How Private is Our Health Data? 

by Adrian Yang

How Private is Our Health Data? 

Why Data Privacy is Urgent in Health Industry

Worrying about personal data and privacy is a relatively new phenomenon. We have really only had the technology to collect data a decade or two, and most people just really haven’t thought much about data harvesting, or data crimes in general. It’s human nature to be trusting, and in particular, we are very trusting of our health care providers, and how our health care providers handle our information. Therefore, it came as something of a rude awakening when not only was Roe v. Wade overturned last summer, but we also found out how little protection we had over our own health care information. Women everywhere were told to remove their period tracking apps from their phones, so that no one could use the data in them against them legally. This was possibly the first time on a national scale where people realized HIPAA was not a blanket privacy protection of health information. 

tablet with health data on patient

Role of HIPAA

Remember when, in 2012, a father realized his teenage daughter was pregnant because Target was sending her coupons for baby clothes? The retailer figured that out because of the pattern of products she was buying. Technically, data is supposed to be unidentifiable, but the reality is that it actually carries its own fingerprint. HIPAA and other privacy laws restrict entities like healthcare providers and hospitals from sharing sensitive medical data with third parties.That is,unless all identifying information is removed from datasets before selling them. But even scrubbed data can be re-identified. There’s no regulation, so brokers are essentially doing whatever they want, and hyper targeting is so precise, it can be traced to the person. HIPAA also does not extend to data brokers, digital health platforms, apps, search engines, ISPs, or anything outside your doctor’s office. This means there are literally countless companies legally collecting and selling your health information. 

Obesity Leads to Targeted Ads

In addition, mental health apps, health websites, and pharmacy coupon and deal finder apps have also been found to collect and share data that consumers haven’t really understood to be sensitive-for example, buying pregnancy tests or certain vitamins can reveal aspects of health, as can certain OTC medications. This data can be sold to outside parties, who target the original buyers, who are unaware they have been targeted, or that their data has been sold. There are lists of people who have illnesses like Obesity, and cancer who are unaware of being on these lists,  World Privacy Forum, and they are placed in categories like “Diabetes Focus” and “Cholesterol Focus.”, 

which are then sold. All of this happens without the knowledge of the people whose data it actually is. 

Data Brokers Want Your Medical Data

During the Covid 19 Pandemic, which was experienced globally, the US also experienced a perfect storm of cyberattacks- while the world was shut down, doctors visits became telehealth visits, and our health information kept in hospitals became even more vulnerable. 

As it stands as of October 2022, an HHS rule that Congress ordered in a 2016 law requires doctors to make digital medical records accessible to patients. That should help patients as they shop around for medical care, but it also opens a data-protection gap. Once patients download their data, it’s no longer covered by HIPAA.

According to Politico, these laws have legs.

Several data protection bills could get a second look in the new Congress:

  • The Data Care Act from Sen. Brian Schatz, (D-Hawaii) would bar companies from using consumer data in a way that could cause foreseeable harm.

Executive action: President Joe Biden has directed the Department of Health and Human Services to issue new guidance for protecting health data as well as information on how consumers can protect their own data. He’s also asked the Federal Trade Commission to consider taking steps to protect data for people seeking abortions.

Biden has also issued a proposed AI Bill of Rights, which advocates building artificial intelligence with data privacy in mind. Developers should minimize data collection and get consent for any data collected, it says.

As of now, education on surveillance and data privacy issues, and taking them seriously will go a long way towards understanding future policy and digital transformation. Our past several elections have hinted at what issues might arise, and our lawmakers are needing constituents who are educated and engaged to help strengthen the platforms we need towards our futures. 

by Adrian Yang Dec 14, 2022