top of page
Digital-Frontier-Alliance-logo

Digital Frontier Alliance 

My Data. 
My Dignity.
My Voice.

Digital Frontier Alliance's
First Project 

Explore the Initiative!

  1. About My Data. My Dignity. My Voice.

  2. Data Dignity Pledge

  3. The Risks of Data Misuse

  4. Infographic #1: The Risks of "De-identified" Data

  5. Infographic #2: The "Data Re-identification" Pipeline

  6. Initiative Goals

  7. Proposed Action Items 

  8. Definitions and links to Medicaid & Recipient Rights resources

About
My Data.
My Dignity.
My Voice.

Michigan has a uniquely strong tradition—and legal structure— protecting the rights of people receiving Medicaid and public behavioral health services. But as technology advances, deeply personal data about diagnoses, service history, and struggles can end up in the wrong hands and sold as a product.

Why Start Here? Everyone is impacted by data privacy

Michigan's public behavioral health system serves a population with unique challenges, and many with exceptional service needs. Eligibility is based on financial need and medical diagnosis. This population includes adults with intellectual and developmental disabilities, mental health needs, or substance treatment needs. It also includes children.​

38%

of MI Medicaid

Recipients are Children 

About 38% of people enrolled in Medicaid in Michigan are children—roughly 1 million kids each year. When their data is exposed, it can be among the most valuable on the dark web. Because their records are ‘fresh’ and their credit is often not being monitored, children become prime targets for identity theft and other data misuse.

My Data. My Dignity. My Voice. is the start of a long-term conversation. Everyone who cares about making sure this sensitive data is a protected right – not a product to be bought and sold – can start learning about the risks and working on solutions. The initiative is rooted in the belief that ethical data practices are a shared responsibility, and seeks to:

Close Loopholes on Outdated Laws: Laws like HIPAA* were written for an earlier era and leave gaps that today’s data practices can exploit. Leaders across Michigan’s public behavioral health system must act in the spirit of these privacy protections and work to close the loopholes of outdated rules.

Educate Each Other and Learn Together: The risks of data misuse are new to most of us. We can learn and work on solutions together.

Empower People Served and Advocates: Digital Frontier Alliance is helping to spark the conversation, but the voices of people receiving services and their families are the most important key.

Share and Connect Anytime, Anywhere: This initiative is a “decentralized model,” so that ideas and resources can be shared as quickly as possible. There is no reason to wait for Digital Frontier Alliance to hold an official meeting or rally before taking action today with the local advocates you already know and trust. You can visit the Advocacy Toolkit page and use the Proposed Action Items and Advocacy Playbook to start conversations anytime.

Starting Today:

You can work with your trusted allies to learn about the issues, review the proposed action items and decide if you want to support them:

 

 

1. Data Dignity Bill of Rights: Help write a Data Dignity Bill of Rights for people receiving services. Share your ideas about what data privacy and ethical practices mean to you. What do you expect from your service providers? If you feel comfortable sharing your ideas with us, use the Contact Form.

2. Data Dignity Pledge: Tell service organizations to sign the pledge promising to protect private behavioral health data and to close loopholes.

3. Statewide Recipient Rights Data Dignity Workgroup: in the You can also contact the Governor and your State Legislators and ask them to create a statewide workgroup through a resolution or in the fiscal year (FY) 2026-27 Budget. A workgroup is a way to bring people together from across the state to find solutions to problems. The workgroup would be review the risks of data misuse and recommend laws and other guidelines to improve Recipient Rights protections in an era of rapidly changing technology.

 

Visit the Advocacy Toolkit for more ideas to take action. This website will have more opportunities for collaboration in the near future. In the meantime, you can Contact Us with ideas for the initiative anytime.

Data Dignity Pledge

The “Data Dignity Pledge” is a promise to put the interests of vulnerable people first and to work to prevent the misuse of sensitive data. Urge leaders and organizations to sign the pledge today! 

