Advances in artificial intelligence (AI) have created new threats to the privacy of health data, a study has found.
The study, published in the journal JAMA Network Open, suggests current laws and regulations are nowhere near sufficient to keep an individual’s health status private in the face of AI development.
The research led by professor Anil Aswani from the University of California — Berkeley in the US, shows that by using AI, it is possible to identify individuals by learning daily patterns in step data like that collected by activity trackers, smartwatches and smartphones, and correlating it to demographic data.
The mining of two years’ worth of data covering over 15,000 Americans led to the conclusion that the privacy standards associated with 1996’s HIPAA (Health Insurance Portability and Accountability Act) legislation need to be revisited and reworked.
“We wanted to use NHANES (the National Health and Nutrition Examination Survey) to look at privacy questions because this data is representative of the diverse population in the US,” Aswani said.
“The results point out a major problem. If you strip all the identifying information, it does not protect you as much as you would think. Someone else can come back and put it all back together if they have the right kind of information,” Aswani said.
“In principle, you could imagine Facebook gathering step data from the app on your smartphone, then buying health care data from another company and matching the two,” he said.
“Now they would have health care data that is matched to names, and they could either start selling advertising based on that or they could sell the data to others,” said Aswani.
The problem is not with the devices, but with how the information the devices capture can be misused and potentially sold on the open market.
“I’m not saying we should abandon these devices,” he said.
“But we need to be very careful about how we are using this data. We need to protect the information. If we can do that, it is a net positive,” Aswani said.
Though the study specifically looked at step data, Aswani said the results suggest a broader threat to the privacy of health data.
“HIPAA regulations make your health care private, but they don’t cover as much as you think,” he said.