At least one in three people – a staggering 50 per cent of the U.S. population – is having their health and medical data captured by an unknown third party, the American public learned this week thanks to the findings of a new study published by the University of Toronto. Personal lab results, diagnoses, prescriptions – they are all fair game to the thousands of data brokers constantly collecting, analyzing and selling people’s most sensitive health-relayed information. Though this has been going on for a number of years it has never taken place on the scale it is today, with advertisers, social media platforms and even government getting in on the data action. Healthcare data company Optum has been doing so since 1993 and today is joined by drug maker GlaxoSmithKline, for example, which buys data from DNA testing firm 23andMe, as well as insurance companies and even credit reporting agencies.
Any transactions conducted by you are at risk of data capture – your transactions at the supermarket, gym, health food store, as well as your activities recorded by connected exercise bikes, pacemakers, blood glucose monitors and wearable fitness trackers. The study found that, to the horror of the U.S. population, 19 of the 24 most popular health-related smartphone apps in fact sell user data to third and fourth parties, identifying users medical conditions and health behaviors and concerns.
“The key finding from our study is that health related data is widely shared with companies that have nothing to do with health,” said study leader Quinn Grundy. “The consumer has no way to know exactly what is happening with their data and what consequences there might be.”
Given the rapid growth and anticipated explosion of the wearable medical device market, the study’s findings are of significant concern to the American public. The global wearable medical devices market is anticipated to reach $23,310 million by 2025, up from a measly $6 million in 2017, growing at a CAGR of 18.1 per cent from 2018-2025. With wearable medical devices classed as anything that can be worn to monitor one’s personal health and fitness through recording basic health parameters such as heart rate monitoring, blood pressure monitoring and the tracking of daily activities, the wearables market has surged in popularity in recent years due to the growing awareness of the importance of fitness together with the rapid growth of pharmaceutical and biotechnology industries.
It is gravely concerning that at a time where the American public is more concerned with the protection of personal information than ever before, we are seeing this ultimate breach of privacy – one that is exploiting the American people on an unprecedented scale. As the volume and nature of the data being captured through the internet, mobile devices and other connected gadgets grows, we see the gradual blossoming of a multibillion-dollar industry is unfolding with virtually no oversight. It begs the question: do we own our own health data? And if not, who does?
Currently New Hampshire is the only U.S. state that mandates its residents own their own private medical data. In 21 other U.S. states, the law dictates that medical records are the property of one’s hospital or physician. Shocking, huh? So if a person has undergone an abortion, been prescribed anti-depressants or ever experimented with alternative medicines and treatments such as hemp-infused products, contaminated mushrooms and ayahuasca, the law explicitly supports that one’s doctor or medical faculty is able to sell this information to the highest bidder. Interestingly, state and federal law actually dictates that patients do initially have legal privacy rights when it comes to personal health information, but once that information is captured in electronic form the health care provider then takes rightful possession of that information, since they own the media in which that data is stored. So, the law protects the privacy of its citizens – but only to a point.
The larger conversation we have been having around personal data breaches and its impact on society will no doubt leap onto this abysmal breach of privacy in the coming months. The implications this conversation might have on the way health apps are operated, to the way we are given prescriptions by our doctor are currently unknown – but for the sake of consumer privacy let’s hope things change before we lose the final remaining fragment of privacy we seem to have in this day and age, where jumping on the internet for five minutes will more often than not result in a personal data breach.
It’s undeniably eerie and disconcerting to think of who might be analyzing your personal data, tracking your personal medical records and accessing information you mightn’t even be comfortable telling your best friends. So before you rush out and buy that fancy new wearable device or download that health app from the Apple store, consider the potential long-term consequences of syncing your private medical and health records with the Internet of Things.