Despite the obvious impact imposed on population health by the pandemic, it had some positive effects on healthcare. Amidst social isolation requirements, Americans were forced to live their lives in a more confined and virtual manner, which resulted in telehealth systems being utilized to a greater extent. Numerous health-related apps hit the market, coming to Americans’ rescue for issues ranging from exercise to mental health. In many ways, these new advances demonstrated just how far health technology had come. But it also created an abundance of health data in the process… to the delight of health data brokers.
To some extent, health data brokers have always dealt in the business of selling health data. But the digital age in general, and the pandemic specifically, created opportunities for business on a much greater scale. Unlike health providers and entities, many of the health-related apps and technologies developed weren’t under any restrictions. As a result, many chose to offer lists and collections of health data for sale to generate revenues. While you might think such data would be offered in an anonymous fashion, this is far from the case. Even now, health data brokers enjoy significant freedoms and sales when it comes to individual health data for sale.
“Health data is some of the most sensitive data out there, and most of us have no idea how much of it is out there for sale, often for just a couple hundred dollars.” – Justin Sherman, Senior Fellow at Sanford School of Public Policy, Duke University
The Health Data Market
In the last few years, the number of health data brokers have increased steadily. In California alone, there are over 400 of these types of brokers registered. Naturally, demand for health data for sale has driven these figures, and brokers have been happy to oblige. In fact, the rise in data and brokers has lowered the cost of acquiring various types of health data. For a minor investment, companies can obtain vast amounts of select health data for sale. Such data ranges from aggregate information about the number of antidepressant users in a specific area to individual information. And presently, this is all perfectly legal.
Much of the current health data for sale has come from third parties involved in the app development process. Various types of health-related apps collect demographic information, medication use, patient conditions, and much more. Naturally, app users may not wish for this information to be shared with others, especially ad companies. But in the vast majority of cases, users are not even aware of the information health data brokers collect. This makes it difficult to control, especially when opt-out opportunities are not clear or provided. For these reasons, it’s quite easy for mental health apps, telehealth platforms and even online pharmacy services to deal in data.
“[Brokering health data is] a hideous practice, and they’re still doing it. Our health data is part of someone’s business model. They’re building inferences and scores and categorizations from patterns in your life, your actions, where you go, what you eat — and what are we supposed to do, not live?” – Pam Dixon, Founder and Executive Director, World Privacy Forum
A Loophole in Data Privacy Protections
For many Americans, it is presumed that health data brokers wouldn’t be able to access health data for sale. The Health Information Portability and Accountability Act (HIPAA) is supposed to treat health data as private and special. But the problem lies in the entities that HIPAA actually restricts in data-sharing activities. In essence, it only pertains to providers and health-covered entities like doctors, hospitals, and health insurance companies. Private health app developments and various telehealth companies fail to fall under the umbrella of HIPAA protections. In fact, there is no current federal law or regulation that prohibits health data brokers from selling personal health information to a buyer.
The problem is that the health data for sale today targets some of the most vulnerable populations. Those with mental health issues, cancer, and other chronic diseases are among the more common groups for which such data is sought. In many instances, this data is then used by companies to tailor their advertising campaigns to a select audience. In other instances, health insurance companies might use it to scrutinize medical costs or adjust pricing. Even law enforcement has been known to use this information in the pursuit of undocumented immigrants. And all the while, none of these individuals have a clue that health data brokers are dealing in their data.
“Digital health companies and mobile apps should not cash in on consumers’ extremely sensitive and personally identifiable health information.” – Spokesperson for the Federal Trade Commission
Hope for Future Change?
At the current time, some states have enacted legislation that begins to address health data brokers and their behaviors. California and Vermont now require such brokers to register within the state so consumers may be aware of them. However, most states do not. At a federal level, some Congressional representatives are calling for changes and stronger protections against health data for sale. But this has yet to occur. And the Federal Trade Commission is pursuing the issue more aggressively as of late. It recently negotiated a $1.5 million civil penalty against the company GoodRx for selling health data lists for targeted ads. Change is slow but change is occurring.
As always, the issue involves trying to stay up-to-date with the lates technologies. In addition to telehealth, apps, and other platforms advancing during the pandemic, legislation slowed. Now, it’s time to play catch-up as health data brokers continue to increase their activities. Data privacy protections are incredibly important issues for all, and safeguards should be in place. At a minimum, greater transparency should be required to allow users of health apps and technologies to make better choices. And in an effort to evoke real change, this must be accompanied by penalties and enforcement. At this point, that is yet to happen. So, in the meantime, it’s important to be wary of what health data is provided and where that data might end up.