We originally published this post on our Online Privacy Blog, but we’ve updated it here as the story has progressed. (Originally published January 31, 2017.)
Most of us know friends or relatives with serious mental conditions, or we ourselves are coping with them, whether they are mental health, cancer, or other conditions. What many of us don’t know is that the data about our medical records and conditions are being bought and sold to data brokers like IMS Health (or others) for a profit.
Many of us don’t realize that our personal medical history data is being bought and sold, and honestly, we don’t even have a choice whether or not our data is shared with data brokers.
This is what Adam Tanner writes about in his book, Our Bodies, Our Data: How Companies Make Billions Selling Our Medical Records. Adam is also the author of What Stays in Vegas: The World of Personal Data–Lifeblood of Big Business–and the End of Privacy as We Know It, which covers similar topics in a different light.
We got the chance to catch up with Adam and pick his brain.
‘Anonymized’ Data vs ‘Identifiable’ Data
One of the key points that Mr. Tanner addresses in his book is the differentiation between ‘anonymized’ vs ‘identifiable’ data. Since HIPAA (Health Insurance Portability and Accountability Act) was introduced in 1996, health records have been sold to data brokers containing ‘anonymized data’, which is simply health record data without any unique identifiers (such as your name, social security number, address, etc).
Because this data is ‘anonymized’, medical patients have no say in whether or not their data is shared with data brokers. Mr. Tanner explained that in most cases, even the medical professionals are generally unaware that their patients’ data is being sold to data brokers.
Although this data is mostly ‘anonymized’, it can be used to build a health record about a person after being cross-referenced with other information databases, which can reveal the identity of that person. Tanner wrote about one of the most prominent examples of this data ‘re-identification’, when the former Governor of Massachusetts was re-identified from his anonymized medical data. The risk of identification is real, and is growing as the scope and sheer amount of data collected continues to grow.
What are the Implications of Sharing Identifiable Health Data?
The potential for prejudice is of the most controversial issues behind the buying and selling of consumer medical data, as well as the resulting lack of opportunity for those being judged on their medical history.
Our world is changing: big data is controlling billion-dollar business decisions, China is already moving towards giving citizens a ‘social credit score’, and foreign governments are using social media to affect our elections. It’s not that implausible to believe that health insurance providers, or even potential employers, could be making business decisions based on your medical history, or even just web searches about potential symptoms.
Although it is highly illegal today, it is alarming to be potentially living in a world where health insurance, or even employment, is inaccessible because of your personal medical history.
Health Data Paradox
One idea that has been discussed with Adam was the Health Data Paradox. The paradox is: while there is all of this anonymized patient data that’s being bought and sold around the world, it’s extremely difficult for medical patients to receive an electronic record of their own medical history. On top of this, medical professionals don’t have any kind of comprehensive electronic central database to access medical record when treating patients.
Some fitness tracking devices, like your Fitbit or iOS Health App, offer a starting point for health coverage providers to deliver some kind of ‘health dashboard’, but existing products don’t have any way to track your day-to-day health, nor are they able to communicate with your doctor’s office. Based on industry history, the future doesn’t look too bright if two of the largest tech companies in the world (Microsoft and Google) have been unable to create a centralized health portal.
The Obama administration spent $30 billion trying to digitize medical records, so that we may realize a centralized electronic medical database. While many practices were able to digitize records, there still no centrally-mandated health record software provider. Because of this, we are stuck with a disparate, fragmented, and non-centralized system.
Gaining Control Over Your Data
Unfortunately, people fall ill, get hurt, and need to get help from medical professionals. But, they whether they know it or not, these medical professionals are selling patient medical data to data brokers. Although this data is mostly ‘anonymized’, it can still be used to build a health dossier about you when run against other information databases, which can then be connected to the rest of your online life.
Medical patients don’t have a choice in whether or not their data is shared with data brokers. While many people don’t have a problem with this medical data being shared, individuals should still at least be given the option to opt-out of their data being bought and sold.
DeleteMe works to remove your personal information–such as your name, address, and phone number– from the leading data broker websites, like MyLife, Spokeo, and Whitepages.
While some data sharing might be out of your hands, we can help control as much of the identifiable data as possible.
Abine, Inc. is The Online Privacy Company. Founded in 2009 by MIT engineers and financial experts, Abine’s mission is to provide easy-to-use online privacy tools and services to everybody who wants them. Abine’s tools are built for consumers to help them control the personal information companies, third parties, and other people see about them online.
DeleteMe by Abine is a hands-free subscription service that removes personal information from public online databases, data brokers, and people search websites.
Blur by Abine is the only password manager and digital wallet that also blocks trackers, and helps users remain private online by providing ‘Masked’ information whenever companies are asking for personal information.
Abine’s solutions have been trusted by over 25 million people world.