Protecting Public Health Amidst Data Theft, Sludge, and Dark Patterns: Overcoming the Constitutional Barriers to Health Information Regulations

Akron Law Review, Jun 2023

Public health has grown to over $4.1 trillion in spending in the past year, yet for millions of people, their health care is ineffective and sometimes harmful. New technologies have improved health access and treatment, but they can expose an individual’s personal health information to theft and misuse. There is little or no regulation for the reuse of data once it has been lawfully collected for general purposes. Any observer can create a detailed personal diary of an individual or a population by building from a mosaic of inferential data—such as lawfully obtained zip code information, non-regulated health care application data, purchasing patterns, location information, and social media engagement. Using behavioral economics, companies manipulate the public to make unhealthy lifestyle choices and promote health care scams. The FTC has labeled these practices as dark patterns, designed to nudge consumers into overpayments and choices that maximize revenue rather than wellness. The article first addresses the nature of the health care threat posed by the unregulated marketplace and the limited role the FTC plays in stopping unfair and deceptive practices that harm the public. The article next addresses the evolution of commercial speech and the extent to which the FTC will be able to expand its protections in light of recent case law. The article identifies new approaches for the FTC to expand its regulatory protection in a manner consistent with the heightened scrutiny applied by the Supreme Court. Finally, while calling for increased enforcement that meets First Amendment scrutiny, the article also promotes a new governmental strategy to meaningfully fund public health information with sufficient resources to overcome the existing public health disinformation industry to provide accurate, timely, and behaviorally motivating information to the public in order to save lives and promote better health. Recognizing that the police power is insufficient to stem the tide of disinformation, the article calls for a comprehensive approach to producing public health information that benefits all members of the public.

Article PDF cannot be displayed. You can download it here:

https://ideaexchange.uakron.edu/cgi/viewcontent.cgi?article=2567&context=akronlawreview

Protecting Public Health Amidst Data Theft, Sludge, and Dark Patterns: Overcoming the Constitutional Barriers to Health Information Regulations

