Tech giants have faced increasing backlash in recent years over the amount and types of data they collect and the ways they seem to be using it. When they do communicate about what they collect and how, their answers are often a challenge for users to parse. This dynamic breeds frustration and fear, turning “data” into a dirty word. But it doesn’t have to be.
In my field of health tech, products like bespoke blood testing and wearables apply similar data-gathering paradigms to information about personal biology and wellness. That collected health data is on top of the wealth of standard medical information traditionally stored in electronic health records (EHRs) and testing facilities. When health data breaches take place, one of the most significant causes of panic is the realization that individuals are not certain exactly what information the company possesses.
Many people feel uneasy, if not outright distrustful, toward technology companies. But they also feel that in order to use certain basic and necessary products, they have no choice other than to opt in—despite knowing that their private data is being gathered and stored and not knowing how it’s stored or to what end. The tempest of concern swirling around big tech data-gathering boils down to two significant concerns: the lack of control over which data is being gathered and how and the obfuscation of how that data is being used.
Fortunately, I believe there’s a solution that can begin to address both: Give people ownership of their own health data.
As a pioneer in the health tech sector, I want to see the data ownership revolution begin in my own industry. By allowing people to control their own health data and making it a commodity that companies must acquire from consumers via fully transparent and consensual channels, we make data a democratizing force. Rather than fearing the collection of data, consumers can welcome the possibility of harnessing it for themselves in order to facilitate high-quality, personalized, equitable healthcare.
Who is collecting health data, and how are they using it?
The term “health data” refers to a broad range of information. Historically, healthcare data has comprised of medical records and doctors’ notes. This includes everything from personal and family medical history, to imaging, to dietary information, to the results of measurements and tests taken during healthcare appointments (like height, weight, cholesterol levels, blood pressure and so on). It also includes information about treatments and medications from the past and present.
Added to that list is information collected by various kinds of health tech companies, whether it’s diet-tracking in an app, hormone levels or wearables data from continuous glucose and heart monitors. They don’t just display that information to users—once they collect it, they have it themselves.
While there are nearly as many policies dictating what companies keep and how they store it as there are health tech companies, many companies are already in the game of collecting and storing healthcare data.
While companies purport to be open about their level of access to users’ personal information, it’s undeniable that there has been tension around calls for increased transparency and that the stakes when it comes to health data are particularly high. There is a wide variety of ways companies can—and likely do—use the data, many of which are challenging to confirm.
With the wealth of data companies can aggregate from their consumer bases, they can conduct research into both health and marketing phenomena. They can build consumer profiles using users’ health data the same way they might with their internet search history. And, they can simply hold it, a valuable commodity they’ve obtained for free—or even at cost to users.
What regulations protect health data?
The concerns around data privacy that plague the tech industry are particularly serious when it comes to healthcare data. Information relating to health and wellness is some of the most private, and nobody wants their data to fall into the wrong hands.
Traditional healthcare information is protected by the HIPAA Privacy Rule, which gives individuals limited rights over their healthcare information and safeguards it from being shared without their consent. While HIPAA is an important component of patient privacy, I think it’s also a piece of the current healthcare infrastructure that makes consumer health data ownership a challenge. What’s more, health information transmitted via a third-party app often loses its HIPAA protection.
Data is generally siloed so that consumers who wish to move between healthcare providers or work with multiple at once, or utilize health apps and other tools, are unable to access and share the information needed. However, the government is already taking steps toward making open data in health a reality.
The Interoperability and Patient Access Final Rule went into effect in July 2020, requiring CMS-regulated health plans to make patient data available via accessible APIs. The lead-up to the rule’s implementation wasn’t without pushback.
What can business leaders do about data ownership?
For business leaders who want to start making a difference, make sure that data gathering is not automatic. For any kind of data collection, there should be an explicit opt-in, and you should describe what you are collecting, getting people to agree to specific items as opposed to collecting all data. For example, ask people to select from five things.
Also, allow consumers to download their data in a variety of ways and let them see what is being collected. Provide ways for people to share their data if they want (such as with their doctor, partner, subject matter expert). Build interoperability between your products and other products so customers can have a more holistic view of their data across different platforms. And as things change, ask again—frequently ask consumers for their permission when it comes to data.
I will always be a champion of health tech innovation, but as an industry professional, I know the difference between a pure profit motive and one also stemming from a desire to help people. Data ownership in the health tech sector should marry both, and I believe it can.