When most people step into a doctor’s office, they have an expectation of privacy. However, as investigative reporter Adam Tanner reveals in his new book, “Our Bodies, Our Data,” the reality is very different.

Did you know that virtually every interaction a patient has with the medical system is recorded, sold and aggregated into comprehensive profiles that offer marketers insight into people’s most intimate personal information?

Reveal recently spoke with Tanner, the current Snedden Chair in journalism at the University of Alaska Fairbanks, about how medical data collection could erode trust in the health care system, the impossibility of opting out of the sale of your data and how a seemingly innocuous magazine subscription could affect your life insurance policy.

Editor’s note: This interview has been edited for length and clarity.

Reveal from The Center for Investigative Reporting: How did you get interested in looking at this industry in the first place?

Adam Tanner: What interested me was that the government collects a lot of data about us, as (classified document leaker) Edward Snowden showed, but what most people should be interested in is commercial collection. Medical data is even more personal, more intimate and potentially damaging. When I discovered there was this big, multibillion-dollar industry of medical data sales, I thought it was worthy of a book.

Reveal: What sort of information is being collected by these medical data brokers? How are they gathering it?

Tanner: There are a couple of different ways. There’s the sale of both medical data about you that’s anonymized – without your name, Social Security number or address – and then a second kind of data that is sold about you that does not have that anonymization.

Identifiable information comes from data brokers. If you subscribe to a magazine about diabetes, that mailing list may be sold, and you may be identified as someone likely to have that ailment. They can sell that without any restriction under U.S. law. All sorts of things are not covered by legal health protections like fitness apps, websites and Twitter posts. All of these things can be gathered by data brokers and matched with other kinds of information to build a health profile of you.

The part most people don’t know about is that anonymized medical information from your doctor’s office is also a commercial product. You go to the doctor, and the doctor asks you about your health issue. You tell him or her. They write it down into the into a computer – nowadays, almost 90 percent of doctors are linked up to electronic health records. The doctor sends you to get some medication at the pharmacy. The doctor may also recommend you have a blood test. All of that is processed through various insurance forms from your health insurance company. All of those aspects along the chain can be sold.

Reveal: What is this information used for? The identified information makes sense to be used for marketing purposes. If you identify a person with some condition, then you could market drugs or other products to them more effectively. For the anonymized data, what sort of use are companies that buy this data getting?

Tanner: When I say anonymized, I should stress that it’s anonymized of the patient’s name, but the doctor’s name is still in it. It doesn’t say “Aaron,” but it says “Dr. Jones.” A drug company can buy this information and see that Dr. Jones is regularly prescribing drug A to his patients, but they represent drug B and they can send a salesperson there to say, “Let me tell you how great drug B is.”

The companies behind this include some well-known names, such as IBM, and there’s LexisNexis. One that may not be familiar is called QuintilesIMS. These companies also highlight that there’s a big scientific promise of gathering these dossiers on people. They may have years and years of information about you from your blood tests, your doctor visits, your hospital visits, your insurance claims, your drug purchases at pharmacies and so on. They say that information will help boost major discoveries in science. That hasn’t really happened yet. There’s some interesting insights, but the question that I want to raise in my book is, is this something that we as a society are comfortable having happen without really much public debate?

Investigative reporter Adam Tanner examines the lack of privacy in medical data collection in his new book, “Our Bodies, Our Data.”
Investigative reporter Adam Tanner examines the lack of privacy in medical data collection in his new book, “Our Bodies, Our Data.”
Credit: Courtesy of Adam Tanner

Reveal: Especially for the entities required to anonymize data – pharmacies, insurance companies and doctor’s offices – there was a real reticence to talk about this, as you detail in your book. Even though this type of sale is in full compliance with the law, there was a feeling that if people knew about this, they would be kind of creeped out. Is it just that creep factor that’s causing the health care industry to be really tight-lipped about how this data is being collected and used? Or is there something else going on?

Tanner: You point out something important: This trade in anonymized data is legal under the Health Insurance Portability and Accountability Act, which allows for the transfer of medical data from one place to the other.

With the increased abilities of computers in recent years, this trade has vastly expanded in recent years. It’s very, very lucrative. QuintilesIMS is worth about $20 billion. Many people along the chain profit from it. If you are a major drug store and you’re selling anonymized patient information, you may get tens of millions of dollars a year from those sales to the data miners. That’s lucrative for you. The data miners are very happy to have that information. The drug companies are very happy to buy that information. Everyone in this trade is happy, except for the patients, who don’t really know about it.

Reveal: Are these practices causing identifiable harm to patients or even to the industry as a whole?