Akron Law Review Volume 56 Issue 2 Intellectual Property Issue Article 1 2023 Protecting Public Health Amidst Data Theft, Sludge, and Dark Patterns: Overcoming the Constitutional Barriers to Health Information Regulations Jon M. Garon Follow this and additional works at: https://ideaexchange.uakron.edu/akronlawreview Part of the Intellectual Property Law Commons Please take a moment to share how this work helps you through this survey. Your feedback will be important as we plan further development of our repository. Recommended Citation Garon, Jon M. (2023) "Protecting Public Health Amidst Data Theft, Sludge, and Dark Patterns: Overcoming the Constitutional Barriers to Health Information Regulations," Akron Law Review: Vol. 56: Iss. 2, Article 1. Available at: https://ideaexchange.uakron.edu/akronlawreview/vol56/iss2/1 This Article is brought to you for free and open access by Akron Law Journals at IdeaExchange@UAkron, the institutional repository of The University of Akron in Akron, Ohio, USA. It has been accepted for inclusion in Akron Law Review by an authorized administrator of IdeaExchange@UAkron. For more information, please contact , . Garon: Protecting Health Information PROTECTING PUBLIC HEALTH AMIDST DATA THEFT, SLUDGE, AND DARK PATTERNS: OVERCOMING THE CONSTITUTIONAL BARRIERS TO HEALTH INFORMATION REGULATION Jon M. Garon * Publicity is justly commended as a remedy for social and industrial diseases. Sunlight is said to be the best of disinfectants; electric light the most efficient policeman. –– Justice Louis D. Brandeis** Knowing is not enough; we must apply. Willing is not enough; we must do. –– Johann Wolfgang von Goethe I. II. III. Introduction ...................................................................... 180 Key Components and Vulnerabilities to the Health Infosystem ........................................................................ 182 A. HIPAA Protected Information and Cyberattacks ...... 183 B. Personal Health Information Not Protected by HIPAA 187 C. The Exacerbating Threat of Misinformation and Disinformation ........................................................... 194 Individual Autonomy in Health Care and Health Information Versus the Threats of Sludge and Dark Professor of Law and Director, Intellectual Property, Cybersecurity, and Technology Law program, Nova Southeastern University Shepard Broad College of Law. Earlier versions of this paper were presented at the Center for Intellectual Property Law & Technology annual IP Scholars Forum, University of Akron School of Law (Dec. 2022) and the Thirteenth Annual Loyola Constitutional Law Colloquium, cosponsored by Chicago Loyola and George Washington School of Law Nov. 2022). The author wishes to extend special thanks for insights and feedback from Mark F. Schultz, Sandra Aistars, Mark A. Cohen, Alexandra George, Camilla Hrdy, Willajeanne McLean, Emily Michiko Morris, Craig Nard, Cesar-Joel Ramirez-Montes, and Guy Rub. ** Louis D. Brandeis, What Publicity Can Do, HARPER’S WEEKLY 10 (December 20, 1913), https://books.google.com/books?id=WktAQAAMAAJ&q=%22of+disinfectants%22#v=snippet&q=%22of%20disinfectants%22&f=fals e [https://perma.cc/2SGE-SF5T]. * 179 Published by IdeaExchange@UAkron, 2023 1 Akron Law Review, Vol. 56 [2023], Iss. 2, Art. 1 180 AKRON LAW REVIEW [56:179 Patterns. ............................................................................ 201 The FTC’s Role in Policing Unfair and Deceptive Trade Practices ............................................................................ 210 V. Limits on Health Care Information Reform: Commercial Free Speech Jurisprudence ............................................... 222 VI. Regulating the User Experience ....................................... 229 VII. Reclaiming the Marketplace of Health information From Disinformation .................................................................. 232 VIII. Conclusion ........................................................................ 238 IV. I. INTRODUCTION In 2017, popular health blogger Belle Gibson was fined $410,000 (Australian Dollars) for a campaign she perpetrated using her blog and phone apps in which the young, vivacious blogger wrote about curing her multiple forms of cancer, including an incurable brain tumor, by eating whole foods. Gibson spun out her increasingly incredible story on her blog, her fictionally autobiographical book entitled “The Whole Pantry,” and an accompanying smartphone app. 1 As the prosecution for violations of Australian consumer protection law determined, Gibson never suffered from cancer. In addition, many of the financial claims she made were used to defraud donors who thought they were contributing to the medical expenses of other cancer victims. 2 A very different form of health care fraud was suffered by Anndorie Cromar. 3 Her health care information was stolen and used by another woman to receive maternity care. The imposter’s infant was born with drugs in the baby’s system, leading to an intervention by child protective services. Cromar, who had no idea that her identity was stolen, was required to submit DNA evidence to exonerate her from the claims of 1. Elizabeth Pratt, Fake Blogs: Warnings About Medical Advice from Online ‘Experts’, HEALTHLINE (Oct. 19, 2017), https://www.healthline.com/health-news/fake-blogs-warning-aboutmedical-advice-from-online-experts [https://perma.cc/BWA3-3TEZ]; Libby-Jane Charleston, ‘Health Guru’ Faker Belle Gibson Fined $410,000 For Lying About Cancer Cure, HUFFPOST (Sept. 27, 2017), https://www.huffpost.com/archive/au/entry/health-guru-faker-belle-gibson-fined-410000-for-lying-about-cancer-cure_a_23225383 [https://perma.cc/7SDM-3U8H]. 2. See Charleston, supra note 1 (“Shortly after her book was released, it was revealed that Gibson never had brain cancer, or any other disease. There were also many allegations that the charities she claimed had received money, never received a cent.”). 3. See Michelle Andrews, The Rise of Medical Identity Theft, CONSUMER REPORTS (Aug. 25, 2016), https://www.consumerreports.org/health/medical-identity-theft-a1699327549/ [https:// perma.cc/A4LE-D8FM]. https://ideaexchange.uakron.edu/akronlawreview/vol56/iss2/1 2 Garon: Protecting Health Information 2022] PROTECTING HEALTH INFORMATION 181 child endangerment and retain the custody of her own four children. 4 Medical identity theft also led to the arrest of Deborah Ford. 5 Her purse was stolen. She promptly reported the theft to police, cancelled her credit card, and even had a new driver’s license issued. But over the next two years, the medical insurance information stolen from her purse had been used to purchase “more than 1,700 prescription opioid painkiller pills through area pharmacies.” 6 Her compromised data was a link in the chain supporting the nationwide opioid crisis and only her timely police report kept her from being arrested as part of the massive fraudulent conspiracy.7 Hea (...truncated)


This is a preview of a remote PDF: https://ideaexchange.uakron.edu/cgi/viewcontent.cgi?article=2567&context=akronlawreview
Article home page: https://ideaexchange.uakron.edu/akronlawreview/vol56/iss2/1

Jon M. Garon. Protecting Public Health Amidst Data Theft, Sludge, and Dark Patterns: Overcoming the Constitutional Barriers to Health Information Regulations, Akron Law Review, 2023, pp. 1, Volume 56, Issue 2,