Graphic of health tools on portable device

Protecting health data privacy

Anil Aswani, assistant professor of industrial engineering and operations research, thinks today’s fitness tracking might lead to tomorrow’s privacy threat. He and his colleagues have demonstrated that artificial intelligence can identify individuals by learning daily patterns from step data — collected by activity trackers, smartwatches and smartphones — and then correlating that information with demographic data.

The team used large data sets from the National Health and Nutrition Examination Survey and found that machine learning could accurately identify most subjects based on activity data. Their results led them to conclude that privacy standards from the Health Insurance Portability and Accountability Act (HIPAA) need to be revisited and reworked.

“The results point out a major problem. If you strip all the identifying information, it doesn’t protect you as much as you’d think,” Aswani said. “Someone else can come back and put it all back together if they have the right kind of information.”

Aswani said that the problem isn’t with the devices, but with how information captured by the devices can be misused and potentially sold on the open market. As advances in artificial intelligence make it easier for companies to gain access to health data, the temptation for companies to use it in illegal or unethical ways will increase.

“Ideally, what I’d like to see from this are new regulations or rules that protect health data,” he said. “But there is actually a big push to even weaken the regulations right now. For instance, the rule-making group for HIPAA has requested comments on increasing data sharing. The risk is that if people are not aware of what’s happening, the rules we have will be weakened.”


Topics: Industrial engineering, Health, Security & privacy


Reach the editors at berkeleyengineer@berkeley.edu