Modern field guide to security and privacy
Image from a new check-in process at a medical office in San Francisco.
Jeff Chiu/AP
|
Caption

Does the health data industry prioritize profits or patients?

In his new book about medical privacy, Adam Tanner argues patients are in the dark about a multibillion dollar industry that profits from their medical records.

What's really driving the health data industry? Is it a passion for improving health care? Or is it all about profiting at the expense of privacy?

In his new book "Our Bodies, Our Data: How Companies Make Billions Selling Our Medical Records," Adam Tanner argues that the industry for medical data – from insurance claims to blood test results – is driven by greed.

I recently spoke with Tanner, writer-in-residence at Harvard University’s Institute for Quantitative Social Science, about the thriving medical data industry and what patients don't know about how their information is collected and commodified. Edited excerpts follow. 

Selinger: You make two striking claims in your new book. Most of us overestimate how much control we have over our personal medical information. And patient medical data fuels highly profitable exchanges that patients don’t benefit from. What doesn't John Doe know about how his medical data is used?

Tanner: John doesn’t know that at every stage of his journey through the medical system information about him is being sold commercially. John goes to the doctor. The door gets shut. John tells his physician about pains he’s experiencing and the conversation is entered into an electronic medical system. Later on, the doctor sends the pharmacy a prescription for pain killers. That script can be sold along with other information that’s stored in the electronic medical system. The same thing happens when the psychiatrist makes a prescription. And insurance claims related to all of this may be sold, too.

In all of these commercial transactions, the data never lists John Doe’s name. It does, however, contain information like John’s birth date, the section of town John lives in, the name of John’s physicians, and more. All of this information is gathered into a master file and sold commercially.

Selinger: What do you think John would do if he learned this?

Tanner: John’s confidence in the medical system might be undermined. If he knew that other people knew about his medical struggles and treatments, he might become more anxious about losing his job. That fear might also disincline him to tell all of his medical providers everything that’s troubling him. Over time, as more people like John realize what’s going on, inhibition might grow. As a result, the medical system could become less efficient and less accurate. 

Selinger: In these situations, who are the middlemen and who are the clients?

Tanner: The middlemen are the people who handle the electronic data, including those who can access electronic medical record systems in doctors’ offices, the companies that processes the prescriptions which are sent to pharmacies, the pharmacies themselves, and labs where people like John Doe go to for blood and urine tests. Keep in mind that the processes of digitizing medical data have accelerated dramatically in recent decades.

Now it’s easy for anyone who has access to medical data and can scrub out patients’ names to sell the information to data mining companies that most people aren’t familiar with. The world’s largest health data miner is QuintilesIMS. It’s a $20 billion company. There also are companies in the mix that the public is familiar with based upon their work in other fields. IBM Watson Health, for example, has dossiers on hundreds of millions of patients. LexisNexis, which is known for its legal databases, has dossiers on many patients. And many of our insurance companies have commercial businesses that sell anonymized patient data. 

Selinger: Why is this information valuable?

Tanner: What’s generally happening is that drug companies want to use this information to assist their sales and marketing. They build doctor identified dossiers that list which drugs doctors prescribe. For example, they know that John Doe’s psychiatrist and primary care physician always prescribe Drug A. So they might send sales representatives to these doctors’ offices who offer the physicians lunch, free samples of Drug B and literature that states the new medications are preferable to alternatives. This is a big deal. You don’t sell drugs in the United States unless you get doctors to prescribe them.

Selinger: Let me play devil’s advocate and ask if there’s another way to look at what drug companies are doing—one that doesn’t revolve so strongly around self-interest. Might the folks who run these companies believe that their representatives are recommending the best products for patients? 

Tanner: Pharmaceutical representatives, who don’t have to have scientific backgrounds, aren’t always the most knowledgeable specialists to inform doctors about new drugs. We're talking about folks who tend to be attractive and outgoing and don’t usually apprise doctors about anything more than the drugs they’re peddling. Generic alternatives are not part of the conversation. So while pharmaceutical representatives may have informative things to say, they’re probably not giving the most complete medical information that’s available.    

Selinger: All of the information that we’re discussing meets US government requirements because of how it’s anonymized. Since you believe it’s much easier to de-anonymize medical data than most people assume, should the Health Insurance Portability and Accountability Act (HIPAA) be revised? 

Tanner: HIPAA, which governs the rules for the transfer of medical data about patients, dates back 20 years. Over that time, technology has changed considerably. It’s much easier and cheaper now to store and search through lots of information and amass targeted data sets.

HIPAA states that if data is anonymized then you have no say about what’s happening with your medical information. You don’t even need to be informed about the sale of a blood test that reveals you have a serious disease. I’m suggesting we need to have a public discussion about this matter. The discussion can’t happen if the trade is completely opaque, which it currently is. Until patients are better informed, they can’t judge a medical system that’s evolved to allow commercial companies to decide what’s best for the country.

Selinger: What about the data security standards of HIPAA? Are they good enough to thwart hackers? 

Tanner: We’ve seen a big upsurge in medical hacking throughout diverse medical offices and institutions. In one hack that was discovered in 2015, Anthem health insurance lost approximately 80 million consumer records. People like myself who weren’t even Anthem customers were exposed, probably due to secondary trade. Clearly the security protections outlined in HIPAA are not as robust as in other sectors, like finance. That should be corrected.

Once medical information about you is hacked, it can’t be put back in the bottle. Compare this with credit cards. If your credit card is stolen, you’ll suffer some inconvenience and hassle, but the bank will pay you back. By contrast, you stand to lose quite a bit if your sensitive medical information is put in circulation.

Selinger: What about medical information that falls outside the scope of HIPAA?

Tanner: That’s important, too. When data brokers compile dossiers, they include information from lots of sources, ranging from fitness devices and apps to comments patients make on public hospital webpages. Data scientists can match the HIPAA compliant anonymized data with the rest of this non-anonymized information and figure out who are the most likely people to be afflicted with a certain ailment. For example, they can conclude that women between the ages of 42 and 57 in a certain area of the country with certain socio-economic and commercial attributes are most likely to suffer from depression. Now, many people in this group might not suffer from depression. But many others do and might be surprised to receive a direct solicitation about it. 

Selinger: Should new laws or systems be put in place that allow patients to benefit financially when their data is sold?

Tanner: Nobody’s personal medical information is all that valuable. One researcher suggests that a complete medical file might be worth $1-$15. What’s worth billions is collective medical information.

The most appealing option would be to allow patients to donate their medical data to science for research purposes without getting entangled in commercial loops. A good model for this is the Framingham Heart Study. In recent years, it’s allowed volunteers to opt-out of commercial transactions — including sales and marketing — without slowing down science. It’s true, only a small percentage of people have chosen to opt-out. But the option is there.

Selinger: The original hope was that electronic medical records would empower patients. They were supposed to improve how patients are diagnosed and treated by providing comprehensive, standardized, and portable documentation. What went wrong?

Tanner: I call this the “paradox of medical data.” We would like doctors to get information about us when they need it. Things that happened years ago can illuminate what’s happening to us right now. And yet patients still don’t have easy access to their complete records and lots of medical systems can’t communicate with each other. At the same time, companies who are not invested in our wellbeing are successfully learning quite a lot about us. 

Evan Selinger is a professor of philosophy at Rochester Institute of Technology. Follow him on Twitter @EvanSelinger.