The next time you engage online with your therapist or doctor, remember you aren’t just speaking to that person, you’re addressing the entire internet. In this article we’ll explain how your most private medical conversations are being recorded, analyzed, and sold on for commercial gain, always to your detriment. A recent 2021 article in Health IT Security highlighted how 30 well-known medical apps were shown to be vulnerable to hacking and API-based attacks.
Julie had been struggling for months to find a therapist to help her deal with increasing levels of anxiety. Finally, out of frustration and a desperate need for care, she settled on a therapist nearly five hundred miles away. Her sessions with the therapist, rather than being in person, would be virtual.
Julie is just one of the hundreds of thousands of Americans who have discovered the benefits of telemedicine. The platform of video is perfectly suited to therapy. In fact one could argue that moving forward, mental health will become the natural home of telemedicine.
Patients can describe their full range of symptoms and the visual medium allows the therapist to evaluate their client more clearly. Perhaps more so than in a traditional setting as one-on-one calls are devoid of the distractions real-life settings offer. More importantly, distance no longer limits access to immediate care. Even country borders are no obstacle to the telehealth platform.
Telehealth, Telemedicine, or Virtual Health, take your pick, has been around for well over a decade. It never quite caught on and then, along came a virus. The rest is history. It’s now a catchphrase on the lips of every software developer, medical startup, and healthcare application developer across the globe.
The age of remote medicine has arrived.
But has it, really? Is the current infatuation merely driven by quarantines and the pandemic? When restrictions are lifted and we return to ‘normal’ will people once again prefer the option of ‘up close and personal’. For many aspects of medicine, there is no substitute for in-person consultations.
This is a discussion currently taking place in many medical circles, but one of the sectors that don’t look as though it will fall out of love with Telehealth any time soon is mental health. In fact, there are a growing number of applications hitting the market that target exactly this sector and it’s here that data issues are starting to raise eyebrows.
Commercializing Medicine
Get your consult and get your meds, all on the same platform. Spend a few minutes chatting to a qualified therapist or doctor and we’ll deliver your prescription the same day. It’s the promise of instant gratification and service. Sounds really good, but is it?
What we’re now seeing in the marketplace is concerning. A mostly unregulated prescribing machine to sell psychotropics and other regulated medicines. An automated conveyor belt that’s going to exacerbate America’s drug dependency at a rate hitherto impossible.
Telemedicine is, for many unscrupulous pharmacists, therapists and doctors, a digital pot of gold.
Telemedicine offers another massive windfall to companies that develop platforms. Patient data. This is where the real money lies and this is how the companies set about getting their hands on it.
The companies record your ‘private’ discussion with your doctor or therapist. Simple isn’t it. In fact, it is so simple and so easily done that most platforms openly admit to the practice. Here’s an example of a platform that is guilty of all the indiscretions listed here, Cerebral, a mental health platform to access telehealth. Their company structure is so obscure we were unable to find a contact person to approach for comment.
The next time you engage online with your therapist or doctor, remember you aren’t just speaking to that person, you may be addressing the entire internet. The normally hallowed medical sanctum of a consulting room with two people and an occasional dictaphone doesn’t exist in the digital world. Companies offering Telehealth platforms will tell you they’re recording your conversations in their terms and conditions and some will refer to obscure PHI and HIPAA statements. Some don’t even bother.
Your entire call is recorded and this information is stored for later analysis, either by A.I. which searches for keyphrases, or by human ears. Your deepest, darkest secrets, fears, and other conditions are now a part of the public domain and companies have now learned the value of patience. Responding immediately to farmed data creates a reference point that is fresh in the customer’s mind. Wait two weeks and memory won’t be recalled that easily or the associations made.
Medical data is one of the most sought-after commercial commodities. Think of the potential for monetization from your ‘private session’.
Huts told your therapist you feel like you’re being stalked? Suddenly you’re inundated with offers from security companies offering you home surveillance and more. Feeling a little suicidal? Suddenly your insurance premiums increase, you’re refused cover, and forget getting a bank loan. You may even be approached by organ donor companies.
