If you’ve ever used an app to access mental health care, your personal data could be up for grabs.
A new study from Duke University outlines a shadowy industry built on buying and selling patients’ personal medical data.
Researchers contacted 37 data brokers — companies that collect and sell personal information — and asked for bulk datasets on mental health. Eleven of the brokers agreed.
The data included:
- Information that identified health issues (e.g., depression, anxiety, ADHD)
- Demographic information (e.g., age, race, net worth, ZIP code)
- Details on other ailments (e.g., Alzheimer’s disease, urinary incontinence)
The brokers’ prices ranged from $275 for 5k aggregated mental health records, to $100k/yr. for a data licensing subscription.
Is this legal?
Yup. HIPAA, the law that restricts how doctors and hospitals share Americans’ health data, doesn’t protect health information held elsewhere.
That means apps have free range for distributing user data. And they do:
- A 2021 Consumer Reports investigation found that mental health apps shared user data with advertising companies, including Facebook.
Congress has yet to pass regulatory legislation and data brokers spend millions on lobbying efforts.
But health data in the wrong hands can have serious consequences:
- Health insurance companies use data brokers to raise rates.
- Federal law enforcement officers employ data to pursue undocumented immigrants.
- Since Roe v. Wade has been overturned, the buying and selling of health data could endanger those seeking safe abortions.
Get the 5-minute roundup you’ll actually read in your inbox
Business and tech news in 5 minutes or less