There is growing interest in location-based services in diverse fields such as recreation, entertainment, health care and transaction processing. This interest arises in part because of the wide availability of mobile devices (e.g., smart phones, tablets, laptop computers and the like) with components that provide increasingly accurate location information using several information sources such as GPS, WIFI, Bluetooth®, near field communication (NFC), image analysis and the like.
At the same time, driven by personalization and security desires, mobile devices include components for capturing and using various biometrics. Components include fingerprint readers, facial recognition, iris recognition, voice recognition and the like. Biometric information may be used locally on the mobile device, but is often communicated to remote third party services for analysis and storage.
While users appreciate the functionality provided by these location and biometric components, the information captured is largely out of the user's control. Cell service provider records may contain location tracking records that are inaccessible to the user. Captured biometric data such as face images, fingerprint scans and voice samples may be stored in remote servers unbeknownst to users. As a result, the information has the potential to be used by third parties in ways that conflict with user expectations and desires.
For instance, some hospitals employ fingerprint scanners for patient registration which allows access to their electronic health record. The patient is unaware that their health record may be used by data mining companies to make health care decisions on their behalf which may not be accurate. As an example, a person who has a family history of diabetes may be placed on preventative medicine resulting in adverse consequences even though diabetes may never manifest in this person.
There is continuous and growing tension between the usefulness of these technical advancements and concerns over unwanted surveillance. People perceive a requirement to submit personal information as intrusive surveillance when it is required by a third party, but accept it willingly when personal information is under their own control and they can easily choose how the data is used. Nowhere is this tension more prevalent than in the field of medical services where the patient wants to be in control of their own health records and determine access by a third party for themself. Medical services involve numerous providers (e.g., physicians, nurses, technicians and the like), facilities (e.g., hospitals, laboratories, and the like) as well as private insurance companies, Medicare or other payer entities. Efforts to prevent fraud using technical advancements such as biometric and location information have been proposed, but are resisted at various levels because providers and to a lesser extent insurance companies lack sufficient incentive to install systems to routinely gather and use biometric and location information to prevent fraud. Moreover, solutions that involve using this type of information often involve government legislation and regulation which may be difficult and costly to achieve.
A related issue involves health care records, or other sensitive records. By some estimates, one in three Americans have had their health care records lost or stolen through data breaches and hacks. In June 2015 nearly 22 million federal employees suffered employment records compromised by a data breach of the Office of Personnel Management. These breaches may enable hackers and thieves to impersonate victims using data from the compromised records. These impersonations are difficult to detect since the thieves possess the same credentials (such as social security numbers, home addresses, etc.) that the victims must continue using in their day-to-day lives. Victims of such crimes need better ways to detect and repudiate fraudulent uses of their stolen personal information.
In particular, U.S. Pat. Nos. 7,209,886; 7,421,398 and 7,421,399 entitled “System and Method for Implementing Healthcare Fraud Countermeasures” which are incorporated herein by reference in their entirety, describe solutions to the persistent problem of phantom billing in which providers bill insurance companies for services that are not in fact rendered. These patents describe a relatively simple solution that uses biometric and location information to allow providers to create an event record that proves a patient is present when services are provided, thereby eliminating the risk of phantom billing. However, this system requires providers to install and use hardware and software which adds expense with little perceived improvement in efficiency or profitability to their practice. In the case of providers who commit phantom billing fraud, the resistance is because they would be caught. While insurance companies recognize the benefits of preventing phantom billing, so long as they can pass the cost of phantom billing onto the insured they lack sufficient incentive to require these tools. As a result, it is the insured patients that pay the cost of phantom billing and until now they have been relatively powerless because it is all the other industry participants that gather and control the data necessary to prevent phantom billing.
The growing tension exists in part because individuals are not in control of the data that is being gathered. Users are often faced with a take it or leave it choice to allow a mobile app or service to use biometric and location information, or simply not use the mobile app. A need exists for systems and methods that enable user control over location and biometric data that facilitate usage of the data by third party services, but retain fine grained user control over when, why and how that data is used.