Computers, Privacy & the Constitution

Big Data and its Intrusion Into Our Medical History: An Investigation Into Matchback Programs

-- By KevinHoung - 05 May 2015


Silently, large data companies have been methodically mining sensitive medical history on patients throughout the U.S and selling it to Big Pharma through a process known as a matchback. Similar to why Amazon tracks your purchase history to suggest possible future purchases, pharmaceutical companies are now privy to once confidential medical information. Whether or not such information is de-identified is irrelevant, because the collection and possession of sensitive medical history should be available only to ourselves, doctors, and medical researchers.

What are Matchback Programs?

The process begins when a patient, John, purchases a drug through his pharmacy. Now not only does John’s pharmacy have record of his prescription, but so does the hospital or doctor that prescribed him the medicine. Pharmacies and hospitals are ordinarily prohibited from selling this confidential information by the Health Insurance Portability and Accountability Act. However, HIPAA only protects identifiable information. Therefore, savvy medical providers may sell confidential information as long as they de-identify personal information by transforming personal identifiers such as your name, address, and date of birth into a multidigit number through one way hash encryption. Your unencrypted medical history is then linked to your encrypted personal information. Data brokers then buy this information from hospitals and pharmacies.

But now the question remains, how do pharmaceutical companies seem to systematically anticipate your medical purchases? Data brokers also buy encrypted personal information collected from web browsers such as Google Chrome. When you set up a user profile on a web browser like Chrome you are asked to enter personal identifiers such as name, birthday, and address. These personal identifiers are encrypted using the same algorithm used to encrypt your identifiable medical information; and this encrypted personal information is subsequently sold to data brokers. Data brokers then match the encrypted personal information tied to your unencrypted medical history, which was bought from your medical provider, back to the encrypted personal information that was bought from your web browser of choice. In other words, information regarding your medical history is no longer tied to your personal information, but to a unique number, like a social security number. Data brokers sell this information to pharmaceutical companies, who use it to systematically target patients online.

Evading Privacy Concerns

According to Big Pharma, this form of marketing complies with medical privacy laws by encrypting the patient’s name with a unique code so that the name of the patient remains hidden. However, replacing a patient’s name with a unique code is no different than not encrypting a patient’s name at all. Whether or not you are identified by your given name or a unique number is irrelevant. Everyone is given a social security code, yet no reasonable person would place this number on a public forum whether in cyberspace or in the newspaper. Just as your bank account is linked to your name, date of birth, and address, the same information may be linked to your social security number. Therefore, how you are identified by an organization is irrelevant, but the collection of source material, your medical history, is not.

Instead of being focused on the process of encrypting one’s personal identifiable information, we should instead by asking why companies are allowed to monetize our medical information at all. Medical information should inherently be protected because it is so sensitive, regardless of whether it is linked to identifiable information. We offer doctors our medical information because they are supposed to use that information to help diagnose and treat our conditions, but that information is now being sold. Admittedly, data brokers also sell de-identified patient information to medical researchers, who are then able to track health trends. However, my argument is not that medical data be prohibited from being sold to researchers, but that private companies should be prohibited from monetizing private medical history for the aim of personalized marketing.

Data brokers claim matchbacks enhance the user’s experience by personalizing ads without requiring a patient’s name be revealed. However, these firms profile millions of patients, often, without their knowledge. GlaxoSmithKline, the sixth largest pharmaceutical manufacturer in the world stopped using matchbacks after concerns websites were not informing its users about the data collection. Sara Alspach, a GlaxoSmithKline spokesperson said that websites must “uphold appropriate privacy standards” and be transparent about the way data is used. If, as data brokers claim, there are no privacy concerns associated with matchback programs, why are patients not instead offered an opt-in option to participate in the program? Companies claim this may be for the betterment of the user experience, however ultimately, this data is used to generate revenue for the company. McKinsey and Co. projects that medical data analytics will grow to be a $20 billion industry by 2020 and IMS Health, one of the largest data brokers, reported revenues of $2.6 billion last year alone.

Convenience should never eclipse society’s concerns over privacy. Matchback programs should raise startling privacy concerns. Trading information concerning one’s commercial purchasing habits is arguably harmless. However, there is hardly ever a circumstance where an individual will freely and publicly disseminate one’s medical purchasing history to a company let alone one’s close friends.


Simply replacing one’s name with a number fails to protect privacy, as long as that number identifies you and your medical purchase history. If I told you from this point forward your name is Ted and that the stores you shopped at in the past as well as the future would refer to you as Ted, would that give you a sense of anonymity? Most likely it would not because your identity, what people refer to you as, is irrelevant as it pertains to anonymity. But what is relevant is that everyone can identify you with a unique number. Companies have long held a veil of convenience over their customers’ eyes, however medical privacy requires the utmost protection. Medical conditions are those of the most intimate nature and there is no claim of convenience that can overcome the duty to protect such intimate information.

Word Count: 1000

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Webs Webs

r5 - 26 Jun 2015 - 20:14:08 - MarkDrake
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM