How are you taking responsibility for your health data?

Understanding the basics of data privacy in 2021

By Gina Uppal & Dr. Rhea Mehta, PhD

| Jan 27, 2021

Imagine a world where your health data could give you access to personalized drugs according to your genetic profile, send you data-driven nutrition advice, or detect abnormalities in your biometrics which you could address via a real-time telemedicine consult on your phone. In 2021, these dreams aren't beyond technical reach, but the real complexity in these scenarios lies in the secure transfer or "portability" of your data.

This challenge is not unique to healthcare, but health data is arguably our most valuable (and vulnerable) asset. While credit card or Social Security numbers can be changed, your personal health history, medications, surgeries, etc can’t be reissued. Researchers at Johns Hopkins studied 1,500 breaches over the last 10 years and found 70% of data from health care breaches increased risk of fraud or identity theft. While only 2% exposed medical information, such as diagnoses, this still impacted 2.4 million patients. Hackers can also use compromised accounts as gateways to breach networks, shutting down entire hospitals if they don’t agree to pay lofty ransoms. The incentives for bad actors are also growing as health data has sold for up 50x the price of credit card records, while the average cost of a health data breach is 4x the costs incurred by a non-healthcare related agency, according to the Center for Internet Security.

The potential threats have also scaled in the last few years as new genomic data collection programs triggered a “biological space race” says Eleonore Pauwels, a research fellow on emerging cyber technologies at United Nations. In the US, the 2015 “All of Us” program aimed to collect genomic and other healthcare data from one million participants with the goal of advancing personalized medical care. Just one year later, in 2016, China followed suit, announcing the launch of a similar 15-year, $9 billion precision health program. Without ethical oversight, this data can be used to discriminate against certain groups of people, a practice already flagged in China by Human Rights Watch in the ethnic minority region of Xinjiang.

As these programs become more sophisticated, and technologies that collect our personal data become part of our daily lives, more people are searching for solutions to protect their privacy, and ultimately own and control their data. In this blog we tackle three tools that can help protect your health data:

Cryptographic keys for privacy
Encrypted Health Wallets for storing data
Blockchain-powered apps for sharing data

Passwords aren’t keeping us safe

More than 80% of all data breaches use weak or stolen passwords. Researchers were able to crack the passwords of 93% of password protected clinical trial files, revealing most passwords to be weak, use common identifiers, and obvious numeric sequences. With cyber-crime on the rise, passwords and emails are no longer secure enough for health data.

The use of cryptographic private keys is a safer alternative. Cryptography is not a new concept, and has been used since World War 2 to protect sensitive information. In this situation, a cryptographic key generator is used to create a pair of keys. Anyone can encrypt data using the public key, but only the holder of the paired private key, for example, a researcher or the patient’s physician, can decrypt data, and only after consent by the patient.

What are encrypted health wallets?

In the clip below, Dr. Rhea Mehta shares more about how this technology can be used to enable patients to manage their own data through an encrypted health wallet.

Alongside privacy, we need to be able to ensure that (1) any changes to your data are transparently tracked and (2) you are able to share this data under specific terms and conditions that you control. Dr. Rhea provides a concise 2 minute overview explaining how blockchain-powered apps enable both these key data security features:

As Dr. Rhea shares, a blockchain system is decentralized, meaning it is not held by one central body (ie. hospital or government) and is instead replicated across several systems. Once a transaction is made (i.e. data is added or shared), it is recorded on all the systems and cannot be erased or changed. Thus, blockchain allows immutable data storage, creating a “trust-less” system with full transparency. When information is shared between actors using a private key, it is managed with a smart contract that outlines how the information is used, and how long users have access.

What does this mean for you?

This means your data will no longer live with your doctor or hospital, but will be owned and controlled by you.
All sensitive health information is securely encrypted and only shared based on the terms you set in your health data smart contract.
You are the sole gatekeeper to your information, and are able to extend, change, and revoke access at any time with your private key.

When used safely, health data can unlock personalized health insights to help you make better decisions for your health today, and the health of your family in the future.

Explore our growing content library and filter by the topics that impact your work! We've interviewed global experts from over 7 countries to understand the trends and tensions in the future of digital health.

We’re also excited to present the Bowhead Futures Digest: a newsletter for leaders looking to learn, debate, and co-create a future where technology & data empower our health.