Categories
Patients

Returning the Control of Health Data to the Consumer

The vast amount of data available in today’s technology-driven and hyper-connected society is astounding. We create data everywhere we go with our smartphones, tablets, and laptops, and the increasing prevalence of the Internet of Things means that even more of the devices we interact with on a daily basis are gathering and sharing information. The application of this information through the creation and interpretation of large data sets, i.e. big data, is becoming an increasingly valuable economic force. Organizations in both the public and the private sectors are leveraging big data across industries, including healthcare, to develop more effective practices, inspire innovative breakthroughs, and better serve consumer needs.

The growing role of data in our lives and the data trading markets that have arisen raise important questions about data access and ownership. Who rightfully owns data, the individual creating it or the organization collecting it? Who has the right to access all of this information and what are they allowed to do with it? Who ultimately has more control when it comes to data use, the individual or the organization? Unfortunately, there is not a clear answer to these questions because in many cases our laws simply have not caught up yet. When it comes to electronic health records in the United States, providers are technically the owners (in every state except New Hampshire) since the data is recorded and stored on their IT systems.

One example of new data-related legislation, which came into effect just this year, is the General Data Protection Regulation (GDPR), enacted by the European Union. The goal of the law is to ensure better data protection and privacy for all individuals by enhancing their rights when it comes to the handling of their personal information. The new rules require organizations to ensure that consumers explicitly consent to data collection and clearly understand the type of information being collected. Individuals in the EU now have the right to access their personal data, to request corrections to inaccurate data, and to restrict the use of their data. Although the full impact of the GDPR remains to be seen, it is a step in the right direction towards consumer empowerment when it comes to data.

There is no doubt that big data will continue to shape the future of healthcare. It is being used to predict epidemics, cure diseases, provide better preventative care, and lower costs, among other positive things. However, individuals have a surprising lack of control when it comes to their own health information. They are often asked to sign away health data ownership via blanket consent forms at times when they are scared or vulnerable, such as before surgery. Consumer rights need to be evolving alongside the use of data in healthcare. Patientory believes individuals should be able to easily access their own comprehensive health data and manage the use of it on their own terms. This is why we developed our distributed application. You can learn more about our solution to healthcare data access and control here.

Categories
Blockchain Patients

The Dark Side of Medical Data Trading

Longitudinal data, i.e. data collected from an individual at multiple points in time, can be very useful to medical researchers and provide valuable insights into health and illness. A famous example is the Framingham Heart Study, which was initiated in 1948 and continues on today. Researchers have followed three generations of participants, collecting and analyzing data to successfully identify the common characteristics and risk factors associated with cardiovascular disease. This type of health data use is common in clinical research and epidemiology, where aggregated data can reveal important information that leads to improved patient care and public health practices. However, health researchers motivated by advancing medical science are not the only ones interested in longitudinal data collection. Commercial companies motivated by profit are interested too.

There is a multi-billion dollar industry that exists around the buying and selling of medical data. Despite the fact that this is a common practice, many people are unaware of it. Data brokers pool data from hundreds of millions of pharmacy prescriptions, medical records, insurance claims, etc., and then slice and dice the information to sell to interested parties. This is technically allowed under the Health Insurance Portability and Accountability Act (HIPAA) because the data is intended to be anonymous. The medical information is not tied directly to a name, social security number, or detailed address. However, data brokers still add unique numbers to the data they collect, which allows them to build detailed patient dossiers by linking different pieces of information to the same individual. And with today’s advances in data mining technology and the vast amount of data available, the re-identification of anonymized data has only gotten easier.

Overall consumers have a troubling lack of control when it comes to their own medical data. We’d like to think the information we share with our healthcare providers remains private but this is not the case. In fact, the legal right of commercial companies to collect and sell health information without the explicit permission of the patient has been upheld by the Supreme Court. In the 1990s, the dominant player in the medical data trading industry began selling data to pharmaceutical companies on what individual physicians were prescribing to patients. These drug companies would then use the information to better tailor and target marketing and sales efforts. Once people caught on and started to complain about the invasion of privacy for profit, a few states passed legislation to limit the trade of prescriber-identifiable information. The major data broker then took them to court and won on corporate “free speech” grounds.

So why are the rights of data brokers to sell data privileged over the rights of patients to manage their own health information? Patientory does not have an answer to this question but we do believe in the power of blockchain to shift this paradigm. Distributed ledger technology has the ability to democratize data access by securing and validating data through a network rather than a single database. In addition to addressing cybersecurity and interoperability issues, blockchain technology can place the control of medical data sharing into the hands of individual patients through an app like Patientory’s. We believe consumers have a right to access their own health information and limit or permit the use of it as they see fit.

Categories
Patients

Did You Know Your Medical Data Fuels a Multi-Billion Dollar Industry?

In 2017, the legal buying, selling, and trading of our personal medical data comprised a $14 billion dollar industry; that number is expected to grow over $68 billion by 2025. Adam Tanner is the author of Our Bodies, Our Data: How Companies Make Billions Selling Our Medical Records. In an article for Time magazine, Tanner writes: “The growth of the big health data bazaar comes at a time that very few patients have access to their own comprehensive records for their own care, despite billions of dollars of U.S. government spending to encourage the adoption of electronic medical records.” You can find the full article here.  

Patients have a distinct lack of ownership when it comes to their own medical data. They are often asked to sign blanket consent forms that allow the practice of data trading when they are sick and potentially vulnerable. The buying and selling of medical data without explicit permission from the patient is technically allowed under HIPAA because the data is stripped of personally identifying characteristics, including names, Social Security numbers, and addresses. However, with today’s data mining technology and the vast amount of data available, the re-identification of anonymized data is only getting easier. Patientory believes it is time for patients to be put back in control of their own health information.

Categories
Blockchain Patients

Data Brokers Have Access to Your Health Information, Do You?

In today’s technology-driven world, data is an inevitable part of our lives. From fitness wearables to wireless medical devices to electronic medical records, the digitization of health information will continue to be a common practice. There is another common practice in the healthcare industry that most people do not like to talk about: medical data trading. A multi-billion-dollar market exists for information found in medical records, including prescription records, hospital visits, blood tests, insurance records, and doctor notes. Commercial companies are able to buy and sell this data without violating HIPAA because the information is not directly tied to an individual’s identity. However, the records bought and sold are often still associated with an age, gender, partial zip code, and a doctor’s name.

In the past, the stripping of a name, address, and social security number from a medical record would have been sufficient to protect anonymity. In today’s world, this is not the case as the re-identification of seemingly anonymized data is only getting easier. A straightforward data mining tool can easily cross-reference multiple databases to aggregate data and re-identify individuals from their theoretically private medical information. As an example, Harvard University Professor and computer scientist Latanya Sweeney was able to link zip codes, birth dates, and gender from a voter registration list to publicly available medical data, including hospital discharge records and health care cost data on hospital visits. And this was research conducted almost twenty years ago! The capabilities of data mining technology have only improved alongside the vast amount of data available today.

While consumers have the ability to increase the privacy of their non-medical data and control access to it, there is a frustrating lack of control when it comes to medical data. Even with the advent of electronic medical records, patients still do not have access to comprehensive health data across providers due to a lack of interoperability. Additionally, there is no way for patients to opt out of third parties using their anonymized health data for commercial purposes or otherwise. Theoretically, patients could choose healthcare providers based on whether or not their health information systems sell anonymized data, but in reality, this choice is limited by health insurance companies and specific health plans. If the patient is truly at the center of healthcare, then the management of health information needs to reflect that.

Patientory wants to change this narrative by applying blockchain technology to electronic health information. In addition to blockchain’s robust cybersecurity abilities, it can democratize data access in favor of the consumer. Instead of storing and distributing data through a single database, multiple copies of the same data are shared on a ledger distributed across a peer-to-peer network of users. When one copy of the ledger is changed, all of the other copies are updated in real-time and the validity is guaranteed by the network. By using a distributed application like Patientory’s to access electronic health records, patients will have the power to decide exactly who can access their medical data and for what purpose. The corporate rights of data brokers should no longer be privileged over the rights of consumers to control their own health data.