Cancer survivor Steven Petrow, digital life writer for USA Today, feels betrayed by the hospital that treated him for cancer in 1984 and may now be selling the data, along with that of thousands of other patients:
My sense of betrayal only deepened when ProPublica and the New York Times reported on an artificial intelligence startup called Paige.AI, which was granted exclusive access to the center’s archive of 25 million slides of patients’ tissues. The company was founded by three hospital insiders: a member of its executive board, the chairman of its pathology department, and the head of one of its research laboratories. In addition, three other board members invested in Paige.AI, and the center itself is a part owner of the new company.
Are the slides of my cancer among them? My mom’s? My sister’s? I’m uneasy wondering whether they are being commercialized without our consent, or even without our being notified. The hospital claims that the data are anonymous, but anonymous data these days has a habit of somehow becoming identifiable. Data are the currency with the greatest value in research today. Steven Petrow, “Memorial Sloan Kettering, you’ve betrayed my trust” at STAT
Anonymity, in particular, is a moot point:
Your medical data is for sale – all of it. Adam Tanner, a fellow at Harvard’s institute for quantitative social science and author of a new book on the topic, Our Bodies, Our Data, said that patients generally don’t know that their most personal information – what diseases they test positive for, what surgeries they have had – is the stuff of multibillion-dollar business.
But although the data is nominally stripped of personally identifying information, data miners and brokers are working tirelessly to aggregate detailed dossiers on individual patients; the patients are merely called “24601” instead of “Jean Valjean”. Sam Thielman, “Your private medical data is for sale – and it’s driving a business worth billions” at The Guardian
In short, they can come to know a great deal about you; they just don’t know your name—unless, of course, there is a breach of some kind. A classic study found that, using just four pieces of “outside” data, researchers could identify 90% of shoppers using credit cards. Time Magazine reported in 2017 that “Researchers have already re-identified people from anonymized profiles from hospital exit records, lists of Netflix customers, AOL online searchers, even GPS data of New York City taxi rides.” One would expect detailed medical data to be even more revelatory.
Technically, in the United States, the data is owned by health care providers but federal privacy laws determine how it may be used. After that, in the age of Big Data, everything blurs.
This week NPR’s All Things Considered looked at the question of who should be allowed to profit from the masses of medical data used to develop drugs:
Milind Kamkolkar, chief data officer at the drug company Sanofi, says it’s already difficult to track the many murky transactions having to do with people’s personal medical data.
“Sometimes it just feels like it’s ‘blood diamonds’ in the world of data sharing,” he says. “We can’t really track how that data came through, but someone’s making money off this, and making an incredible amount of money off this. Personally, I think there are going to be regulations as we start waking up to this phenomenon.”
He says companies like his, seeing big changes ahead, would be willing to pay individuals something for their data, if that gave them clear rules about how they could use it. And there are now companies springing up to explore this idea. Kamkolkar serves as an adviser for one such firm — Hu-manity.co. Richard Harris, “If Your Medical Information Becomes A Moneymaker, Could You Get A Cut?” at All Things Considered/NPR (October 15, 2018)
Big data companies are used to seeing the stream of data as a free natural resource, like air. As Jonathan Bartlett has noted here at Mind Matters, “The best data mining comes from finding ways to get other people to give you data without even realizing that is what they are doing.” But the context was comparatively trivial matters like developing machine recognition of, say, a cat, based on 50,000 people posting images of their pets on social media. Concerns about privacy and compensation are less likely to arise from social media data mining than from medical data mining.
Hu-manity.co is marketing the idea that “Your data should be your property.” It is working toward a goal of getting pharmaceutical companies to pay $10 a month for access to its users’ medical data, though the health care provider would still technically “own” it, as at present. The users could keep the money or, if they wished, donate it to a non-profit. Founder and president Michael De Palma told NPR “It’s a $60 billion business right now, just in medical data, right? So why should we not have some component of that?”
But is money really the biggest issue? In Our Bodies, Our Data: How Companies Make Billions Selling Our Medical Records (2017), privacy expert Adam Tanner points out that, paradoxically, in the Grand Bazaar of eagerly sought medical data “comprehensive electronic files for patient treatment—the reason medical data exists in the first place—remain an elusive goal. Even today, patients or their doctors rarely have easy access to comprehensive records that could improve care.” Many people would probably see better access to and control over their own medical data for themselves and their physicians as a greater priority than making money from it.
Note: The audio and transcript for this segment of All Things Considered are here.
See also: Who built AI? You did, mostly (Jonathan Bartlett)
Our anonymity may be an illusion