Social media companies and marketers use this kind of metadata as a way to predict our behaviors all the time; for example, using shopping behaviors, companies often try to gauge whether someone is pregnant. It only makes sense that as technology encroaches deeper into our lives and data analysis gets better, more brazen researchers and organizations would try to glean insights. In such a world, Sobhani argues, even some of our most trivial data — the way our eyes move in a video clip — could be thought of as health data. “As a researcher, I think about the Amazon Echo and if our group had continuous data from voice. We’d learn so much — and I don’t just mean from the emotional content but from the language analysis and things like pauses in your speech.”

Her argument resonated. Not long after I spoke with Sobhani, I visited my doctor for a routine checkup and was struck by how much of the visit revolved around me telling her about the mundane details of my life: How was work and home life? Was I stressed? How often was I exercising? Was I eating well?, et cetera. Because it was a well visit, the bulk of the checkup was the doctor collecting a bunch of metadata that would help her interpret the small amount of raw data (my height, weight, blood pressure and temperature) she gathered.

Naturally, Sobhani’s fear goes back to the Big Tech companies — Google, Facebook, Amazon and others — that have amassed untold stores of this information. And because their devices are not classified as medical devices by the Food and Drug Administration, they’re not subject to the Health Insurance Portability and Accountability Act. “With health data, Hipaa grants you rights to have an easy copy of it,” she said. “And if tech companies are mining my data for health insights, why don’t I have access to it?”

It’s a complicated question. Google, for one, does have health initiatives. And just this year the company was sued, along with the University of Chicago, over sharing of medical records without stripping out sensitive information. And companies that make wearable devices that track heart rate and temperature and activity all process information that gleans health insights.

At the end of our call, Sobhani suggested a potential maneuver: use Hipaa as a way to rein in the tech giants’ use of our data. “If we were ever to rule that all the data they collect on us is, ultimately, health data and that we have a right to it, then they would need to hand it over by law.” In Washington, there have been some signs of movement in the health data sphere; a bill introduced this June by Senators Amy Klobuchar and Lisa Murkowski aims to protect data from fitness trackers, which isn’t classified as health data and protected by Hipaa. Still, Sobhani admits that the Hipaa classification is, at present, an unlikely solution — one that would face enormous pushback from tech companies . There are, after all, significant costs and administrative headaches involved in Hipaa compliance that tech companies would more than bristle at.