Imagine that a for-profit company started monitoring public obesity by collecting body scans of passengers going through airport security and comparing how each person changes over time. Even if their faces were removed from the images, few would welcome the aggregation of such intimate information.
This intrusive airport scenario is fantasy—but is illustrative of what actually happens with our medical records in a hidden multi-billion-dollar trade.
Prescription records, blood tests, doctor notes, hospital visits and insurance records are all sold to commercial companies, which gather years of health information on hundreds of millions of people. These companies remove patient names but may include age, gender, partial ZIP codes and doctor names.
This big health data bazaar emerged from an industry created to help big pharmaceutical companies sell more drugs. For example, detailed reports help their salespeople target pitches to individual doctors based on what drugs they prescribe.
Data miners include prominent firms such IBM and Lexis-Nexis, as well as lesser-known ones such as QuintilesIMS. These firms say that the mass commercial collection of patient data will lead to medical breakthroughs, although revolutionary discoveries and disease cures are still yet to arrive.
At the same time, the secondary market in information unrelated to a patient’s direct treatment poses growing risks, privacy experts say. That’s because clues in anonymized patient dossiers make it possible for outsiders to determine your identity, especially as computing power advances in the future. Researchers have already re-identified people from anonymized profiles from hospital exit records, lists of Netflix customers, AOL online searchers, even GPS data of New York City taxi rides.
Re-identified data could give an adversary—whether a neighbor, a romantic or workplace rival, business competitor, political opponent or foreign enemy—the ability to humiliate or cause discrimination against someone. In parallel, an online black market in stolen identified medical data has grown in recent years, helping criminals commit medical identity theft and fraud to get free health care or medications and to obtain tax refunds.
The growth of the big heath data bazaar comes at a time that very few patients have access to their own comprehensive records for their own care, despite billions of dollars of U.S. government spending to encourage the adoption of electronic medical records. The trade in anonymized medical data is allowed under U.S. rules, although some countries, such as in the E.U., maintain tighter restrictions on the commercial use of private information.
At present, patients concerned about the spread of their medical data would be hard pressed to devise an individual solution. Consumers can take steps to boost the privacy of their non-medical data, such as by declining to share information with companies and by using VPN services and other privacy-enhancing tools while surfing the Internet. Such control is much harder with medical data.
In theory, a patient could choose doctors based on whether their electronic health record systems sell anonymized data, but even sorting out which companies sell what is not easy. In reality, we often don’t have this flexibility because our employer chooses the health insurance company, and our health plans limit the range of doctors.
A better solution would have the government extend privacy protections to all medical data, both identified and anonymized. That would mean outside companies could not buy and sell such information without explicit consent. Under such a system, patients could agree to share their information to help science in the future, but the choice should be theirs, not that of an outside company unknown to the patient.