Use of Personal Health Data by Third Parties Poses Privacy Concerns
July 16, 2014 in News
Third parties often can access individuals’ personal health information by searching through “big data” from mobile phones, credit card activity, Internet use and other sources, according to a new report from the California HealthCare Foundation, Healthcare IT News reports (McCann, Healthcare IT News, 7/16).
CHCF publishes iHealthBeat.
Such data give firms “the potential to paint a detailed health profile of individuals, as well as to describe whole communities based on location, health conditions or other factors” without the affected individuals’ knowledge, according to the report (Central Valley Business Times, 7/15).
Details of Report
According to the report, consumer data available for purchase and analytic use include:
- Contact information;
- Demographic information;
- Financial and credit data; and
- Information on lifestyle, interests and activities (CHCF report, July 2014).
Some such data are not covered in HIPAA’s privacy and security restrictions, which is why third parties are not liable under the law and can purchase individuals’ information without their consent or knowledge (Healthcare IT News, 7/16).
The use of such data by third parties could present privacy concerns because of:
- Firms’ profit-focused intentions;
- HIPAA restrictions;
- The potential re-identification of de-identified data; and
- Use of “dark data,” or data that individuals are not aware are being used.
However, the report noted that data mining also could lead to improvements in:
- Chronic disease management;
- Clinical trials;
- Harnessing self-tracking data for academic and research purposes;
- Increasing focus on individual health goals;
- Predicting and tracking epidemics; and
- Aligning retail customers’ demands with the health care industry.
According to the report, the benefits and challenges of data mining should be balanced by:
- Ensuring that individuals have control of their data;
- Simplifying the complex regulatory framework for data mining; and
- Using personal health data lockers or clouds (CHCF report, July 2014).