Through blogs and comments, patients and experts explore what it takes to find good health care and make the most of it.

Who's Looking at Your 'Digital Dust'


article image
Follow us on Facebook

Opportunities abound for sharing data "for good" – to turbocharge clinical trials, inform medical research, anticipate and better manage epidemics, and focus on individual health goals benchmarking oneself vs. peers.

At the same time, third-party data brokers and those with marketing interests with whom consumers have no direct connection of knowledge are scraping together bits of personal information from internet clouds, social networks and retail data from which profits are made. And that value does not accrue to the very individuals whose data is being sold.

Here's Looking at You: How Personal Health Information Gets Tracked and Used, published by the California HealthCare Foundation on July 15, is my take on the emerging world of "small data" (consumer-generated data), Big Data, the great opportunities for data analytics for public and personal health, and the growth of the use of peoples' "dark data." The privacy issues around data flowing out of credit card swipes, social network check-ins, digital health trackers' apps and smartphone GPS geo-location functions are thorny, especially for health – where HIPAA protections don't extend.


The infographic here illustrates scenarios of two consumers' self-generated data that's "out there." Kate is an engaged patient managing her chronic disease by participating in a clinical trial and feeding her data into a patient portal; using a mood-tracking app and checking in with peers on a health social network; refilling prescriptions, enjoying loyalty points from her favorite retail pharmacy; and using a credit card on Amazon to buy books on her condition. A third-party data analysis company aggregates Kate's profile, which is available to large employers, for a price. This could lead to employment discrimination, unbeknownst to Kate, who is looking for a new job.

In the second persona, Jermaine is a healthy nonsmoker who gets a blood test sent to a lab that's screening for smoking so that he can participate in his employer's wellness program and receive a discount on his health insurance premium. The wellness program compels Jermaine to sign an agreement that allows his lab data to be shared with a third party. He manages high cholesterol, adhering to a medication regime of prescribed statins, and he chats on Facebook with a group of guys who talk about basketball and health. A third-party data analytics firm mashes up his data and market-segments him into the category "Ethnic Second City Struggler." Jermaine is unaware that the bank to which he's applied for a home mortgage has access to this market research.

These two stories are real and documented.

Deven McGraw of Manatt, Phelps and Phillips, a legal privacy expert, warns in the report that "digital dust can have health implications even if the 'dust' is devoid of actual health information. FICO and other 'scores' could have significant implications for consumers – arguably as significant as a score generated using health data," she said.

Examples of that "non-health" data could be multiple late night check-ins on FourSquare from a bar combined with retail receipts from fast-food restaurants and line-items for over-the-counter sleeping pills and cans of Red Bull.

When it comes to consumer-generated health data, there are also privacy risks where one's information might eventually flow. The Privacy Rights Clearinghouse examined 43 popular mobile health and fitness applications between March and June 2013, half from Apple IoS and half from Google Android. Researchers found that 39 percent of free apps and 30 percent of paid apps sent data to someone not disclosed by the developer, either in the app or in any privacy policy.

HIPAA doesn't pertain to a large bulk of these data flows because they are generated outside of covered entities' jurisdictions. In addition to addressing the privacy law holes in the Big Data/small data era, there are ways for people to mitigate their risks, beginning with developers and third-party marketing firms making privacy policies more accessible, simple and transparent. Consumers need more information on the basics of how we each leave digital footprints in daily life. There is indeed value in sharing personal data and organizations that can help people benefit from their personal data analytics – in sickness and in health alike – should clearly discuss the benefits of sharing data for good and the value that can accrue to the consumer in kind. There are also emerging technologies for personal health data lockers and personal data clouds that could enable people to determine with whom and how they share their data.

On the upside, small and Big Data can and will drive public and personal health. Paul Wicks of PatientsLikeMe and Kipp Bradford, a biomedical engineer who is part of the "Maker Health" movement, are bullish on data analytics' role in supporting a continuously learning health system on a personal level, enabled through sensors, algorithms and scientists working through a "command center" that monitors people and alerts us (and our caregivers, as required) in real-time to tweak behaviors – such as taking a medication, eating a particular food, taking a walk or checking in with our doctors ASAP.

Think of this as applying the N of the many to the N of 1: as Bradford described, "When you do a clinical trial with 1,000 people, you're taking 1,000 people's physiologic measurements and generalizing that across a billion people. But if you can have a trial with 7 billion people, then you can understand the nuances of the effects on one person."

David Goldsmith of Dossia called this "population health made personal."

Health Populi's Hot Points: Big Data creates Big Opportunities along with Big Challenges. Consumers could get much smarter (quickly!) in engaging more mindfully in social networks, using cash for certain purchases that one mightn't want to be known by a third party and making conscious reward and benefit-risk trade-offs in personal data-sharing.

Technology developers and organizations using Big Data analytics could more transparently communicate consumer-friendly privacy policies, integrate security technologies that are available in the market today and respect consumers' data contributions – which are the lifeblood that must flow through algorithms to be useful.

Finally, policymakers need to realize and move on the fact that HIPAA isn't relevant to a world that's moving ahead much more quickly than regulatory bodies have done.

Mikki Nasch of The Activity Exchange, who was involved in the formative development of the FICO Score, advises: "Being conscious about how you are generating data about yourself will quantify into behavioral attributes. This will be your good driving record in the future."

My goal in writing this paper is to inspire all stakeholders in Big Data and health to be good drivers in the future.

This post originally appeared on Jane's Health Populi blog on July 16, 2014.

More Blog Posts by Jane Sarasohn Kahn

author bio

Jane Sarasohn-Kahn is a health economist and management consultant serving clients at the intersection of health and technology. Her clients are stakeholders in health, including providers, payors and plans; companies in biopharma, medical devices, financial services, technology and consumer goods, non-profits and NGOs.  She blogs on HEALTHPopuli , where this blog originally appeared, and you can follow her on twitter at @healthpopuli.

Tags for this article:
Health Information Technology   Jane Sarasohn-Kahn   Seek Knowledge about your Health   Inside Healthcare   Medical/Hospital Practice  

Comments on this post
Please note: CFAH reserves the right to moderate all comments posted to the Prepared Patient® Blog. Any inappropriate postings will be removed.

No comments have been entered yet.