How to keep your health data private
Many people are concerned about keeping their health data private. In this short article, we’ll cover some of the basics.
Potential threats to healthcare privacy
The most serious privacy threat to your health data would be a data breach at a hospital, clinic, or doctor’s office. You can choose a healthcare provider with good cybersecurity practices. You can make sure they’re ethically committed to respecting your privacy. But beyond that, there’s not much that individual patients can do about this risk.
There are other areas, however, where your own actions can have a more direct impact:
Internet activity
If you use the Internet to research a health issue, your private health data could be at risk. Websites track visitors with cookies. Many search engines log what you’ve been searching for. And Internet Service Providers (ISPs) can view your network activity — meaning they know what websites you’ve been visiting.
Communications
Your communications with healthcare providers present another privacy risk. Emails, phone calls, and instant messages all create data trails. This can reveal information about your personal health data if third parties manage to get hold of the records.
App data
Mobile health apps are designed to record health data. But do the apps really keep your health data private? In far too many cases, the answer is no. Developers make money by selling or sharing user data with data brokers for marketing or advertising purposes. Anyone can buy that data: even third parties with no legitimate reason to have it. Unfortunately, even developers of health apps engage in these practices. Other developers may have good intentions, and try to respect your privacy, but might be retaining health data on their servers without taking the proper steps to protect it. That too is a privacy risk.
Location data
Mobile apps collect a lot of location data about their users. In addition, smartphones are constantly connecting to Wi-Fi networks and pinging cellular towers. This generates a separate trail of user location data. If you visit a doctor’s office or clinic with your smartphone, potentially sensitive information about your health is now stored on a server somewhere — just waiting for someone to abuse it.
Indirectly related data
In addition to health data, it’s important to remember other kinds of information can be used to make inferences about your personal healthcare history. For example, all of the following can put your healthcare privacy at risk:
- Booking an Uber to take you to a doctor’s office or clinic.
- Traveling for healthcare reasons and saving the booking on the online ticketing platform with a name that links it to the medical purpose of your trip.
- Paying for a medical bill with a credit card linked to your name.
Keeping your health data private
We want to stress that there is no “magic bullet” when it comes to protecting digital privacy—health-related or otherwise. Nothing is foolproof. Everyone’s needs are different. People face different levels of risk, and have different tolerances for risk.
That said, there are some basic precautions that you can take to mitigate common risks and increase your chances of keeping your private health data private.
Research securely
If you have to research a healthcare issue online, consider taking steps to anonymize yourself and protect your data.
Use a VPN or Tor to protect your network traffic. In addition, use web browsers that have better privacy protections: Firefox and Safari tend to be better than Chrome or Edge in this regard. It’s best to use a browser in private browsing mode, and to make sure you’re logged out of all accounts and services while you search. If possible, stick to the more privacy-friendly search engines like DuckDuckGo or Brave Search.
If you need to take notes about confidential medical issues, try to store them in a safe format. The Secure Notes feature of iCloud Keychain or your password manager is a good option. If you’re taking notes on a device that someone else might gain physical access to, make sure that the device itself is protected: strong passcodes on iPhones and screen locks plus FileVault on macOS.
Choose health apps wisely
If you’re choosing apps for healthcare purposes, look for companies that have a good reputation for respecting user privacy and that have clearly stated data collection and sharing practices. Also think about how they transmit and store your data: apps that use end-to-end encryption (E2EE) are the safest, because then not even the app developer has access to your data.
On iOS, you might consider using Apple’s “privacy nutrition labels” in the App Store to do your research. However, be aware that app developers have not always been honest with these, which somewhat undermines Apple’s system of self-reported privacy practices.
For iOS users, Apple’s own Health app is a great option for many use cases. It has a range of features and stores all data locally on your device in an encrypted form. Health data backed up to iCloud is protected by E2EE.
Restrict location data
If you’re concerned about location data related to your health, don’t give away your location to any app if you don’t have to. There’s a huge economy in sharing and selling location data, and it’s hard to predict where or how the data you give to some app can come back to haunt you down the line.
If you’re on iOS, you can go to Settings > Privacy > Location Services to see which apps have permission to access your location and under what circumstances.
To prevent ad tracking, the best thing to do is to deny all apps permission to track by default. To do this, go to Settings > Privacy > Tracking and toggle off Allow Apps to Request to Track.
If you need to see a doctor confidentially, you consider taking more advanced mobile privacy precautions on the day of your appointment. Checklist 188: Don’t Let Your iPhone Give You Away covers this topic in more detail, albeit in a slightly different context.
Communicate safely
If you need to talk with a healthcare provider, make sure that you’re communicating in a way that helps to protect your privacy.
First of all, make sure that you actually trust the person on the other end. Hopefully, most healthcare providers would fall into this category. But it’s always worth reminding yourself that all of the technological privacy protections in the world mean nothing if the person on the other end discloses your communications to a third party.
Assuming that this basic level of trust is in place, you can then take some additional precautions to protect your conversations with healthcare providers. For example, it’s a good idea to use a secondary email account that isn’t linked to your identity anywhere else online. ProtonMail, an encrypted email service that lets anyone set up an account for free, is a good option here. If you need to call your healthcare provider, you can create a secondary phone number as well. There are a number of services that let you set up a second line (e.g., Google Voice). There’s also the possibility of buying a cheap prepaid “burner” phone to use when discussing an extremely sensitive medical issue.
Keep your appointments private
Last but not least, give some thought to keeping your doctor’s appointments private. Here you may want to think of things like calendar entries and reminders. Keep them secure or consider making entries in a form that isn’t obviously related to healthcare.
As mentioned earlier, give some thought to how you’ll travel to your appointment. If you need to book with a ride-hailing service, you may want to choose a nearby destination instead of the actual doctor’s office itself.
When it comes to payment, doctor’s offices and insurance companies should protect your medical privacy—but credit card companies are a potential issue. If you know how much a procedure or appointment is going to cost, you might consider paying in cash or using a prepaid debit card if the billing department accepts those. In addition, some doctor’s offices allow you to request confidential communications, which means all billing and insurance paperwork get sent to an alternate address instead of the one used by your insurance provider.