What You Can Do To Control How Your Health And Medical Data Is Used

Digital health lawyer Jodi Daniel answers questions about what people can do to control how our medical and health data is used, as smart watches, fitness trackers and other devices gain popularity.

AUDIE CORNISH, HOST:

We're going to hear more from lawyer Jodi Daniel. She's going to talk with us about what we as consumers can do with our health data. Welcome to the program.

JODI DANIEL: It's great to be here.

CORNISH: I want to broaden the discussion out because Richard's reporting focused on patient records. But there are other ways that our health data can be collected by private companies, especially now that there are smart watches and fitness trackers and things like that. So what are the rules around what can be collected and how it can be used?

DANIEL: Right now there are no federal rules governing the use of health data. This information apart from what they say in their privacy policy is basically the Wild West. And the only limitation on what they can do with that data is what they state in their privacy policies. And you and I know that most people don't read the privacy policies 'cause they're very hard to read. They're hard to understand. They're very complicated. And we just want to use the tool that's going to help us in managing our health care.

CORNISH: This feels crazy to me because when it comes to the smart watch business, which is only growing if you look at a company like Apple, they're kind of doubling down on this technology. Is it because we are basically, by agreeing to use the product, handing this stuff over to them? Like, how come the rules are different for them?

DANIEL: The rules were designed when all the health data was in the doctor's office, in the hospital and in the health plan. And so the rules applied to those entities. But, yes, when we sign up for a smart device, a smart watch, a health app, we're basically giving them permission - these companies permission to use our data however they see fit. And they usually outline that in their privacy policy.

CORNISH: Which could also mean they could sell it.

DANIEL: That's correct. If a company gets access to your information because you give it to them, they may be able to sell it. And that might be perfectly legal unless they specifically say they won't.

CORNISH: Do they sell it? Is there a market right now for people's data about their blood sugar or whatever?

DANIEL: Yeah, health information is incredibly valuable. And a lot of companies that collect vast amounts of health information from individuals are selling at least aggregate or deidentified data to pharmaceutical companies that are trying to understand how their medication might work or what might be an opportunity for them to help improve diagnosis or treatment of any said disease.

CORNISH: And you said deidentified. So, I mean, you're a data point in a large spreadsheet.

DANIEL: You could be a data point in a large spreadsheet. But there isn't necessarily any prohibition on them selling identifiable data. And so you really have to be careful and make sure that they state that they will not use your identifiable data in ways that you don't want, like for sale.

CORNISH: Is there a movement to give us more control over our health data or privacy protections or something?

DANIEL: We are seeing a lot of conversations in Congress, and we are seeing some changes at the state level. For example, the state of California has recently passed very privacy-protective law regarding data generally. But they've carved out health information that's protected under federal law or under California state law. So these added privacy protections actually don't apply to the health data that already is subject to existing law.

CORNISH: Which is kind of a big deal given that it's home to Silicon Valley, right?

(LAUGHTER)

DANIEL: That's very interesting, yes.

CORNISH: Yeah. Jodi Daniel is a digital health lawyer with the firm Crowell & Moring. Thank you for speaking with us.

DANIEL: Thank you very much.

Copyright © 2018 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.