In today’s high-tech world, patients often assume their Protected Health Information (PHI) is under lock and key. However, the reality behind platforms like Healow and various Electronic Medical Records (EMRs) is far more complex. While your doctor is bound by strict ethics, the digital systems holding your data often operate in a legal “grey zone” where your private information is a valuable commodity.
The Grey Market: How Data is Sold and Shared
When you use a health app or patient portal, you may inadvertently step outside the protective bubble of HIPAA. This creates a significant loophole: while HIPAA regulates “covered entities” like hospitals and doctors, it often does not apply to third-party digital apps once you grant them access to your records.
To bypass privacy laws, companies often “de-identify” data by removing names. However, modern AI has changed the game. It can now triangulate “anonymized” records with other public data sets to re-identify patients,
rendering traditional privacy protections obsolete. This has fueled a multibillion-dollar industry of data brokers who collect, package, and sell this information to pharmaceutical companies, advertisers, and even foreign entities—often without the doctor or patient ever knowing.
Foreign Mining and the Gap in Outdated Laws
The threat isn’t just commercial; it’s geopolitical. Outdated laws haven’t kept pace with the ability of foreign nations to mine American health data. Because HIPAA does not explicitly prohibit PHI from being stored on offshore servers, entities in “countries of concern” can acquire bulk sensitive data from brokers to build surveillance profiles or gain economic advantages. While the Department of Justice has recently moved to restrict some of these transfers, the vast majority of this international grey market remains unregulated.
AI as a Tool for Data Exploitation
While AI helps doctors diagnose diseases, it is also being weaponized by data miners. AI is now used to automate the scraping of vast databases, significantly lowering the barrier for brokers to exploit personal health patterns. Furthermore, predictive profiling allows these systems to analyze lifestyle and genetic data to forecast a patient’s future health risks—information that is highly sought after by insurers and foreign regimes alike.
Most patients are blissfully unaware…. Middle men entities invite patients to share their most intimate data with them, do nothing in return and then sell that data wholesale. To some patients, they couldn’t care less, for others, it’s the most important thing in the world to them. It’s akin to be paraded around naked in front of strangers from other countries, really. – Dr. K
Empowering Patients at East County Internal Medicine
As a patient, you have the right to access your data, but vigilance is required. It is essential to read the fine print in the privacy policies of health apps to see how they share “Personal Information” with affiliates or third parties. At East County Internal Medicine, we believe that your health journey should be private. Understanding where your data goes is the first step in reclaiming ownership over your most personal information.
——————————