Who owns your health data – and what are they doing with it?
Intimate secrets
Last week, at a conference in London, Dr Pearse Keane beamed an image on to the wall of an orange globe with a dark centre, encircled by red storms and a bright moon. It looked like a dying planet in a distant galaxy. In fact, it was a beautifully detailed scan of the back of a human eye, as awesome in its way as the night sky.
These days, Dr Keane said, that single image betrays a lot of information. “We can now look at a retinal photograph and say: ‘This is a woman. She’s 58, she’s a non-smoker. She’s not a diabetic, her BMI [body mass index] is around 25. And her blood pressure is 150 over 85. That’s pretty amazing.”
Dr Keane and his colleagues at Moorfields Eye Hospital in London can tell so much because of “deep learning” analysis by computers trained on many thousands of such images. From all that data, computers have learnt to spot patterns and draw eerily accurate conclusions.
Dr Keane and his team are going further. In a project called Azeye, they have linked more than three million scans from Moorfields with a central NHS database called Hospital Episode Statistics. “We now know every patient at Moorfields who’s gone on to develop a heart attack, or dementia or a stroke or a range of other conditions,” he said. “Huge amounts of data.”
One day a single retinal scan might be able to reveal much, much more than the health of a patient’s eye. “The potential,” he says “is huge.”
The secrets we’re revealing
No wonder data about your health is valuable. And there’s a mass of it out there: not just records on you held by the NHS, but also those compiled by trackers and apps developed by private firms that we wear and download on to our phones. Heartbeats per minute, steps taken, user location, sleep patterns, alcohol intake, we routinely log it all. But keeping track of that information, and who has permission to see it, can be hard. When assembled and analysed, that information can reveal your most intimate secrets.
A quick scan of patent databases shows that Google, now worth more than a trillion dollars, and which has worked with Dr Keane at Moorfields, is acutely aware of that fact.
If a simple retinal scan can reveal so much about a patient, how about headphones that can detect contagious disease, or a system of bathroom sensors to monitor the health of your cardiovascular system. Google is investigating the possibilities. The charmingly rudimentary sketch that accompanies the latter patent shows a “colour-sensing” mirror, presumably to determine if you are flushed or not. Other sensors embedded in your bath, mat or, ahem, lavatory seat, might track your vitals over time and thus the ups and downs of your health.
Such “non-invasive health monitors”, as Google describes them in yet another patent application, “act passively and in a patient’s normal course of life, which enhances many patient’s [sic] desire to submit to monitoring”. Do you wish to “submit to monitoring” through your loo seat?
The trillion-dollar opportunity for big tech
More generally, should you expect big tech to traffic your data? For at least one firm, the answer is obviously “yes”. Last year, Facebook was sued by users upset it shared their data with Cambridge Analytica without their knowledge. In court, Orin Snyder, Facebook’s lawyer, dismissed the very basis of such a complaint. “There is no expectation of privacy when you go on a social media platform,” he argued. The very concept was inherently incompatible with Facebook, he said, because users, by willingly sharing some information, “negated any reasonable expectation of privacy”.
For the world’s biggest tech firms, the benefits of accessing health data are clear. On offer is not just the glory of a medical breakthrough, but also a slice of a global healthcare market soon expected to be worth more than $10trillion a year. There’s a third incentive for internet platforms too: offering healthcare services could become another powerful way of binding users to their platform.
Facebook, for example, has a tool called “Preventive Health” to encourage users to attend check-ups; Amazon has bought an online pharmacy and has an agreement with US hospitals to put smart-speakers in patient rooms. Apple is using its watch and phone as health trackers and has set up three research partnerships to scrutinise the data it collects – with users’ permission.
Google, too, has its own “wearable” health trackers, after buying Fitbit for $2.1billion. To many observers, it was not the hardware that was the most attractive part of the deal, but Fitbit’s data on its more than 25million users. Google insists that data will not be used to target ads. But it undoubtedly could be. Because big tech companies have repeatedly demonstrated their ability to deploy the vast stores of information they hold about you to deduce a lot about your health.
Last year, the story of New Zealander Talia Shadwell became famous after she told how Facebook bombarded her with ads for baby paraphernalia. It turned out that she had failed to update her period tracking app, which she thought was wholly unconnected to the social media giant. When she did update the app, the Facebook ads instantly stopped. She described the experience as “creepy”.
Indeed, last year, the UK Information Commissioner’s office said an intrinsic element of the economic model that drives much of the internet – the part which tracks us as we browse and then auctions relevant ads (known as real-time bidding, or RTB) – “appears to us to be unlawful”, when it comes to “special category data”, which includes health data. As the Financial Times reported last year, users who did not give permission found details of visits to health websites were passed to ad sales companies, and to Facebook and Google.
But can firms that make money out of data be trusted with health data? Polls suggest patients and doctors think not. One last year suggested that while 71 per cent would be happy to share their data via the NHS, only 13 per cent think big tech firms would handle it in a confidentially. Doctors were clearer: 81 per cent want data sharing, 12 per cent trust the Googles of this world.
One scandal is all it takes to shatter patient confidence. “There is a risk of contagion from activities beyond the UK,” says Caroline Cake, the deputy director of Health Data Research UK (HDR), which is uniting health data records across the UK to enable research and set common “rules of engagement” with big tech.
Yet the prizes at stake mean establishing those rules is a fraught business. In the biomedical research centre of University College London Hospitals resides a trove of 100,000 images of human brains. It is, says Prof Bryan Williams, its chairman of medicine, the world’s largest curated data set of brain MRI images, and cost £80million to compile. If big tech used it to develop treatments for brain diseases its value could be untold multiples of that.
Today, the rules for dividing such a pot of gold are being fought over. In the US, the imminent release of rules for healthcare data sharing is sparking an unseemly scrap between tech players. In Britain, the Government has outlined a “code of conduct for data-driven health and care technology”, but it is voluntary. In future, says independent advocacy group Understanding Patient Data, “organisations accessing NHS data should be publicly held to account for their adherence to the code”.
Only with patient trust will the NHS be able to exploit one of its most valuable assets: the data it holds on tens of millions of us. Harnessed wisely, that data will prove a gateway to medical breakthroughs and care tailored to each individual – without compromising privacy. Either way, big tech firms will continue to gather and analyse our data. Their aims may be more or less noble, but no one should be confused about those aims.
“I believe if you zoom out into the future, and you look back, and you ask the question, ‘What was Apple’s greatest contribution to mankind?’” Tim Cook, the Apple CEO, said last year: “It will be about health.”
‘There is no expectation of privacy when you go on a social media platform’