Insider Q&A: Your medical information is big business

How much are your old prescriptions worth? Maybe not much to you. But for some companies, your medications, test results and hospital records are the building blocks of a multinational business.

They collect millions of data points every day, analyze them and sell them to drugmakers and other health care players looking for insights into the medical marketplace.

But as the industry has grown, so have concerns about patient privacy. Adam Tanner takes a look at the promise and pitfalls of big medical data in his upcoming book "Our Bodies, Our Data." His answers have been edited for length and clarity.

Q: What kind of information is collected?

A: This kind of information doesn't have your name but has intimate details about you and your medical condition. You go to your doctor, he enters information about you into his electronic medical records system and he sends you to the pharmacy to get a prescription. All of that stuff is covered by your insurance and produces paperwork. And all the details about that process can be sold by companies called data miners.

When I tell people that your blood test information is sold to commercial companies they often feel rather uncomfortable with that.

Q: How big is this business?

A: This is a multibillion dollar industry that spans the whole world. The biggest is Quintiles IMS. That's a $20 billion dollar company. Sometimes you have well-known companies that you would not expect who are involved in this. For example, IBM has put together a division which has profiles on hundreds of millions of patients.

Q: But aren't there patient privacy laws that govern the use of this data?

A: You can sell this data as long as it is anonymized to certain standards. However, since the U.S. rules were written decades ago, the ability to gather huge amounts of data and compare it has grown greatly. It means that clues from different aspects of your medical treatments may make it possible for outsiders to figure you out.

Q: What's the worst case scenario for the future?

A: The risk is that all of these anonymized profiles which have detailed histories of people become easily identifiable in years to come.

Why would you want to re-identify medical data? Perhaps you're a political opponent of someone and you want to destroy them. Perhaps you're a romantic rival of someone at work. Perhaps you're a foreign government that wants to control a legislator.

In recent years, we've seen a big upswing in medical records theft and hacking. All those kinds of things put more and more information out about us.

Q: Can I opt out of sharing this information?

A: It would be almost impossible. That's why the best approach is that we as a society come up with new rules, rather than put the onus on individual patients.

Q: Are there societal benefits to the medical data business?

A: There are a lot of smart, well-intentioned people in this industry and they talk a lot about this promise of big data in medicine to lead to great breakthroughs. So far this commercial trade has led to interesting insights rather than big discoveries or cures. I think there's a way to both advance science and to allow patients to have more control over their data.