Some consumers were shocked to learn earlier this year that health care providers buy and analyze credit card transaction data in order to assess our health. When The Wall Street Journal reported last winter that insurers and employers are tracking consumer spending data (with and sometimes without the full knowledge and participation of the consumer), it came as no surprise to privacy scholars. Bloomberg and Businessweek reported over the summer that a large healthcare system in the Carolinas tracks and analyzes spending data in order to assign a health risk score that is passed along to doctors.
Data is collected, bought and sold every day without the consumer’s knowledge, consent, or power to monitor or control it (unless it is in a protected category). Data brokers use technology to infer information that they cannot collect directly. Some data comes from consumers themselves. Many companies ask employees to provide their health data and may even offer a financial incentive to do so. Most often, though, it comes from third-party data collectors without the knowledge or express consent of the individuals.
Why Do Health Care Providers Want Cardholder Data?
Money is involved. Improving health outcomes will lower care costs and improve profitability. Health care providers who defend the practice of purchasing consumer spending behavior data explain that it can provide insight into the patient’s lifestyle far beyond any impressions gained within the limits of a brief office visit.
The providers want to identify high risk patients and intervene before a crisis. They also point out that consumer data is used every day for the purpose of selling something, so why not use it for the more noble purpose of helping people get healthy?
Furthermore, the political landscape is shifting toward greater responsibility on the part of the provider. Rather than continue to financially reward providers for more (and more expensive) treatment, lawmakers are looking for ways to tie pay to outcomes. So it’s clearly in the providers’ best interests to proactively identify ways and opportunities to improve those outcomes.
Health care providers further justify data harvesting and analysis, noting that patients and providers don’t know each other as intimately today as they might have in decades past, and providers may not have all of the information necessary to provide the best possible care. Many people change doctors many times over the course of a lifetime, and office visits are notoriously brief. Some patients forget or choose not to disclose potentially important information to their doctors.
How Ethical Is Medical Data Mining?
The mining of data by health care providers gives rise to several ethical questions. Ryan Holmes, assistant director of Health Care Ethics at the Markkula Center, is “not convinced that a ‘data dump’ is necessarily the best remedy. Simply ‘finding the right answer’ is not the only point of the patient-provider interaction.”
Before we can ask questions of right and wrong, it’s important to understand what information is collected and who has access to it. The answer is that there is a file on nearly every American. Having an email address increases the likelihood, and having a credit card guarantees the file’s existence.
Sources Of Personal Data – Credit Cards, Merchants, And More
The question of where the data comes from is not so easily answered. Credit card companies do collect and analyze spending data, and if the analysis is done by a company that lives under the same corporate umbrella as the credit card, the customer cannot opt out of this analysis. Credit card use equals consent. The privacy notice on Chase.com, for example, states that they share information about customers’ transactions and experiences for their affiliates’ everyday business purposes, and the customer may not opt out.
Affiliates are defined (“companies related by common ownership or control,” and “companies with a Chase or JPMorgan name,”) but not listed. Barclaycard and American Express post virtually the same policy on sharing personal information with affiliates. All three credit card issuers declined to provide any comment for this article. Chase pointed to its privacy notice instead.
Although both the Wall Street Journal and Bloomberg articles indicate that credit card transactions are the subject of interest, the industry is cryptic about how those transactions land in the hands of health care providers. Most credit card issuers insist that they do not sell personally identifiable transaction data. The truth is they don’t have to.
Some information is public, such as the name and address of a homeowner, or a publicly listed telephone number. Birth certificates, marriage licenses and death certificates are public information, too, and their relevance to marketing was proven by the grieving dad who received a letter that included “daughter killed in car crash” in the address field.
Some details are gleaned through everyday consumer exchanges. For example, consumers visiting Disney World will have a hard time keeping the names, ages and genders of the children private. That information is then shared with all of Disney’s affiliates, including Danon, Almay, Honda, ESPN and many others. Disney is far from alone. Thousands of retailers share and sell customer data in the same manner.
Other information is freely given. “People assume the store won’t do anything with purchase data except update inventory,” says Lorrie Cranor, Professor and Director of the CyLab Usable Privacy and Security (CUPS) Laboratory at Carnegie Mellon University.
But when we provide our zip code to a cashier who asks for it, we identify ourselves with precision. We volunteer information about household income, ethnicity, employment status, education level, age and more when we complete a survey or sign up for a user account on a website. Keeping all of our personal data private would be a gargantuan undertaking, and experts agree that it is virtually impossible. We are constantly probed.
Financial Times has published content related to the topic of privacy. Somewhat ironically, any reader who wants to view this article about Facebook’s ad tracking must first register for an account and provide personal information that is then attached to the reader’s email address.
The information users feed to companies like FT.com can, of course, be misrepresented, but most people answer truthfully. Fudging the answers can lead to difficulty in the event the user is locked out of the account and needs to provide matching information in order to gain access.
A huge source of consumer spending data is the store loyalty card. It not only tells data collectors what you buy, it also tells them what you’ll probably buy in the future. Target famously knew that a teen girl was pregnant before her family did, simply by statistically analyzing her spending behavior, and enraged her father by mailing her advertisements and coupons for maternity and newborn products.
Third-party data collectors are huge customers of loyalty programs and other data. Datalogix, for instance, advertises access to the data of over 1,500 “leading U.S. brands,” including over ten billion pieces of consumer purchase data, representing $2 trillion in spending by 110 million households.
A Lot Of Information Is Collected Without You Knowing
License plate tracking takes place in most of the country and can be easily reconciled by the right person with the right technology to the vehicle owner’s name and address. Website tracking is ubiquitous. For example, every web page with a Facebook “like” button sends data back to Facebook whether the button is clicked or not. And identifiable data is often shared (sometimes accidentally, but shared nonetheless).
Companies who collect, aggregate, analyze, buy, and sell data are very tight-lipped about the process. They do not disclose what they collect, how they collect it, how they share it or with whom, except to the minimal extent required by law. All of the grocery stores contacted for this article declined to comment or did not return calls or emails: Stop ‘n Shop, Von’s, Safeway, Jewel-Osco, Kroger, Ralph’s and Target. Likewise, national data collection company Datalogix did not respond to requests for comment.
What Are The Ethical Concerns Of Data Mining?
The use of consumer spending data for the purpose of health care evaluation has consumer and privacy advocates’ alarm bells sounding. Consumers are not given an opportunity to consent to the use of their personal data, nor an opportunity to verify accuracy or to even see how the data is used. “This is happening behind the consumer’s back,” says CyLab’s Lorrie Cranor. “Consumers have no idea what data is being collected and what’s going to happen to it after it’s collected.”
Furthermore, Cranor believes that national health goals do not justify tracking individuals’ behavior. “We can collect data on an aggregate level that allows us to track these issues,” she says. “If an individual wants help managing health issues, they should be able to voluntarily make that information available to their doctor.”
Irina Raicu, Internet Ethics Program director at the Santa Clara University Markkula Center for Applied Ethics, focuses her attention generally on personal data that is collected and used without the individual’s awareness or consent. However, in the context of the data mining by health care providers, her primary concern is the inaccuracy of the data. “So,” she concludes, “to all those problems – infrequent contact with doctors, limited face-time, communication challenges, etc. – we might simply add another one: bad information.”
One solution identified by health care providers is to mask the personally identifiable data and show doctors only a health risk score, alleviating some privacy concerns. But because the data is unverified, that score “might simply disguise inaccurate data or inaccurate implications derived from some data points,” says Raicu.
Ryan Holmes (also at the Markkula Center) agrees that verification is critical. “Patients who wish to have themselves ‘monitored’ may indeed find that there is value added to the interaction [with the provider].” But “it is most important that patients be informed of this practice and to allow them to verify the data that is being collected.”
Another ethical concern is the degradation of the patient-provider relationship. “What we give up in this race for data,” Holmes explains, “is the ability to establish trust between patient and provider through face to face interactions.”
What If I Don’t Want To Give Out My Personal Information?
When it is available, opting out presents several layers of problems. First, we have to know who is collecting data and when. “It’s not just the companies you give the data to,” notes Cranor. “It’s all sorts of other third parties that have their tentacles out to collect data, too. On any given website, there might be ten, twenty companies collecting data, and you don’t know they’re there.”
Then, the consumer must learn the opt-out process for each company collecting data. Many do not provide a simple method for consumers to opt-out , and some admit that consumers do not have the option to be excluded. For some, postal mail is involved and must include a photocopy of an official I.D. (adding a whole new layer of unease about sharing personal data). Opting out can be difficult even for people who know how.
Then the consumer needs to understand and accept how opting out will affect the experience with that company. Opting out could, for example, prevent a person from shopping or banking online. “Even when there is an ability to opt out, it is difficult, cumbersome and may cause you to lose some benefits,” says Cranor.
A consumer who provides personal information for any reason should assume that it will be shared unless explicitly assured otherwise via published privacy policies. Some information is aggregated and not personally identifiable, and in many cases, the consumer must agree to anonymous data sharing in order to use the product in question.
Mitigating the amount of personal information collected depends on the level of inconvenience an individual is willing to suffer. It is virtually impossible to stop all personal information from being collected. “If you pay cash, there isn’t so much data about you. But it’s not zero. And paying cash is inconvenient,” says Cranor.
If you feel a need to cut back on the amount of trackable information in circulation about you, other suggestions Cranor makes include:
- Avoid filling out forms that you don’t need to fill out
- On a computer, use a privacy tool
- Use multiple email accounts for the different parts of your life
- Avoid credit cards
- Avoid cell phones. They know who you call and everywhere you’ve been. Laws restrict their ability to share that information but they can use it internally, and law enforcement can and does request it.
- Don’t get a loyalty card of any sort. To get discounts and avoid being tracked, keep swapping cards with other people. Then the card is not really you. Avoid registering for a card with your name and address if you can help it.