Data generated by your body is routinely captured and sold by healthcare companies. Shouldn’t you benefit from it, too?

Getting access to your medical information is supposed to be good for you, and good for the country. It’s supposed to help you take charge of your health, and save the beleaguered US healthcare system loads of money. Getting your medical record can reveal life-changing information: Symptoms you should be watching, drugs you shouldn’t take, even diagnoses you didn’t know you had. So the federal government has poured billions into making it easier for people to access their medical information. In reality your medical information is anything but free. If you would take on the challenge of claiming your data from those who hold it hostage, you must prepare for the journey. You may be forced to scale massive bureaucracies, combat insane copyright laws, sneak into secret data stashes, hack into medical devices — or perhaps even locate a working fax machine.

Hello, hero. Welcome to your Great Data Quest.



CLICK BELOW TO MEET THE PATIENTS WHO ARE HACKING THEIR IMPLANTS & SOLVING MEDICAL MYSTERIES Meet Marie.

She’s a cyborg who runs on proprietary software she can’t trust. “I want to know what code is running inside my body.”

Meet Steven.

He was determined to learn more about his tumor, but his doctors couldn’t help. So he dissected his own brain.

Meet Annie.

She was sure something was wrong with her baby, but they ignored her fears. His medical records hid a bombshell.

They sell your data. They steal your data.

In the beginning, medicine took place in the real, physical world, face-to-face. You’d go see your doctor, and she or he would prod at your flesh, peer into your ear, mouth, or other holes, maybe retrieve a “sample,” and (maybe) listen to what you have to say. It was very analog. Very meatspace.

That still happens, but it’s only part of the story. Today, medicine is transacted in the language of data: measurements of what’s in your blood, descriptions of your cells, pictures of your insides. Even words get rendered as data, through the codes that the doctor uses to record your diagnosis (Torn right Achilles tendon? S86.021D. Halitosis? R19.6), and the codes that let her bill for whatever she does to you. Most of that data is generated or recorded in digital form.

As you move from appointment to appointment, from doctor to lab to clinic to imaging center to hospital, data swirls in your wake, streaming off of you like stardust off a comet. The cloud is invisible to you. But your data, anonymized and aggregated together with other people’s data clouds, is valuable.

Scientists mine this “data exhaust” for previously undetected patterns in health and illness. Pharmaceutical companies analyze prescription data to figure out how to sell more drugs to both doctors and patients. Data analytics companies purchase millions of electronic health records, lab test results, and insurance claims reports, slicing it and dicing it to expose patterns that weren’t visible before. These data-mining startups, a fast-growing sector of the digital health industry, brought in more than $400 million in venture capital last year. They sell custom reports to all manner of buyers: employers trying to predict how much they’ll spend on healthcare, companies selling products and services to hospitals, and hospitals looking for ways to charge more for their services.

Other people steal the data and sell it on the dark web. Your medical record includes not only your social security number and address, but also your insurance and billing information. Unlike a credit card, you can’t simply cancel it, so while a stolen credit card account is worth just a few bucks, medical records can sell for $10 to $350 each, depending on the security expert you ask. Most hospitals and clinics don’t encrypt their data and have poor security. The result is that medical data thefts have more than doubled in the last five years; in 2015, companies like Anthem revealed breaches that together compromised the records of more than 112 million people. Stolen medical data enables a bonanza of fraud, from falsely billing for fake medical services or drugs to filing phony tax returns to complete identity theft. (Or simply ransom demands.)

All of these people can get their hands on your data and make money off it. But for you — the wellspring of all this value — it is not so easy, even though it can be far more precious to you.

Data is born free. Yet everywhere it is in chains

Until the last few years, only a small percentage of Americans could access their own medical information electronically. Nonetheless, research on these early adopters indicated that people who access their medical information and pay attention to it are healthier and more motivated. They get the checkups they need, take the drugs they’re supposed to, and avoid unnecessary extra tests. They catch mistakes; more than a million medication errors happen every year, according to the Institutes of Medicine, and people who can cross-check their own records are more likely to notice an error before it creates a problem. They also potentially save the system a lot of money; preventing duplicate lab tests alone could save $39 billion, by one estimate. It’s especially important for people managing a chronic disease — which now includes about half of the US population.

Policymakers realized that switching the whole system over to electronic health records and ensuring patient access should be a good step toward giving people more control over their health, as well as a step toward making the healthcare system less crazy. “In the longer term, the goal is to change the culture of health care, and accelerate the trend in which patients are seen as partners,” says Christine Bechtel, former vice president of the National Partnership for Women and Families (NPWF), a nonprofit that has pushed for easier medical records access.

For all these reasons, as part of the 2009 federal stimulus, any hospital or medical practice that switched to electronic health records and proved that at least some patients were accessing them would be eligible for subsidies from a pool totaling about $20 billion.

So it’s your right — even your civic duty — to get that information. Just last month, the US Department of Health and Human Services clarified the policy: you should be able to get almost anything besides a psychotherapist’s notes, and in most cases, you should be able to get the information in digital form within 30 days.

In theory, anyway. In practice, not so much.