Data Dignity Pledge
Key Points

  1. Recognize that Data is a Protected Right

  2. Implement a Sanctuary Standard of "Meaningful Consent"

  3. Reject Extractive Platforms

  4. Prohibit Unsecured Website Tracking

  5. Define Privacy Zones

  6. Reject Broad Data-Sharing Agreements

  7. Commit to Spirit and Intent of Data Privacy Laws

  8. Commit to Ongoing Transparency

One of the key elements of this pledge is an ongoing commitment to close loopholes and to honor the spirit - not just the letter - of privacy laws.

Behavioral health data is a protected right, not a commodity

The Risks of Data Misuse

Artificial Intelligence Circuit

01

Invasion of privacy

Private healthcare information could be shared with unknown 3rd parties

02

Job Discrimination

Hiring and other employment decisions could be influenced by private healthcare information

03

Housing Discrimination

Housing decisions can be unfairly influenced by hidden risk profiles

04

Higher Insurance Costs

Hidden ‘shadow profiles’ based on online behavior and de‑identified health data can end up increasing private health insurance costs

05

Predatory Ads

People could receive digital ads about sensitive services (e.g. bipolar disorder) that they searched for online

06

Dark Web Predators

People could be at risk of identity theft, financial scams, or other scams

Let's Work Together to Prevent Harm

Data can help doctors, other clinicians, and researchers improve patient health outcomes. Data help people who care, identify problems and find solutions. In the wrong hands, however, sensitive data can be misused. 

The Risks of De-identified Data in the Age of AI

What is De-Identified Data?

De-identified health data is medical information that leaves out 18 key details, like your name and address. HIPAA allows de-identified health data to be shared, but its protections are outdated.

1. A "Blurred" Image 

Your identity is "blurred" from some data sets but not others

2. Some Data Can Be Re-identified

Even if your name is removed from healthcare data before it's shared, other data like voting records can help link the information back to you

3. Risks of Re-identification

If sensitive data are linked back to you, there are risks, including employment discrimination and being targeted for online scams

In the age of AI, it is getting easier to link private healthcare data back to you

Graphic titled ‘The “De‑Identified” Data Blur: Is My Identity Really Protected?’ showing the same man on a porch, first with his face clear and then with his face blurred. A flow chart explains that so‑called de‑identified behavioral health data can be matched with other data, like voter records, social media, and online purchases, so data brokers can re‑identify people and profit from their health information.

The Data Unblurring Pipeline

1. Data Accumulation 

Data brokers pull data from any and all available sources about individuals, including anything from social media, phone apps, voter records, and health records

2. Data Matching

Algorithms and AI are used to match the data to specific individuals with different degrees of accuracy. They can't always find a perfect match.

3. Risks of Re-identification

If sensitive data are linked back to you, there are risks, including employment discrimination and being targeted for online scams

A deeper dive into the data re-identification process

Graphic titled ‘The Data Unblurring Pipeline: Is My Identity Really Protected?’ Step 1 shows social media scrapes, voter records, purchase records, and app location data flowing into a central data repository with supposedly de‑identified behavioral health data. Step 2, an ‘analytic correlation engine,’ uses AI and algorithms to match data back to people, risking re‑identification. Step 3 lists harms: targeted predatory advertising, insurance profiling, risk scoring and discrimination, and data reselling.

Initiative Goals

Goal #1: Create a statewide plan for ongoing education and accountability about data misuse and new digital technologies

Goal #2: Keep profit and money-making out of Michigan’s public behavioral health data

Improve Data Privacy Protections and Close Loopholes in MI's Public Behavioral Health

Proposed Action Items

Let's Start the Conversation!

Opt-in &
Meaningful Consent

Behavioral health leaders must improve the meaningful consent standards for 3rd-party data‑sharing agreements. Meaningful consent means that people can understand what an agreement says and can choose to opt-in (say yes or no), without it hurting their services

Data Dignity Pledge

Organizations, leaders, and clinicians are invited to sign the Data Dignity Pledge, recognizing that sensitive behavioral health data is a right - not a commodity - and pledging to adopt policies, contract language, and other tools that follow the spirit of data protection laws, not just the letter.