Tanner: The greatest potential harm is that, as people realize this trade is going on, they may be more wary about revealing their most intimate problems with their health care providers. When you think about what happens in the doctor’s office, you think everything in that room is completely private. You pick up a prescription, and only the pharmacist will know. You think only the nurse putting the needle into your arm knows about the blood test. When you begin to understand this is in wide circulation, you may be a little more wary about revealing all of your problems.

There’s also what I call a health data paradox. You, as a patient, want your doctor and any other people giving you health care to be able to access your full records. If they ask when’s the last time you had a tetanus shot, or have you ever had problems with this, or when did this thing happen to you, often we can’t remember all those details. Unfortunately, we don’t really have access to our own comprehensive medical records. Very few people do.

This commercial sector of data miners have done a better job building anonymized profiles with lots of your information than our health care providers have been in getting information about us that helps our own treatment.

Reveal: What’s preventing that from happening?

Tanner: Part of it has to do with the U.S. health care system, which is many different health care providers using many different electronic health records systems in many different labs. Many things are great about the American system, but this array of different services means they often can’t talk or read the same language.

One of the big health records systems is Epic Systems Corp. The founder of that company was telling me there can be dozens of codes for trivial things such as nausea. The code used by one company may be different than the one used by another. Unless there’s some government initiative to have it all in the common language, standardization won’t happen.

Reveal: How common is this sale of identified information that is extremely personal? Information that, if it got out, could have really serious consequences?

Tanner: There’s information that you’re probably willing to give away to some people in some limited circumstances. The problem in today’s world is that, increasingly, those limited circumstances are not as limited as they once were. Even something as innocent as subscribing to a medically related magazine or making a post on the Internet saying this hospital did a great job helping me solve my problem, then that stuff is out there and someone can collect that data.

Stuff that seems very innocent, such as what cable television package you subscribe to, if you have all the channels, can be matched with what clothing size you wear and what food you buy. They may determine that you’re a big fat guy sitting around on the couch all day; maybe you’re not in all that great health. There are a lot of things that are not even directly medical data that could be very sensitive and it could lead to discrimination in some form. It could lead to a life insurance company saying, “You’re a bad risk; we don’t want to give you life insurance.” That’s something life insurers can do.

Reveal: Are there specific reforms the government should take to better protect people’s medical data?

Tanner: I would change the current definitions of what constitutes medical data. Under U.S. rules, if your name is removed, along with a bunch of other pieces of information, it’s no longer considered data about you and can be freely bought and sold without you having any knowledge or say in that trade. I think we should have a say in the trade. There should be a new definition that says medical data is data about you and your medical issues, whether or not it’s identified.

Companies that deal with this say that this would be very restrictive, it would kill their trade. They say it’ll hurt the great potential for scientific discoveries that these these big databases hold. I think you could build a system that would allow people to either opt in or out. I think a lot of people would be enthusiastic about sharing data if they knew it was to advance science.

Reveal: Has writing this book changed the way that you personally interact with the health care system?

Tanner: When I was writing “What Stays in Vegas,” my previous book about the larger world of commercial data collection, I did change what kind of information I shared, because it was much easier to take control of that. There are some electronic health record companies that sell your anonymized data; there are others that do not. As an experiment, when I recently changed to a new health plan, I decided to call around to doctors and try to see what electronic records providers they had and to see if I could actually find one that didn’t sell the data. I called like 16 or 17 before I found one that used an electronic medical records provider that didn’t sell data, Epic Systems. I joined that doctor and I used him for a while.

You could try to choose a health insurance provider based on whether or not they share the data, but it’s incredibly cumbersome because you may have health insurance through your employer and you don’t have a choice on that. You may have a limited number of doctors. Most pharmacies do sell data; there are some that don’t. Some of the biggest labs have begun to sell data in recent years. It’s something quite difficult for the individual to do. I think the best approach would probably be to redefine the rules on a national level, so I wouldn’t put the responsibility on the individual.

If what the data mining companies say is true, that there’s a great scientific potential over time by having access to all this information, we should be joyous and shouting it across the room. Let’s talk openly about this. So far, they haven’t really wanted to do that.

Creative Commons License

Republish our articles for free, online or in print, under a Creative Commons license.

Aaron Sankin is a reporter for Reveal covering online extremism, election administration and technology policy. Before joining Reveal, he was a founding editor of The Huffington Post's San Francisco vertical and a senior staff writer on The Daily Dot's politics team. His work has appeared in The Washington Post, Salon, Time, The Motley Fool, Mashable, Business Insider, San Francisco magazine and The Onion. A San Francisco Bay Area native, Sankin studied history and sociology at Rice University. His work at The Daily Dot was a finalist in Digiday's 2015 publisher of the year award, and a story he wrote about a Midwestern family being terrorized by a teenage hacker was labeled by The Atlantic as an essential piece of journalism for 2015. Sankin is based in Seattle.