Skip to content

Is Your Health Data Safe? The Risks of Digital Health Information

Katie Lips discusses health data and its risks.

Most of us are comfortable sharing data in a place we believe is safe and secure. But not everyone considers where health data goes after it’s collected. And though most medical information is protected by strict data security regulations (such as HIPAA in the United States), some health information is considered “personal data” and has less stringent requirements. It’s important to know where your health data is at risk so you can make informed choices.


See Protecting Your Health Data with Katie Lips for a complete transcript of the Easy Prey podcast episode.

Katie Lips has had a broad and diverse career in digital technology. She has built digital products, developed digital strategies and policies, advised consumers on scam protection, and advising governments on how to protect consumers, among other things. Working with the UK Consumer Protection Association, she led an investigation into how health data is being generated and used. Currently, she is creating a data-centric health app.

Throughout her career, she has been interested in data, how we use our personal data online, how others use our personal data, and what we can do to protect ourselves online. There are great opportunities in tech. We can put our whole lives online and use the internet to do awesome things, like improving our health. But it also puts us at risk. Katie is interested in building great products that can help people online but at the same time, protecting people and their data.

The Coronavirus Pandemic and Health Data

The coronavirus pandemic opened many people’s eyes to how useful health data can be. Most of us know in a general sense that data is useful. Good data, analyzed well and used properly, can do all sorts of great things. But health and healthcare is where data starts to hit home for the average person. The pandemic showed many people how important data is in healthcare.

During the pandemic, many people were asked to share data about when and where they were taking tests, where they were testing positive, and where they’d been. Some people tracked their movements to help researchers study the spread of the disease. It was a great example of how data at scale can help fix problems. We didn’t find a cure for the coronavirus, but we did find vaccines and saved a lot of lives.

For some of us, sharing that data was an obvious choice. For others, it was a scary thing they didn’t want to do. Katie herself was on the fence. She could see the benefits of sharing that data. But she also knew the risks of sharing that kind of data. How long would they want the data for? How long were they going to use it? Who would be accessing it in the future? What would they do to fix problems that occurred because the researchers were in a rush? It was an emergency situation where people were asked to share personal data that we knew could help people. But do you trust it?

Digital Health Products and Your Data

The coronavirus pandemic wasn’t the first use of health data. People have been using digital health products to collect and analyze health data for years. Many of us use Fitbits, smart watches, and similar gadgets to monitor their bodies. Katie wears an Apple Watch, and it’s probably listening to her heart rate right now. That can be a terrifying prospect. If you’ve set up devices to capture data, they continue capturing it even if you don’t think about it anymore. Then all that data is out there that you’re not even aware of.

Technology is a great tool to collect health data, but it also comes with risks.

Calorie tracking can have similar problems. Plenty of people want to lose weight. If you use a website or app to track your calories, you’re basically telling a company everything you eat. It can be great if you get data back that you can use. If the app can help you identify that you tend to eat more calories around three in the afternoon or you’re getting too many carbs, it can be worth it. But many apps are very one-sided. The company gets the data, and you don’t get enough analysis to make it worthwhile.

If you get the insights back from the data you’re giving up, then I think it’s possibly a fair exchange. But in a lot of services that I see, it’s a bit one way.

Katie Lips

The Unintended Consequences of Digital Health Data

Just like any data, if your health data is online, there are some risks. A company could have a data breach and your health data could fall into the wrong hands. This could lead to you being targeted by health or wellness scams. There’s also the risk of companies collecting more data about you than you realize for an ill-defined purpose. You don’t know what might happen to your data in the future, who it might be sold to, or who might use it inadvertently.

When it comes to health data … we’re not quite attuned to the future issues that might bite us when it comes to the health data we’re sharing and whom we’re sharing it with.

