In all the hype surrounding the latest Internet bubble, we’re faced with user-generated content and meaningless marketing terms like “Health 2.0” which are used to suggest everything and nothing all at once. Whatever definition of Health 2.0 you can come up with, I can point to examples of such sites or services back in 1999. Or, if you push me hard enough, 1992. Everything old is new again is my philosophy when it comes to the Internet. The cycle is much shorter than in other industries (the last big online health push was exactly at the bust of the last Internet bubble, and then WebMD emerged as the winner).
But what really concerns me is the increasing connection between real people and the health information they post online, with apparently little understanding or concern about the real-world effects of sharing such information in public, searchable databases.
For instance, yesterday I blogged elsewhere about how Facebook’s latest privacy intrusion was actually much worse than it at first seemed. Some people don’t connect the dots, though. If Facebook — the most popular social networking website online at the moment — can do this and get away with it (even if it’s only for a week or two before they roll it back and roll it out later on under a different name with different controls), guess who else will be trying out these new technologies soon enough?
Well, everybody online. And that includes all these health companies encouraging you to sign up for their own personal health record or electronic medical record. Because while everybody likes the nebulous idea of an electronic medical record, very few people are actually managing their own. And for good reason. It’s hard work and requires inputting a lot of data manually, consistently, and reliably. Over time. For each member of your family. Last time I checked, most of us weren’t up for the additional part-time (free!) task of data input analysts.
But here’s the real kicker. Once you actually input all that database into a single company’s online database, you have zero guarantees about what happens to that data once entered. You heard me right — zero. You may be thinking, “So what? Who cares who sees when I last got a flu shot?” You may also be thinking, “Really? They have a terms of use or something on their site that says they’ll never share that data…”
First, about that flu shot. You’re right, many people won’t be interested in when you got your last flu shot. Except people who sell flu vaccines. Or researchers needing research subjects of people who get flu vaccines. And of course, the flu is the least of your worries. What you should really worry about are more serious health data, like high cholesterol levels or high blood pressure, simple everyday data that could mean you could pay double your annual premiums if a health insurance company ever had access to that data. Even if that data was “anonymized,” companies have an amazing ability nowadays to cross-reference multiple databases to pinpoint the individual identities of people without access to their names, DOBs, or social security numbers.
You’d think this was crazy if it weren’t true. But it is. Look no further than online health websites that also try and sell you health insurance (and, at the same time, ask you to fill out a free health profile!). Why else would an informational or social networking health website be in the insurance business?
Second, about that terms of use and privacy policy that is supposed to shield you, the user, from bad stuff being done with your data. I can tell you point blank that everyone of those terms of use and privacy policies don’t shield you from the company being acquired (which happens all the time to Internet startups) and having a new terms of use and privacy policy posted that offer no such guarantees. Guess what most consumers do when they get a notice about updated terms of use or privacy policies? They ignore them. We did an informal survey last year on our own website about how many of our members actually read either the terms of use or our privacy policy before agreeing to them. The number was staggering — less than 5%. So if nobody is really paying attention to them, then companies can get away with all sorts of privacy shenanigans.
Which is exactly what Facebook tried to do and what others will constantly try to do as long as their is the incentive for increased revenues and therefore increased profits from doing so.
It’s harmless information when it comes to buying shoes or knowing you like fly fishing. It’s potentially far more harmful information when someone outside of your “social network” discovers you’ve been treated for depression 4 times in the past 6 years.
What’s the answer? I’m not certain. But my advice is to tread very carefully in who and where you share your personal health information with for a few years, and to err on the side of caution rather than ‘sharing’ with these services. Because unlike fly fishing, your health is your very life.
Thanks, John. My colleague Mary Madden blogged about the Facebook about-face, too, writing:
…some observers argue that Facebook users, who routinely and willingly share many personal details with their friends, don’t have any grounds to complain about breaches to their privacy, calling them “hypocritical” and “willing to give up tons of privacy information for like, free crap.”
What seems to rarely get mentioned—perhaps because we haven’t yet found great ways to articulate the user experience—is that the choices people make to share personal information on social networking sites and other places online are highly contextual ones…
See: http://www.pewinternet.org/PPF/p/1226/pipcomments.asp
One expert I interviewed recently said that she is more worried about clueless Baby Boomers than savvy Millenials. For example, Boomers still have land lines and are therefore listed in the phone book (which is then routinely uploaded to the Web). Not so for the cell-centered Millenials, many of whom are also careful about using online aliases.
Susannah
Thank you very much for that dazzling article