Should Your Employer Have Access to Your Health Data?
By Junaid Nabi
The modern world today has become more dependent on technology than ever. We want to achieve maximal tasks with minimal human effort. And increasingly, we want our technology to go wherever we go.
At work, we are leveraging the immense computing power of tablet computers. To supplement social interaction, we have turned to smartphones and social media. Lately, another novel and exciting technology is on the rise: wearable devices that track our personal data, like the FitBit and the Apple Watch. The interest and demand for these devices is soaring. CCS Insight, an organization that studies developments in digital markets, has reported that the market for wearables will be worth $25 billion by next year. By 2020, it is estimated that a staggering 411 million smart wearable devices will be sold.
Although wearables include smartwatches, fitness bands, and VR/AR headsets, devices that monitor and track health data are gaining most of the traction. Apple has announced the release of Apple Health Records, a new feature for their iOS operating system that will allow users to view and store medical records on their smart devices. Hospitals such as NYU Langone have started to use this feature on Apple Watch to send push notifications to ER doctors for vital lab results, so that they can review and respond immediately. Previously, Google partnered with Novartis to develop smart contact lens that can monitor blood glucose levels in diabetic patients, although the idea has been in limbo.
As these examples illustrate, these wearable devices present unique opportunities to address some of the most intractable problems in modern healthcare. At the same time, these devices operate by collecting massive personal information on unsuspecting users and pose unique ethical challenges regarding informed consent, user privacy, and health data security. If there is a lesson from the recent Facebook debacle, it is that big data applications, even those using anonymized data, are not immune from malicious third-party data-miners.
These devices operate by collecting massive personal information on unsuspecting users
On consent: do users of wearable devices really know what they are getting into? There is very little evidence to support the claim that consent obtained on signing up can be considered ‘informed.’ A few months ago, researchers from Australia published an interesting study that surveyed users of wearable devices that monitor and track health data. The survey reported that users were “highly concerned” regarding issues of privacy and considered informed consent “very important” when asked about data sharing with third parties (for advertising or data analysis).
However, users were not aware of how privacy and informed consent were related. In essence, while they seemed to understand the abstract importance of privacy, they were unaware that clicking on the “I agree” dialog box entailed giving up control of their personal health information. This is not surprising, given that most user agreements for online applications or wearable devices are often in lengthy legalese.
Privacy of health data is another unexamined ethical question. Although wearable devices have traditionally been used for promotion of healthy lifestyles (through fitness tracking) and ease of use (such as the call and message features on Apple Watch), increasing interest is coming from corporations. Tractica, a market research firm that studies trends in wearable devices, reports that corporate consumers will account for 17 percent of the market share in wearable devices by 2020 (current market share stands at 1 percent). This is because wearable devices, loaded with several sensors, provide unique insights to track workers’ physical activity, stress levels, sleep, and health information. Companies could theoretically use this information to motivate desired behavior, throwing a modern wrench into the concept of work/life balance.
Companies could theoretically use this information to motivate desired behavior, throwing a modern wrench into the concept of work/life balance
Since paying for employees’ healthcare tends to be one of the largest expenses for employers, using wearable devices is seen as something that can boost the bottom line, while enhancing productivity. Even if one considers it reasonable to devise policies that promote productivity, we have yet to determine ethical frameworks that can prevent discrimination against those who may not be able-bodied, and to determine how much control employers ought to exert over the lifestyle of employees.
To be clear, wearable smart devices can address unique challenges in healthcare and elsewhere, but the focus needs to shift toward the user’s needs. Data collection practices should also reflect this shift.
Privacy needs to be incorporated by design and not as an afterthought. If we were to read privacy policies properly, it could take some 180 to 300 hours per year per person. This needs to change. Privacy and consent policies ought to be in clear, simple language. If using your device means ultimately sharing your data with doctors, food manufacturers, insurers, companies, dating apps, or whoever might want access to it, then you should know that loud and clear.
Privacy needs to be incorporated by design and not as an afterthought
The recent implementation of European Union’s General Data Protection Regulation (GDPR) is also a move in the right direction. These protections include firm guidelines for consent, and an ability to withdraw consent; a right to access data, and to know what is being done with user’s collected data; inherent privacy protections; notifications of security breach; and, strict penalties for companies that do not comply. For wearable devices in healthcare, collaborations with frontline providers would also reveal which areas can benefit from integrating wearable technology for maximum clinical benefit.
If current trends are any indication, wearable devices will play a central role in our future lives. In fact, the next generation of wearables will be implanted under our skin. This future is already visible when looking at the worrying rise in biohacking — or grinding, or cybernetic enhancement — where people attempt to enhance the physical capabilities of their bodies with do-it-yourself cybernetic devices (using hacker ethics to justify the practice).
Already, a company in Wisconsin called Three Square Market has become the first U.S. employer to provide rice-grained-sized radio-frequency identification (RFID) chips implanted under the skin between the thumb and forefinger of their employees. The company stated that these RFID chips (also available as wearable rings or bracelets) can be used to login to computers, open doors, or use the copy machines.
Humans have always used technology to push the boundaries of what we can do. But in our pursuit of advancement, we must not erode fundamental rights to privacy and security, and not infringe on the rights of the vulnerable and marginalized. The rise of powerful wearables will also necessitate a global discussion on moral questions such as: what are the boundaries for artificially enhancing the human body, and is hacking our bodies ethically acceptable? We should think long and hard before we answer.