The Next Great Privacy Battle Will Be Fought Over Your Health Data
Now is a good time to rethink who has access to your medical profile
In an initial visit with a health care provider, new patients routinely sign a disclosure form — often without giving it much thought. This document allows for (among other things) doctors to share your medical records, including diagnosis and procedures performed, with your health insurance carrier for reimbursement.
Should you decide not to sign or disclose your health information, technically speaking, medical records cannot be shared with a third party, including your insurance carrier. At that point, any and all expenses incurred become your responsibility.
In 20 years of clinical practice, every patient I’ve treated — with health insurance — has consented and signed the form.
Who wants to pay hundreds, sometimes thousands of dollars when they’ve already purchased health insurance? Plus, doctors and health insurers are bound by law to maintain a certain level of privacy when it comes to medical records. Imagine the implications if such protections didn’t exist and health care providers could simply sell or “share” sensitive information with third parties?
Today, many of us routinely disclose health metrics at the doctor’s office and elsewhere without giving it much thought. We also fail to read disclosures provided by social media sites, fitness applications, tech companies, and affiliated third parties. And yet, understanding the terms and conditions within such disclosures could mean the difference between knowing exactly who can access your health data, who cannot, and whether your information is protected at all.
More than 26 million Americans have now shared their genetic information with ancestry or DNA testing sites, perhaps without fully contemplating whether such results are in fact protected. Sure, it’s exciting to learn where you come from and whether you might have long lost relatives out there — but we should also consider whether it’s in our best interest for a third party, be they health or life insurance providers, current or future employers, to access our genetic makeup.
Wearables, DNA, and search history
Health-centric wearables are amazing gadgets. These days, a smartwatch, Fitbit, or any number of devices can read your heart rate, blood pressure, and even measure blood oxygen levels. Some can go magnitudes further, running an ECG scan, detecting irregular heart rhythms, and noticing if the wearer has had a sudden fall or accident.
In theory, a company with access to both your genetic information and the treasure trove of health data collected from your wrist or smartphone, will be able to deduce with increasing certainty, not only your risk of disease, but mortality risk as well. As genetic sequencing technology improves, more diseases will be diagnosed prior to symptoms, imaging studies, or lab tests. Genetic information will confirm, with varying degrees of certainty, if a disease process is likely.
Let’s take this health mining exercise one step further by combining your genetic information, health data from your smartphone or wearable device, and your internet search history. With all of the above in hand, a technology company could conceivably make countless risk assessments and sell them to anyone — from your employer to your life or health insurance company.
With such a backdrop, we not only see the value within our genetic and health data, but we can begin to contemplate how those unbound by health care privacy laws may use this information outside our best interests.
Tech toward health
Health care spending now constitutes nearly 18% of America’s GDP, translating to nearly $4 trillion every year. Apple, Google, Microsoft, Facebook, and Amazon are looking to gain market share, and expand their presence in this thriving sector.
This year alone saw Microsoft acquire Nuance, a leading provider of conversational AI and cloud-based clinical intelligence for health care providers, for a 23% premium no less. Despite a Justice Department probe, Google completed their acquisition of Fitbit for $2.3 billion. In an effort to disrupt health care, online retail giant Amazon along with Berkshire Hathaway and JP Morgan Chase launched Haven; a joint venture to reduce premiums, bring down costs, and provide employees health insurance.
Though Haven has been disbanded, employees from the project were placed within the three respective companies in an effort to carry out their mission. Amazon continues to make strong incursions into the prescription drug market with Amazon Pharmacy, and they are currently eyeing Medicare management in a concerted effort to enter the supplemental insurance space.
Then there’s perhaps the best positioned company when it comes to health data, Apple. Thanks to their health application and smart watch, the software and hardware giant can almost pick and choose how and when to plant their stake. And of course we can’t forget Facebook. The company launched “Preventive Health,” a tool that connects people to health resources and checkup recommendations from leading health organizations. Through this feature, users are encouraged to import health data, but the social media giant may not be obligated to protect it.
All these tech companies know full well that health care is essentially recession proof, with per capita health care spending nearly quadrupling from 1980 to 2018. And they’re all looking for a piece of the action. Directly or indirectly, these companies can assess your height, weight, age, level of activity, blood pressure, heart rate, ECG, medical and family history. Through partnerships or outright acquisitions, they may be able to access DNA information as well. With all this data, and their sophisticated AI algorithms, tech companies may become adept at not only predicting if you’ll come down with a certain illness, but the type of disease it’s likely to be.
While Apple has made strides on increasing privacy, other social media and tech giants have a less than stellar record for maintaining it.
In medical parlance, informed consent is when a patient understands possible side effects or complications, and grants permission to undergo a particular treatment.
Understanding if, or how, your DNA analysis will be used outside of tracing your origin story is crucial. For those thinking about an ancestry evaluation, do yourself a favor and read the disclosures, terms, and conditions before spitting in a tube or swabbing your cheek and sending it off in the mail.
Those who have submitted DNA samples without reading the fine print might consider revisiting their consent forms. Maybe email or write the company with specific questions: Who has, or can have, access to my DNA information? Can it be sold without my knowledge? If so, let them know you do not consent to sharing health information with anyone now, or in the future, and that disclosing such information without your consent violates health care privacy laws.
While posting a photo no longer requires much contemplation, sharing your DNA should. Do so with informed consent, full knowledge and understanding of the associated benefits as well as risks. Though we can’t go back in time, we can navigate the future having learned key lessons from the past.