Facebook Inc., Google Inc., and other technology giants face an uphill battle convincing patients their online health products will keep their private information secure and won’t yield targeted ads, a former health privacy chief said.
“There have been so many privacy issues that have been highlighted around large tech companies collecting and using data,” Deven McGraw chief regulatory officer of Ciitizen Corp., said in an Oct. 30 interview. “For all the benefits that they want to bring to health care, they’ve got a challenge to get the public to trust that they’re going to handle this data responsibly.”
McGraw headed up privacy programs in the Department of Health and Human Services’ Office for Civil Rights, which administers the Health Insurance Portability and Accountability Act, before joining the San Francisco health tech company two years ago.
“People don’t trust tech right now,” John Wilbanks, chief commons officer for Sage Bionetworks, said at the Milken Institute’s Future of Health Summit. “The idea that we’re suddenly going to trust them with all of our DNA, that’s going got be a tough sell.”
The remarks came two days after Facebook announced a preventative health tool that sends check-up reminders to users and helps them find affordable places to receive care.
Health Data ‘Creeping Out’
McGraw said more health data is “creeping out” into the tech space, but patients are still largely unaware that not all of it is protected in the same way. They’re accustomed to their health data being at their doctors offices, in the hospitals where they were seen, or in their insurers’ records. All of those keepers of data are covered by the health privacy law.
What patients might not know is that some health data doesn’t fall under HIPAA. That includes health information in the hands of technology companies—think Fitbit—or companies that offer DNA testing directly to consumers.
More technology companies are venturing into health care because of its potential to unlock biomedical discoveries and manage patient care. But public opinion on big tech is going in a different direction. Negative views of technology companies have nearly doubled in the U.S. over the last four years, according to a study the Pew Research Center released this summer.
Tech companies can build firewalls that separate health-care platforms from social media sites and email inboxes, McGraw noted during the Milken Institute’s session on using patient data in research. The challenge is convincing the public that separation exists, adding that she knows a lot of patients who are active online and frustrated with their social media experiences.
Facebook says it won’t share activity from its prevention health tool and won’t show ads based on the information provided in it, chief privacy officer Erin Egan, wrote in an Oct. 28 blog. Health insurers can’t use that to deny coverage either because Facebook doesn’t share the data with third parties, the blog said.
Still, the data is within the company. “Because we know health data is particularly personal, we took extra steps to protect your privacy and collect a limited amount of information necessary to make the tool function and improve it over time,” Egan wrote.
But other actions, such as liking the Facebook page of a health organization, could lead to targeted ads.
Google does keep track of things that users search for, their location, and websites they visit.
Google Health has grown from its original premise and now also focuses on using artificial intelligence, product expertise, and hardware to tackle health-care problems. Among the units in parent company Alphabet Inc.'s profile are Verily, which is developing tools to collect and organize health data, and Calico, which employs scientists to explore the biology of aging to expand lifespans.
Regardless of tech’s obvious interest in health, McGraw said patients still need to be convinced the companies will do right by them with their health information. “It’s a little bit of a boulder to push it uphill.”