By T.J. Kasperbauer.

We have already lost significant control of our health data. To some, that means we’ve also lost our privacy. But there are many ways of protecting health data even after it has been shared. When health data are widely shared, we must develop strategies for protecting health data regardless of who can get it.

Think of an organization that might be interested in collecting information about your health. For example, your favourite social media site or search engine. There are four ways of preventing that organization from using data in ways that could hurt you:

Control: They cannot get your data without your permission.

Obfuscation: They can get your data but cannot make meaningful inferences from it.

Penalization: They can get your data but using it against you is likely to get them into trouble.

Transparency: They have your data but you and everyone else will easily see if they misuse the data.

If control is no longer a real option, then policy-makers responsible for protecting privacy must pursue the other three.

Here is a snapshot of what that might look like.

Obfuscation creates “noise” in a dataset to make it hard to understand. Only those who know how to remove the noise or work around it can use the dataset. One option for obfuscation is synthetic databases, like Synthea. Synthetic databases modify patients’ data while preserving any statistical properties. This provides privacy without sacrificing research value. For example, a researcher could study the predictors of opioid addiction without identifying any specific person as an addict.

Penalization involves legal action against those who exploit and misuse health data. Current legal frameworks unfortunately do not view many privacy violations as in fact harmful. This needs to change. For example, selling data to entities known to engage in health insurance fraud should be viewed as causing harm. The act of selling does not directly injure patients, but it does significantly increase their exposure to serious risks. Lowering the threshold for harm would help the legal system hold people (and organizations) accountable when they misuse health data.

Transparency allows us to see who has our information and how it is used. There are significant reputational costs to being known as an organization that exploits personal data. To obtain such transparency, we need a system for tracking and publicizing who has our information. One proposed system would require professional “data brokers” to register with the government. This has the benefit of providing visibility into “shadow” health records that exist outside the health system.

In combination, these three strategies can protect our health information regardless of where it goes. The challenge will be addressing the costs of pursuing one option instead of another. As these strategies are developed, we will need to grapple with their many ethical and policy tradeoffs.

Paper title: Protecting Health Privacy Even When Privacy is Lost

Author: T.J. Kasperbauer

Affiliations: Indiana University Center for Bioethics

Competing interests: None

Social media accounts of post author: @tjkasperbauer