Many of us have friends or family with serious medical conditions—or cope with our own medical conditions—be it mental health, cancer, or other conditions. What many of these people who visit doctors may or may not know, is that data about their medical records and conditions is being bought and sold to data brokers like IMS Health (among others) for a profit.
Most people don’t realize that their personal medical history data is being bought and sold, and the truth is, we don’t even have the choice whether or not our data is shared with data brokers.
This exact topic is one that’s covered heavily by author Adam Tanner in his new book, Our Bodies, Our Data: How Companies Make Billions Selling Our Medical Records. Adam is also the author of What Stays in Vegas: The World of Personal Data – Lifeblood of Big Business – and the End of Privacy as We Know It, which covers many of the same topics in a slightly different light.
Last week, we got the chance to catch-up with Adam, and he let us pick his brain for a little while.
“Anonymized” vs. “Identifiable” Data
One of the key points that Mr. Tanner addresses in his book is the differentiation between “anonymized” vs. “identifiable” data. Since the introduction of HIPAA (Health Insurance Portability and Accountability Act) in 1996, health records have been sold to data brokers containing “anonymized data”, which is simply health record data with its unique identifiers removed (e.g. name, social security number, address, etc.…).
Because this data is “anonymized”, medical patients have no say in whether or not their data is shared with data brokers. In most cases, as Mr. Tanner explained, even the medical professionals are generally not aware that data about their patients is being sold to data brokers.
Although this data is mostly “anonymized”, when cross-referenced against other information databases, it can be used to build a health record about you, which can then destroy the data’s anonymity. One of the most prominent examples of this data “re-identification” was written about by Tanner himself, when the former Governor of Massachusetts was re-identified from his anonymized medical data. So, this risk is real, and in our opinion growing as the scope and sheer amount of data collected about individuals continues to grow.
One of the most controversial issues behind the buying and selling of consumer medical data, is the potential for prejudice, and the resulting lack of opportunity for those being judged based on their medical history.
In a world where big data is controlling billion-dollar business decisions, and where China is already moving towards giving citizens a “social credit score”, it’s not farfetched to believe that health insurance providers—or worse, potential employers—could be making business decisions based on your medical history, or your web searches about potential medical conditions.
Although highly illegal today, it’s a terrifying thought to live in a world where you would be unable to get health insurance—or get denied a job—because of your personal medical history.
Health Data Paradox
One interesting idea that was discussed with Adam last week was the Health Data Paradox. The paradox being this: there is all of this anonymized patient data that’s being bought and sold around the world, yet it’s extremely difficult for medical patients to receive an electronic record of their medical history. On top of this, medical professionals do not have any sort of electronic central database to access medical records when treating patients.
Some fitness tracking devices offer a starting point for health coverage providers to deliver some sort of “health dashboard”, but existing products don’t have a way of tracking your day-to-day health, nor a way of communicating with your doctor’s office. Looking at the industry’s history, the future doesn’t look so bright when two of the largest tech. companies in the world have basically failed trying to create a centralized health portal (think Microsoft and Google).
The Obama administration spent $30 Billion trying to digitize medical records so that we could one day achieve the goal of a centralized electronic medical database. While many practices were able to digitize records, there is not one centrally mandated health record software provider, thus resulting in a disparate, fragmented and un-centralized system.
Unfortunately, people get sick, we get hurt, we fall ill, and we’re required to seek help from medical professionals. These medical professionals, knowingly or not, are selling patients’ medical data to data brokers. While this data is mostly “anonymized”, when run against other information databases, it can be used to build a health dossier about you, which can be connected to the rest of your online life.
Medical patients don’t have a choice whether or not their medical data is shared with data brokers. Although many people do not have any issues with this kind of data being shared, individuals should, at the very least, have an option to “opt-out” of their medical data being bought and sold.
While the sharing of certain kinds of data may be out of our control, you can still gain control over the identifiable data that is put out there about you. Abine’s Blur allows you to block nosey tracking cookies so they can’t follow you from site to site when surfing the web, and it even allows you to create disposable email addresses or one-time-use credit cards (all in a few clicks) when you feel concerned about giving out your real identifiable information online.
Abine’s DeleteMe service works to remove your personal information like your name, address, phone number, etc., from some of the leading data broker sites on the web, like spokeo.com, intelius.com and beenverified.com, to name a few.
Some data sharing may be out of your hands, but we can help control as much of the identifiable data as possible.