Author: John Mount
March 1, 2008
“A second goal of 23andMe [is] to collect a large database of genetic information and then come back to you over time with invitations to provide specific health data and participate in research.”
23andMe Board member Esther Dyson
Unregulated companies managing personal medical records is going to be very bad for very many people. You will not be invited to share in research profits, you may be un-invited from your insurance and your job.
We are being asked to believe that shared access to our personal health records is an unambiguous direct benefit to us. Perhaps, if properly regulated this is true. However, huge companies want to implement online medical record platforms without any public policy discussion. And even what little debate is attempted is stilted and irrelevant because the value of medical records is accepted without examination and criticism is limited to identifying a few pet risks.
The impact of allowing somebody to manage your personal medical records must be evaluated on at least three criteria: direct benefit, detriments and risks. Not only must the benefits outweigh the risks, but the benefits must also outweigh the detriments.
What are the benefits of medical records? I argue that there are actually fewer benefits that flow directly to the individual patient from their own medical records than you may believe. The situation is: for you there is a large benefit of everybody else maintaining and sharing their medical records. For example your father’s medical records can be particularly valuable to you (his past is a good predictor of your future) but may not confer anywhere near the same benefit to your father.
The benefits of health records are often societal. Examples include retrospective studies to improve treatments, identification of ideal participants for trials and studies, tracking and improvement of institutions and procedures, discovery of bad drug interactions and even proof of systematic malpractice. Most of these benefits require some degree of search-ability, openness or data sharing. There is no way to discover that a heart medication is killing 5% of its users without aggregating data from many patients.
The type of medical records that are most directly valuable to you are simple body metrics (weight, height, blood pressure, blood sugar, bone density, kidney function, dental records, eye exams and so on) over time. Lists of needed medications, known allergies, implanted medical devices are also very valuable. These records if maintained and shared back to the patient can give invaluable early warning signs and diagnostics. There is no denying the benefits of personally tracking these measurements. We should have control of them and we should be able to deliver them to our doctors and emergency medical providers.
On the other hand a log of our medical records are records of treatments and outcomes of exotics tests and statistical information about our DNA. It is these portions of our medical records are the potentially troublesome ones.
From an individual point of view you would get the most benefit when everybody else’s records are publicly searched, indexed and data mined. This might seem like bad citizenship; but you have to look into current pharmaceutical practices of reproducing, patenting and profiting from cell lines and genes taken from patients without informed consent or any sort of pay-back. Pharmaceutical companies certainly do not subscribe to an “information wants to be free” credo and it does hurt to supply cell lines that are modified to become treatments you children cannot afford. It may seem anti-social to withhold your medical records and tissue samples until you see a direct benefit; but remember we are discussing withholding records from private companies, not society. There is no obligation to show up and “play fair” on somebody else’s titled playing field.
A touted benefit for society is valuable research could be performed by looking into many data records. The issues are who would own such information, nobody seems to be offering non-token compensation or any kind of informed consent or control on such records. Also we need to look at who benefits from such research. Working automated diagnostic systems (such as MYCIN) have been ignored by the medical community since the 1970s. It is more likely research will be used to improve actuarial tables and insurance rate cards than it will be used to improve procedures and treatment.
A commonly stated individual benefit of medical records is the hope of an early warning on bad multiple drug interactions. Modern pharmaceuticals definitely have complex and systemic side-effects. In fact many drugs are now being marketed for indications that were previously side-effects. However, I have not personally heard from any one who was proactively saved from multiple drug interactions by their medical records. I have seen several very sick relatives change their prescription by bringing every bottle of pills they used to their doctor. This is, of course, a horrible way to determine if you are poisoning yourself. But there may be no other way. Do we really believe that doctors review our medical records and anticipate our treatment needs? Typically a doctor has little time for us during a patient visit and we are likely out of mind when out of sight.
I now move on to discussing possible harm derived from our personal medical records. There are a number of cases where your medical records actually work against you.
