The selling of medical records is big business. According to some estimates, the sale of patients’ information is a $67 billion industry, of which the patients themselves see exactly $0. One startup, Hu-Manity.co, aims to change all that by giving patients a way to control who sees their data — and to take a big cut of the sales if they choose to share it with researchers.
“We’re asking a fundamental question around who owns data,” says Michael DePalma, co-founder and COO of the company. “We believe it should be a fundamental human right that you own your data.”
The core technology of Hu-Manity, which is based at 20 Nassau Street in Princeton, is an app called “ #My31” that allows users to let data brokers know what they want to be done with their personal information. (It’s named after the company’s goal of making data ownership the 31st right, after the previous 30 that have been described in the U.N.’s Declaration of Human Rights.) Users of the #My31 app can either deny permission to use data, donate it for free, or sell it. This is all possible because of two major factors. The first is a sentence of fine print in a 22-year-old medical privacy law. The second is blockchain technology, which allows hu-manity.co to securely manage users’ choices about their data.
Medical data is generated in virtually every interaction anyone has with the healthcare system: every doctor’s visit, every body scan, every prescription filled is dutifully recorded somewhere and subsequently sold.
The book “Our Bodies, Our Data: How Companies Make Billions Selling Our Medical Records” details how data brokers buy your medical data from healthcare providers, sell it to other parties who combine it with other personal data that’s available on the open market, such as shopping habits, demographic information, and the like, and then sell it to pharmaceutical companies. The end customer, the drug maker, can use this information to gauge the effectiveness of their medications in different populations.
Hu-Manity doesn’t see it as a problem that the data is being collected – after all, this information can help improve medical research. They do, however, believe that the system can be improved by putting more power in the hands of the patients to whom this data refers.
“Most people are profoundly disconnected with what is actually happening with medical data right now,” DePalma says. “When a patient goes to a doctor, the doctor uses electronic health record systems to manage care. What the doctors and patients don’t know is that their hospital, pharmacy, lab, and other providers are anonymizing data and selling it on the secondary market for profit.”
This information is very valuable to drug makers. By some estimates, they will pay anything from a few hundred to a thousand dollars for the medical records of one person.
But wait, what about your privacy? Aren’t there laws that prevent your medical information from being shared?
Most people think that the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is supposed to prevent this from happening, but it does not. Instead, the law merely forces providers to anonymize patients’ medical data — that is, to remove identifying information such as the name, date of birth, and location data, and the last three digits of your ZIP code.
That worked perfectly well when the law was written, when “medical records” were pieces of paper in manila envelopes in a doctor’s office somewhere. (When the law was proposed in 1992 there were 50 websites in the entire world.) But in 2018 it is trivially easy to use artificial intelligence to re-identify the information and associate it with other records, creating valuable treasure troves of data.
HIPAA was meant to give patients privacy, but DePalma considers this an outdated concept. “Privacy is important, and I get it, but at this point it’s a meaningless story we tell ourselves to feel better. The only way to solve this problem is by property. By invoking your property rights to data, you can control it and manage it in the way that you would property.”
There is a legal mechanism to claim medical data as property. Anyone signing a medical HIPAA form at a healthcare provider probably overlooked a tiny piece of fine print that provides an address and phone number of a custodian of records and allows patients to restrict the use of their information if they so choose (though few people bother to do this.) When users sign up with Hu-Manity, the company will become their agent in dealing with these records custodians, and plans to negotiate terms for the sale of the data.
Hu-Manity will actually physically mail letters to the data brokers and says it can assert patients’ rights. “We are taking advantage of that language and that ability and doing so at scale. We will provide industry with a list of individuals who have opted in,” he says.
“What if we gave individuals a seat at the table?” DePalma says. “We want people to have control and some say in how they use their data. They should be able to determine who gets to use it and for what purpose.”
Currently, DePalma says, there is a massive amount of valuable data being generated, but none of the profits are being filtered back to the people who create the value.
“I hear all the time that ‘data is the new oil.’ It’s not the new oil,” DePalma says. “It’s different in that it is of greater value.” DePalma says that by his estimates, every individual should be able to get several hundred dollars for their medical data.
DePalma says medical data is just the beginning. The goal is to allow everyone to own all their personal data, and therefore own a piece of the $200 billion market that. This has social implications too: it would be a substantial downward transfer of wealth. He says it could even be a way to create a “universal basic income” to alleviate poverty. “Right now the way Universal Basic Income works is that you tax the hell out of these people and give it to these people, and the optics of that are pretty bad. It sort of lacks dignity,” he says. (DePalma acknowledges that there are in fact many people who would disagree that taxing the wealthy would be bad optics.) Selling personal data would provide a way for anyone to create income without it being a government benefit.
Hu-Manity would make money by getting paid a percentage of the transactions. “We only get paid when you do,” DePalma says.
DePalma grew up in North Jersey, where his father worked in pharmaceutical manufacturing. He earned a bachelor’s degree in biology, neurobiology, and biopsychology at William Paterson University in 1995. Since then he has worked at various high-tech startups, most recently as managing director at WeFund Health in New York. He says Hu-Manity, which now has a team of about 30 people, chose Princeton due to its proximity to policy makers, academic and scientific research hubs, and funding. The other co-founder is CEO Richie Etwaru, an experienced IT executive and an adjunct professor of information technology at Syracuse University.
The app is already available to download. “We’ve been operating super, super fast. We’ve only been in existence five months and we’ve made incredible progress,” DePalma says. He says it is also in the early stages of negotiating with a customer on the data side.
“We are making the simple statement that ‘I as an individual own my data,’” DePalma says. “We’re creating a movement and executing it through technology.
Hu-Manity.co, 20 Nassau Street, Princeton 08542. 800-946-9152. Richie Etwaru, CEO. hu-manity.co.