Advances in Artificial Intelligence (AI) in devices such as activity trackers, smartphones and smartwatches, are threatening the privacy of people's health data, finds a study led by an Indian-origin researcher, arguing that current laws and regulations do not safeguard individuals' confidential health information.
The findings, led by University of California - Berkeley engineer Anil Aswani, showed that by using AI it is possible to identify individuals by learning daily patterns in step data such as that collected by activity trackers, smartwatches and smartphones, and correlating it to demographic data.
The results point out a major problem. If you strip all the identifying information, it doesn’t protect you as much as you’d think. Someone else can come back and put it all back together if they have the right kind of information. In principle, you could imagine Facebook gathering step data from the app on your smartphone, then buying health care data from another company and matching the two. Now they would have health care data that’s matched to names, and they could either start selling advertising based on that or they could sell the data to others.Anil Aswani
However, according to Aswani, the problem is not with the devices, but with how the information the devices capture can be misused and potentially sold on the open market.
“I'm not saying we should abandon these devices," he said. "But we need to be very careful about how we are using this data. We need to protect the information. If we can do that, it's a net positive.”
The study, published in the JAMA Network Open journal, analysed data covering more than 15,000 Americans and concluded that the privacy standards associated with 1996’s HIPAA (Health Insurance Portability and Accountability Act) legislation need to be revisited and reworked.
Although “regulations make your health care private, but they don't cover as much as you think,” Aswani said, adding that many groups, like tech companies, are not covered by health insurance legislations.
“There are companies buying health data. It's supposed to be anonymous data, but their whole business model is to find a way to attach names to this data and sell it,” Aswani rued.