The Hidden Global Trade in Patient Medical Data

As the global trade in health data continues its rapid growth, regulators are not keeping pace and most patients are unaware that their details can be sold. The use of such data in research could lead to new treatments, but privacy is also at risk. The United States has led on this trade even as its own health system is fragmented with many patients unable to access their own complete records. Patients in other nations may assume that privacy protections are in place, but author Adam Tanner points to cases where identification codes were cracked. “Patient dossiers omit obvious identifiers such as names and national ID numbers, but have become more vulnerable to re-identification as computing power advances and a constant influx of data provide ever more clues into who is who and where patients live and work.” he explains. Tanner encourages government officials to study the new industry's trends and lead with informed public debate. – YaleGlobal

The Hidden Global Trade in Patient Medical Data

The goal to global trade in health data is new treatments, but government regulations do not keep pace
Adam Tanner
Tuesday, January 24, 2017

Profitable data: This hospital patient may not know that his medical information can been sold, top;  QuintilesIMS employees gather medical records

CAMBRIDGE: In 1956, the head of one of Madison Avenue’s leading medical advertising agencies dispatched a copywriter to West Germany to set up a new company for producing surveys of the pharmaceutical market. The young executive had never been abroad and spoke no German.

The firm, initially called Institut für Medizinische Statistik, quickly won clients by providing insights on which drugs sold well in which markets. Drug companies eagerly bought these reports, and IMS expanded to other European countries, North and South America, and Asia.

Today, the US-based data-mining firm, recently renamed QuintilesIMS, operates in more than 100 countries and is at the heart of a for-profit global trade in anonymized patient data. The $20 billion company assembles dossiers on more than half a billion patients worldwide from physician records, prescriptions, insurance claims, lab tests and more.

US competitors include IBM Watson Health, GE Healthcare, LexisNexis and firms linked to insurers such as UnitedHealth’s Optum Anthem’s HealthCore and Blue Cross Blue Shield’s Blue Health Intelligence. Rivals exist in other countries as well.

Privacy can be at risk. Patient dossiers omit obvious identifiers such as names and national ID numbers, but have become more vulnerable to re-identification as computing power advances and a constant influx of data provide ever more clues into who is who and where patients live and work. Another complicating issue is the growing availability of insights from DNA testing, identifying by its very nature.

The growing possibility of re-identification from such dossiers poses risks of discrimination against people with mental health issues or any array of medical complications. In some cases, such action would be legal, such as in denying life insurance, and in others not, such as in hiring and promotion decisions. Medical information could be used to blackmail and embarrass anyone from common citizen to national leader.

Data miner dossiers are legal under US rules and serve mostly to help pharmaceutical firms market and advertise their drugs. Data miners also highlight the promise of big data leading to new discoveries and cures. “The future of medicine rests on data: the evidence that is the basis for the discovery, development and dispensing of prescription products and all other healthcare decisions,” noted QuintilesIMS in an October report. “Mastering the collection and interpretation of data is therefore vital for the vitality and continued global contributions of the biopharmaceutical industry.”

So far, industry executives admit to garnering interesting insights rather than stunning breakthroughs.


The ability of commercial firms to assemble dossiers on individuals comes at a time that few Americans have access to complete records for their own health care. The fractured nature of US medicine complicates this issue compared to countries with national systems.

Officials in many countries suggest that they enjoy stronger privacy protections than the United States, either through law or tradition. Yet increasingly, American-style accumulation of sensitive medical data on millions of patients is becoming commonplace.

For example, many Japanese officials contend that the aggregating and selling anonymized patient files does not occur in Japan as it would violate Japanese sensibilities. “The difference between IMS in Japan and in the United States, in Japan they treat data and privacy in a more sensitive way,” said Yoshitake Yokokura, president of the influential Japan Medical Association. “Medicine should be for the public benefit, not for business.”

For-profit ventures are expected to secure patient consent.

Yet IMS advertises the sale of Japanese longitudinal data, including “actual prescription data from pharmacy records for individual patients.” Japan’s guidelines on selling anonymized patient data are blurred because the nation lacks US-style privacy rules, including the Health Insurance Portability and Accountability Act. Officials often speak of a gray zone of practices neither explicitly allowed nor forbidden.


Data miners typically do not seek patient consent and maintain that properly anonymized information does not belong to an individual. A group of patients and doctors in South Korea disagreed and launched a legal case against IMS in 2014. After a whistleblower released anonymized records from some of these data-miner transactions, it turned out that a simple code could unlock the patients’ national ID numbers.

Sung Bae Kim, among the South Korean physicians who brought the lawsuit, described his shock: “If it’s syphilis or hypertension or diabetes, if you have information about me without my understanding. If they do not get consent, they have no right. It is very unethical.”

QuintilesIMS is fighting the lawsuit and defends its practices, arguing that only anonymous healthcare data is mined. “IMS Health then takes further steps to ensure the information remains anonymous, such as additional cryptographic coding,” said spokesman Tor Constantino.

Europe boasts of stronger personal data protections than the United States. Yet data miners advertise anonymized patient dossiers from a number of European Union countries. For example, in Germany QuintilesIMS sells details from electronic health records, prescriptions, hospital discharges and patient registries.

Some European countries such as the Nordics maintain national health databases with information on patients suffering from heart disease, cancer and HIV among other ailments. Such efforts, led by the state, are not aimed at making a commercial profit.

Some IMS veterans who worked at the company during the era when focus was limited to broader pharmaceutical market surveys are uneasy about the commercialization of anonymized patient data that have become more commonplace over the past two decades.

Former IMS Japan CEO Shunsuke Keimatsu questions the value of such anonymized individual data for IMS clients and how clients use the data. He also wonders whether anonymous data may violate privacy laws. “To be blunt, I feel that they went too far unless there are legitimate answers to the above two questions,” he said.

Sabrina Chan, executive director of the Hong Kong Association of the Pharmaceutical Industry, expresses a similar sentiment: “No matter that it is anonymous, the consent from the data owner is the most important. My principle is without the patient’s consent, actually it is unethical to disclose their data to anyone.”

The trade in patient data is so opaque that many even in health care and government do not know about it. A top Japanese government official who did not want to be named insisted initially that trade in anonymized patient data did not occur in his country. He then expressed surprise as a researcher detailed how such a trade has emerged in Japan.

Part of the problem is that data miners are reluctant to talk publicly about how the process works.

“The entire US health care system, as well as the entire political system, has devolved into this shadow game,” said Joel Kallich, the founder of Big Health Data who used to work at Amgen and has consulted for IMS. He adds that anyone privy to the data can lie, scheme, manipulate or steal data from the people to whom it belongs.

The example of Japan and many other countries shows that in the absence of specific guidance or government restrictions, market forces will continue to expand personal data collection quietly, even in a traditionally cautious business climate.

There is hope that the commercial circulation of anonymized patient data contributes to science and treatments. Yet given the growing privacy risks, countries should encourage an open, informed public debate for shaping regulations on anonymized patient data in what is increasingly a big and globalized health data bazaar.

Adam Tanner is the author of the new book Our Bodies, Our Data: How Companies Make Billions Selling Our Medical Records and writer in residence at Harvard University’s Institute for Quantitative Social Science.

Copyright © 2017 YaleGlobal and the MacMillan Center