Sitting in a health information privacy conference today, I heard a new term—“body score”. The speaker explained it is just like your credit score, an overall score assigned to the condition of your body. It is an easily imagined output of big data analytics applied across your overall health and medical records, interpreted against 100,000s of other similar accumulations. So, just imagine you have a body score, and even sub-scores for your various functional body parts—skin, liver, lungs, blood system, brain, muscular strength, flexibility—and disease vulnerabilities.
How would this affect your life? Imagine trying to buy regular potato chips and the cashier says, “I’m sorry but we cannot process your debit card for the potato chips.” Or you try to rent a snowboard and the equipment counter says, “I’m sorry, but our systems say we cannot rent you this snowboard due to a body score below the minimum threshold for active sports”. Or the doctor says, “I’m sorry but we are not authorized to be reimbursed for providing you pain medication for your lower back due to your long history of rejecting medical advice to exercise and increase your flexibility.” Getting pretty uncomfortable, aren’t you?
What is at issue is not the fact your medical records exist; what is occurring is a secondary use of those through big data analytics to apply your “body score” to commercial, recreational, and medical transactions, all with the consistent intent of adjusting the costs of health care to more precisely connect to . . . well, the care you give to your health. These few examples illustrate that your “body score” will not just influence your health care—but a few clicks between systems and a full range of consumer transactions become interconnected and wired together.
Privacy advocates are upset that the individual patient is not being allowed to consent to, or even have the knowledge required to consent to, these secondary uses of their medical information. Yet their objections strike me somewhat like those voiced by opponents to cameras in intersections that document speeding or other traffic violations. If you behave correctly, the monitoring should not be annoying. But should you have a right to control those secondary uses? What information must be gathered by you to make those decisions? In routine medical care today, are you being told the full story about how your medical data may be used to build and apply your “body score”?
Of course not. And that is the right issue—every acquisition of data is just that—a transfer of control (if not ownership) of information to someone else. It is, in its most essential structure, a commercial transaction. Privacy shifts dramatically if we express the issues in commercial terms—is the patient being fully compensated for the full downstream uses that can be made of their medical data? Is permission being given to the full commercial exploitation of “body scores” capable of occurring with just a few clicks? It is not the privacy itself that is being compromised; it is the loss of a fair bargaining and accord that is the real deception in the marketplace today.
Each person is coming to recognize that, in addition to the cash in their wallet (or its digital equivalent transferred via debit card), the person also tenders control of data that is gathered in the transaction—it could be retail purchase, a snowboard rental, or a medical treatment. But none of us, as consumers, are being given a realistic opportunity to negotiate the trade fully and completely. We can manage the cash element; but we have yet to begin to develop the tools for enabling us to negotiate, and enforce, the terms controlling the collection and use of our personal data.