The App That Lets You Sell Your Personal Healthcare Data

Uploaded on 2018-09-11 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

IBM and a start-up have launched a blockchain-based app that lets patients eventually sell anonymised data to pharmaceutical companies, researchers and others while retaining greater control over privacy.

Most people don't know it but there is a multi-billion dollar industry that collects  healthcare information, strips it of basic personal identifiers such as name, address and Social Security Number, and then sells it off to researchers, drug developers, marketers and others.

Medical informatics companies, such as Iqvia (IMS Health), Optum, and Symphony Health reap the profits of selling the healthcare data while the people from whom it's collected have no control over how it's used. Nor do they get any compensation for it.

Start-up Hu-manity.co has partnered with IBM to develop an electronic ledger that gives consumers the cryptographic key to grant to their personal data, even allowing patients or others to control the specific purpose for which it's used, while also allowing them to eventually profit from it.

The new Global Consent Ledger will initially begin with healthcare data from U.S. residents and provide a digital data trail stored on the IBM Blockchain Platform, which uses the Hyperledger Fabric specification.
How the Global Consent Ledger works

New Jersey-based Hu-manity.co expects its consent ledger to act as the broker for all kinds of consumer information, from geolocation data garnered from streaming services to credit reports and even browser history, according to Richie Etwaru, CEO and co-founder of Hu-manity.co.

"We're not the dealer of the data but the broker," Etwaru said. "We're a title company for your digital identity. We're not in business of building a big data lake or collecting data."

The #My31 Android App, which will allow users to sign up to have their anonymized healthcare data shared, went live today and is available in the Google Play Store. An iOS app is currently being reviewed by the Apple review team and is expected to launch at a later date, according to Hu-manity.co.

Once a user has signed up for the app, there's a short on-boarding process that sets up the blockchain user with their private key and a "title" for their data.

Users are also connected to a point system, similar to a retail store's rewards card, where each time they authorize use of their data they receive points that can be redeemed for products, such as clothing in an online store. Eventually, Etwaru said, he hopes to be able to reward users with money – as much as $100 to $200 a year depending on the amount and type of data being leased.

"When enough people get involved in the movement, we'll start to negotiate with the healthcare industry on price," Etwaru said.

Hu-manity's stated – and somewhat lofty – goal is to establish personal data as having the same rights as other forms of property, real or intellectual, and to eventually allow owners to be involved in fair market negotiation for its use. That would allow it to be leased, donated or passed on as part of an estate.

"And, if it's stolen, it's a completely different type of offense," Etwaru said. "Right now, data's in this weird state. When it's stolen, you can't go to the police station and report someone stole your medical data like someone stole your car.

"Our vision is to bring people and the enterprise together in a place where data can be respected as property," Etwaru added.
The #My31 App got its name from personal data ownership being pitched as a 31st human right by Hu-manity.co. In 1948, the United Nations listed 30 basic human rights as part of its Universal Declaration of Human Rights, which was created to provide a global understanding of how individuals should be treated.

Better quality data, and compensation for the owner
The upside of creating a blockchain-based ledger through which all kinds of personal data can be sold is that it allows consumers to profit and businesses buying it to get higher quality information, Etwaru said.

"I was chief digital officer of an $8 billion company up until six months ago. And we sold about $4 billion a year of healthcare data, which was 'de-identified,'" said Etwaru, referring to his executive position with Iqvia. "They're selling some terrible quality data. They're also really nervous about re-identification."

In other words, personal medical information is being sold – and in the process of making that transaction legal it is stripped of 18 types of information; doing so meets HIPAA de-identification requirements, but significantly reduces the data's value for legitimate research.

"And there is evidence that bad actors can still surreptitiously re-identify it," said Dan Karlin, Hu-manity.co's chief transformation officer. Karlin is formerly the head of clinical, informatics and regulatory strategy at Pfizer Pharmaceuticals.
Hu-manity.co has already established relationships with data brokers, the healthcare and insurance companies that already sell anonymized patient data. Hu-manity will not itself be holding medical info; its role is to offer permissioned records and to create the means by which the patient can set permissions and receive compensation.

"With explicit permission, the data is more useful to researchers, there is the ability to correct, refine, and enhance the data with your consent and cooperation and now you're being compensated for its use," Karlin said via email.
Hu-manity.co is betting pharmaceutical companies and other organizations that use the data to develop products or conduct research will be willing to pay for higher quality information.

While the personally identifiable information (PII) by law must be "de-identified," data brokers, such as insurance companies that sell claims data, also often add unique numbers to keep track of disparate pieces of information coming from the same person. At the same time, today's powerful data analytics software is capable of piecing the trail data breadcrumbs back to their origin: the patient.

"In other words, a truly anonymized record does not really exist," said Mutaz Shegewi, an IDC research director.
The key to real privacy

Cynthia Burghard, also an IDC research director, said document service LexusNexus can take around 40 data elements from a healthcare organization at the patient level and match it to their social determinants database, so "it is not hard to imagine reverse engineering that, unless the anonymized data were really stripped."

Once a person has ownership of their own anonymized data via an encrypted electronic ledger, the possibility of a person's identity being exposed decreases, Etwaru said, because it is hidden behind a hashed number on the blockchain. The owner is certified, but the identity of that owner rests behind an encrypted key.

The data's owner can also authorize access to greater amounts of data, depending on what they want to share, and the data is more trustworthy data because it's been confirmed and verified to be real through the blockchain.

"So, there's no question the data is better and more valuable for pharmaceutical companies and other companies interested in purchasing it," Karlin said.

While Hu-manity.co's proposal is new and unusual, it's not completely unique. Start-up SimplyVital Health built a new Blockchain-based service called Health Nexus that offer's a personal crypto key for access to electronic health data, which can then be sold only with patient consent.

"Despite all the HIPAA regulations, your health data can also be utilized without your permission and for profit if it is anonymized," said Kat Kuzmeskas, CEO and co-founder of SimplyVital Health. "It's not fair. Everyone else is benefiting from that data, and you're not."

Health Nexus enables different levels of access to patient health information. For example, a patient could grant access to data related to cancer treatments they're receiving but restrict demographic or historical healthcare data.
Patients who share data earn a HLTH cryptocurrency token created by SimplyVital Health; the tokens currently have no intrinsic value.

A second product SimplyVital health created is called ConnectingCare, a blockchain ledger that creates an audit trail for healthcare providers to use in tracking post-acute care to patients regardless of where the care was performed. The app also gives them estimates of the care costs for Medicaid/Medicare reimbursement.

Both SimplyVital Health and Hu-manity.co blockchain ledgers must first create a marketplace where data can be traded, and to do that, they need data owners to sign up. With enough users, Etwaru believes a new economy can be created.

"Once we help enough people, we can begin to earn money. But, we have to help people and change the world first," Etwaru said. "It is a very lofty goal, but it is the foundation of the way our business is set up."

Computerworld:

You Might Also Read:

Blockchain To Secure Storage Of Sensitive Data:

 

« Blockchain Is Being Applied to Human Rights
N. Korean Hacker Fingered For Wannacry Attacks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cobwebs Technologies

Cobwebs Technologies

Cobwebs Technologies provide web intelligence solutions for Law Enforcement (including cybercrime), Intelligence Agencies and Federal Agencies.

Department of Justice - Computer Crime and Intellectual Property Section (CCIPS)

Department of Justice - Computer Crime and Intellectual Property Section (CCIPS)

The Computer Crime and Intellectual Property Section (CCIPS) is responsible for implementing the Department's national strategies in combating computer and intellectual property crimes worldwide.

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71)

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71)

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71) is Singapore's first cybersecurity entrepreneur hub.

Crosspring

Crosspring

Crosspring is an incubator/accelerator for people who have the ambition to start a successful business or want to extend their existing business in the areas of FinTech, AR, VR, Cybersecurity and SaaS

AttackIQ

AttackIQ

AttackIQ delivers continuous validation of your enterprise security program so you can strengthen your security posture and your response capabilities.

PrivacySavvy

PrivacySavvy

PrivacySavvy's mission is to provide you with all the information that you need to ensure that your internet privacy is intact, your devices are secure, and that any time you step online, you’re safe.

Athreon

Athreon

Athreon utilizes a fusion of AI technology, human interpretation, and the latest in cybersecurity to deliver sound business solutions that help our clients make better data-driven decisions.

Pentesec

Pentesec

Pentesec is a security specialist offering professional services, managed security services and expertise within an extensive range of security technologies.

Team Secure

Team Secure

Team Secure provide Enterprise-grade Cyber Security consultancy, managed security services and cyber security staffing services.

Moore ClearComm

Moore ClearComm

Moore ClearComm is part of Moore Kingston Smith a leading UK firm of accountants and business advisers. Our services include Data Privacy, Cyber Security, Business Continuity and Information Security.

WPScan

WPScan

With WPScan, you'll be the first to know about vulnerabilities affecting your WordPress installation, plugins, and themes.

HIFENCE

HIFENCE

HIFENCE delivers cybersecurity and networking services that make your company safer and more secure. That’s all we do, so you can concentrate on all the things that you do best.

Cyberleaf

Cyberleaf

Cyberleaf is simplified managed cybersecurity for MSPs, enabling top tier cyber protection for small and medium enterprise.

ELK Analytics

ELK Analytics

ELK Analytics is a specialized Managed Security Services Provider (MSSP) that focuses on endpoint security and monitoring & alerting for any type of structured or unstructured data.

Kerberus Cyber Security

Kerberus Cyber Security

Kerberus Cyber Security (formerly MintDefense) is a leading innovator in Web3 user security, dedicated to safeguarding digital assets and transactions through its flagship product, Sentinel3.

Rankiteo

Rankiteo

At Rankiteo, we are pioneers in cybersecurity risk management. Our mission is to empower organizations with the tools they need to assess, enhance, and safeguard their digital landscapes.