Don’t count on the government for protection, either. Health privacy laws apply only to data held by doctors, hospitals, pharmacies, health insurers, medical billing companies, and other mainstream health care players. Even if a social media platform or an app promises not to sell your data, don’t trust it. Their terms and conditions have loopholes large enough to drive an ambulance through.
Digital Defense: The Best Way to Secure Your Life Online
“It’s a pretty significant gap in consumer protection,” says Aneesh Chopra, the former chief technology officer in the Obama administration and now the president of CareJourney, a company that helps hospitals analyze data patients have consented to provide. “Our health data effectively becomes the commercial property of the platforms we use.” Chopra helped draft a proposed law to protect that data in 2012, but Congress wouldn’t consider it; legislators have been loath to hamper the golden goose that is tech and are fairly clueless about how far the misuse of private data would go, as underscored by the recent congressional hearings over Facebook.
For now, you’re on your own in preventing your health info from being turned into a product. There are a few steps you can take. When you can, look for FDA-certified health apps and wearable devices, because they fall under the same privacy rules that apply to hospitals. Unfortunately, only a tiny minority of health apps and devices get that certification, as they’re typically for specific diseases or conditions, such as cardiac issues and diabetes management.
For all apps, health or otherwise, adjust privacy options, and use pseudonyms when possible. Also, Google offers options to prevent it from ever tracking anything about you. For the apps you use most, do a web search on their trustworthiness and privacy. (Facebook recently suspended 200 apps for privacy violations.) And in general, be selective about what behavioral and health information you post online and plug into apps, especially where it’s public and linked to your name.
Of course, the best of all possible worlds is simply to stay healthy. That will make your data way too boring for most health-care companies to bother.