Whose data IS it?

No Gravatar

Did you see the episode of Homeland, where Brody helps Abu Nazir  kill Vice President Walden?  He provides the serial number of the pacemaker in Walden’s chest, which Nazir uses to send commands that terminate Walden…

No, it’s not science-fiction.  Those pacemakers all send and collect information- all the time.  And, that’s only part of the problem.

I won’t be discussing the fact that these devices, as is true for most of our electronic universe, are not “hardened” against electronic eavesdropping, hacking, or worse.  No, I want to talk about the information that is collected from these devices by the manufacturers.

This information is collected and, at least, on occasion, is shared with the health practitioner assigned to the patient.  The patient him/herself can request summaries of that information, but it’s not readily available.

You see, we have not yet changed our laws to reflect this world we live in.  You and I have the rights to see our “files”, our health care information.  But, those electronic devices (or even smartphone applications)… that data kind of falls through the cracks.

Defibrillator Data Collected

The manufacturers claim that they can only share the data they obtain with your physician or your hospital.  After all, we are not their customers.  (Really?  Who paid for that- at least my deductible portion, Mr. Manufacturer?)  When that excuse fails, they say they would need FDA approval for any reports they would provide us from our data.  (That has some merit, just so you know; the FDA believes we should obtain that data from our physician.)

Yet, these same manufacturers SELL our data.  Yes, that’s right- OUR data is sold.  To health care systems and insurers, ostensibly so they can “predict diseases”, “lower their costs”, or, to get down to brass tacks, to make a profit from the data they collect from you (of which, of course, the manufacturer collects part, as well).

Let’s examine one specific device.  A defibrillator.  (I discussed previously how we know that incidences of the flu exacerbate our cardiac systems; the defibrillators in patients who contract the flu jump all over the map during the illnesses.)

The defibrillator records the data from one’s heart.  It stores it within the device, and then using YOUR wireless network, the files are downloaded and transmitted to the manufacturer. The manufacturer lets physicians log into their websites to view the patient data.  (Note:  Not all that data is made available to physicians; much of it remains with engineers, scientists, and the like at the manufacturer, who assess the device’s performance.  And, since the raw data is kept from physicians and hospitals, it is not subject to the requirements of the HIPAA law of 1996.)

The problem with this approach is that most insurance companies don’t pay for frequent visits to the physician.  Which means we are subject to fees of $ 300 or $ 400 for out-of-network (yes, I know your doctor is in the network, but the visit is beyond the scope of your network) visits! For each time that we want to see our data.

But, let’s consider a slightly different scenario.  One that I know many of our clients- and my friends- will recognize as their own.  They buy a sleep monitoring app for their iPhone.  Which records how much you sleep (or not), even if there are periods of sleep apnea.  What protection do you think you have if I were to subpoena that data to prove you did not sleep enough when you ran that red light and slammed into my car?

Because this app does not obtain FDA approval, has no physician involvement, it falls outside of the HIPAA rules.  So, those medical images, EEG readings, and sleep records you are saving are not protected from prying eyes.

So… that phrase “caveat emptor”?  It’s for you!

 

 

Share this:
Share this page via Email Share this page via Stumble Upon Share this page via Digg this Share this page via Facebook Share this page via Twitter
Share

17 thoughts on “Whose data IS it?”

  1. Wow, I wish I was surprised by this information but life has slapped us around in the medical world in the last few weeks and I have never felt so devalued as a person, a patient and as a customer in my life. Except for when it comes to paying then I become a very important cog in the wheel again.
    shawn recently posted..4 Different Ways to Use Ads in Marketing

  2. I actually saw a job opening for someone who know how to data mine. Roy, I know every key stroke, purchase and replacement body part is available for a price. I think Homeland Security (which probably buys a lot of this information) should quit trolling for illegal immigrants and figure out how to give us some homeland security.
    Ann Mullen recently posted..Senior Care Offers 4 Foods that Lower Blood Pressure

    1. This is not data-mining, Ann. Because the data is being collected by manufacturer X and distributed by manufacturer X. Data mining would be me culling through a slew of data that is available on the web or server and determining trends, concepts, etc. It is also NOT me breaking into someone else’s server and culling that data- that is theft, plain and simple.

  3. There is always a stretch between advancements and laws. I can remember back when email first came to use in the office there being debate about a woman getting fired for a “private” email she sent, and it is a debate that only becomes more relevant as technology and life become more and more merged. What is privacy, that is the question. Or perhaps more apt the question is “What is viable information.” BTW…I was able to share your information on G+ just now, so whatever kept me from it has been fixed.
    Lisa Brandel recently posted..Going Home by Lisa Brandel

    1. I am not sure that privacy is the issue here, Lisa. I paid- or my insurance company paid (which came from my sweat and tears, even if not my pocketbook)- for that device and its insertion. It is monitoring MY body. That makes the device, the information it collects, and the analysis it provides (for which I also paid) mine. I get to decide with whom it is shared- my physician (or, the next physician, should I so choose)- but not some random health care provider.

  4. Caveat emptor!
    For starts, I don’t find any justification to not get access at information where I am the subject, even if I don’t paid for the monitoring – much more if I did paid. Moreover, that information should have my written consent.
    As for the sleeping app, I wasn’t aware of that possibility. I am not using that particular widget but I do schedule everything through the cloud. I wasn’t aware that everything I do is now documented (holly crap).
    Gustavo recently posted..Announcing a new exploration: Super Powers

  5. Scary…. It would be interesting to see a list of what devices store this sort of info. I’ve seen on shows such as “Bones” where they use serial numbers to help identify bodies but never saw the “down” side of this….

  6. I am surprised by this. Last week I took my dad for a medical check up and his regular doctor was out of town. So the new guy, prescribed some new medicines, which we felt (my dad and I) that he didn’t need to. The doctor gave no reasons as to why he was doing it and kept on saying that a change in medicines would help him in better managing his diabetes. But, he takes Insulin shots we said! So, when we asked for the file to be returned to us – he said, “this is the clinics private information”. Weird, because the information is about us, right? So, before going to the next level, many of us should know whether we know ALL of our medical details rather than trusting the medical system blindly.

    Sorry, medical professional, no offense, just experience.
    Hajra recently posted..Will the real men please stand up

  7. What the previous commenters said! I used to try not to do anything personal like banking online, but that is becoming more and more difficult. I certainly don’t use banking apps on my phone, well, except that for my nonprofit I will be using Paypal’s pay anywhere system on my new smartphone. I have a feeling that no matter how many laws are passed, they won’t make much difference because who is going to police these people?
    Julia Neiman recently posted..Learning to Say “No”

    1. Julia- we are!
      But, we can only do so when when we are aware of what is really going on. Too many parents had no clue that letting their child play these games on their phones and tablets were really exposing them to various “temptations”. That is why both at the state and the federal level, the rules are changing.
      The problem is that many of these “failings” meet the needs of the government- which does not make it right (their desire to track all of us whenever they want)- and we need to stop that, by either changing our apps, our processes, or…

  8. Pingback: Hack Me |

Comments are closed.