healthcare data privacy - mark sander - updatedThis Little-Known Healthcare Data Privacy Issue Carries Serious Implications

In April 2018, Mark Zuckerberg was a key focal point of a congressional hearing on data privacy and the use of Facebook user's data by Cambridge Analytica in political research for the 2016 presidential race. Numerous civil lawsuits are ongoing as a result of the use of what many identify as private data and this will undoubtedly end up in front of the U.S. Supreme Court in one form or another. Other court cases have been ongoing in the European Union where recent laws have greatly strengthened an individual's right to privacy.

In the case of Facebook, the major point of dispute is whether or not an individual user was properly informed and/or consented for use of their personal data and whether or not Facebook and their partners, namely Cambridge Analytica, kept within the boundaries of this consent.  

Putting legality aside, let's looks at this from a basic business and data perspective. Facebook is a platform that is used by millions of users and charges them absolutely nothing for the service, data storage, or even any type of user license. So as a user, I am using their service for free. Any 12-year-old knows THERE IS NO FREE LUNCH IN THIS WORLD. Therefore, it is implied that Facebook is somehow profiting from me somehow, somewhere in our transactions.

So, what am I essentially giving to Facebook as a quid pro quo? The use of my data, which they in turn utilize or sell in aggregate to various forms of advertisers. A reasonable person understands this simple principle of commerce, yet a reasonable person would also expect that there are boundaries as to how this data will be used and by whom and that Facebook will stay within these boundaries. Users don't seem to mind that someone knows where they went on vacation, that their child just graduated or what restaurant they had dinner at last night. They posted it on Facebook because they wanted others (mostly their friends) to know about it.

Amazon is widely credited with being first, and ultimately perfecting, the use of Big Data in their customized marketing to users on their site in the form of pop-ups.  I have never heard anyone complain. Yet quite the contrary. I hear many praises of Amazon for their use of technology and on-target product recommendations. Amazon has stayed within the implied boundaries.

You might be surprised to learn Facebook is not the only company maintaining a history on your life and profiting from this data. Did you know that your doctor and the hospital or health plan they sold their practice to has a complete medical history of your entire life? Healthcare providers of all shapes and sizes were virtually mandated to implement EMR (electronic medical records) as part of the first phases of Obamacare.

Let's review this as a sequence of events. You have been seeing the same primary care physician for 15 years. They have a complete paper file on you in their office that includes every blood test, blood pressure and pulse reading, diagnosis, prescription, MRI, CAT Scan, and appointment notes ever created on your behalf. Then four years ago the expenses and pressures of running their private practice led this doctor to join a regional hospital/healthcare organization. This new organization had an enterprise EMR system in place and your doctor loaded all 15 years of your medical history onto the system so that he and others treating you had a full picture or your health history. That's of great benefit to you as the patient, right?  Well, maybe not quite exactly as you think....

What no one has told you is that the large health plan that bought your local doctor's practice pools your medical history with all the other patients in the system and then sells that data to pharmaceutical companies and other research-based organizations. They "blind the data," removing your name from it so no one can figure out it is you personally, but did anyone ever disclose to you that this was taking place? This has actually been going on for years, probably dating back to the launch of Pharmacy Benefit Managers in the 1990's such as Merck-Medco and Express Scripts. Major insurance plans have also adopted this practice in various forms over the years.

Was it disclosed to you that this use of your data was taking place?

Did you provide permission for your data to be aggregated with others and used in this manner for profit?

Did you knowingly wave your rights to privacy and ownership of this data? 

Now, let's go to back to the quid pro quo Facebook scenario. With Facebook, I didn't pay anything for the services I received. In the case of my doctor, I did however pay for his services. With the lab that processed my blood tests, the facility that conducted my MRI or CAT Scan, and for every pill dispensed to me, I also paid. Medical expenses for most people tally up to thousands of dollars each year and we, perhaps with reimbursement from our insurance policies that we also pay for, pay for these treatments.

The question now becomes, who owns this lucrative data generated on my behalf? Me, the patient who paid for it, or the provider who produced it on my behalf and promptly bills me for their services?

THIS IS GOING TO BE THE NEXT LEGAL BATTLE IN THE WORLD OF DATA PRIVACY. Given the financial components and magnitude of this issue, it will certainly not blow over nearly as quickly as the Facebook/Cambridge Analytica questions have. It is only a matter of time. What makes this set of data even more valuable and more litigious is that not only does it violate my privacy as a patient and as an individual, but it also violated my rights as a paid-in-full owner of this data.  I don't see the courts ruling on the side of medical providers and insurance companies that they have the right to profit millions of dollars on data they charged someone else to generate.

In closing, I would like to leave you with two questions to consider:

  1. Do you consider your health history private and do you exclusively own the data generated in creating it?
  2. After you have paid for medical services, do you feel comfortable with those who provided those services or reimbursed you in the form of insurance payments, profiting from your health without prior full disclosure or consents?  

Mark Sander spoke at HMG Strategy's recent 2018 New Jersey CIO Executive Leadership Summit on May 2. To learn more about HMG Strategy's upcoming summits in Boston and other Northeast U.S. locations, click here