The idea of having a copy of all your medical information available to you and under your control seems a good idea. So why is Microsoft Healthvault not commonly used and why did Google Health fail? Why did government attempts to build national health information infrastructures ignore a patient organizing option? Maybe the timing was wrong. New government incentives will make medical information electronically available for patients to download (i.e., the "blue button" campaign). Will patients seek copies themselves? If so, where will they store their data? In this session, we will look at the idea of personal health record systems and the overall ecosystem in which they operate to discern some simple do's and don'ts. A contrasting model is the notion of a "health record bank" which is a central community repository for medical record information paid for and controlled by patients.

Bio: Dr. William Yasnoff, a well-known national leader in health informatics, is Managing Partner of National Health Information Infrastructure (NHII) Advisors, a consulting firm that helps communities and organizations successfully develop health information infrastructure systems and solutions. He is also CEO of the non-profit Health Record Banking Alliance, which promotes community repositories of patient- controlled electronic health information, Adjunct Professor of Health Sciences Informatics at Johns Hopkins, and Associate Editor, Journal of Biomedical Informatics. Previously, at DHHS, he established NHII as a widely-recognized national goal by initiating and organizing the activities resulting in the creation of the Office of the National Coordinator for Health Information Technology. Earlier, he implemented the nation's first successful statewide immunization registry in Oregon, then spent five years at CDC doing pioneering work to establish the field of public health informatics. He was a Board Member of the American Medical Informatics Association in 2003-4, and has authored over 350 publications and presentations, including the "Health Information Infrastructure" chapter in the upcoming 4th Edition of the widely-used textbook Biomedical Informatics: Computer Applications in Healthcare and Medicine, and Personal Health Records: The Essential Missing Element in 21st Century Healthcare. Dr. Yasnoff earned his Ph.D. in computer science and M.D. from Northwestern, received an honorary DrPH from the University of Louisville in 2006, and was elected a Fellow of the American College of Medical Informatics in 1989.

Managing Informed Consent to information transfers on the Internet is still an unsolved problem. The problem has multiple dimensions including identity management, monetization of personal info as an asset, authorization technology and civil rights. Adrian Gropper is trying to combine current HIT activity into a Consent project. Some of the infrastructure is coming into focus including activated patient and privacy orgs, secure messaging in state HIEs, voluntary ID, OAuth and OpenID Connect in the sight federal healthcare standards, NSTIC, UMA and the Automate Blue Button Initiative. What's still missing: code, a brand, commercial support, investment, and a vetting of possible designs.

Bio: Dr. Gropper is a pioneer in web-based health records. He holds an engineering degree from MIT and an MD form Harvard Medical School. He began work on telemedicine and picture archiving and communications systems (PACS) with Massachusetts General Hospital in the early 90's later founding AMICAS as the first Web-based PACS and the first to provide direct links to diagnostic imaging in electronic health records. In 2004, he founded MedCommons for image-enabled patient controlled health records supporting all of a patient's caregivers. Dr. Gropper consults on medical devices and is an active advocate for patient-centered and patient controlled health IT. Historical standards participation includes IHE, HITSP, Liberty Alliance, CCR and the ONC Direct project and the Markle Foundation where he was responsible for the open authorization best practice in Blue Button. Current affiliations include state and national activity. Dr. Gropper contributed the patient-access provision to the recently enacted MA payment reform law, serves on the MA HIE and the MA Medical Society HIT Committee. National participation includes Direct Project, RHEx and Automate Blue Button standards, Collaborative Health Consortium, The Society for Participatory Medicine and Patient Privacy Rights. p>

Hubway rents bicycles in Boston-Cambridge and two weeks ago released a year of rental information as part of a contest to solicit insightful visualizations and interactions. Hubway is looking for something cool. The contest data includes rental information and demographics of Hubway members (year of birth, gender, ZIP), begging the question, can members be re-identified by name and address? If so, it might be a little creepy. Can we combine the two to provide a contest submission that is cool and creepy? Our goal is to make the contest a teachable moment about re-identifying de-identified contest data while also demonstrating increased utility made possible from identified data. In this TIP-TIG session, we will look at the work that has been done, explore ideas, plans and issues, and seek recommendations for the final submission.

Websites allowing users to check the criminal records of friends, neighbors, babysitters, colleagues, and enemies for a fee have flourished in recent years. Yet many of these online businesses engage in controversial practices. Mug shot sites post booking photographs of those arrested, code them so they appear prominently in online searches, then offer to take down an individual's image for a fee. Another leading criminal records look up site uses Google AdWords to suggest that black sounding names have arrest records more often than non-black sounding names, and the ads appear regardless of whether arrest records actually exist for those names. In the presentation, Tanner and Sweeney will present initial research for an upcoming book exposing the inner workings of such companies, to be followed by a conversation with the founder of Bustedmugshots.com, a leader in the field, making his first ever public appearance to answer questions about the shadowy business.

Bio: Adam Tanner was bureau chief for Reuters in the Balkans, overseeing coverage of Serbia, Bosnia, Albania, Montenegro, Macedonia and Kosovo. Last year he visited Harvard as a Nieman Fellow, and this year as a Fellow in the Department of Government at Harvard.

Hubway rents bicycles in Boston-Cambridge and a few weeks ago released a year of rental information as part of a contest to solicit insightful visualizations and interactions. The contest data included rental information and demographics of Hubway members (year of birth, gender, ZIP), begging the question, can members be re-identified by name and address? Preliminary re-identifications of de-identified contest data were presented in an earlier TIP-TIG session showing possibilities. In this session, we will discuss re-identifiction strategies and related issues with contest organizers. What does re-identification mean for them? How did they make they make redaction decisions? What was involved in releasing the information? Was the contest a success? Discussants: Organizers of the Hubway Visualization Contest.

Financial institutions, health care providers, online retailers and other "verticals" have data security concerns that are well understood, if not always well addressed. Information security officers at Harvard realized that many faculty members work with research data that raises the same confidentiality and privacy issues as those identified in other domains. However, the solution that would work in a bank, insurance company, or hospital would not work on campus. To enable researchers, IRBs and information security officers to define risks and address them, the Harvard Research Data Security Policy set out a five level risk scheme. University Information Security Specialist Scott Bradner and Assistant Provost Ken Carson will describe the security levels and the challenges of coordinating the work of researchers, IRBs and Information Security Officers.

Personalized content - most commonly in the form of personalized ads - is big business on the internet. According to Forrester research, in 2010 advertisers paid $733 million for personalized ads. In 2012 they've paid $2 billion. They are estimated to pay $8.3 billion by 2017. But can personalized content be used to learn private information about people? Is it possible to go into, say, a Starbucks branch, get everyone's ads and learn what Google™, The Rubycon Project™ and other ad brokers know about them? He will show preliminary results that suggest that it is possible.

Bio: Michael Bar-Sinai is a software engineer and a PhD student in Ben-Gurion University of the Negev, Israel. He became interested in the moral implications of software systems after developing an evaluation system for a human resources department. He later insisted that the system will never be used.

This is a brainstorming session about ethical issues related to re-identiication. We will use the Harvard Facebook Study as a working example and attempt to construct a list of ethical considerations and positions related to the re-identification of that data. Discussion will include plans to possibly host a workshop hosted at Harvard on this topic in the Spring.