Our Bodies, Our Data?

Who owns your personal medical data? Is ‘anonymized’ personal data really secure?

Bobbie Dousa
January 29, 2020
February 10, 2020

In his 2017 book, investigative journalist and writer in residence at Harvard’s Institute for Quantitative Social Science, Adam Tanner, enumerates how patient medical data is legally bought and sold in a multibillion-dollar trade industry. This medical data might include hospital records, tissue removed during biopsies and surgical procedures, genetic information as well as lab and radiology tests. Tanner’s book, Our Bodies, Our Data: How Companies Make Billions Selling Our Medical Records, documents how healthcare information brokers gather this data from doctor and hospital records, prescriptions and insurance claims to sell and license this data to companies. Tanner refers to these for-profit companies (like, for instance, IQVIA and PRA Health Sciences) as ‘medical data miners’. For the past seven decades, data mining companies have refined the practice of pooling medical data in order to ‘reassemble and summarize the information into commercial reports and analysis’ (a $14 billion dollar industry as of 2017). Although these companies generally insist that their data-mining practices are ordinary, beneficent procedures that further medical research and care, Tanner notes that these companies remain ‘exceedingly reluctant to talk about how the whole procedure works’. Steven Petrow of The Washington Post explains that the consent form signed by patients before their tests or operations often declares the all data and samples garnered during these procedures belong to the institution performing it. The institution may then study or sell it without notifying or compensating patients so long as the data is depersonalized to current legal standards. Legal and medical researchers also insist on the growing significance of attending to how personal medical data inputed into a health app typically belongs not to the user but to the app’s producers.


Tanner observes that ‘in many countries, governments collect and make available patient data to qualified researchers for little or no money’. For example, the National Health Service in the U.K. engages in this practice, ‘charging only for its administrative costs for UK researchers and an academic price to those abroad’. Still, Tanner argues that ‘Europe is far more protective of personal data, including health information, than the U.S. and shuns data miner offerings such as doctor-identified data’.

A 2014 White House report confirms, ‘Personal health information of various kinds is shared with an array of firms, and even sold by state governments, in ways that might not accord with consumer expectations of the privacy of their medical data’. Indeed, patients do not own their medical records in 49 out of 50 states. Enacted in 1996, The Health Insurance Portability and Accountability Act (HIPAA) is a federal law aimed at protecting the privacy of personal health data. Tanner writes that healthcare entities covered by HIPPA ‘must de-identify medical information before selling it to data miners…that means removing eighteen fields of information, including birth date, name, and Social Security number, or having an expert determine that the risk of re-identification is “very small”’. Still, Petrow and Tanner affirm that although HIPAA demonstrates an effort to protect health privacy, these regulations take no position on the ownership of personal health data.

Moreover, while analyses of genetic data may potentially result in dramatic medical insights, enforcing privacy standards as it pertains to genetic data remains contentious. Laura Lyman Rodriguez, the director of policy, communications, and education at the National Human Genome Research Institute explained to Tanner: ‘DNA is so unique, and there are so many data sources out there that it is incredibly hard to fully anonymize, and more so to promise and provide any absolute guarantee that the data are anonymized.’ Illustrating her point, researchers at MIT have demonstrated that it is possible to identify individuals and their relatives based on anonymized genetic data as well as their age and state. Recently, U.S. law enforcement utilized consumer genomic databases to identify suspects via distant relatives. Computer scientists and genomic specialists such as Yaniv Erlich predict that this technique could soon implicate nearly any U.S. individual of European descent. In the U.S., consumer genetic testing firms (e.g., 23andme) are not regulated by HIPAA and while the Genetic Information Nondiscrimination Act of 2008 (GINA) prevents employers and health insurers from discriminating against an individual based on their DNA, it does not prevent disability, long-term care, or life insurance providers; mortgage lenders; schools; or the military from doing so.

Furthermore, a fog of ambivalence persists around the safety of anonymized data. Data scientists and healthcare experts, like Latanya Sweeney of Harvard’s Data Privacy Lab, reason medical data mining exposes patients to re-identification in spite of their accordance with HIPAA regulations. These analysts argue that the ‘computing advances that allow the aggregation of many anonymized patient files into a longitudinal dossier also make it increasingly possible to re-identify those files’ and that privacy protections like HIPPA are ‘inadequate, given present-day computing power’. Anonymized patient data is also vulnerable to security breaches. Between 2009–2016, the U.S. Department of Health and Human Services recorded over 1,300 data breaches exposing more than 170 million patient files.

“We must insist on more transparency, control, and consent as it pertains to the custodianship of personal health data”

Tanner concludes his book with the assertion that current U.S. regulations capitulate to ‘unfettered commercial trade in anonymized data’. Consequently, we must insist on more transparency, control, and consent as it pertains to the custodianship of personal health data. In order for patients to have full assurance of their health data privacy and to curb data insecurity and re-identification, Tanner contends that U.S. regulations must extend beyond the category of ‘individually identifiable health information’ to ‘an individual’s health information.’

My research indicates that a majority of patients remain unaware of how their health data is shared and stored. Many are oblivious to the fact that they may not hold sole ownership over their medical data. Our Bodies, Our Data offers a valuable entry point into understanding the stakes of data health privacy.


  • Written by Roberta Dousa, Patient Experience Researcher at CCG.ai
  • Edited by Belle Taylor, Strategic Communications and Partnerships Manager at CCG.ai

References consulted:

This is some text inside of a div block.