In the fourth post of reimagining healthcare, our academics look at data privacy and health. The volume of health data is growing, the healthcare industry alone generates 30% of the world’s data by volume.1 At the same time, consumers across the globe continue to use countless social media and digital platforms to record and share their health data. This raises new concerns over privacy.
While data sitting within the healthcare sector in many countries is highly controlled and regulated by data protection laws, health data that’s recorded on consumer platforms owned by the big tech giants such as Google, Apple, Facebook, Amazon and Microsoft is not – whether it’s appointments with doctors or clinics, photos and notes of health conditions, search and ChatGPT queries or shared details on ailments.
This so-called “shadow health data” can provide a detailed picture of an individual’s health. Combined with various sources, it has the potential to offer a similar level of detail to standard health records. The tech giants have taken an interest in this area, since the sector is lucrative, with spending on global health hitting a new high at US$9 trillion, roughly 11% of global GDP. 2
“If you look at the privacy policies of, say, Google Calendar, it doesn’t consider this data sensitive because it wasn’t designed for health data. If you put an appointment in for an abortion clinic this sensitive information is leaked. This comes at a time when more of us are creating digital profiles of our health,” explains Professor Kévin Huguenin at HEC Lausanne. He’s also Head of the Information Security and Privacy Lab at the University of Lausanne.
Along with Yamane El Zein, Huguenin and his team, studied shadow health data creation. Initially through focus groups with Swiss researchers in law, IT and health, as well as students, the aim was to understand the types of information produced. A large-scale online survey was then conducted in the US to work out how prevalent this activity is, and to gauge awareness.3
The research found that the creation of shadow health data is widespread and that people rarely take protective measures to mitigate it. Over 80% put health appointments in their digital calendar, 78% purchase health products online, while 95% put health-related information into search engines. In fact, many consumers do the exact opposite, intentionally or inadvertently, synchronising data to the cloud, thus exacerbating risks.
“I don’t want to convince people not to share or produce shadow health data. I just want them to be aware. People should know that when they use a digital tool, there are consequences and they should have all the information available to weigh up the pros and cons,” details Huguenin.
He adds: “I want people to understand that when they put medical data in their calendar, Google or Microsoft can read it. The tech giant can then profile them based on this data and communicate this to advertisers. This data is not systematically considered medical, and therefore doesn’t receive the level of protection that the law requires for health data.”
One conclusion of the research is that this is a significant challenge because an overwhelming number of respondents were involved in behaviours that help proliferates shadow health data. It is not surprising that regulation is now coming into force. A number of U.S. states from Washington to Nevada have put in place laws to deal with so-called consumer health data. After years of light regulation, legislators are playing catch-up.
“It is likely that consumer health privacy will become a bigger issue in the near future”, concludes Huguenin.
References:
- Data, digital worlds, and the avatarization of health care, Jane Thomason, Global Health Journal, March 2024
- Global spending on health, World Health Organisation, December 2022
- Shadow Health-Related Data: Definition, Categorization, and User Perspectives, Yamane El Zein, Kavous Salehzadeh Niksirat, Noé Zufferey, Mathias Humbert and Kévin Huguenin, Proceedings of the European Symposium on Usable Security (EuroUSEC), Oct 2024