Katie Lips

Especially with online health data, many of the consequences are unintended. The United States military banned its personnel from wearing fitness trackers because they uploaded soldiers’ GPS locations. Someone who wanted to learn where a soldier was or learn the layout of a military base could just watch that fitness tracker information. The developers behind the fitness trackers were just creating a neat product to track workouts. They weren’t asking if their fitness tracker would be putting military servicepeople at risk. It was an unintended consequence, but it still put them at risk.

We don’t tend to think about what kind of risks could happen by putting our health data online. But even if you’re not in the military, there are still dangers. A burglar might be able to see from your fitness tracker that you’re out on a run and it will take you about an hour to get back and use that as an opportunity to break in. We need to ask ourselves who has access to this data and how it could be used to harm us.

Cybercriminals Aren’t (Necessarily) the Problem

As another example of unintended consequences, the United States recently made legislative changes around abortion access. Apps used to track menstrual cycles suddenly became potentially risky. The data could be used in court against someone accused of having an abortion.

Health data doesn’t even have to fall into the “wrong hands” to be dangerous. In the case of apps to track menstrual cycles, cybercriminals stealing data isn’t the risk. Something that was legal and acceptable not long ago is now illegal and not acceptable, making that data potentially dangerous in the hands of lawyers, law enforcement, or anyone who wants to accuse someone of having an abortion.

The challenge for businesses creating products is that they design for the best-case scenario. They plan for a situation where everyone loves their product and uses it all the time. Nobody designs products thinking about all the awful things that could happen and how they’re unintentionally putting people at risk. The challenge is to think about the unintended consequences, especially when health data is involved, to protect consumers.

I’m advocating for people definitely doing some unintended consequence thinking. … You have to worry about bad stuff that can happen with it as opposed to just good stuff you want to achieve.

Katie Lips

Judging People with Health Data

Think about how financial credit works. Credit agencies have your financial information. They collect it and merge it with other data to give you a credit score. You then get offered loan products and specific interest rates based on your income and financial habits. But some people are concerned that health data, medical information, and information on their eating and exercise habits will be merged and affect their lives similarly.

The good news is, that won’t fully be the case. Medical information is governed by much stricter regulations than other information. Without a good reason, most companies won’t be able to get their hands on your medical data.

However, your health data doesn’t just include the medical data in your doctor’s digital files. Digital health data also includes lifestyle data, such as exercise, food, and weight loss. And much of that falls under “personal data,” which does not have the stricter protections of medical data.

It’s generally okay that personal data is not protected quite so strictly. But in some cases, it can be problematic. A company might decide they want to know how healthy you are, so they look at your social media. For most people, it’s all there for anyone to see. If you post about your weight loss journey and how your morning run went, they can conclude you’re probably healthy or at least trying to be so. If you enjoy extreme or otherwise risky sports like bungee jumping or skiing, or post a lot about drinking and going to bars, it might impact your life insurance premiums.

Lots of people don’t think twice about posting things online because it’s just your friends or a like-minded community. But we don’t know who else can see that data and who can get access to that information.

Moving from “Sick Care” to Health Care

It is genuinely useful for medical professionals to be able to access and share some of your health data. But the issue of what information can and should be shared and what should be segregated is an ongoing debate. Should your optometrist be able to see what your cardiologist thinks of you? Who should be able to access what information?

Technology is enabling the medical profession to move from an era of what Katie calls “sick care” to “health care” in the truest sense of the words. For most of history, medical care has been “sick care.” You get sick, you go to the doctor, and they make you better. In true “health care,” doctors can focus on preventative measures to keep you healthy instead of waiting for you to get sick. But to do they, they need to know how you might get sick so they can prevent it.

In order for healthcare professionals to focus on preventing illness, they will need access to a lot of health data.

To make that a reality, we will need a lot of data analyzed by clever people. But the system is still a bit stuck in the era of sick care. In order to move into proper preventative health care, we’ll need more advanced data systems. As patients, when those options become available, we should opt in.

The Challenges of Data-Driven Health Care

Though true health care has definite benefits, it also raises some concerns. If you know you’re not living a healthy lifestyle, do you want your healthcare provider to know that? You might be concerned that they’ll raise your rates or treat you poorly for not exercising. If you go to your health provider and you’re living unhealthily, could they hold that against you? It’s a real worry and it might prevent people from seeking help in a true health care system.

