Learn how your health data may be used without your consent and how to take back control.

Did you know that every doctor’s visit, prescription, or medical test generates personal health data and that this information is being used in ways you have no idea about. Despite protections like HIPAA, companies are allowed to sell “de-identified” versions of your records, turning your medical data into a multi-billion-dollar industry.

Though anonymized data plays a vital role in research and public health, it raises ethical and privacy concerns. Patients are excluded from decisions about their data, and advances in technology mean “de-identified” information can sometimes be linked back to you. According to Adam Tanner, author of Our Bodies, Our Data: How Companies Make Billions Selling Our Medical Records, anonymization is not always foolproof. As he explains in the book, “The promise of privacy is often more of an illusion than a reality,” as technology can re-identify anonymized data by cross-referencing it with publicly available information.

Understanding how your data is being used—and taking steps to regain control—is essential for safeguarding your privacy and empowering yourself as a patient.

What Is Data Anonymization?

Data anonymization is the process of removing identifying details—such as your name, birth date, or Social Security number—from medical records and it is regulated by law. This allows your data to be used for other purposes, like research and development, while theoretically protecting your identity.

The Life-Saving Benefits of Anonymized Health Data

There is no doubt that de-identified health data has played a crucial role in transforming medicine, improving patient outcomes, and addressing public health crises. It has driven medical breakthroughs by helping pharmaceutical companies study disease patterns, track drug effectiveness, and develop new treatments. For instance, cancer researchers analyze anonymized patient records to refine targeted therapies, and COVID-19 vaccines were developed in record time thanks to global anonymized data that enabled rapid analysis of the virus’s spread and vaccine efficacy. Additionally, anonymized data aids in disease prevention and early detection, as AI models trained on de-identified health records can predict risks for conditions like heart disease or diabetes, allowing for earlier interventions. And these datasets remain a valuable resource for ongoing research, enabling scientists to uncover new insights, improve treatments, and refine public health strategies.

When Data Becomes a Commodity

However, while anonymized data has driven medical progress, it has also become a lucrative asset—often exchanged, sold, and repurposed without patients' knowledge. What was initially intended to fuel research and innovation has evolved into a complex and opaque marketplace, where health data flows between organizations, sometimes prioritizing profit over patient privacy.

How Anonymized Data Is Being Sold

Your health data passes through a complex network of organizations, often ending up in the hands of third parties without your knowledge. Key players in this ecosystem include:

  • Pharmaceutical Companies: They use anonymized data to guide drug development and refine marketing strategies.
  • Researchers: Universities and research firms analyze health data to study disease patterns and treatment effectiveness.
  • Data Brokers: These entities aggregate and sell anonymized health data to various industries, including AI developers and insurers.
  • AI Developers: AI systems need massive datasets to function effectively. These datasets are often built using de-identified patient records.

The profits generated from this data are staggering, yet patients are rarely informed or compensated for their contribution. Tanner highlights this lack of transparency, describing how patient records are commodified without patient involvement.

The Risks of De-Identified Data

De-identified data isn’t as secure as it seems. The removal of personal identifiers is intended to protect your privacy, but in practice, the system is far from perfect. Risks include:

  1. Re-Identification: Algorithms can cross-reference anonymized data with other datasets to pinpoint your identity. For example, researchers have re-identified individuals in public health datasets using just a few data points. In the 2011 research article, A Systematic Review of Re-Identification Attacks on Health Data, authors: Khaled El Emam, Elizabeth Jonker, Luk Arbuckle, and Bradley Malin found that many records are able to be re-identified using standard technology from 2011. Imagine how much worse it is now, 14 years later?
  2. Privacy Breaches: Sensitive information, like mental health diagnoses or genetic predispositions, could be linked back to you, exposing you to potential harm.
  3. Discrimination: Re-identified data could be misused by insurers, employers, or others, leading to stigmatization or unfair treatment.

These risks highlight the need for stronger safeguards and greater patient control over health data.

How This Affects You as a Patient

For many patients, the idea that their medical data could be shared or sold is deeply unsettling. The fear of a privacy breach—especially one that could expose sensitive health conditions—creates anxiety and frustration. Patients trust healthcare providers with their most personal information, expecting confidentiality and security. When they discover that anonymized versions of their records are being circulated, often without their knowledge, it erodes that trust.

This growing mistrust extends beyond individual providers to the entire healthcare system. If patients believe their data is being commodified rather than protected, some may hesitate to seek care, disclose critical health information, or participate in medical research. The concern isn’t just theoretical—many breaches have occurred.

How to Take Back Control of Your Data

Fortunately, there are steps you can take to regain control of your health information and ensure it is used ethically:

  1. Understand Your Rights - Familiarize yourself with laws like HIPAA, which regulate how your data is shared. The 21st Century Cures Act also gives patients the right to access their electronic health records.
  2. Ask Questions - When visiting healthcare providers, ask how your data will be used, stored, and shared. Transparency is key to making informed decisions.
  3. Use Patient-Centric Platforms - New technologies are empowering patients to take charge of their data. Examples include:
    • Selfii: Allows you to securely manage, share, and even monetize your health data without sacrificing your privacy. You get to decide if and how you want to use your healthcare data. For more information, see the article “Your Health Data in One Place: Why It’s a Game-Changer.”
    • Journal My Health: A healthcare journaling app that also allows you to securely gather your health data.
    • Fasten Health: Provides tools to organize and control your medical information.

Advocate for Stronger ProtectionsSupport initiatives that promote transparency and push for stricter privacy laws in the healthcare industry.

Conclusion

The healthcare data system is far from perfect. While anonymized data can drive life-saving research, it shouldn’t come at the expense of your privacy or autonomy.

Tools like Selfii, Citizen Health, and Fasten Health are leading the way, offering patients secure options to manage and share their data on their own terms. Whether you choose to contribute to research, monetize your data, or simply ensure its privacy, the choice should be yours.

Taking control of your health data isn’t just about protecting your information—it’s about restoring trust and ensuring that healthcare systems work for everyone. Start by exploring your options and taking the first steps toward reclaiming your data today.