Skip links

Healthy and Sick Ways of Using Health Data

Health data are one of the most sensitive types of data. And though the benefits of analyzing health data are manifold, the associated risks might be bigger, suggests Cory Robinson, Assistant Professor in Communication Design at Linköping University.

Photo: Nick Collins

There are many benefits from analyzing and exploring health data. These include early warnings for outbreaks and pandemics (1,2), knowledge discovery and personalized medicine (3,4), quantified-self health tracking enabling, effective/efficient clinical decision making and healthcare delivery (5,6), and predicting and exploring health outcomes evaluating health policy (7).

Even with all the benefits arising from the analysis of health and medical data, there are potential risks which might lessen or blur the clarity of those benefits. Importantly, health data is one of the most sensitive types of data (8), and among the most confidential types of personal data (9). Currently, more than 36,000 US healthcare-related devices are searchable on Shodan (10), a search engine for connected devices. “For the past 3 years the healthcare sector has been hacked even more than the financial sector”; the value and risk of patient’s health and medical data should be clear.

With healthcare data being lucrative to the troves of hackers and fraudulent actors pervasive in our digital world, healthcare institutions are ripe for attacks. This is also supported by the fact that in the U.S., the healthcare industry has the highest number of data breaches, followed by government and then retail (10). Because hospitals have troves of information that can be valuable to hackers, in a sense, hospitals are piggy banks waiting to be robbed.

Medical institutions are easy targets for nefarious actors for a plethora of other reasons:

– electronic health records (EHRs) present difficulties in maintaining data privacy (11)
– hospital IT systems are rarely updated and contain many security exploits (12)
– social engineering can be utilized to gain access to pseudonymization algorithms or patient lists (13)

While your physician is trained to provide life-saving healthcare, they are not necessarily aware of, or competent (or vested), in keeping patient’s healthcare data secure.

Risks of collection & identification
Having identified the risks inherent in modern healthcare systems and the evolving for-profit model that is putting data ownership into question, what exactly are the risks arising from healthcare and medical data fraudulent access, leaked, stolen, or sold online?

First, individuals may pursue healthcare treatment assuming healthcare decisions are confidentially noted between the provider and the patient – where protecting confidentiality is essential for the privacy of subjects of care. (14) However, confidentiality may be unrealistic as individual level data can never be truly anonymous (15), and “de-identified data”, a commonly used industry standard, does not guarantee confidentiality (16). Further, patient data can be reversed engineered to re-identify (17-20) individuals, and shockingly, 95% of individuals can be identified with merely four spatio-temporal points. (19,20)

Because there exists the potential for identifying individuals and their sensitive healthcare data, discriminative and ethical issues arise, including scenarios where employers consider discriminative job hiring decisions (21). For example, while making hiring decisions based on healthcare information is illegal, who or what is to prevent an employer from abuse of genetic code details resulting in job hiring prejudice?

Would a company employ an individual whose genetic code reveals a future terminal diagnosis or a syndrome that might significantly affect the employee’s “productivity”?

Function Creep
When “technology is designed for a specific purpose, but gains unanticipated, additional functions or purposes” (22) abuses of the technology might also occur – in other words function creep. Various entities may analyze data sets for a variety of purposes (i.e., early warnings for outbreaks and pandemics (23,24), knowledge discovery and personalized medicine (25,26), predict and explore health outcomes), however, the use of health data to identify vulnerable or “undesirable” populations may result in the tracking of these and similar groups.

Besides possible tracking of vulnerable groups, issues of patient identification are a critical issue, too. Currently, hospitals and other healthcare facilities utilize biometric identification methods to ensure patients are the correct patient, and therefore receive the right healthcare treatment (medical prescriptions, operations, etc.). It is vital that patients be identified so to receive the right treatment; the issues arising from a patient receiving the incorrect medical operation can be deadly. However, the collection of faceprints and palmprints by medical institutions can still lead to erroneous identification of patients. Limitations of facial recognition were outlined in a 2017 report from the U.S. National Institute of Standards exploring identification of subjects not facing the camera or who have their face obscured, or “non-cooperative subjects”: the accuracy of facial recognition is highly dependent on controlled environments where high-quality cameras are utilized (27).

