Riddles in Health Data Privacy: The Case of the Tell Tale Pacemaker

Monica Horvath Our Thots

 

You’re traveling through another dimension- a dimension not only of sight and sound, but of mind. A journey into a wondrous land whose boundaries are that of imagination and whose data have no boundaries. Your Waze app sends a notification. You’ve just crossed over into the (Big Data) Twilight Zone.

The internet of ‘healthy’ things is the healthcare industry’s contribution to a high-velocity sea of Big Data.  Medical devices have become shockingly sophisticated.  They record and store incredible amounts of data, even those devices embedded inside of you. The privacy implications of using that data, when extrapolated to extreme scenarios, create quite a legal quagmire as well as fodder for modern Rod Serling-esque horror stories.

Consider if you will, a Mr. Ross Compton of Middletown, Ohio

Ross Compton, aged 59, has been charged with aggravated arson and insurance fraud for allegedly burning down his house.  While there are plenty of things in his story that don’t sound quite right (gasoline on his clothing; a packed suitcase of belongings), the key piece of evidence came from another source.   Compton told 911 that he had a pacemaker implant.  Police then got a search warrant to retrieve electronic data from that device regarding his heart rate and associated vitals before, during, and after the fire.  A consulting cardiologist determined that it was highly improbable that Compton collected belongings, packed them, busted a window with his cane, and tossed the suitcase out the window given his heart data profile.  He has thus been indicted and is pleading not guilty.

The privacy concerns here are complex.  Older medical devices didn’t hold much information.  But now, so long as the battery holds, any implanted device can collect a wide amount of data and even provide location by GPS.  Compton had to go to a specialist to get the data extracted per the search warrant.

Here are my initial questions:

  • Could he refuse the search citing the right to not self-incriminate?
  • What if no one knew he had the pacemaker– would he have been indicted?
  • Are investigators allowed to ask you if you have implanted medical devices and if so, do you have to answer honestly?
  • How does one know what the cardiac data should look like for those genuinely grabbing their belongings and fleeing a fire?  Do we have a comparison sample for that? Bodies are weird under stress.
  • To what extent did Compton know his device provides that wealth of data?

What If You Can Only Pick Two: Privacy, Data, or Health

The additional evidence suggests that Compton may very well be guilty. But the internet of ‘healthy’ things is edging us into an era where society will struggle to balance privacy and data.  Especially when high volume, transactional data are concerned.

As for lessons learned, I think that if you do commit a crime while having a pacemaker, be sure your heart is in it. (Heh.)  Or take the route of Dick Cheney — he had the wireless feature turned off.

Up there, up there in the vastness of space, in the void that is the internet, lies a slippery slope of uncertainty known as Big Data.  It sits there waiting, waiting with the patience of eons, forever backed-up in The Cloud, forever waiting in the (Big Data) Twilight Zone.