Many hospitals and practices now offer online patient portals (or “blue buttons”) that summarize your information, but the depth and detail varies; some leave out notes from office visits or don’t include lab reports. If you want more information, or if your provider doesn’t have a portal, you’ll have to first figure out whom to ask — maybe a chief privacy officer, or a Manager of Patient Experience, or a harried administrative staffer who has no idea what you’re talking about. You might be asked to fill out a photocopied form and fax it in. If you succeed, the record might arrive in banker’s boxes of paper, on CDs, in PDFs or some obscure file format used only by health care systems. Medical offices are permitted to charge fees that reflect the cost of duplicating paper documents, even if they are completely electronic, so you might also have a bill, and it might run in the hundreds of dollars. All of these things have actually happened to real patients recently; a coalition led by NPWF is collecting their stories in a “Get My Health Data” campaign.

This hassle around electronic health records is merely a symptom of the deeper sickness: The medical system is set up to block data liberation.

There are incentives to imprison your data. If your doctor’s office has it and you don’t, it’s a hassle for you to take your business elsewhere. This hostage-taking unfortunately seems to work: States that permit higher fees for medical-record requests also have lower rates of doctor-switching, finds a recent study from the National Bureau for Economic Research.

Also, many doctors don’t like the idea that you’d be able to read what they’ve written about you; you might take offense or misinterpret an observation. That worry is mostly groundless, as a project called OpenNotes shows. Inspired by research suggesting that patients forget about 80 percent of what doctors tell them, the project lets patients read online all the notes from their appointments. The result: two-thirds of 19,000 patients in a pilot study said they better understood their health, and less than 8% were worried or offended. As of December 2015, OpenNotes is now being expanded to cover more than 50 million people.

For a long time, one of the rationales for blocking access to medical information is that there wasn’t much patients could do with it except hurt themselves through DIY medical treatments. But today, patients are increasingly being expected to take responsibility for their healthcare. “The reality is, I see my doctor twice a year for 15 minutes,” says Hugo Campos, who for years has fought to get his hands on the data in his cardiac defibrillator (learn more about him in Marie’s data quest). “People are already making those decisions themselves.”

The people’s data utopia

It seems like the obvious answer is to give the people what is rightfully theirs. But in every state except New Hampshire, your medical record is not even your property. Legally, it belongs to your hospital, your doctor, maybe even your insurance company. For other kinds of data, it’s even less clear. If a machine measures your heartbeat and transmits that information to a server that your cardiologist’s office can log in to, does it belong to you, your doctor, or the company that made the machine? The manufacturers argue that it’s theirs. But intuitively, it seems that if the information originates in your body, it belongs to you. It feels like something you have the natural right to possess.

The truth is that focusing on who owns the data is a bit beside the point. “When you think about control or ownership, it implies a singularity or uniqueness: If I own it, I can keep you from doing things with it,” says John Wilbanks of Sage Bionetworks, which is building systems to enable shared data in biomedical research. That’s a bit antiquated, he notes. Digital data is endlessly reproducible, so the real issue becomes one of autonomy and access. You should be able to easily get your hands on it, and you should be able to also give it away.

Madeleine Price Ball, cofounder of the Open Humans medical data-sharing project, proposes three laws of personal data rights: the right to access raw data, the freedom to share it with anyone you choose, and the freedom to use it however you want. You could sell it. You could download it and make knitting patterns from it. Or you could donate it to the greater good.

That last option is where Wilbanks, Ball, Steven Keating (read about Steven’s data heroics here) and many others see the truly transformative possibility of data liberation. Democratizing the data means that no doctor or hospital or jealous scientist or greedy pharmaceutical company can keep it locked away. It is put into the hands of the people, who can contribute it to any project they choose. In this beautiful future, data flows freely between us all, a vast and glimmering sea of information that scientists can dip into at will. Today’s big-data projects include hundreds of thousands of people, maybe a million at most. That’s chump change. A future of free data could provide orders of magnitude more, millions of observations on hundreds of millions of people. With this bounty of data, network effects kick in. We will start to see things that were always invisible before: New connections, new ways to treat and cure, the answers to a thousand vexing medical questions that will never be answered by those who keep the data locked up.

If the visionaries get their way, soon you won’t have to be a programmer, a lawyer, or a programmer-lawyer to get your data; you won’t have to be desperate or stubborn. It’ll be your natural right.

The people at Get My Health Data are pushing us all to get our medical records; people like Ball and Wilbanks are seeding the open-data movement in research; others are challenging the law. Beyond them is a groundswell of people of all kinds — hackers and patients and policy nerds and enlightened doctors; bureaucrats and self-quantifiers and parents who see the possibility, and are fed up with the way things work now. “We can empower people, and make them realize that they do have a right and a responsibility toward themselves,” says Campos. “That is what is changing.”



DID YOU MEET OUR DATA HEROES? TAP THE IMAGES TO READ THEIR STORIES

HOW ONE MOM SOLVED THE MYSTERY OF HER BABY’S FRIGHTENING ILLNESS

TO LEARN MORE ABOUT HIS TUMOR, THIS MAN DISSECTED HIS OWN BRAIN

THESE CYBORGS ARE HACKING INTO THEIR OWN MEDICAL IMPLANTS Illustrations by Señor Salme for Backchannel