Who Owns Your Health Data?
"Personal Data will be the new 'oil' - a valuable resource for the 21st century. It will emerge as a new asset class touching all aspects of society”. That's taken from the introduction of a report from the World Economic Forum published in January 2011. It's a fascinating read, especially when they put forward the vision of a personal data ecosystem where individuals can have greater control over their personal data, digital identity and online privacy, and they will be better compensated for providing others with access to their personal data.
Sounds great, right? Sadly, it doesn't look like we are on the path to that vision.
For this vision to manifest itself, healthcare companies must buy into it, which means that they have to evolve their current business practices and models. The same is true for governments around the world. Given the recent revelations from Edward Snowden, making this vision a reality seems unlikely.
Does anyone believe we should own our health data?
Due to my background, I think a lot about our health data and the steps that we can take as citizens to help in the creation of this vision. I even gave a TEDx talk with my own ideas.
Though some leaders in the industry, such as Walter de Brouwer are stepping forward and bravely advocating that patients should own their own health data, it's not the norm. Business models for free health apps are based upon users giving permission for those apps to collect, transmit, share and sell their users' personal data.
What are the current risks?
The current estimate is that are 40,000 health apps in the market place. In addition, a recent study by the Privacy Rights Clearinghouse stated that 72% of the assessed health apps presented medium to high risk of personal privacy violation. Additionally, of the free apps they reviewed, only 43% provided a link to a website privacy policy.
When was the last time you read through the terms and conditions, end user licence agreement or privacy policy BEFORE you agreed to download a health app? Take a look at this example of the privacy policy of Fitbit, would you read this?
Now, you may think that your health data alone is not that valuable, and you may well be right. However, if 100,000 people are using a health app, and a corporation accessing that data has heart rate, activity levels, sleep levels etc on all 100,000 people, then that 'cohort' of data becomes considerably more valuable. Whether it's scientists in a pharmaceutical company looking to understand people's health or a fitness company looking to understand which consumers to target for their next fitness product, getting access to this type of data unlocks new value for these organisations. That's not necessarily a bad thing, because we all want society to make progress in improving our health.
Unfortunately, I don't believe that consumers are currently able to make an informed choice. Unless you read through every line of all the policies, it's not that easy to find answers to these 3 questions;
Who owns your data?
Who has access to your data?
Who profits from your data?
Someone must be doing something to help answer these questions?
The US government has recently published new proposals that lay out a "voluntary" Code of Conduct for mobile application short notices. Whilst it's a modest step forward, it's not enough. With almost 20 years of working with other people's personal data, I knew I had to do something.
As luck would have it, I was introduced to one of the leading experts in security and privacy of health data, Dr Tyrone Grandison based in the USA. We identified the need for a simple way of consumers being able to understand what they are agreeing to BEFORE they download a health app.
Dr Grandison and myself are working on a new service, launching this summer, called 'Who Owns Your Health Data?'. We hope that our service will allow each of you to make an informed choice when it comes to health apps.
We are open to collaborating with others who share the same goal. Feel free to email us at info@woyhd.org