The commodification of personal data through use of social networks has created critical privacy issues for citizens around the world. As Google, Facebook, Amazon and other corporate entities extend into more sensitive and financially lucrative areas such as health and medical data, important questions of data ownership arise. Do patients have ownership of their personal data, or do they co-own with these corporate entities, including Google or Facebook? Similarly, does the state or municipality also share ownership with the patient and Google? Important privacy and ethical dilemmas arise from these blurred boundaries of health data co-ownership.
“Zuckerberg San Francisco General Hospital and Trauma Center.”
Whether you’re familiar with this hospital or not, the name should stand out. Think for a minute if the name Zuckerberg rings a bell? Healthcare is not the connection you probably came up with, but social media and related technology companies are becoming interconnected with healthcare. Mark Zuckerberg (CEO and founder of Facebook) and his wife, Priscilla Chan, gave $75 million to fund equipment at the hospital and it was consequently renamed.
Moving outward a bit, we see further entities involved in social media, e-commerce, technology, and related ventures. The new stakeholders in healthcare – technology companies, e-commerce behemoths and alike – are disruptors in their own industry and bring real threats to a delicate industry based on the trust between provider and care-seeker.
In this new healthcare and technology era, what we now have is a struggle whereby citizens or patients do not clearly know who owns, utilizes, or shares their personal health data. In essence, patients may not be individuals seeking care, but could “merely” be seen as data points for corporate medical stakeholders.
Privacy in E-health is Scary
Wearables, e-health, and electronic health record (EHRs) have all made privacy more important. Not hyperbolic, but privacy should be the (medical and technological) nightmare for anyone connected to medical and/or health data – industry, researchers, government, and patient/citizens, too.
Currently, there are blurred lines between what constitutes health data or closely related areas of lifestyle data. For example, lifestyle data might include one’s mood, total time spent on social networking apps, or how many meals they’ve eaten that particular day. An individual’s health activity data can include real-life activities (e.g., daily movement, or time spent out of their home), health data (including blood pressure metrics or medication intake), and context data (such as social contact, mood, or life satisfaction) (1). These areas are starting to blur – as what is viewed as lifestyle data might be considered health data – or can impact medical conditions (e.g., finances can affect emotions, or variables such as mood can affect things such as clinical depression, and geolocation information can be used to predict onset of medical conditions like depression). When one considers self-quantification, the Internet of Things (IoT), wearables and e-health, it’s clear that the line between lifestyle data, health data, and medical data is blurring.
So, what exactly is health data? One possible definition is “personal information that relates to the health status of a person”, and includes both medical data (e.g., doctor referrals, prescriptions, medical examination reports, laboratory tests, X-rays) and administrative and financial information about their health (e.g., scheduling of medical appointments, invoices for healthcare services, or medical certificates for sick leave management).
Corporate Actors in Health Data
The big four tech companies, GAFA (Google, Amazon, Facebook and Apple), are all very much involved in today’s lucrative and massive healthcare industry: examples include Google’s Deepmind project with the NHS in England (notably, Deepmind’s AI can process 100,000s of medical information in minutes), or Google’s health technology business, Verily. Second, online retailer Amazon’s recent foray(s) into healthcare includes buying the U.S. prescription fulfillment company, PillPack, and has entered into a to-be-determined initiative with Berkshire Hathaway (the prominent investor Warren Buffet owns Berkshire Hathway), and JPMorgan Chase, a large financial services company (banks, credit cards, etc.).
Apple, the manufacturer of the iPhone and creator of the Mac operating system, is in a partnership with the American healthcare juggernaut Stanford Medicine to use Apple’s ResearchKit (collecting data from both the Iphone and the Apple Watch) to study patients with atrial fibrillation (AFib). To the disapproval of many regulators, Facebook was recently reported to have asked several major U.S. hospitals in the San Francisco area to share anonymized data about their patients, such as illnesses and prescription info, for a proposed research project. Facebook was intending to combine it with user data it had collected, and “help” the hospitals consider which patients might need special care or treatment.
Health and medical data is seen as a particularly risky (2) and sensitive (3-4) type of personal data. Due to their sensitivity, health and medical data have financial value. Fullz – or a complete set of an individual’s personal data that can be sold to criminals – are sold on the Dark Web, with more complete fullz (including an individual’s health record) selling for €22 EUR in the U.S. or €35 EUR in Europe.
Privacy and ethical dilemmas arise from the aforementioned blurred boundaries of health data co-ownership. But there is a clear solution: being a patient in this age of data, where both governments and corporations want to own and use your data, individuals should own their data, or at least be in full control of their data. The state or municipality should not control our personal data. Neither should Google, or Facebook, or any other corporation. We, as individuals in a democratic society, should be in control of our data, and be given full control to grant others access, and the right to use our data – whenever we think it is of advantage to us.
Facts. Data Definitions Under GDPR
As defined by the GDPR, “data concerning health” means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.4 As noted, our world has become connected in many unforeseen ways, leading to the generation of massive amounts of data (including health data). Whether the use of devices connected to the Internet, or IoT, [think of that Alexa smart speaker you have sitting in your kitchen] and other connected devices, these technologies create new metrics and types of health data. Further, these new and massive amounts of data include patients’ linked data in their EHRs, or biometric data used to identify patients (including faceprint, palmprint, etc.). This should not be considered an exhaustive list, but mentioned to highlight the notion that what entails health data today is constantly evolving.
Cory Robinson is Senior Lecturer/Assistant Professor in Communication Design at Linköping University, Sweden.
(1) Seifert, A., Christen, M., & Martin, M. (2018). Willingness of older adults to share mobile health data with researchers. GeroPsych: The Journal of Gerontopsychology and Geriatric Psychiatry, 31(1), 41-49. doi:10.1024/1662-9647/a000181
(2) Robinson, C. (2017). Disclosure of personal data in ecommerce: A cross-national comparison of Estonia and the United States. Telematics and Informatics, 34(2), 569-582. doi:http://dx.doi.org/10.1016/j.tele.2016.09.006
(3) Sahama, T., Simpson, L., & Lane, B. (2013, 9-12 Oct. 2013). Security and privacy in ehealth: Is it possible? Paper presented at the 2013 IEEE 15th International Conference on e-Health Networking, Applications and Services (Healthcom 2013).
(4) Fernández-Alemán, J. L., Señor, I. C., Lozoya, P. Á. O., & Toval, A. (2013). Security and privacy in electronic health records: A systematic literature review. Journal of Biomedical Informatics, 46(3), 541-562. doi:https://doi.org/10.1016/j.jbi.2012.12.003
The picture is from Unsplash.com, taken by Martin Brosy. The Google logo is put in the picture.