Patient data can be assembled, sold to marketers, insurers, researchers
HIPAA—passed 22 years ago to improve information security, control costs and reduce administrative burdens—faces daily challenges with increasing cybersecurity attacks and data breaches. But what about personal information that is not covered by this law? A physician can’t tell an advertiser about someone’s diabetes, for example—but what about social media posts, credit card purchases and publicly available information? When assembled, these data can paint a picture that, whether accurate or not, can provide insight into one’s health.
A recent Kaiser Health News (KHN) story explored what can be inferred from online activity that can be monitored by third-party groups. These “profiles” offer insights into consumer behavior, which data aggregators may sell to drug companies, insurers and other interested parties.
According to KHN, around the turn of the century, “most of the health data that existed in the world” resided in well-protected medical records, said Deven McGraw, a former official with HHS who oversaw health data privacy. “Now we have many more data coming from so many other sources.”
Considering recent controversies about Facebook’s data sharing policies, the sale of personal information should be troubling, according to Anna Slomovic, a lead researcher at George Washington University’s Cyber Security Policy and Research Institute. It may seem relatively insignificant, but companies can use that data to market products and services or conduct research.
And the data may not accurately represent that person—considering the abstract methods for drawing conclusions about health and behavior, that digital shadow might not reflect reality. The KHN story uses the example of a person using her credit card to buy two beers and nachos. Is that a sign of unhealthy behavior? What if it was, instead, an act of generosity, with the person picking up the tab for a few friends?
The Internet of Things becomes more inescapable. Toothbrushes, refrigerators, wearable fitness trackers—it’s easy to forget just how many ways activity can be monitored.
“Many of these things are great technological developments that we shouldn’t shun. It’s just we should be recognizing that there [are] unwanted and unanticipated aspects,” said Adam Tanner, author of “Our Bodies, Our Data,” which discusses data collection, sorting and sales.
Check out the full story at Kaiser Health News.