The Effect of Surveillance
Questions of tracking populations and misidentification of individuals naturally leads to a discussion of the surveillance society. In contradiction to being autonomous beings without controlling influences, surveillance has the opposite effect, potentially acting as a controlling influence. For example, when individuals are aware they are under surveillance, they may alter their behavior (28). The use of surveillance may influence individuals to act in ways they deem as unsuspicious, so not to draw the attention of surveillance systems. These voluntary behavioral changes could, over time, become involuntary, permanent changes in scenarios of active surveillance by technology (i.e., CCTV, facial recognition systems) or in the presence of authoritative bodies (i.e., police, border control). “The fact that you won’t do things, that you will self-censor, are the worst effects of pervasive surveillance” (29).

The ability for state actors, whether government bodies or medical institutions, leads to some clear potentials for abuse of technologies for the “sake of better healthcare” (medical data is powerful data that can predict outbreaks, identity the right patient, and provide better healthcare) – but the flipside of the coin is that the potential abuse of these technologies can empower state actors to enable surveillance society mechanisms only previously thought possible, but in fact prevent people from traveling, or being publicly harassed by state actors (30).

Ultimately, health data and the ability to identify patients, citizens, and individuals might lead to one’s inability to remain anonymous or maintain privacy. For example, citizens exercise a right to remain unidentifiable (anonymous) and control information about themselves (remaining private) (31); however, stolen, fraudulently accessed, or the unauthorized sale of health data, lessens an individuals’ autonomy or ability to remain anonymous or private (32).

Photo: EFF.org

Hacked Biometric Information: Hard To Change
Because medical institutions use and collect biometric identifiers for various purposes (including patient identification), there are concerns of what might happen should these identifiers become stolen by nefarious actors? Critics might downplay the seriousness of such a situation, pointing to a multitude of hackings and security breaches the world over – however, in these situations where hacked individuals may face identify theft and other resulting issues, a typical resolution is to check your credit report, and change all of your online passwords. In the case of hacked or stolen biometric or health information, you can’t just simply change your genetic or biometric information. Biometrics and genetic information are permanent identifying data; not passwords or logins that can be changed with ease.

Other issues arising from compromised health information or medical data include insurance discrimination, theft of medical records, medical fraud, tax fraud (12), and identity theft (33,34). Identity theft is increasing, but it’s important to highlight the costs associated with identify theft. In terms of resolving fraud issues, credit card breaches are usually financially liable limited to $50 USD per credit card (33). In the health industry, however, 65% of victims of medical identity theft in the U.S. had to pay an average of US$13,500 to resolve the crime – with costs covering the services of creditors and legal counsel (33). Additionally, victims of identity theft must also restore their good name and financial credit, which can take hundreds or thousands of hours.

The issues arising from medical identify theft are many, including criminal drug procurement, fraudulent medical insurance and birth certificates, and the ability to file fraudulent tax returns (33). (Not all of these privacy issues are relevant in the EU, where state-provided health insurance is more typical, but it’s still important to document these very important crises citizens face through abuse of their sensitive health data.) Criminal drug procurement can occur when cybercriminals obtain a patient’s health information (including home address and financial information), and then order prescriptions through mail-order services. In addition, those same hackers, cybercriminals, and fraudulent parties, can obtain fake medical insurance and procure expensive medical equipment. If cyber criminals are able to file fraudulent tax returns, the compromised individual’s hard-earned return may be stolen before they are made aware – the use of stolen personal data found in EHRs for the sake of committing tax fraud has continued to increase (35).

Cory Robinson is Senior Lecturer/Assistant Professor in Communication Design at Linköping University, Sweden. His current research investigates disclosure of sensitive personal data, including biometric and health data, in Internet platforms and surveillance technologies, and ethical frameworks for collection of person data in wearables and the IoT (Internet of Things).

