Who Owns Your Medical Data? Apparently Not You…
[Thursday, November 14, 2019] This week we found that Google has been going through the personal medical data from millions of patients without the patients’ consent and most of their doctors knowing about it. Google made a deal with a major hospital system to share private patients data to be used to create new products. A deeper dive shows that although nothing illegal was done here, it highlights a big loophole in the HIPAA law. We all assume and expect that our healthcare providers will protect the privacy of our data and only use it for purposes intended such as getting reimbursed by our insurance companies and help us get better care. However, in the process the healthcare systems create enormous amounts of data that could be invaluable to companies that use such data to create new products, i.e., ways to make more money from us. So far there has been a disconnect between “owners” of the data, namely our healthcare providers, and the monetizers of the data, namely, information hogs like Goggle. In this case, the major healthcare provider, Ascension, used a loophole in the HIPAA laws, where the healthcare providers can employ contractors to use the private medical data they collected from their patients to create new information warehouses, organizing, collating, analyzing and using the data in any way they seem fit. Ascension shared private medical records from millions of its patients with Google in an effort to create new products that can be used initially by Ascension to “help” its patients, while giving Google the ability to generate new products that Google can then sell to other healthcare providers. It’s a perfect business deal where Google gets access to data it cannot otherwise get and Ascension gets to monetize its enormous data in more ways. Yes, Ascension is claiming altruistic goals but in a cynical world both companies are for profit ventures that are trying to figure out ways to generate returns. The patients were not told because the patients already signed off their data to Ascension via the HIPAA waivers they all signed, and both Ascension and Google knew that patients would likely not like the perception of their data being used this way. It was not illegal but creepy certainly. And it is just the start. Other “owners” of private medical data probably will learn from it and we will likely see more such deals and it will not be prime time news, next time. The realities of the times we live. |
|