Commercializing Health Data: Where do we Draw the Line?

Now, more than ever, data is power – and money - and there’s no more valuable data today than that connected with your health and biology. From facial recognition technology to DNA testing kits to period tracking apps, technology and healthcare becomes increasingly intertwined every day.

For instance, NHSX – a new unit driving forward the digital transformation of health and social care – wants to support data driven technologies that have the potential to improve the quality of health and care services, and has been instrumental in developing new technologies to help deal with the pandemic.

What risks do we now face as deeply personal data is traded among companies not just for marketing and advertising, but also for research, law enforcement, and government initiatives? Where do we draw the line between privacy, commerce, and safety, especially as biometrics are big business, and third-party contracts generate significant profits?  

The issue of commercialization of health data is not a new phenomenon, indeed in December, discussions were in progress over the future use of NHS patients' personal records, said to be valued at roughly £10bn a year; however the pandemic is further shining a light on the topic.

From helping to curb the spread of COVID-19 and pharmaceutical and biological breakthroughs, to profitability in business and the potential for discrimination in jobs and government initiatives, assessing the impact of sharing and commercializing heath data is no mean feat.

As the technology and healthcare worlds collide, governments, security organizations, healthcare institutions and businesses alike will have to monitor progress closely. 

Biometrics mean big business

You don’t have to look far to realize that biometrics in business have almost become mainstream. This all comes down to convenience, and consumers are drawn to using the easiest, most natural authenticator out there – themselves. What’s more, biometric authentication is one of the safest ways to ensure you are who you say you are. Businesses using biometrics can market themselves as slick, technologically advanced and secure.

The issue then lies with where information is stored, who it can be sold to, and if it can be used by third parties once an individual has unlocked their smartphone or entered a building using facial recognition, for example.

One of the biggest scandals in recent years surrounding companies widening their use of the sensitive health data they collect came in 2019, when it was revealed some of the most popular period-tracking apps had been sharing users' intimate details with Facebook. With more than 100 million women around the world using free menstruation-tracking apps, that is a huge infringement on privacy.

Though it was discovered most businesses involved did have privacy policies, they required users to comb through complicated legal documents, which raises the question of: who is at fault? Companies handling data such as medical records and intimate details about users’ bodies have a responsibility to be more upfront, but the onus could also arguably be on the individual to do their research and read the fine print.

Contact tracing apps: pros and cons

The pandemic has highlighted how technology is increasingly playing a role in medicine and because of recent events, the issue of commercializing health data has come to the fore once more. Many governments are harnessing the power of biodata to help curb the spread of COVID-19 through contact-tracing apps, making this particularly apparent. Here lies a rather problematic conundrum of where to draw the line between public safety and personal privacy.

Ireland’s contact tracing app was downloaded 1.3m times in eight days – the fastest-downloaded app per capita in Europe – and since its launch has already been picking up infections. However, the privacy-conscious way in which it has been designed could mean we will never know its effectiveness.

Speaking about the German contact tracing app which is similar to Ireland’s, Prof Lothar Wieler told the BBC: “We cannot say exactly how many people were warned, because of the decentralized approach of the app.”

In Singapore, the country’s coronavirus tracing app has been described by some as “simultaneously impressive and terrifying”. The app uses Bluetooth to help the government track and notify people who have come into close contact with somebody infected with COVID-19. The authorities then enforce “stay-at-home” notices by sending text messages to residents during the day. When they receive the texts, Singaporeans are required to share their GPS location with the government.

Government intervention and allowing law enforcement access to biometric data is an ethically murky area – on the one hand, it is being used for the greater good and is helping to stop the spread of a very infectious disease. On the other, civilians are forced to share private information they might not want to.

Walking a tightrope

The commercialization of healthcare data is like walking a tightrope. Where do we draw the line between privacy, commerce, and safety? Being able to use sensitive data certainly has the potential to fuel biological breakthroughs, but at what cost?

As technology advances further, exciting developments lie in store for the healthcare industry such as brain-machine interface (BMI), where teams are working on applications for establishing a direct communication pathway between the brain and an external device. This will change lives for disabled and paralyzed individuals, along with smart pills – a promising healthcare breakthrough where sensors are attached or inserted in to a patient’s body and transmit data about bodily conditions back to healthcare professionals for analysis and treatment.

As healthcare progresses, one factor is certain: the issue of privacy cannot be overstated. Ultimately, the damage that can done if data ends up in the wrong hands is huge. The security and privacy community have a responsibility to engage in conversations about the greater need to investigate how healthcare data is being exposed and abused, and which regulations would be beneficial to introduce. Likewise, businesses, governments, and citizens must all treat their data like the vital asset it is in order to protect the privacy of our population.

What’s Hot on Infosecurity Magazine?