Law in the Internet Society

Classifying Personal Data as Inalienable to Achieve Medicare For All

-- By AlisonRobins - 23 Dec 2020

Medicare for All (“MFA”) could feasibly work, but only if we govern personal data under an inalienability rule. The federal government could run a personal data bank to ensure privacy in a system in which all medical services—treatment, insurance, pharmaceutical—are under a single-payer program.

I. The Virus in Us, The Virus About Us

A. Technology: When Personal Data Becomes Patient Data

This option must include all personal data. Due to the increase in competition, private medical and related companies began collecting, using, buying, and selling user data as early as 1998. Though the marketplace prior to the internet was based on knowing personal information about buyers—product preference, shopping behavior, addresses—the Net allows for one seller to know about the buyer’s preferences in every sphere of the buyer’s online life outside of the individual transaction with the click of a button. In the sphere of medical care, buying and selling personal data becomes a violation of patient data as third-parties, such as insurers and private care facilities, can purchase someone’s behavioral data and deny them access to healthcare on that basis, not on their medical history (see below: digital redlining).

B. Legislating Personal Data Protection

i. The Lack of Knowledge on Personal Data

MFA will be inherently flawed unless lawmakers understand personal data privacy. HIPAA may protect patient data, but other personal data (behavior) is fair game. When private companies can sell non-patient data, they can take part in digital redlining. An insurer may access this data and see that you made risky purchases, limiting your ability to pay a claim, or that you browsed websites selling e-cigarettes, indicating a change in health not otherwise disclosed. The data bought may seem anonymous in the aggregate, but it can be identified technically. Without a law that limits all personal data sale and a single-payer plan, private medical services may use undisclosed personal data to deny treatment.

ii. An Inalienable Personal Data Rule

The problem with any of the laws that attempt to govern our data is that they are run under a property rule: that data can be bought and sold. But this is a flawed scheme. Even when there is a breach, there are limited remedies under the property rule. Plaintiffs must have Article III standing in these cases, but it is difficult to determine proximate cause or ascertain the imminence of harm. Clapper v. Amnesty Int’l USA, 568 U.S. 398 (2013) established a strict standard of “certainly impending” harm that most times cannot be shown via a plaintiff’s asymmetrical information. If someone can show “certainly impending” harm, it is another challenge determining the value of the harm under a property rule.

An inalienability rule both allows for proper redress when there is a harm and further protects the data from future harm by taking it off the market. Consolidating all this data under a unified, government-run data bank eliminates an open data market. It also makes proving causation easier because there is only one option rather than dozens of other breaches to sift through. It may make it more difficult for an individual to share their own data, but it is better for a person’s rights in the long run not to sell data in the short run in order to prevent invasions of privacy in future transactions.

iii. Concerns

Some may see having the government gatekeep more than their patient data as a violation of their individualism, but one person’s data does not just affect them. I may not want my genetic and familial information openly accessible; my father decides to use an ancestry-typing service that now means strangers with access to the site can see my history. I could sue him, the website, etc.; I may not be successful, but I, and likeminded others, drive up the transaction costs to a point where it is no longer cost effective to allow each situation to figure itself out. Because identities can be inferred not just from your own data but from others, we need an inalienability rule that protects all data for the purpose of protecting all people.

There is the fear that the government would be just as susceptible to hacks as private businesses. It is true that has experienced breaches; surprisingly, or not, private insurance has more. And, having only one legal locale for personal data, overseen by the government entrusted to protect us, allows for secure transfer of data to parties whom need it, more directed resources at protecting the measure, and clear proximate cause in case of breach.

II. Conclusion: Passing MFA in This Political Economy

For there to be MFA, we need a government that would see it as necessary policy. The majority of Americans view the government as responsible for healthcare, with more than half of that majority favoring a single national scheme. But, the government-centered insurance we do have (the Affordable Care Act) (“ACA”) gets challenged in the courts every five years. The ACA did not clarify how a government should provide for the health of its people, but instead “became the object of intense conflict over both the boundaries between the market and state and tensions between individual and social responsibility,” making the ACA the ripe sticking point for the Republican party. At this point in politics, there needs to be bipartisan support for universal healthcare (pending the Georgia Senate races), which seems near impossible from Republicans.

But, should the political landscape change, so too could the political economy. With a legislature and citizenry that sees the connection between personal and patient data, there could be a mass overhaul that not only allows for the adoption of MFA in whatever form, but also a more plaintiff-friendly “certainly impending” harm rule. After living with a centralized and federally-protected personal data management bank which could in turn limit breaches, the effects of rare harms may be more striking and thus more remediable.

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Webs Webs

r3 - 23 Dec 2020 - 20:26:19 - AlisonRobins
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM