Agreed.
Doc
On Feb 17, 2014, at 1:38 PM, T.Rob <
">
> wrote: Hi Graham, Whether you have a right to something and whether and how you choose to exercise that right are two completely different things. I do not believe Adrian is suggesting that everyone's data practices be defined by the few most demanding patients, nor am I suggesting the same for car data. What we are saying is that as the car owner or medical device user, we have an inherent right to data that we generate with these personal devices and that we should not be denied access to that data. In the case of medical devices and probably cars as well, it is possible to design the architecture such that the device/car owner has direct access to that data while still providing the same level of access to other stakeholders as they get today. The difference is that the current architecture in all these cases is designed on the assumption that the car/device owner's access to the data is at best mediated through a 3rd party, and enforceably non-existent at worst. This, too, is MORALLY WRONG. Hi Adrian Not all chronically-ill patients, (and I assume not all car drivers), want as much control over their data as you seem to do. For example, McColl Kennedy et al in a recent paper on 'Health Care Customer Value Cocreation Practice Styles' ( http://www.sdlogic.net/uploads/2/7/3/5/2735531/mccoll-kennedy_et_all__jsr_2012.pdf) identified five different styles of co-creation in cancer patients, ranging from 'passive compliers' who complied with the instructions they were given to the 'team managers' who wanted to organise everything abut their treatment, handling and recovery.. Each patient had a dominant style which they preferred to work within. If they had all been forced to operate as the most active - team managers - the health outcomes for the other four types of patient would have been worse than if allowed to operate under their own preferred style. Interestingly, almost half of the patients were identified as preferring the passive compliant style. I suggest it is MORALLY WRONG to insist that all drivers be forced to adopt the policies demanded by the most demanding of car-driving data users. Any regulations, codes of behaviour or best practices developed should suit the needs of all drivers, from the most data-demanding to those who couldn't give a tinker's cuss! It would be a criminal shame if the medical needs of an unconscious driver lying in a car wreck were to be overruled by an over-zealously constructed data usage agreement that required active consent from the dying driver. Common sense would dictate that we put the VRM ideology to one side and work on a pragmatic set of best practices that are in the interests of ALL DRIVERS, not just of a few obsessive zealots. Thankfully, automobile telematics should be a whole lot simpler than oncology treatment. That doesn't mean that the same approach couldn't be taken to identify their preferred styles. Best regards from Cologne, Graham
Consider the case of connected people. Hugo Campos, for example has an implantable cardiac defibrillator (ICD) that sends his data to Medtronic before it goes to the hospital where it might go to a doctor, and finally, only after years of struggle, Hugo got to see a degraded version of his own data as an off-line file. (Activities that trigger the ICD and the resulting "tuning" are obviously a prime concern for the patient.) Hugo has been very public about this issue. Another ICD patient I advise lost track of her data when she lost her health insurance. The alarms from her device were not being monitored by anyone. From my perspective, "privacy by design" is too vague. The design framework needs to be based on Fair Information Practice. Oversimplified, FIP requires consent, data minimization and transparency. All three criteria, require the patient to have convenient access to the ICD data _before_ it's sent to the vendor or the hospital. Without such access consent is being coerced, data minimization cannot be audited and transparency is more or less absent. This brings us to the SIM card or the equivalent private key associated with the device. That key needs to be entirely in the control of the patient. In some cases the key may be associated with a certificate. It could be used for ID and encryption (although there's a case to insist the encryption also allow for perfect forward secrecy). In many cases, a trusted certificate is not required. For my ICD patients, a self-signed certificate and in-person authentication with my physician should be sufficient. Adrian That would be MUCH appreciated, Graham! I'm curious to hear their take. Some folks from a different German auto maker scheduled 30 minutes with me 2 years back at IMPACT. The security discussion took about 20 minutes and I spent the remaining time talking about all the data issues. We ended up running way over and having lunch together because the data discussion was way more interesting than the back-end security discussion we'd planned. (Because it was in my role as an IBM product manager I can't provide the name.) Kind regards, -- T.Rob T.Robert Wyatt, Managing partner IoPT Consulting, LLC +1 704-443-TROB Hi T.Rob I have lunch with the head of Toyota Deutschland's legal team in a couple of weeks time. I have already let him know that this is a topic we should cover over the fish and chardonnay. I will let you know what his legal opinion is. Best regards from Cologne, Graham An analysis under German law as to who can and should own data from a connected car, implications of sharing with 3rdparties, and a call for Privacy by Design. T.Robert Wyatt, Managing partner
--
Adrian Gropper MD
|