Facebook tried to get hospitals to share patient data, including medical conditions


#1

Originally published at: https://boingboing.net/2018/04/06/facebook-tried-to-get-hospital.html


#2

Just what are those things in that mans eye sockets?


#3

The ultimately inscrutable and unknowable AI that created Zuckerberg’s carbon-based embodiment shroud concluded that human eyeballs are in fact opportunistic endoparasites descended from pickled onions.


#4

His personality (often mistook as the crude emulations of a thinking machine) is actually the result of what the AI thought human pubic hair is.


#5

It’s clear what Facebook was doing. Taking, hopefully anonymized, data from hospitals and de-anonymizing it by pairing it up to Facebook data. Pretty scary stuff.

A good place to start an investigation might be Zuckerberg San Francisco General Hospital and Trauma Center. Then we can start fining Facebook for every HIPAA violation:

Violation Amount per violation Violations of an identical provision in a calendar year
Did Not Know $100 - $50,000 $1,500,000
Reasonable Cause $1,000 - $50,000 $1,500,000
Willful Neglect — Corrected $10,000 - $50,000 $1,500,000
Willful Neglect — Not Corrected $50,000 $1,500,000


#6

If only this wasn’t a thing:zsfgh


#7

Curly


#8

I know its implied by @thekevincurry but I want to be clear about what FB were up to. A hash is created by something like this:

echo “Michael R Smith” | md5sum

Which outputs: e6dd42c259637df4a07aea64f7f18c4b

The same input string will generate the same hash every time. To a non-technical person it may look like the name is gone for good but facebook has a big database of names. They won’t be formatted the same way as in the hospital data, but FB could get around that by trying different variants (with and without the middle initial for example) until they get a match.

I don’t have a FB account but my sister does, and she is an obsessive poster of information about other people. Even if she never used my last name, FB has enough relationship data to re-assemble the complete name.

So the whole “we will hash the names” thing is a ruse. If FB were honest they would just say “we can unhash the names so you may as well give us the plaintext”.


#9

Not a soul, for sure


#10

download


#11

I’m still trying to parse why Facebook under any circumstances would need this kind of information. Unless I’m misunderstanding their long term goals, medical records are a nightmare to process and generally are inaccurate. Unless Zuckerberg has some crazy plan to get into the healthcare industry he really needs to quit with this nonsense. It’s literally pointless and creepy.


#12

Uh huh, sure. We’ve seen how “research” has ended up, with Cambridge Analytica. (And how much Facebook lied about that.) Even if it really were pure research, the de-anonymizing is so completely and utterly unethical…
Still it’s nice of Facebook to show us what kind of evil someone with their data sets can accomplish, so we can do something about it. Like destroy Facebook.


#13

There are an awful lot of entities in that community.


#14

This is not a Facebook problem.

ETA:

You must be kidding. “Crazy” plan?
giphy

/ETA

Alphabet, Apple, Amazon, and thousands of minor players are actually working with healthcare data. They own companies working in healthcare. They own companies hosting medical data. They would be stupid, from a scientific point of view as well as from a shareholder’s POV, not to try to profit from analysing aggregated as well as individual data.

Cue in ethical problems.
Cue in ignorance of ethical problems.

This needs a political fix.
Nothing else but a political decision could stop the total dystopian privacy nightmare. And I’m not sure about if it can be stopped in the first place.

TBC: as a scientist, I am very much exited about the benefits from the data analysis.
I’m not, however, an idiot assuming this will just have benefits for most people.


#15

We know Facebook advertised to potential ad buyers that it could discern users who were depressed (https://www.theguardian.com/technology/2017/may/01/facebook-advertising-data-insecure-teens). Theoretically by pairing medical record data to their existing data they could pretty easily start picking out traits that make it easy to identify users suffering from X. From there it’s pretty clear their plan was to target users with advertising that exploited their weaknesses.


#16

That’s fairly scary. I’m glad I got ublock origin. So I don’t see any kind of ads on my PC. I really hate it when people try to engineer my existence (speaking as someone who’s lived with depression all my life).


#17

I am a software engineer, working with what’s called Big Data. Datasets are wonderful, exciting things. If you do this for a living there are few things better than getting your hands on a couple of hundred gigabytes of raw data. Its a toy. Its exciting. Its interesting. Its attractive.

You could ask why do I record the opening and closing times of my garage door and the voltage on my photovoltaics. Its because I can, and I like to troll through datasets to see what I can find.

As for the benefits to FB, well first, they are only going to be a broker for this information. It will ultimately be sold to marketers or political campaigns. If the data is rubbish when it gets there, FB won’t get the blame. They just passed it on and took a cut of the profits.

But the part of the dataset which is unreliable may be of little interest to the consumers. Maybe they just want to know what hospital a given user goes to. For example @armozel uses hospital X in 2017. Two years later a local political candidate sends out a targeted advertisement saying “vote for me to save hospital X”.

That sort of thing.


#18

Hence their lazy insistence on real name ™


#19

See that’s the kind of thing I don’t understand and maybe it’s because my personal epistemology sees data as largely useless without a tentative (or consistent) theory to work from. You can collect as much data as you want but at the end of the day the data may be utterly worthless unless you know what to look for. Whether it’s measuring particle decay or how often people click a link if your theory is wrong the data can’t always show it without it being framed properly. It’s why I see big data as mostly smoke and mirrors. Some of it might be good and very much based on sound statistical analysis but the stuff I’ve seen recently that’s come out either borders on phrenology or outright occultism (without the fancy hats). So I say it’s best to not collect data because you’re too busy doing that without asking what data you actually need and in what context does it help you.


#20

Yeah, “research” “medical community” - it doesn’t actually tell you anything, really.