This month has been an interesting one for online privacy issues with TIME Magazine running a cover story article discussing how online communities like Facebook are redefining privacy…
I also received an email last week from a patient community that I’m signed up to (for research purposes) that got me thinking a bit more about how patient communities are doing. I’ve mentioned PatientLikeMe (PLM) before on my blog but this latest communication is very interesting as it highlights several major issues that arrive once you have open sharing of personal health information. As such I thought it would be interesting to share and discuss my thoughts on it with readers of my blog:
Dear PatientsLikeMe Members,
What are the privacy implications of sharing in this open, online community? We talk a lot about this and, as a company, strive to be transparent about the risks and rewards to sharing here. Two recent events have prompted me to reach out to all the members of PatientsLikeMe to ensure we all understand openness, sharing and its privacy implications.
The first event happened last month when a patient asked us to remove all the data on his/her profile from the system. The member wrote:
“The reason I’m leaving is I feel I didn’t fully understand the privacy impact of having all my health information for practically anyone in the world to see.”
We rarely receive a request like this, but since receiving this one, I have thought about it every day. We do not want anyone to be surprised by the impact of sharing data on PatientsLikeMe. We believe in openness, but we also want people to knowingly make the choice to be open with their health information.
This brings me to the second event. Recently, we suspended a user who registered as a patient in the Mood community. This user was not a patient, but rather a computer program that scrapes (i.e. reads and stores) forum information. Our system, which alerts us when an account has looked at too many posts or too many patient profiles within a specified time interval, detected the user. We have verified the account was linked to a major media monitoring company, and we have since sent a cease and desist letter to its executives.
While this was not a security breach, it was a clear violation of our User Agreement (which expressly forbids this type of activity) and, more significantly, a violation of the community’s trust. Your Account Information (e.g. your names and emails) was not in danger of being stolen. It is likely that the forum information that was “scraped” would be sold as part of that company’s Internet monitoring product. In fact, we sell a similar service, PatientsLikeMeListen™, to our clients so they better understand the voice of the patient.
What does this all mean to you? What can you do?
1.) We recognize that people write very personal things in the forum and often use real names. In any growing network of tens of thousands of members, there is no way to ensure that information you share in the forum or on your profiles will not be read by others. Know that the information you enter in our system is shared (unless we tell you it is private, like full name and email in your Account Information). It can and will be read by other patients, the PatientsLikeMe team, researchers, and others that use PatientsLikeMe, including our partners with whom we share de-identified data.
2.) Please weigh the benefits of sharing and the amazing value you all create in helping each other versus the risks of people, unknown to you, reading your posts. Your input helps PatientsLikeMe and our partners learn about your disease and make better products to meet your needs.
3.) Learn and understand why we value openness. If you haven’t, please read the Read This! FAQ. If you want to know how we make money, you can take a look at this FAQ or go to our Partners Page and know that we sell your data and insights (but not your identity) to our customers.
4.) Consider the value of being part of the PatientsLikeMe community and make the right risk decisions for yourself. Together, we can really change the way diseases are treated and managed by putting you, the patients, in the center of healthcare. We can hold companies accountable for the strengths and weaknesses of their products and also help make those products better – but that requires openness and that is your choice.
We welcome your comments and questions and we love feedback. This has been posted on our blog, which is a good place to dialogue, as is the forum (see Spotlight Thread).
On behalf of the entire PatientsLikeMe team, I want to thank you for being part of our communities and sharing your experiences.
President and Co-founder, PatientsLikeMe
Whilst I think I’ve got a good appreciation of the benefits of online patient communities and the need for greater analysis of the patient experience in order to improve care, I can’t understand why anyone who wanted to “strive to be transparent about the risks and rewards to sharing” wouldn’t want to supply more information about the “first event” when a patient asked to have all their data removed from the system? Did they discover what was “the privacy impact of having all my health information for practically anyone in the world to see”?
Not so sure about what this strive for “transparency” refers to but in this situation we’re left guessing “Did the patient get contacted off the community by a scammer trying to sell something?”, “Did identity thief’s try and access the patients health insurance (afterall it must be pretty obvious that PLM would be a very effective way of finding someone with a similar condition to you who has health insurance)?”, “Did the patient find their information had been copied from the PLM website onto an open access website by some computer programmer?”, etc etc
“Recently, we suspended a user who registered as a patient in the Mood community. This user was not a patient, but rather a computer program that scrapes (i.e. reads and stores) forum information“
Maybe it’s just me but isn’t ‘suspension’ a bit of an odd way to describe the punishment for such action? What’s the point in giving this “computer program” a temporary ban?
“Our system, which alerts us when an account has looked at too many posts or too many patient profiles within a specified time interval, detected the user… …It is likely that the forum information that was “scraped” would be sold as part of that company’s Internet monitoring product. In fact, we sell a similar service, PatientsLikeMeListen™, to our clients so they better understand the voice of the patient“
Isn’t it obvious that there are more effective technologies for the detection of automated bot’s? If PatientsLikeMe used an accessible text CAPTCHA logic question (eg. TextCAPCHA) for example it could eliminate bot access which is the only effective way of preventing this (without getting too technical if bot’s can access your database a system that alerts on “too many patient profile” views will be beaten by a programmer who can use thousands of bots to take the same data little by little).
It’s probably not surprising that this element of the PLM service is monitored so closely though, afterall it seems to be the only element of patient privacy exposure that directly affects their business model and competes with the service that they sell! I wonder if they care about other areas of patient privacy as much?
