by analogj on 3/6/24, 1:57 PM with 2 comments
by cfu28 on 3/7/24, 12:33 AM
https://www.healthit.gov/sites/default/files/2018modelprivac...
---
The concept of creating a standard viral privacy policy that dictates how your data must be access/stored/secured is super intriguing. I'm imagining a future where this is combined with FHIR - you can link individual FHIR resources to a privacy policy/license, maybe sign the resources so they can't be easily modified. Downstream apps would need to respect the policies before using the data.
I do wonder who would actually push for this though - I care, privacy focused patients would care, but getting adoption might be tough?
by analogj on 3/6/24, 1:57 PM
I've been thinking alot about the properties of viral open-source licenses and how this could be applied to other legal documents - like privacy policies.
As it becomes possible to share our medical records with caregivers and practitioners using apps, we have to trust that these apps are managing our data and respecting our privacy as we intend. But it's not only the app developers we need to care about, its also the third party services that they use (and share our data with), and the third party services that they then use.. its turtles all the way down.
What if we could create standardized "viral" privacy policy clauses, similar to the viral nature of open-source notice & attribution clauses.. which would "follow" Personally Identifiable Information (PII) and Protected Health Information (PHI).. ensuring it's used as we intend, no matter the degrees of separation?