As we move into a health care system driven by personal health data, we need to strike a balance. Most healthcare providers genuinely want to help. They want to prevent disease and help fix you up when you’re ill or injured. But in order to do that, they need to know the full extent of the problem. If you go to the doctor and say your leg really hurts but don’t tell them it started hurting when you fell off a ladder two hours ago, it’s going to be much harder and take much longer for them to determine the problem and help with your injured leg. We have to be able to be honest about the root causes.

Who Actually Needs Your Data?

Whenever you’re asked to provide data, whether it’s health data or otherwise, you should consider where the data is going and if they even need it in the first place. Your weight tracker app doesn’t need access to your camera, microphone, or contacts. When you’re filling out forms, question where your data will go and if they really need it in the first place.

If you’re curious, cautious, or concerned about what will happen with the data you’re providing, ask! If you get an answer you don’t like, don’t give them the information. Katie thinks we should all be encouraged to question more, because companies will listen to that. They know it’s awkward when you ask where your private health data is going and they have to say they don’t know. If they get people asking, they will find a better answer or change their practices. But if nobody asks, they won’t know it’s something people are concerned about. Never be afraid to ask.

A New Data-Driven Health App

Katie used to live quite unhealthily. She drank a fair amount of alcohol, overate a lot, and put on a lot of weight. Eventually she decided to do something about it and lost ninety pounds. She even wrote a book about the process, called Love Yourself & Lose Weight.

People often ask her about the specifics of how she lost weight – how many calories she ate, what her exercise regimen was, and similar questions. She is currently working on a product to help people with her weight loss method. Her method is what some people call conscious eating or mindful eating. It’s not about dieting. You don’t have to eat cabbage every day if you hate it or stop eating chocolate. It’s just about taking your time, eating more slowly, and enjoying it more.

Katie started a business called Eatiful to launch this product. It’s for anybody who wants to lose any amount of weight in an easier, more enjoyable, and more sustainable method. It’s also very data-driven. When Katie was losing weight, she had to find out what worked for her through trial and error. The product helps you collect your own health data to learn your habits, track them, and get insight. All your data is stored and analyzed on your device, not on company servers. So you get to learn what works for you without a company getting your health data and doing who knows what with it.

Learn more about Eatiful at weareeatiful.com. Learn more about Katie at katielips.com, where she talks about conscious eating in general and what she’s up to, as well as provides lots of free resources. Or you can connect with her on LinkedIn, where she talks about data and data strategy.

Related Articles

All
  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking
  • Online Privacy
  • Online Safety
Verify a Tinder profile by running a reverse image search with Social Catfish.

Run a Reverse Image Search to Verify a Tinder Profile

Online dating can be a fun way to pass the time. It can also be a way…

[Read More]
Dangerous Things We Do Online

Here are The Dangerous Things We Do Online Without Knowing It.

Hackers and cybercrooks count on people to have bad online or computer habits—they know there’s a high...

[Read More]
5 Mistakes You Make Online

Are You Making These Five Mistakes Online That Put You at Risk?

It's scary to think that’s the data breach news you hear on the news are all true...

[Read More]
Mike Cook talks about synthetic fraud and the dangers of data breaches.

Synthetic Fraud, Data Breaches, and Other New and Evolving Scam Techniques

Many of us are aware that scams, fraud, and cyber threats are out there. We may even…

[Read More]
Learn tips and tools to find out if someone is on social media.

How to Find Out if Someone is on Social Media

Social media platforms have become popular amongst users since it’s the most convenient way to stay updated…

[Read More]
Peter Sisson talks about fake video issues caused by AI - and what his new company is doing to help.

AI is Causing Fake Video and Fake News Problems – But This App May Help

We all know the old phrase “seeing is believing.” We’re hard-wired to believe the things that we…

[Read More]