FY27 Statewide Workgroup

Ask State leaders to convene a statewide workgroup on Recipient Rights to: (1) review the risks created by current data privacy loopholes in the public behavioral health system, (2) recommend updates to guidelines, laws, contract requirements, and policies, and (3) set up an annual review process to keep pace with changing technology.

Office of Recipient Rights

Ensure the State of Michigan Office of Recipient Rights has enough resources to keep up with changing technology and recipients’ data privacy rights, to share this information, to set clear compliance requirements, and to conduct regular reviews.

Laws, Policies & Contracts

The State can strengthen data protections for recipients and close loopholes in downstream contracts by adding new policies and language to the FY27 PIHP and MHP contracts. The legislature can pass laws that put the sensitive data of protected, vulnerable populations ahead of commercial interests. Local providers, PIHPs, MHPs, CMHSPs, and CCBHCs can improve privacy protections through their own contracts and policies. A statewide workgroup can help standardize these requirements so recipients are protected across the State.*

*Acronyms:

  • ​Prepaid Inpatient Health Plans (PIHPs)

  • Community Mental Health Services Programs (CMHSPs)

  • Medicaid Health Plans (MHPs)

  • Certified Community Behavioral Health Clinics (CCBHCs)

Data Dignity Bill of Rights

People receiving services through the public behavioral health system and their advocates can begin drafting a Bill of Rights to tell State and Local leaders and providers what data privacy and data dignity mean to them, and what they are expecting from those entrusted with their care.
 

Please click on the button below to start sharing your ideas for the Bill of Rights. More information about sharing ideas and collaborating with others will be available soon. 
Help Write a "Data Dignity Bill of Rights"

Board Resolutions

Boards of Directors of public PIHPs and private organizations can adopt resolutions that: (1) promise people receiving services that the organization will proactively close loopholes that put their sensitive information at risk, (2) direct leadership to add contract language and policies that protect this data, and (3) require public transparency and accountability.

Advocacy Toolkit

Ongoing Learning & Awareness

People receiving services need clear, ongoing information about how their data is used, what their rights are, and how to speak up if something feels wrong. Leaders in the system also need to stay up to date on data privacy risks, best practices, and new laws so they can keep policies, contracts, and day‑to‑day practices aligned with data dignity.

View Research

Key Definitions

*   De-identified healthcare data

Removing your name from a report. But watch out: If the report still has your age, zip code, and other information, people might still be able to guess it’s you.

A data broker is a company that collects, buys, and sells people’s personal information, like where they live or what they buy, often without them knowing.

*   Data broker

*   HIPAA Federal law

Health Insurance and Portability Accountability Act (HIPAA). The Federal law was enacted in 1996. It protects patient data and privacy; however, the law is outdated. (link to HHS HIPAA home page).

*   Loophole

A loophole is a small gap or mistake in a rule or law that lets people avoid following it the way it was meant.

Click for More Definitions

Michigan Public Behavioral Health

 

*   MI Medicaid serves appx. 2.6 million low-income children & families, elderly people, individuals with disabilities, and people who are pregnant annually 

*   38% of MI Medicaid beneficiaries are children

*   Public behavioral health includes intellectual and developmental disabilities, including autism, mental health services, and substance use disorder, among other services

*   In MI, the Federal and State Medicaid funding, is managed by 10 local public Prepaid Inpatient Health Plans (PIHPs), private Health Plans, and 46 local Community Mental Health Services Programs (CMSHPs). Private service providers and vendors are contracted to provide services.

Learn More

Michigan Office of Recipient Rights

*   Mission and Vision: To protect and promote the constitutional and statutory rights of recipients of public mental health services and empower recipients to fully exercise these rights.

*   Recipient Rights Handbook and Podcasts available here

*   Codified in Chapter 7 of the Michigan Mental Health Code

Learn More
bottom of page