References

  1. Mathews AW. (2014). Coca-Cola, Verizon, BofA Among Companies to Support Health Initiatives. [Wall Street Journal]. Accessed February 21, 2019 from https://blogs.wsj.com/corporate-intelligence/2014/09/16/coca-cola-verizon-bofa-among-companies-to-support-health-initiatives/
  2. Kostkova P, Szomszor M, St Louis C. #swineflu: the use of twitter as an early warning tool and for risk communication in the 2009 swine flu pandemic. ACM Trans Manag Inf Syst (ACM TMIS) (2014) 5(2): Article 8. doi:10.1145/2597892
  3. de Oliveira R, Cherubini M, Oliver N. MoviPill: improving medication compliance for elders using a mobile persuasive social game. In: Proceedings of the 12th ACM International Conference on Ubiquitous Computing (2010). p. 251–60.
  4. Holzinger A. Trends in interactive knowledge discovery for personalized medicine: cognitive science meets machine learning. IEEE Intell Inform Bull (2014) 15(1):6–14.
  5. Sahama, T., Simpson, L., & Lane, B. (2013, 9-12 Oct. 2013). Security and privacy in ehealth: Is it possible? Paper presented at the 2013 IEEE 15th International Conference on e-Health Networking, Applications and Services (Healthcom 2013).
  6. Fernández-Alemán, J. L., Señor, I. C., Lozoya, P. Á. O., & Toval, A. (2013). Security and privacy in electronic health records: A systematic literature review. Journal of Biomedical Informatics, 46(3), 541-562. doi:https://doi.org/10.1016/j.jbi.2012.12.003
  7. Evans, H. (2018). Using data in the nhs: The implications of the opt-out and gdpr. Retrieved from https://www.kingsfund.org.uk/publications/using-data-nhs-gdpr
  8. Sahama, T., Simpson, L., & Lane, B. (2013, 9-12 Oct. 2013). Security and privacy in ehealth: Is it possible? Paper presented at the 2013 IEEE 15th International Conference on e-Health Networking, Applications and Services (Healthcom 2013).
  9. Fernández-Alemán, J. L., Señor, I. C., Lozoya, P. Á. O., & Toval, A. (2013). Security and privacy in electronic health records: A systematic literature review. Journal of Biomedical Informatics, 46(3), 541-562. doi:https://doi.org/10.1016/j.jbi.2012.12.003
  10. Fuentes, M. R. (2017). Cybercrime and other threats faced by the healthcare industry. Retrieved from https://www.trendmicro.com/content/dam/trendmicro/global/en/security-intelligence/research/reports/wp-cybercrime-&-other-threats-faced-by-the-healthcare-industry.pdf
  11. Liu LS, Shih PC, Hayes GR. (2011). Barriers to the adoption and use of personal health record systems. In: Proc of iConference; p. 363–70.
  12. Newman, L. H. (2017). Medical devices are the next security nightmare. Wired. Retrieved from https://www.wired.com/2017/03/medical-devices-next-security-nightmare/
  13. Thornburgh T. Social engineering: the ‘‘Dark Art’’. In: Proc annual conference on Information security curriculum development; 2004. p. 133–5.
  14. Fernández-Alemán, J. L., Señor, I. C., Lozoya, P. Á. O., & Toval, A. (2013). Security and privacy in electronic health records: A systematic literature review. Journal of Biomedical Informatics, 46(3), 541-562. doi:https://doi.org/10.1016/j.jbi.2012.12.003
  15. Dibben C, Elliot M, Gowans H, Lightfoot D. Chapter 3: The data linkage environment. In: Harron K, Dib- ben C, Goldstein H, editors. Methodological Developments in Data Linkage. London: Wiley; 2015.
  16. Win KT. A review of security of electronic health records. HIM J 2005;34(1):13–8. USA.
  17. Golle, P. (2006). Revisiting the uniqueness of simple demographics in the us population. Paper presented at the Proceedings of the 5th ACM workshop on Privacy in electronic society, Alexandria, Virginia, USA.
  18. Narayanan, A., & Shmatikov, V. (2008, 18-22 May 2008). Robust de-anonymization of large sparse datasets. Paper presented at the 2008 IEEE Symposium on Security and Privacy (sp 2008).
  19. de Montjoye, Y.-A., Hidalgo, C. A., Verleysen, M., & Blondel, V. D. (2013). Unique in the crowd: The privacy bounds of human mobility. Scientific Reports, 3, 1376. doi:10.1038/srep01376
  20. de Montjoye, Y.-A., Radaelli, L., Singh, V. K., & Pentland, A. S. (2015). Unique in the shopping mall: On the reidentifiability of credit card metadata. Science, 347(6221), 536-539. doi:10.1126/science.1256297
  21. Jain, Anil , Arun Ross, and Salil Prabhakar. 2004. “An introduction to biometric recognition.” IEEE Transactions on Circuits and Systems for Video Technology 14 (1):4-20. doi: 10.1109/TCSVT.2003.818349.
  22. Brey, P. (2004). Ethical aspects of facial recognition systems in public places. Journal of Information, Communication and Ethics in Society, 2(2), 97-109. doi:doi:10.1108/14779960480000246
  23. Mathews AW. Coca-Cola, Verizon, BofA Among Companies to Support Health Initiatives (2014). Available from: https://blogs.wsj.com/corporate-intelligence/2014/09/16/coca-cola-verizon-bofa-among-companies-to-support-health-initiatives/ [accessed 2014 Oct 23].
  24. Kostkova P, Szomszor M, St Louis C. #swineflu: the use of twitter as an early warning tool and for risk communication in the 2009 swine flu pandemic. ACM Trans Manag Inf Syst (ACM TMIS) (2014) 5(2):Article 8. doi:10.1145/2597892
  25. de Oliveira R, Cherubini M, Oliver N. MoviPill: improving medication compliance for elders using a mobile persuasive social game. In: Proceedings of the 12th ACM International Conference on Ubiquitous Computing (2010). p. 251–60.
  26. Holzinger A. Trends in interactive knowledge discovery for personalized medicine: cognitive science meets machine learning. IEEE Intell Inform Bull (2014) 15(1):6–14.
  27. Grother, P., Quinn, G., and Ngan, M. 2017. Face In Video Evaluation (FIVE) Face Recognition of Non-Cooperative Subjects. edited by National Institute of Standards and Technology.
  28. Norris, Clive, and Gary Armstrong. 1999. The maximum surveillance society: the rise of CCTV as social control. Edited by Gary Armstrong. Oxford ; New York: Oxford ; New York : Berg.
  29. Shaw, Jonathan. 2017. The Watchers: Assaults on privacy in America. Harvard Magazine.
  30. Reisinger, D. (2019). China Banned 23 Million People From Traveling Last Year for Poor ‘Social Credit’ Scores. [Fortune]. Accessed March 10, 2019 from https://fortune.com/2019/02/22/china-social-credit-travel-ban/
  31. Robinson, S.C. Ethical and Privacy Implications Arising from Use of Biometric and Facial Recognition Technologies. (2017). Deep Visual Biometrics Project. Swedish FOI and Linköping University.
  32. Beauchamp, T. L., & Childress, J. F. (2013). Principles of biomedical ethics (7th ed.). New York: Oxford University Press.
  33. Fuentes, M. R. (2017). Cybercrime and other threats faced by the healthcare industry. Retrieved from https://www.trendmicro.com/content/dam/trendmicro/global/en/security-intelligence/research/reports/wp-cybercrime-&-other-threats-faced-by-the-healthcare-industry.pdf
  34. Krishnan R, Rainwater R and FitzGerald D. Risk based medical identity theft prevention. Google Patents 2018, https://patentimages.storage.googleapis.com/91/73/23/1b9128b3daaee5/US20180018747A1.pdf (2018, accessed 27 August 2018).
  35. Internal Revenue Service. (2016). Consumers Warned of New Surge in IRS E-mail Schemes during 2016 Tax Season; Tax Industry Also Targeted. Accessed March 5, 2019 from https://www.irs.gov/newsroom/consumers-warned-of-new-surge-in-irs-e-mail-schemes-during-2016-tax-season-tax-industry-also-targeted