FHIR demo at HIMSS. Hidden bulk transactions and data brokerage are exactly the stuff that 2015 technology is already able to deprecate.

      We do agree that legislation is needed to shut off the bulk transfers under HIPAA TPO, enforce strict contemporaneous accounting for disclosures and cut off hidden data brokerage under pretense of de-identification. The current focus on cybersecurity and concerns about discrimination in allocation of $3 T of healthcare resources should be the drivers of this much-needed legislation.

      All concerned should consider joining the HEART workgroup to develop the standards and best practices consistent with this kind of legislation.

    3. Interesting work group... I will look at it in more detail this weekend. Forgive me if I misunderstand, Adrian, but it seems to me that your main concern is to place all overt interoperability functions in the hands of patients, and I do support that.

      My concern on the other hand is with what happens behind the interoperability debate, but is aided and abetted by standardization and widespread liquified information. Any moderately qualified database administrator can dump all contents out of any database, regardless of any attached authorizations, and nobody will ever find out that it happened. Unless we subject such transactions to criminal penalties, health care will indeed be just like the banks. We can all get our data at any ATM, and we can control which doctors can see which portions of it, but Axiom & Co (and all their clients) will see (are seeing?) it all.

      I think our concerns are complementary, and while I do little other than furiously rant here and there, you are actually building a solution to part of the problem and I thank you for that.

  3. Beautiful blog, you rarely see someone take your stance against the current privacy wars, but it's definitely a refreshing one.