It's no secret that many smartphone apps track users' locations and sell the data to advertisers. Increasingly, however, the data reveal so much detail that it's easy to identify the personal, individual specifics of people's behavior and movements—including where they live, what health care providers they visit, and more.
How to incorporate wearables data into clinical practice
How 'anonymous' data can still reveal an individual person's behavior
A recent New York Times investigation proved just how easy it can be to use "anonymous" data to identify someone—and even track his or her interactions with health care providers, without his or her consent.
The Times analyzed a database containing information from more than a million phones in the New York area. Based on that data, the Times created a series of maps tracking people who had enabled location services on their phones—and in many cases, it identified those individuals based on their recorded locations and movements.
For example, the data showed one person departs a house in upstate New York 7 a.m. and travels 14 miles to a middle school, where the individual stays until the late afternoon every school day. Even though the records didn't state the individual's identity, the Times could "easily connect … that dot" and determine that it was Lisa Magrin, a math teacher who gave the Times permission to review her location data.
The app recorded her location as often as once every 21 seconds, revealing details about her personal life—including that she'd been to her dermatologist's office, a Weight Watchers meeting, and went hiking with her dog.
The database also revealed tracking data for Elise Lee, a nurse in New York City, as she traveled to her hospital's main OR. Lee also permitted the Times to examine her location history in the data it reviewed.
How location tracking works—and what it means for patients
App developers, and the advertising and location companies to whom they sell data, insist they're not interested in people's identities but rather in their movement patterns. The apps generally don't collect directly identifiable information, such as a name or phone number, and instead assign each individual a quasi-anonymous unique ID.
But privacy experts warn that people who are able to access the raw data, as the Times did, can easily pinpoint someone they're familiar with to track his or her behavior. And while most companies take measures to protect location data, Serge Egelman, a computer security and privacy researcher affiliated with the University of California, Berkeley, said "[t]here are really no consequences" for companies that reveal users' information.
Overall, the Times identified at least 75 companies that received anonymous location data "accurate to within a few yards" from apps whose users have enabled location services. Moreover, several of the companies said they track up to 200 million mobile devices in the United States, and in some cases received location updates more than 14,000 times per day.
According to the Times, the most popular data-sharing apps are dating apps and apps that rely on an individual's location, such as those related to weather, transit, travel, and news. The apps generally disclose in their privacy policies that they gather location data, but critics say users rarely read or understand such policies.
Even in instances where advertisers don't seek to determine an individual's identity, they can still use location information to target anyone who enters a defined geographic area via a practice called "geo-fencing." Retailers commonly use geo-fencing to offer targeted coupons to potential customers, but increasingly, advertising firms are setting up geo-fences around hospital EDs so that personal injury lawyers can target ads to individuals who enter the ED.
Bill Kakis, a digital marketer who runs the New York-based firm Tell All Digital, said, "It's really, I think, the closest thing an attorney can do to putting a digital kiosk inside of an emergency room."
The risk (and potential benefits) of tracking patients into the hospital
Public officials are raising particular concern about users being targeted in health care facilities. Massachusetts Attorney General Maura Healey (D), was the first AG in the country to prosecute a digital advertising firm for using geo-fencing technology to send ads from a Christian pregnancy counseling and adoption agency to people who entered Planned Parenthood clinics.
Healey said, "Private medical information should not be exploited in this way," adding, "Especially when it's gathered secretly without a consumer's knowledge … or consent."
But while location tracking raises privacy concerns, some argue the technology also can be used for good. For example, Roman Foeckl, CEO of Endpoint Protector, said health care institutions could implement geo-fencing to "keep information in by restricting access to devices or applications while inside a specific perimeter—and out—by making it impossible for devices outside the perimeter to access the network."
Further, Gregory Marcus, director of clinical research at the UCSF Division of Cardiology, said as chronic diseases become more prevalent among aging patients, improved health care monitoring is a necessity. Marcus led a study in which geo-fencing was used to track when a patient had been hospitalized. "Our app only had moderate accuracy, but this approach could revolutionize not only the way we ascertain if someone is sick, but also could be relevant to geo-fencing any location for a number of health-care related studies or interventions."
Some policymakers are skeptical
Despite the potential benefits, policymakers are increasingly skeptical of the use and sale of location data. Sen. Ron Wyden (D-Ore.) said, "Location information can reveal some of the most intimate details of a person's life—whether you've visited a psychiatrist, whether you went to an A.A. meeting, who you might date."
He added, "It's not right to have consumers kept in the dark about how their data is sold and shared and then leave them unable to do anything about it" (Valentino-DeVries et. al., New York Times, 12/10; Valentino-DeVries/Singer, New York Times, 12/10; Allyn, "Shots," NPR, 5/25; Noguchi, "All Things Considered," NPR, 7/7/17; Greene, Crain's Detroit Business, 6/3; Comstock, MobiHealthNews, 3/22/17).
Your telehealth cheat sheet on wearables
Wearable technology encompasses the range of devices used by consumers to track their health- and activity-related data. As the multiple functions of wearables on the market continue to expand, consumers are becoming more invested in the potential for these devices to improve their daily habits. Wearable technology can help to facilitate patient activation and improve clinical outcomes.
The cheat sheet details how rising interest in health data, advancing care innovation, and expansion of FDA device approvals has impacted the adoption of wearables.
Download the Cheat Sheet
Next in the Daily Briefing
How Monash Health invested in empathy—and improved patients' symptoms by 52%