Here’s a fun activity. Let’s look at my credit card statement from last month. Among other things, I paid for a pair of athletic leggings, four movie tickets, and two beers and a plate of nachos at a nearby restaurant. (Maybe I should not have put the latter two on my credit card—see below.)
So, would you hire me? Would you offer me a high-interest loan? Can you tell if I’m sick?
What if I told you my pants size or how many hours a week I watch Netflix?
Individually, these discrete pieces of data may appear useless. But data-broker companies can easily combine them to create “mosaics” about our health and health status, and such personal information is in high demand, explained Adam Tanner, whose book “Our Bodies, Our Data” details how it is collected, sorted and sold.
It would be illegal under patient privacy laws for your doctor to reveal information about your diseases, unhealthy habits or weight.
But much can be inferred from your purchases and other interactions, such as online surveys, store loyalty programs, social media and public records. And the resulting “profiles” have wide-ranging applications for groups that buy them, including drug companies, advertisers, and insurers.
That should give people pause, said Robert Gellman, a privacy consultant who specializes in health data and helps companies understand privacy law. “What really is underlying this, and should be disturbing to more people than it is, is somebody is…compiling a dossier on every individual and every household,” he added.
For instance, a drug company might turn to a data broker for a highly specific list that would make it possible to target advertising to specific patient populations—say, all married men older than 50 in Pennsylvania who are experiencing erectile dysfunction. A long-term care insurer might tap into the data to figure out how long you might be expected to live or whether you routinely take your prescribed medicines.
Around the turn of the century, “most of the health data that existed in the world” resided in well-protected medical records, said Deven McGraw, a former official in the Department of Health and Human Services who oversaw health data privacy. “Now we have many more data coming from so many other sources.”
The sale of your personal information by an app, website, or fitness tracker might not bother you, but it should, according to Anna Slomovic, a lead researcher at George Washington University’s Cyber Security Policy and Research Institute.
That information can be used to sell you medicine, do medical research or develop drugs or medical devices, she said. Regardless of what’s being done with the data, Slomovic said, people should care just for the fact that your health data is nobody else’s business but yours.
And, since the data collection is unregulated and scattershot, the portrait it paints may be inaccurate. For instance, what if I was buying the beer and nachos for my boyfriend?
Every time you swipe a card to make a purchase, someone is using it to draw conclusions about you.
A report by Gellman and Pam Dixon, a privacy advocate and the executive director of the World Privacy Forum, details how billions of data points are collected on everyone, analyzed and used to tabulate a variety of “consumer scores”—which assess your spending as well as serve as a backdoor glimpse at your health and hobbies.
And there are many kinds of health scores that can be calculated. Health risk scores, frailty scores, brand-name medicine propensity scores are all available.
Analytics firms can use your credit card information to calculate how likely you are to adhere to medication, how likely you are to be a problem gambler, how often you drink or if you buy brand-name medicine.
Anyone, including college admissions officers, health insurers, and potential employers, can buy these scores and use them in decision-making.
For example, a score suggestive of chronic illness may disqualify a consumer from being offered a low-interest loan, a status credit card or a job. While your potential employer can’t outright ask you if you have a chronic illness, the firm may be able to crunch these numbers and find out.
But Greg Horne, a health care analytics principal in the Health and Life Sciences Global Practice at SAS, an analytics firm, said his clients, which include health insurers, use health risk scores merely to get to know their customers better.
They help predict, for example, if someone will respond better to a phone call or text message. Or if they’ll be likely to sign up for a diabetes class. It helps them figure out how many patients might develop cancer in the next year, or how many might need hip replacements.
“It’s about assessing and growing and making sure your system is able to cover the liabilities that it’s set for itself in terms of health care provision,” Horne said.
Your apps, your devices, and even your fridge
Your wearable fitness tracker—the FitBit comes to mind—might be spying on you, too.
It keeps tabs on your location, whether it’s at work, at a doctor’s office, at the mall, a fast-food restaurant or the gym. When fitness trackers are set to public, anyone logged in to them can see data on the wearer’s location and heart rate. Anecdotal evidence suggests it’s even possible to determine if the wearer is having sex, Slomovic said.
Fridges, thermostats, pillows, security systems, cigarettes and even saltshakers come with the ability to connect to the internet and could funnel sensitive information about your daily habits to advertisers.
These devices can tell the world if you’re waking up from sleep apnea many times a night, or if you get home at 3 a.m.
“Many of these things are great technological developments that we shouldn’t shun. It’s just we should be recognizing that there [are] unwanted and unanticipated aspects,” said Tanner.
Of course, devices you use specifically for your health also have a role.
When a doctor takes your blood pressure during an office visit, the numbers are protected by privacy laws. But when you take it at home on your Wi-Fi-enabled monitor, it can be sold and shared, depending on the user agreement from the company.
Even devices being implanted in your body, like a pacemaker, are sending information back to the manufacturer. Although you might not be able to access the data yourself, it is likely available on the open market.
Help paint your mosaic
Tanner advocates for more consumer empowerment, requiring manufacturers to make clear that when you use a device it’s collecting data and allowing users to opt out.
Also, people can “take charge” of the information, Dixon said, adding: “The data is already out there; you need to understand how you can manipulate your profile.”
She suggests using cash for “shady” purchases like alcohol or cigarettes, anything that might reflect poorly on you. Put things like gym memberships and vegetables on your card.
She also recommended deploying third-party apps that mask or blur spending habits. PayPal, Apple Pay and Samsung Pay are all good tools. Instead of putting everything on a card that could reveal unhealthy patterns, Dixon said, use these other payers to break up habits, putting one extra entity between you and your purchases.
And don’t be afraid to leverage social media to your advantage.
“If you are a gym member or a fitness person, you want it to be known to the world at large,” Dixon said.