How Technology Companies Are Using Protected Health Information (PHI)

By Sherry Baker @SherryNewsViews
May 18, 2020

Tech giants are behind numerous healthcare innovations. They’re also employing technology to gather protected health information (PHI) to use in multiple ways.

Massive databases now contain protected health information (PHI) about millions of Americans, and you may be one of them. At first glance, that might sound like some nefarious conspiracy theory, but it’s actually good news — as long as personal information is kept private.

Using advanced technology to collect and analyze data holds the promise of simplifying healthcare and speeding advances in diagnosing and successfully treating medical problems.

Technology companies - including Apple, Microsoft, IBM, and Amazon — are at the forefront of gathering PHI. It’s a multi-billion-dollar business for the tech giants, with medical centers, research institutions, pharmaceutical companies, and others relying on the companies’ technology and the use of PHI collected in data bases.


YOU MIGHT ALSO LIKE: What Google Is Doing in Healthcare


Thanks to advanced cloud storage and other tools tech companies have developed, more hospitals and physician practices can centralize and quickly access detailed information about patients’ lab tests, health history, and medications to improve diagnoses and care. Healthcare organizations can also use the data to help with billing and flag signs of possible insurance fraud.

Using artificial intelligence (AI) and machine learning (an AI application incorporating algorithms to find patterns in massive amounts of data), researchers cull PHI purchased from the tech companies to zero in on specific information which can hold the key for medical advancements.

You are more likely to have access to your own PHI soon, if you don’t at the present time. Electronic health records are increasingly available to patients, or anyone simply tracking their own fitness and health, via medical center portals and through PHI data stored on personal fitness devices.

Here are some examples of how technology companies are using protected health information, and some potential concerns about the privacy of your PHI.


YOU MIGHT ALSO LIKE: Our My Wellness dashboard, to keep track of your health data and manage your health records 


Gathering PHI for research and healthcare

Interest in, and collecting PHI, isn’t a new idea. It’s been a goal of researchers for decades. Over 60 years ago, health researcher Frederick J. Moore, PhD, told an IBM symposium a vast information retrieval system was needed to make health data available, both to public and private health organizations.

That goal is not only a reality in the 21st century, it’s a global technological development, reaching into every aspect of healthcare. Today, IBM is working with healthcare providers in the U.S., China, Spain, Russia, Thailand, and elsewhere to collect digital PHI and transform it, the company states, “into clinical and business insights for better outcomes.”

Large volumes of collected PHI data can be tapped into by researchers to see what treatments are working, which ones aren’t, and to find details in the health data to possibly explain why, according to IBM. And cloud-based PHI data paves the way for fast, efficient video consultations with medical experts who can quickly access a patient’s test results and history.

IBM Watson Health, one of the technology company’s multiple platforms, provides advanced analytics and what IBM calls “Narrow AI” to medical researchers. The Narrow AI system zeros in on a specific set of similar data pulled from PHI for studies. In a project with Roche, IBM Watson Health used this targeted research to predict the risk of kidney failure in patients with type 1 or type 2 diabetes over the course three years. The results showed the analysis was right 79 percent of the time.

Volunteering your PHI to work with tech company researchers

With products like the electrocardiogram-equipped Apple Watch, Apple CEO Tim Cook says the company is working on “democratizing” healthcare. To that end, the Apple Health app, available through healthcare providers, lets patients with iPhones see and securely store their own PHI, including health records from multiple institutions.

Apple is also partnering with several groups of health researchers on projects involving PHI, and the company is asking for volunteers to participate by using their iPhones to transmit their personal health data. By visiting the Research app in the App Store, people can see if they are eligible to take part in three long-term medical studies that will continue over the course of several years.

The first, a women's health study, conducted with Harvard T.H. Chan School of Public Health and the (National Health Institutes’)  NIH’s National Institute of Environmental Health Sciences researchers, is centered on a better understanding of menstrual cycles in women who have polycystic ovary syndrom (or PCOS), infertility, osteoporosis, or are going through menopause.

Another study will look at PHI from volunteers using their iPhones to document factors influencing the participants’ cardiovascular health and potentially their mobility. The research, in collaboration with Brigham and Women’s Hospital in Boston and the American Heart Association, is expected to continue for at least five years.

Apple is also collaborating with the University of Michigan on a hearing study that will track headphone usage and exposure to sounds in the environment through the iPhone in order to document the impact of noise on hearing over time.

There are some PHI privacy issues

Healthcare information, with basic personal identifiers removed, is sold, legally, to pharmaceutical companies, researchers, drug and healthcare marketers, among others. And PHI used or sold for research or marketing purposes is supposedly not identifiable — i.e. not linked to a specific person — unless you have agreed otherwise.

However, despite basic personal identifiers being removed, there is some concern PHI might not be truly anonymous, if other data can be tracked to specific people. In fact, a study by Carnegie Mellon researchers backed up this possibility. It showed anonymous U.S. Census data could be used to identify some individuals simply by combining certain known characteristics found in populations.

If PHI can be linked to individuals, there is a risk it could potentially be sold by healthcare or technology companies to drug developers and marketers to target ads to specific people. There’s also the risk non-anonymous PHI in the wrong hands could jeopardize the privacy of a person’s health history.

There have been several examples of PHI confidentiality being potentially breached over the past few years. An incident which took place in 2017, but wasn’t revealed until The Washington Post uncovered it in fall of 2019, involved a research project Google was working on with the NIH.

Days before the tech company was set to publicly post more than 100,000 images of patients’ chest x-rays, the NIH informed Google some of the x-rays contained details that could identify a number of the patients, and that was a potential violation of law, as well as a violation of privacy. It turned out, Google researchers had failed to obtain legal documents to cover patient privacy.

Google is now working with Ascension — the largest Catholic health system in the world and one of the largest healthcare systems in the U.S. — on Project Nightgale. The goal is to store and analyze PHI of millions of patients in 2,600 hospitals and clinics, using Google’s cloud data analytics to find ways to improve patient care and outcomes and to cut costs.

But the project received negative publicity when a whistleblower claimed doctors and patients had not been notified of the project and that 150 Google employees had been given access to patients’ private data. The charges prompted a U.S. Health and Human Services Office of Civil Rights investigation into how Google has handled PHI.

Google Health chief David Feinberg, MD, responded to the reports, saying all employees with access to PHI went through medical ethics training and were approved by Ascension.


YOU MIGHT ALSO LIKE: Our Technology in Healthcare section


August 29, 2022

Reviewed By:  

Janet O’Dell, RN