Nothing About Me Without Me

This week I watched a TedMed talk given by Bruce Schneier about who is actually in control of each and every one of our medical data shadows. What he meant by "medical data shadow" is the data collected every time you go to the doctor to get a checkup, every time you search anything medically within your internet, if you wear a fitbit the data it collects throughout your day, etc. We are so hooked up and intertwined within the internet that it is constantly taking data of us and our lives.

Historically, patient privacy has been the number one goal for doctors. Laws and regulations were put in place to hold doctors accountable for this and for a long time it worked. This essential “promise” allowed patients to open up and reveal the most embarrassing and scariest questions, concerns, and/or details. The trust was gained because these data files were all on paper hidden away within the vast amounts of files and physical cabinets at the office. Now though, everything is digitalized and there has been a shift regarding who has access to these files, personal information and data. According to Schneier, physicians don’t own your files anymore, instead they are owned by the institution they work for. Our data is in millions of hidden databases unknown and inaccessible to us because of the 880,000 different health data brokers and marketing companies out there that sell our data.

These companies are staffed with people that did not have to take the privacy oath. Therefore, allowing a greater amount of chances of your information falling into the wrong hands. Some extreme mishandles include identity theft, medical insurance fraud, embarrassment, harassment and/or extortion. Current privacy laws no longer protect us because they cover the system and not our personal data. This ethically should be included in the patient’s autonomy. The patient’s should have the right to control what happens to their bodies AND their personal data. Personally, I feel this also goes against the privacy oath doctors do take because they are essentially handing our data over to the industries, which destroys all trust. This leads to more people willing to live with their aliments at any cost in order to avoid risking their personal privacy and security.

He combats this ethical problem by suggesting five principles to follow: accessibility and control, transparency and accountability, no use without authorization, the same treatment of research and clinical data usage and standardize privacy policy across the entire industry.

This TedTalk stuck out to me because a good friend of mine recently experienced an attempt of identity theft using her medical data as a weapon. She received a call from an unknown number and was greeted by a man claiming to be from a company that collects payments on blood work she had gotten performed a week prior. They then claimed if she paid over the phone immediately as well as answered a couple personal questions they would not send this bill to collections. Confused and skeptical, she called her insurance company to enquire whether they had paid or not. They informed her they paid the company three days prior and to make sure not to give/ pay. I know my friend isn’t the only one with this experience. More people need to stand up and fight for their ethical right to have complete ownership over their data.

Schneier left the audience with a compelling and inspiring quote. He exclaimed, “the only person with a clear ethical and legal right to create a complete medical profile of you- is you.”

One question I pose is how does one get around signing the waiver for your physicians to use your data anyway they choose, if they physicians won’t see you without that signature?

Schneier, B. (2017). Who controls your medical data? TedMed. (http://www.tedmed.com/talks/show?id=627334