Back to all blog posts

Big HIPAA 6

A few weeks ago, my wife and I decided to see a movie.  We both agreed on Big Hero 6, which is a Disney movie, but a quick look found that it was also based off a Marvel series as well.  I can say I enjoyed the film, but working in the privacy world on a daily basis got me thinking about one premise of the movie.  The robot in the film, which is designed and programmed to assist in medical care, can scan humans, discovering everything from small scratches and bumps to the amount of serotonin in your body at the moment.  That got me thinking about the implications to HIPAA or other privacy concerns that come with this.

It is hard to imagine something like a robot that simply scans you once and knows everything about you, but technology never ceases to impress and develop further.  The particular issue in this case is that this robot can scan anyone, at any time, and speaks aloud the analysis.  HIPAA, the Health Insurance Portability and Accountability Act, deals with how information is stored and secured.  So take these two things and you have a real disaster on your hands.

HIPAA has both a security rule and a privacy rule in regards to information covered by this law.  The privacy rule includes, amongst many parts, requirements for authorization for use or disclosure. The security rule has language that covered entities “protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under the privacy rule.”  Assuming our robot comes from a covered entity, like your health insurance, it should not go around leaking information every time someone gets a bruise.

One scene of the film has the robot noticing an increase of serotonin by the main character, which indicates excitement or happiness.  What is to say a robot could not detect a lack of this, below average levels, indicating sadness, or even depression?  You could also detect if they had been drinking or using drugs recently.  All of this could inform the decision on who gets laid off or hired.  There is of course the leak of embarrassing or private information as well.  This is an invasion of bodily privacy.  Imagine that your peers could always know if you were drinking late last night, were taking a new medication, or had an embarrassing illness.  Now imagine that is your boss.  This has some pretty far reaching implications.

The overall lesson here is more about technology in general than just privacy.  As technology evolves and becomes more powerful and ubiquitous in our lives, it is important to keep in mind the negative implications as well.  In the film, the main character creates something that ends up being used for evil.  It has even been said that Alfred Nobel, for whom the Nobel Prize is named, believed dynamite would help bring peace because it eased the blasting of rock to build bridges and roads.