In today’s technology-driven world, data is an inevitable part of our lives. From fitness wearables to wireless medical devices to electronic medical records, the digitization of health information will continue to be a common practice. There is another common practice in the healthcare industry that most people do not like to talk about: medical data trading. A multi-billion-dollar market exists for information found in medical records, including prescription records, hospital visits, blood tests, insurance records, and doctor notes. Commercial companies are able to buy and sell this data without violating HIPAA because the information is not directly tied to an individual’s identity. However, the records bought and sold are often still associated with an age, gender, partial zip code, and a doctor’s name.
In the past, the stripping of a name, address, and social security number from a medical record would have been sufficient to protect anonymity. In today’s world, this is not the case as the re-identification of seemingly anonymized data is only getting easier. A straightforward data mining tool can easily cross-reference multiple databases to aggregate data and re-identify individuals from their theoretically private medical information. As an example, Harvard University Professor and computer scientist Latanya Sweeney was able to link zip codes, birth dates, and gender from a voter registration list to publicly available medical data, including hospital discharge records and health care cost data on hospital visits. And this was research conducted almost twenty years ago! The capabilities of data mining technology have only improved alongside the vast amount of data available today.
While consumers have the ability to increase the privacy of their non-medical data and control access to it, there is a frustrating lack of control when it comes to medical data. Even with the advent of electronic medical records, patients still do not have access to comprehensive health data across providers due to a lack of interoperability. Additionally, there is no way for patients to opt out of third parties using their anonymized health data for commercial purposes or otherwise. Theoretically, patients could choose healthcare providers based on whether or not their health information systems sell anonymized data, but in reality, this choice is limited by health insurance companies and specific health plans. If the patient is truly at the center of healthcare, then the management of health information needs to reflect that.
Patientory wants to change this narrative by applying blockchain technology to electronic health information. In addition to blockchain’s robust cybersecurity abilities, it can democratize data access in favor of the consumer. Instead of storing and distributing data through a single database, multiple copies of the same data are shared on a ledger distributed across a peer-to-peer network of users. When one copy of the ledger is changed, all of the other copies are updated in real-time and the validity is guaranteed by the network. By using a distributed application like Patientory’s to access electronic health records, patients will have the power to decide exactly who can access their medical data and for what purpose. The corporate rights of data brokers should no longer be privileged over the rights of consumers to control their own health data.