One problem with medical records is how they are generated. Part of your medical history is a record of every test, symptom and treatment throughout your life. Some of this information is useful: records and schedules of immunizations, records of medical devices in your person (pacemakers, stents and so on). Some of this information is actually harmful: any incorrect test results, misdiagnoses, misunderstood symptoms and chimeric treatments. By chimeric treatments I mean treatments that failed in an undetected manner, but are in your records as having been successfully applied.
What I am saying is that much of your documented medical history is likely working against you. Even a correct measurement, such as a “good blood sugar” result in your medical records (from when you were younger, more active and tests were less accurate), may interfere with and slow down assigning a diagnosis like diabetes.
There is even an interesting “observational bias” that can easily create long chains of incorrect records when you are chronically ill. The idea is that incorrect tests and treatments leave you ill and hard to measure, so incorrect tests and treatments cause more medical visits and tests. You may spend a lot of time on wrong treatments and if you are very lucky an effective treatment is found and you stop needing medical attention. These streaks of incorrect test results and improperly applied treatments can easily cause the majority of the data in your medical history to be dead wrong.
People are being conditioned to think of their medical records like they think of their credit records and not as they think of their automotive repair records. Both analogies are simplistic and flawed, but the credit report analogy is actually the worst of the two.
We see our credit reports (which are collected without our consent and in no way private) as a direct reflection on our “financial health.” In fact in some sense they are our financial health. Our ability to borrow money and the cost of borrowing money is very sensitive to what is recorded in our credit report. We can take actions to improve our credit report which in turn conveys direct benefits to us. There are few non-fraudulent practical methods to improve our medical records and obtain a benefit.
A personal medical history does not necessarily have the same benefits as having a good credit record. At best by having a “stellar” medical history we can get small discounts on health insurance. However, it can be the case that something on our medical history can prevent us from acquiring health insurance at any price (and certainly being personally denied insurance is not a direct benefit to ourselves). Even if this re-distribution was done in a fair manner (which is not likely given the huge wealth and information disparity between medical insurance providers and purchasers) it is a very bad thing.
Essentially if an insurance company can pick out and only insure the healthy it has added a “reverse insurance process” on top of its insurance product. Reverse insurance is where a small discount is given to many of the insured by sharing savings generated by refusing to insure some sub-population. For individuals it is like a reversed lottery where for a small payment you take on a small risk of very large harm. The consumers upon exposing their medical records are either given a small benefit (say 30% reduction of insurance cost) or a huge detriment (ineligible for insurance). If people could afford to self-finance this kind of risk health insurance would not be such an important part of our economy. The situation is even worse because the insurance companies do not pass on all of the savings to their customers (they cannot, they have to take a profit) and individuals can never buy medical procedures at the same discounted rate that insurance companies do. If your medical history indicates an elevated risk for cancer you may not be able to get insurance. If you do get cancer the treatment will cost you more than the insurance company would have had to pay. Or even if the inference is wrong (and you do not have an elevated risk of cancer) you still would not have insurance to protect you from other ailments.
The point that if your records cause you to be the one denied medical insurance, you certainly do not share in the savings of the group you have just been kicked out of. And while an insurance company could not survive if only sick people purchased insurance; the expected total cost to society (shouldered by those being refused insurance) actually outweighs the total benefits (seen taken by those who get discounted insurance).
Now that we have tried to put the limits benefits of individual medical records in perspective it is appropriate to further discuss offsetting risks and abuses. Allowing unregulated private entities to hold our medical records exposes us to a number of risks. We must worry about availability, fidelity and privacy. If we are depending on somebody to store our records we need assurances (with teeth) that records will be released back to us when needed and that they are the same records that were originally stored. Having your records held hostage for “expedited service” or receiving the wrong medicine because records came back “hacked” is a very real risk. The last issue, privacy, is an over-discussed issue (it seems to distract from all other possible objections), but there are many very recent, very bad examples that show why privacy is so important to maintain.
