Our private health decisions may not be as private as we’d like to think. A recent article in the Wall Street Journal revealed a potentially uncomfortable situation: employers using health care analytics companies to mine employees’ health data to determine which employees may be about to make certain health decisions.
While this type of data analytics can be used to predict a variety of health conditions (ranging from an increased risk of diabetes to back surgery to pregnancy), the most attention-grabbing example discussed was pregnancy. By obtaining permission to analyze employees’ medical information, companies such as Castlight are able to look at factors such as search queries and whether employees have been filling their birth control prescriptions to predict pregnancies. Some commentators expressed concerns that this type of information could be used by companies in improper ways.
Defenders of the practice argue that the exact names of the employees who may become pregnant are not disclosed, and that information about small groups of employees is not provided to employers in order to protect their identities. Opponents say that isn’t enough to protect employees, who may be inadvertently revealed to their employers. And even if individual employees aren’t affected, this type of health information might lead to discrimination against women as an entire group.
But the bottom line is that providing this type of aggregate information isn’t a violation of HIPAA, even if it might inadvertently allow companies to identify specific employees based on the health-related information provided. Another key point is that some of the information the data analytics companies use, such as internet search histories, are not protected health information under HIPAA’s definition, despite their potential to reveal sensitive personal information about individuals’ health.
This type of data mining has been used before in other situations – for example, Target (in)famously used customers’ purchase histories to predict which customers were pregnant. But the fact that employers are seeking this type of information – even in the aggregate – raises additional concerns about employment-related discrimination. Despite the fact that these types of data mining are not illegal under HIPAA and related statutes, they remain controversial and questionably ethical.