Why Data Privacy is Urgent in the Health Tech Industry
Worrying about personal data and privacy is a relatively new phenomenon. We have really only had the technology to collect data for a decade or two, and many people haven’t thought much about data harvesting, or data crime in general. It’s human nature to be trusting, and in particular, we are very trusting of our healthcare providers, and how our healthcare providers handle our information. Therefore, it came as something of a rude awakening when not only was Roe v. Wade overturned last summer, but we also found out how little protection we had over our own health information. Women everywhere were told to remove their period tracking apps from their phones and other devices, so that no one could use the data in them against them in pursuit of legal action. This was possibly the first time on a national scale that people realized HIPAA was not a blanket privacy protection of health information.
The Role of HIPAA
You may or may not remember that back in 2012, a father realized his teenage daughter was pregnant because Target was sending her coupons for baby clothes. The retailer figured that out because of the pattern of products she was buying. Technically, data is supposed to be unidentifiable, but the reality is that it actually carries its own fingerprint. HIPAA and other privacy laws restrict entities like healthcare providers and hospitals from sharing sensitive medical data with third parties.That is, unless, all identifying information is removed from datasets before selling them. But even scrubbed data can be re-identified. There’s no regulation, so data brokers are essentially doing whatever they want, and hyper- targeting is so precise, it can be traced back to an individual. Furthermore, HIPAA protections do not extend to data brokers, digital health platforms, apps, search engines, ISPs, or anything outside your doctor’s office. This means there are countless companies legally collecting and selling your health information.
Obesity Leads to Targeted Ads
In addition, mental health apps, health websites, and pharmacy coupon and deal finder apps have also been found to collect and share data that consumers haven’t really understood to be sensitive. For example, buying pregnancy tests or certain vitamins can reveal aspects of health, as can certain over-the-counter medications. This data can be sold to outside parties, who target the original buyers, who are unaware they have been targeted, or that their data has been sold. There are lists of people who have chronic illnesses like obesity, and cancer who are unaware of their data being in these lists, World Privacy Forum, and they are placed in categories like “Diabetes Focus” and “Cholesterol Focus” and sold to advertisers.
All of this can happen without the knowledge of the people who this data belongs to.
Data Brokers Want Your Medical Data
During the COVID-19 Pandemic, which was experienced globally, the United States also experienced a perfect storm of cyberattacks. While the world was shut down, doctor’s office visits became telehealth visits, and our health information that was kept in hospitals became even more vulnerable.
As of October 2022, an HHS rule that Congress ordered in a 2016 law requires doctors to make digital medical records accessible to patients. That should help patients as they shop around for medical care, but it also opens a data-protection gap. Once patients download their data, it’s no longer covered by HIPAA.
According to Politico, these laws have legs.
Several data protection bills could get a second look in the new Congress:
- The Health Data Use and Privacy Commission Act, sponsored by Sen. Bill Cassidy (R-La.), aims to establish a blue-ribbon panel to recommend changes to health privacy laws. Cassidy is pressing to get his bill included in year-end legislation.
- The My Body, My Data Act, sponsored by Rep. Sara Jacobs (D-Calif.), creates protections for sexual and reproductive health data online.
- The Data Care Act from Sen. Brian Schatz, (D-Hawaii) would bar companies from using consumer data in a way that could cause foreseeable harm.
- The American Data Privacy and Protection Act would set federal privacy rights, with heightened protections for kids, and has the backing of Frank Pallone (D-N.J.), the House Energy and Commerce Committee chair, and Cathy McMorris Rodgers (R-Wash.), the panel’s ranking member and likely chair if Republicans take control of the House.
Executive action: President Joe Biden has directed the Department of Health and Human Services to issue new guidance for protecting health data as well as information on how consumers can protect their own data. He’s also asked the Federal Trade Commission to consider taking steps to protect data for people seeking abortions.
Biden has also issued a proposed AI Bill of Rights, which advocates building artificial intelligence with data privacy in mind. Developers should minimize data collection and get consent for any data collected, it says.
As of now, education on surveillance and data privacy issues, and taking them seriously will go a long way towards understanding future policy and digital transformation. Our past several elections have hinted at what issues might arise, and our lawmakers need constituents who are educated and engaged to help strengthen the platforms we need to build our collective future.