The loudest proponents of the personal health record platforms (Google, Microsoft, Healtheon/WebMD, IBM and so on) have little commitment to the public policy, health provider or insurance industries. Some are avoiding of important safeguards like HIPAA regulations by designing consumer facing “opt-in” systems because they to not want to shoulder the expense or liabilities traditionally associated with handling medical records. Of course when dealing with larger systems things usually evolve to the point that everything that is not prohibited eventually become mandatory (imagine not being able to get an insurance quote until you surrender your records). These companies are not offering you a medical bracelet to hold your records; they want to index your records them and lease your records out.
Many of the companies mentioned have limited experience holding personal data and one ever has dissemination, search and indexing as its DNA. These companies will not be good at holding personal records. In recent years there have been a number of data leaks from premier web services and a number of research results showing that so-called “anonomyzing of records” is far harder than the research community anticipated. From the recent abuses we have seen policies canceled on only “one bit if information” (a single medical record entry differing from application forms). There are trivial counting algorithms to find these “one bit information leaks” using even simple “safe summary statistics” in an annonomized database. The extent of protection your medical records will receive is hoping that the research community cannot do well solving a well understood puzzle game like “MasterMind.”
Some people are already taking extraordinary precautions to try and avoid allowing elective medical tests (even those with positive or “clean” results) from making it onto their medical records. The fear is insurers will reason that if the patient had reason to test for something like HIV then the insurer would like to avoid continuing coverage. A similar amount of concern is being produced by the emerging DNA test industry. Giving a private party a copy of your DNA in case “they can find something later” is a very trusting and very risky action.
Blue Cross of California was recently engaged in a letter writing campaign that encouraged doctors to check if Blue Cross supplied information contradicted private patient medical records. Blue Cross was sharing their records and asking doctors to check for inconsistencies, which essentially gave Blue Cross most of the advantages of reading the private medical records. A single leaked “bit” of information (a doctor’s “yes/no” reply) would be enough to get your insurance policy canceled.
And there are documented instances of insurers using irrelevant mined information to justify policy cancellations. For example Healthnet canceled a woman’s health insurance durning her covered treatment for breast cancer. Their defense included claims that she had misstated her weight and failed to disclose a previous heart condition. The patient was presented huge bills and her cancer treatment was stopped when she could not pay. It is unfortunate that there is no affordable medical insurance equivalent of “mortgage title insurance” to complete treatments if an insurer reneges on their commitments.
My conclusion is: pubic health leads to public policy much faster than people seem willing to believe. This doesn’t mean the government should manage public health. However, it is deliberately naive to think that unchecked private players in the health industry cannot have profound negative impacts on our society.
A few relevant articles:
Web Surfer, Heal Thyself
Medical files in a doctor’s care have special legal protections. Not when they’re stored by Microsoft or Google.
By Steven Levy
Updated: 12:29 PM ET Feb 23, 2008
Google plugs Gmail data leak flaw
By Joris Evers, News.com
Published on ZDNet News: Jan 2, 2007 10:26:00 PM
February 21, 2008, 1:13 am
Google Health Begins Its Preseason at Cleveland Clinic
By STEVE LOHR
February 24, 2008
THE DNA AGE
Insurance Fears Lead Many to Shun DNA Tests
By AMY HARMON
Worker Snooping on Customer Data Common
By RYAN J. FOLEY – Feb 23, 2008
Data Scientist and trainer at Win Vector LLC. One of the authors of Practical Data Science with R.
More on anonymity of medical records: http://arstechnica.com/tech-policy/news/2009/09/your-secrets-live-online-in-databases-of-ruin.ars and http://33bits.org/about/netflix-paper-home-page/
More news on bulk sale of medical records and the weakness of “data scrubbing”: http://www.wired.com/threatlevel/2009/10/medicalrecords/
GINA not the answer? http://www.wired.com/wiredscience/2008/05/genetic-protect/
More places your records can end up: http://www.wired.com/threatlevel/2009/11/dna/