How Technology Companies Are Using Protected Health Information (PHI)

Tech giants are behind healthcare innovations that consolidate your protected health information (PHI). Should you be concerned? Here's what you should know.

Massive databases now contain protected health information (PHI) about millions of Americans. You may be one of them.

At first glance, that might sound like the makings of a conspiracy theory or scary movie, but it’s not necessarily bad news — as long as your personal information is kept private.

The innovations are big money for tech giants, as everyone from medical centers and research institutions to pharmaceutical companies come to rely on them.

YOU MIGHT ALSO LIKE: What Google Is Doing in Healthcare

The promise is that innovations benefit everyone. Using technology to collect and analyze data could simplify healthcare and hasten medical advances.

The databases are designed to contain “de-identified” data stripped of information that identifies individual patients. Companies who use your information may be required to explain how they will use it.  

American healthcare is wildly expensive, inefficient, and riddled with paperwork. Proponents say that cloud storage and other innovations will make it easier for hospitals and physician practices to quickly access your medical records. The tools can also streamline billing and flag signs of possible insurance fraud.

More comprehensive databases are always a boon to researchers, who can use AI techniques on a bigger scale. For example, Google engaged in a decade-long partnership with the Mayo Clinic, storing the academic medical center’s records in return for the right to use them for research and product creation.

When you use a Fitbit or health tracking programs on a smartphone, you’re gathering and reading your data. Electronic health records are increasingly available to patients as well. The records might include your most recent lab test and your doctor’s recommendations.

You’re more likely to be concerned about privacy when an employer, health provider, or insurer shares your information with a third party. The main concern is that third parties will profit from your activities without your knowledge.

You may fear companies will send you targeted advertising based on your health history. The Federal Trade Commission and Health and Human Services have warned hospitals and telehealth companies to stay away from online trackers to gather patient information that may be useful for advertising.

Here are some examples of the developments and how you’re protected.

Using PHI for research

Researchers have wanted access to more health data for decades. Today, top pharmaceutical companies rely on Merative, a spin-off from IBM, which has brought together data from more than 263 million people since 1995, with billions of data points.

For just one recent year, the vast database offered information about nearly 40 million people, data large enough to create up-to-date representative samples of Americans.

The records come from large employers, hospitals, Medicare, Medicaid, and electronic health record companies. They are reorganized, replacing identifying information — such as your name, addresses, employer, and insurance policy number — with anonymous identifiers.

For example, a researcher can see a prescription in a hospital discharge record and the same person’s out-patient drug claims — establishing how long the patient continued taking the medication.

Since medical records are linked to dental claims, researchers can make a connection between oral infections and heart disease, in another example.

In one study, researchers analyzed data from more than 19 million emergency department visits, drawing from records for both Medicaid and privately insured patients over 11 years. Up to 20 percent of all emergency visits resulted in an opioid prescription. After 2010, however, the number of opioid prescriptions dropped.

Another study concluded that type 2 diabetes patients who received two medications combined in one tablet — rather from separate sources — were more likely to reach a healthy blood sugar (A1C) level. To draw that conclusion, the researchers needed to see lab results as well as prescription claims.

Volunteering your PHI to work with tech company researchers

With products like the electrocardiogram-equipped Apple Watch, Apple CEO Tim Cook says the company is working on “democratizing” healthcare. The Apple Health app, available through healthcare providers, lets iPhone users see and securely store their PHI from multiple institutions.

Apple is also asking for volunteers to participate in research projects. See the research app in the App Store, if you’d like to share your information.

An ongoing women’s health study, conducted with researchers from the Harvard T.H. Chan School of Public Health and the National Institute of Environmental Health Sciences, announced preliminary results with data from more than 50,000 women.

Participants with polycystic ovary syndrome had more than four times the risk of endometrial hyperplasia (precancer of the uterus) and more than 2.5 times the risk of uterine cancer. 

The larger goal is a better understanding of menstrual cycles in women who have infertility, osteoporosis, or menopause.

If you think playing pickleball is fun, your Apple Watch report can prove it. The Apple Health and Movement study has announced that wearers who play pickleball frequently are 60 percent less likely to report symptoms of depression than its overall pool of volunteers.

Apple is also collaborating with the University of Michigan on a hearing study to track headphone usage and exposure to sounds in the environment through the iPhone, to document the impact of noise on hearing over time.

PHI privacy issues

Whenever healthcare information is sold, it should have all basic identifiers removed. But hackers can find ways around those protections. For example, Carnegie Mellon researcher showed how analyzing anonymous U.S. Census data can reveal personal identifiers of people.

Google, which has been moving fast into healthcare, has run into political headwinds, mainly demanding more disclosure.

Google’s Project Nightingale attracted news coverage and letters from senators and federal investigators when the public learned that it would receive health information from Ascension, a large Catholic nonprofit health system.

One Google unit was accused of improperly accessing patient data from the U.K.’s National Health System. Back in 2017, two days before Google planned to post more than 100,000 images of human chest x-rays provided by the National Institutes of Health (NIH), the NIH told Google that the images weren’t entirely anonymous.

Advocates say, however, that the advent of new tech in healthcare information can be beneficial if such wrinkles are ironed out.

YOU MIGHT ALSO LIKE: Our My Wellness dashboard to keep track of your health data and manage your health records