“We have verified the account was linked to a major media monitoring company, and we have since sent a cease and desist letter to its executives“
In the strive for transparency which the PLM company apparently aims for I wonder why they haven’t revealed the name of the “major media monitoring company”? Have they been a client of PLM previously? Did they realise they could get more information (without the cost) by directly interferring with the community using a computer program to represent them as a patient? Did they get this idea of using a bot by looking at the data they were paying for? Are they now (that they’ve seen the benefits of snooping in the community) signed up as an official partner?
“It is likely that the forum information that was “scraped” would be sold as part of that company’s Internet monitoring product“
Are they now making any attempt to inform customers (who had their profiles downloaded by this computer program) of where this information will be used and how?
“In fact, we sell a similar service, PatientsLikeMeListen™, to our clients so they better understand the voice of the patient“
Wow… interesting to think that the behavior of this suspended user (who was really a computer program!) is similar to what paying clients are offered from the sister service “PatientsLikeMeListen™”. I’m pretty confused here because this suggests that the PLM community is accepting that it includes patients who aren’t honest patients at all but “but rather a “computer program” or presenting themselves in other deceptive ways.
“We recognize that people write very personal things in the forum and often use real names“
Wow… No discouragement of real names!!! I cannot understand why they don’t help patients to poison the publically displayed data (more here: ZDNet “Fed up with lax online privacy? Poison the well…”) by at least using a makey-uppy name that is in no way linked to them/their facebook profile/google account etc.
“It can and will be read by other patients, the PatientsLikeMe team, researchers, and others that use PatientsLikeMe, including our partners with whom we share de-identified data.“
Please tell me if I’m totally missing the point here, but doesn’t the whole point of de-identifying data mean nothing when patients are using real names on a publicly accessible website?
“Your input helps PatientsLikeMe and our partners learn about your disease and make better products to meet your needs“
Isn’t it perfectly reasonable to justify the actions of the data monitoring company in the same way? After all the data their computer program collected could be used by their clients to do exactly the same thing (albeit without paying for the privilege?).
“If you want to know how we make money, you can take a look at this FAQ or go to our Partners Page and know that we sell your data and insights (but not your identity) to our customers“
I’m confused about the “but not your identity” bit. Surely we can all see how “de-identified data” means nothing when patients are using their real names on a publicly accessable website?
“Consider the value of being part of the PatientsLikeMe community and make the right risk decisions for yourself“
I’m still unconvinced that the vast majority of patients are in the best position to make risk decisions for themselves regarding completely open online patient communities, and whilst I’m glad this exists for the internet savvy I’m concerned as it grows larger as it will inevitably reach those less familiar with the possibilities and pitfalls of revealing information online. Whilst I’m really keen for empowered patients to take a greater role in the management of their own health this letter highlights one of the major issues with the approach PLM has taken: Unfortunately PatientsLikeMe is currently failing in its most basic premise; It’s not a community made up of “patients” – it also features commercial partners, fakes, researchers (like me) and even computer programs – in actual fact it’s more than likely that this is a community of patients who are nothing like you.
Whilst I’m a big fan of the important groundwork that’s being done by the various online patient communities I wish they could try a little harder to maintain patients rights to privacy. Sacrificing exponential growth for higher quality must be a hard call in a world that has 400+ million member online communities but the value of a genuine patient population has got to be worth the extra effort. To ensure the tone of this blog post isn’t seen as negative (For clarity: PatientsLikeMe is a worthwhile, ambitious project that needs the wider interest, participation and support from the Healthcare industry in order to achieve its goals) here are five suggestions for ways that I think they could improve their community service:
1) Publish online the Personal Health Information of the management team
Whilst I really like the openness of the blog that Ben Heywood writes I really think it would be a good example if the management team published their own personal health information in the same way that the site encourages of patients. If nothing else I’m sure it would show good examples of the appropriate way to present yourself.
2) Implement a logic text based questionaire to the sign up process to eliminate computer programs
3) Add a patient verification process
Give registered Doctors the ability to verify their patients as being “genuine”. Doctor Registers (such as the GMC and IMO) offer numerous ways of doing this effectively.
4) Educate and encourage patients to use profile ID’s that don’t reveal identifying information.
Removing the ability of scammers to get direct access to real patients is going to make the entire website a lot less attractive to scammers and should win it more support from patients and their carers.
5) Implement moderation processes to monitor/prevent scammers using messaging boards
Scammers taking conversations with individual members off the site (ie. into IM, Text or Telephone conversations) would be another way of breaking down the basic privacy the community would benefit from offering patients. Additionally keeping conversations within the community would be helpful as not only would it create more data but these communications themselves could benefit from the collective contributions of the community.
In the meantime I’d recommend patients who want to engage in online communities to first get themselves familiar with the wide variety of scamming processes that use information that is published online and the way that any information you post online may be there forever and could be traced back to you (even if you don’t want it to). For starters here’s a story that outlines the trouble that (well funded and very smart) online communities have in even being aware of what data they’re revealing to advertisers, particularly interesting is the ease with which this data sharing happened (the individual just had to click on an innocuous looking advert banner).
*** UPDATE *** 13 OCTOBER 2010 ***
*** UPDATE *** 13 OCTOBER 2010 ***
From a twitter thread I think it’s quite clear that I’ve presumed people understand what a bot is and it’s uses.
From Wikipedia: “Internet botAn Internet bot, web robot, robot or simply bot, is a software application that runs automated tasks over the Internet. Typically, bots perform tasks that are simple and repetitive, much faster than a person could. The most extensive use of bots is for web crawling, in which an automated script fetches, analyzes and files information from web servers”
In this case a piece of software was running that was pretending to be a Patient. The bot was programmed and run by someone not paying money to PatientsLikeMe and so the account holder was suspended. PatientsLikeMe made it clear that their “sister service “PatientsLikeMeListen™” offers a “similar” service to clients who pay them.