Skip to content

Health and Privacy


Once upon a time, if you were having trouble managing your diabetes that information was written down on a paper chart, stuck in a manila folder and locked in a cabinet. Only you and your doctor knew. Nowadays, many more people might know, or guess. The most common way for health data to leak isn’t when hackers steal it. It’s when you give it away click by click. Just as marketers put bits and pieces of online information together to predict what toothpaste you buy, doctors and hospitals are using the same techniques in the hope of improving your health on the basis of stuff you haven’t told them. The rise of electronic health records, wearable devices and smartphone apps tracking your every breath, meal and heartbeat can only speed the spread of health information.

Carolinas Healthcare, which runs the largest hospital chain in North and South Carolina, has been plugging retail data for 2 million people into algorithms designed to identify high-risk patients, while Pittsburgh University Medical Center, Pennsylvania’s biggest healthcare system, has started using household and demographic data. Meanwhile, to better target their ads, drug companies are using systems run by companies like IMS Health and Symphony Health Solutions that buy up prescription data that’s been stripped of individual identities, but that can be linked through their software to a patient’s web browsing history. And researchers are finding ways to mine data generated by smartphones or other devices. One study used smartphones’ GPS systems, light sensors and microphones to predict whether someone was becoming depressed. It’s unclear what rules would protect that kind of information outside a research setting. More traditional data faces security threats, too, especially since the U.S. government started giving doctors financial incentives to switch to electronic health records under the 2009 economic stimulus law. Since then, there have been more than 1,100 incidents in which health information involving at least 130 million individuals was breached, including information on 80 million Anthem customers. Health data can leak out in attacks on other employers, too, as Sony employees discovered.