Sounds far-fetched doesn’t it but you’ve only got to do one search on Google for a toaster and then let me know how many of the subsequent emails, advertisements, and other digital info that cross your path in the next few days refers to toasters or companies that sell microwaves.
Talk to a friend on Facebook about your toaster needs and the same thing happens. You don’t even need to type out the word. Algorithms scan your speech while you’re speaking and only saying the word will be enough to trigger the advertising. There are no ‘how weird is this’ coincidences in the digital world, just effective data harvesting.
Health is different though. Your Private Health Information (PHI) is considered sacred under the law and a lot is done by regulators to ensure it remains private. The reason is simple. Possession of this information by companies and non-medical entities can seriously prejudice you.
HIPAA was created exactly for this reason and I’ve written before on this topic. You can read more about this here. The problems HIPAA now faces are those highlighted in the linked article. No one could foresee the speed of development and deployment of digital technology. We’re playing catchup and some sectors haven’t even realized a game has been called.
As such, current patient privacy legislation looks more like Swiss cheese than a solid firewall to protect your privacy and data. Add to this the complication of non-medical companies now embedding themselves in the healthcare industry and you’re left with huge data privacy issues.
There is no clear solution to this issue for either the patient or the provider unless you’re able to bypass Telehealth platforms and communicate directly with your therapist or doctor via a platform like Skype or Xoom. Direct one on one communication that bypasses the data leeches.
It obviously isn’t a sustainable solution for the long term but does overcome privacy concerns and will offer both the patient and the therapist the benefit of privacy for their doctor-patient interaction.
Why is this happening
The short answer is that healthcare is ripe for exploitation by corporate and commercial ventures. There are vast sums of money to be made out of health, but simply providing a platform isn’t, on its own, lucrative enough to warrant the investments these companies require. The most effective means of monetization lies in harvesting data and onselling or using the data to generate internal sales.
Another ploy is to incorporate various services under a single umbrella, hence the association between telehealth and pharmacies. From a commercial standpoint, it’s a match made in heaven, and most pharmacies are only too eager to join in. Legislation and regulation don’t really exist yet to control these new entrants to the health sector and while the suns out, everyone is making hay.
Currently, the digital health sector is a wild west wonderland where fortunes can be made overnight and most of these are made at the patients’ expense.
What can therapists and doctors do?
As a responsible practitioner, you will know just how important PHI is. You’ll also know that the sanctity of the relationship you enjoy with a patient or client is integral to the practice of ethical medicine.
Not all Telehealth platforms are guilty of the practices described above and you can, with care and due diligence, identify ones that pose the least risk to both you and your patient. Platforms that don’t record conversations usually state this clearly and have very visible PHI and HIPAA statements on their websites. These are generally more trustworthy, but you still need to dig into the terms and conditions.
A mixture of services, particularly those seeking to simplify the prescribing of medicines, is a clear warning that commercial interests are at play.
What can patients do?
There really isn’t anywhere for you as a patient to go with this. Most platforms will ensure that they bury a clause in their terms and conditions that implies you’re fine with them recording your calls and that you agree to their subsequent use of your data for any reason they see fit,
No one ever reads these documents and you’re often not shown them. Simply downloading an app or opening a browser can also constitute your agreement to the terms of the platform. You’ve just given the company carte blanche to do whatever they like with your most personal and intimate data.
I mentioned earlier that healthcare data is sought after and nowhere is this more true than on the dark web. For this reason, many of the companies that record your calls are targeted by hackers.
Most data breaches are covered up and never disclosed. The smaller and more obscure companies with all their eggs in the app basket you’re using are particularly guilty of covering up data breaches. Their portfolios are not diverse enough to absorb the fall-off in customer confidence in their product and therefore disclosure is avoided.
The simplest thing to do is to follow the advice given above for now and try and engage directly on a person-to-person Skype or Xoom call. Companies will over time develop solutions to properly secure patient data, Medika itself is exploring a solution, but until these products become commonplace or enforced in the marketplace, can you afford to risk your identity and privacy.
