Patient Engagement Digital Solutions and Privacy
Whether we like it or not, our data is everywhere.
It’s just one of the consequences of living in a hyperconnected world. So much has been written about the data that big tech companies like Google and Apple collect from users, from mobile browsing habits to logging app downloads to harvesting GPS map data to learn where you go and when you go there.
In recent years, transparency around what data is collected, from whom, and for what purpose has caused concern—from privacy advocates to the average citizen, people are more wary and conscious than ever before about what data they’re sharing, with what entities, and why.
Both advertisers and hackers—generally diametrically opposed entities—will pay top dollar for personal information. A 2020 research study conducted by MacKeeper and YouGov found that the most valuable demographic is men between the ages of 18 and 24, with advertisers shelling out $14.25M per year. For less savory individuals—like hackers and cybercriminals—dark web prices vary greatly: stolen online banking log-ins for a $2000 account are worth $120, while PayPal transfers from stolen accounts fetch upwards of $300.
But hacker or advertiser, it’s personal health information (PHI) that’s worth the most.
In 2020, healthcare-focused cyber attacks rose by 55% and impacted an estimated 26 million people. According to HIT Consultant, these attacks represent a $13.2B industry. The average data breach cost per record peaked at $499, and on the dark web, stolen PHI can sell for as much as $1,000 per record.
For advertisers and marketers, PHI is valuable for a reason much less nefarious but equally as frustrating for consumers: retargeting. Retargeting is one of the most effective digital advertising strategies, utilizing digital pixels and cookies to serve ads on other websites. However, due to the private and sensitive nature of PHI, advertiser use of pixel-collected data isn’t as straightforward as in other industries.
According to the Pew Research Center, Americans are more worried than ever before about the safety of their personal data. In 2019, six in ten Americans believed it was impossible to go through a day without a company collecting data about them. But despite these concerns, the collection and use of personal data in HealthTech likely aren’t ending any time soon.
At this year’s CES, speakers expounded on the new era of healthcare that’s about to begin, powered by artificial intelligence (AI) and driven by data sharing to deliver a variety of new services and programs to patients. But speakers cautioned that healthcare organizations and HealthTech entities must earn patient trust and ensure that data isn’t improperly used.
Allowing patients to opt-out of data sharing and collection is one major way that companies can engender trust in patient users. In the US, HIPAA currently allows but doesn’t require “covered healthcare entities” to get patient consent before using or disclosing PHI for the purposes of treatment, payment, and healthcare operations. Despite this, many states and individual organizations have adopted their own PHI consent policies, and laws differ state-by-state.
In the UK, controversy has exploded over recently announced NHS to share data PHI with private companies for research and planning purposes through NHS Digital, created to collect data from general practitioners, hospitals, and other healthcare providers. Over the last month, though, over 1 million patients have opted out of this data-sharing program amid concerns that the public opt-out timeline was too short and that the process used to remove identities could be reversed.
The idea of a health information exchange isn’t exactly new; as HealthIT.gov points out, “demand for electronic health information…is growing” in an effort to improve the quality, safety, and efficiency of healthcare delivery. In 2016, an article published in Health IT Security weighed the pros and cons of an opt-in versus opt-out system for patient data inclusion. Both systems, they concluded, come with positives and negatives: opt-in policies protect PHI, place a premium on data security, and ensure that patients are educated about the PHI data sharing process, while opt-out policies reduce administrative burden.
In the tech industry, companies driving the sharing economy, including GrubHub and UberEats, have collected massive amounts of personal user data—more data, some think, than so-called traditional businesses ever did. Companies can monetize this data through targeted advertising or direct sales to data brokers, observe market trends, and make decisions about pricing and compensation.
Some legislators want to pass legislation forcing these companies to share the data they collect. But organizations like the Electronic Frontier Foundation feel that these legislative initiatives are misguided and will lead to the further “commoditization of [personal] data as a tool for businesses to battle each other, with user privacy caught in the crossfire.”
In healthcare and HealthTech, it may be easier to use legislation to problem solve: HIPAA is already a hallmark of the industry, and a number of other privacy laws already exist. However, as digital healthcare and HealthTech continue to evolve, privacy initiatives will need to evolve with them.
“Personal health information is no longer private,” according to an article published in Health Affairs. Maybe, though, it should be.
Let’s connect: Send me a DM and let me know your thoughts on opt-in versus opt-out privacy sharing practices.
About the Author
Miguel Costa, President, leads TMG360 Media’s technology initiatives both for the company and its clientele. He supervises emerging technologies and assesses their application to a company’s business strategies and solutions. DM me to learn more on how I can help you leverage digital media and stay up to date on the latest SaMD developments.