Apple Watch + Your Private Health Data: Better Watch Out

I just purchased the new Apple Watch 4, and it’s a major improvement, especially with its (pending) Health Monitoring and FDA-Approved Electrocardiogram (ECG/EKG) capabilities. These features will I predict be a huge boost to mainstream consumer health and activity monitoring. Wearable health and activity monitoring devices like Fitbit and Kardia Mobile are not new, but what is momentous about the Apple Watch will be the ubiquity, scope and 24-hr convenienceof these capabilities, now that Apple has signed on.

500 Million Consumers by 2020

By 2020, wearable devices will be used by 500 million consumers worldwide, spawning a huge ecosystem of 3rdparty health applications, reshaping healthcare, insurance, hospitals, fitness, pharmaceutical, diet, home care and other industries. The size of the opportunity has attracted Amazon, IBM, Microsoft, Facebook, Alphabet’s Google — along with insurers, numerous start-ups and others.

Many would say that if data collected by the Apple Watch and 3rdparty Apps detected (or helped diagnose) a possible health issue or disease you were unaware of, that’s a good thing. From hypertension to diabetes to cancer and heart disease, these tracking capabilities — combined with AI and Big Data — offer remarkable potential to improve health and quality of life.

A Darker Side

But there’s a darker side–with the proliferation of these devices to track real-time health data, some consumers may unwittingly risk having their health data used against them. Yes, personal data is anonymized and encrypted, regulations like the ACA (Affordable Care Act), GDPR (The European Data Privacy standard) and HIPAA (the Health Insurance Portability and Accountability Act) are intended to improve privacy protection, transparency, and protect insurance consumers from coverage discrimination due to pre-existing conditions. However, these protections and regulations, can’t overcome human nature; most consumers still won’t read (or will ignore) privacy policies before opting-in to grant 3rdparties’ permission to share their health and activity data, in return for promised conveniences and cost savings.

Click and Disclose: Its Human Nature

This is not just on Apple; its becoming a way of life. We have accepted targeted ads based on our web surfing and viewing habits; our favorite devices and apps know, and can even anticipate, our preferences; new services like DNA-based diets and usage-based driving insurance have become popular, where consumers gain benefits in return for giving permission to track their personal data.

Trouble is, fitness trackers collect and share lots of data besides health: GPS location, Wi-Fi access, connected apps (e.g. Facebook and Google Fit) and payment data. Facebook, who has been in the headlines recently for allegedly playing loose with member privacy, was alleged to have entered into ‘white label’ agreements with companies like AirBnb, Lyft and Netflix to prioritize access to user data, even after publicly restricting 3rdparty data access.

Many companies legally collect, buy and sell this type of data, and regulations governing data collected by these devices are nascent, and often left to the manufacturer. Apple’s privacy policy states consumers are responsible for the personal information they share with 3rdparties, and are subject to their terms, privacy policies and practises. Consequently, consumers who click ‘Agree’ may be unwittingly giving away rights to privacy while their data legitimately sold/provided to 3rdparties whose motives may not be in the consumer’s interest.

Just Knowing May Be A Risk

Even if the Apple Watch or Apps didn’t share the data — but made the consumer aware of a potential health issue or risk, and the consumer did not actively disclose it to health, travel or auto insurance companies — consumers may face consequences, as many of these policies contain standard language in the event of non-disclosure of relevant information to their coverage. The consumer could be denied a claim, possibly be on the hook for thousands of dollars. Nondisclosure could even be grounds for Rescission (retroactive policy cancellation).

More worrisome is Big Data. Many companies legally sidestep consumer assent and regulations by anonymizing personal health data and providing it (or selling) to 3rd parties. But today, some data can be un-anonymized and cross-referenced with non-medical data (which consumers view as less private) such as cell phone data, social media, pharmacy data (sold by drugstore chains), credit scores, driving records, search engine data — even banking and shopping data. Combined with predictive analytics and AI, your health data can be used to identify and make sophisticated predictions about you, with ever-increasing accuracy, without your knowledge or consent. If applying for insurance, a job, a loan, your detailed medical history may be accessible — is this what you want?

Bigger Than Consumer Health — The New Normal

The implications of 7/24 personal healthcare/activity data monitoring has broader privacy implications for many industries beyond consumer health. Consumers may, for example, may unwittingly have their health and personal data mixed with DNA data provided to Ancestry or diet companies. Or, they may have their driving data from the black box in their car (installed now in >50% of vehicles sold in the US) combined with their health data. Or data from their shopping cart combined with their cellphone and health data.

This ‘new normal’ of using a deeper level of personal information to provide a competitive edge, upends almost every industry, including the insurance industry, diet/wellness industries, even advertising, media, automobiles — and others.

Just Opt Out? Not So Fast

Will ‘opting out’ be the only protection? Consumers don’t necessarily have leverage in selectively negotiating privacy policies, and many are reluctant to forgo the services or their promised benefits. Studies have shown that our hunger for convenience trumps privacy; and when privacy requires additional effort or comes at a cost of convenience, consumers are quick to abandon approaches to greater protection. (Life without Netflix? Kill me now).

In the future, opting out may also cost consumers. If providing health tracking information becomes common, it’s possible that notgiving up their info could incur a penalty in the form of higher than average premiums.

How Will This End?

How all this will shake out is unclear. The solutions aren’t simple, and go beyond technology to public policy, regulation and consumer education. However, just like lagging financial regulations ahead of the last financial crisis, there is a growing gap between the ability to use Big Data, and the laws and regulations (and regulators) keeping up with its rising sophistication and complexity. The fact is that despite data encryption, regulations and security policies, many consumers may not be protected from the unintended consequences of willingly (or unwittingly) sharing their health and activity data from the Apple Watch and other devices. And it’s too tempting for insurance companies and healthcare providers — supported by data mining companies who collect this data — to ignore this important information.

So rather than caveat emptor, the future is caveatrevelare (revealer, beware).