Raw Data goes to the doctor this week, investigating wearable health technologies, big data on health outcomes and disease analytics, and what technology might be supplanting: the physical touch, and attention, of your physician. Even as doctors bemoan their patients’ reliance on sites like WebMD to pre-diagnose themselves, patients are complaining that doctors are more concerned about filling out the electronic health record than by carefully assessing their health. And despite new legislation like HIPAA, hospitals and health insurers have been the frequent targets of enormous hacks, leaking not only your health records, but also your financial information. The promise of wearable tech combined with impersonal, anonymous data analytics seems a promising alternative to the traditional healthcare system.
How secure are wearable medical devices?
Biomedical device security has a broad footprint, but discussions about it can be surprisingly shallow; many people are surprised to know that devices like insulin monitors, pacemakers, and infusion pumps that connect to other devices or computers to transmit data can be hacked. The population at risk of these attacks is already vulnerable; many users are elderly and have few good options besides using the device. Dick Cheney famously had a pacemaker implanted with its wireless connectivity disabled, to simultaneously preclude an attack on his heart and a heart attack, but most patients aren’t thought to be at risk. We know through stunt-hacking presentations at conferences like Black Hat that many commercially-available devices are vulnerable, both because medical device engineers usually aren’t cybersecurity experts, and because devices have to interface with a variety of hospital systems and have long lifetimes. Many biomedical devices are still running Windows XP—and still in use—despite the fact that Windows XP is no longer being patched, and its vulnerabilities are well-known.
How easy is it to take control of my biomedical data?
Here in Silicon Valley, you may find yourself on Caltrain with someone who seems to have supernatural powers, able to pick up paperclips like Magneto or control a radio with the wave of a hand. A growing population of biohackers are implanting devices into their bodies: RFID chips, magnets, and even computer chips that can communicate with smartphones or wirelessly transmit audio signals directly into the ears. A larger segment of the population, like Mike Snyder, are using activity trackers and commercially available monitoring tools to keep close tabs on their bodies.
23andMe: back in business
One of these tools, 23andMe’s genetic testing by mail, recently returned to the market after a period of FDA scrutiny: 23andMe originally offered both genealogy and medical tests, that could tell you what percentage of your DNA was Neanderthal and whether you had a predisposition to stomach cancer, for example. After the FDA ordered the company to stop offering the test, for two years only ancestry information was available, hampering the company’s growth, and consumers’ ability to learn more about their genomes. On Wednesday, the company announced the FDA had cleared many of its genetic tests, and it was once again offering tests for inherited genetic risks and drug responses. Some tests previously available before the FDA stepped in, like those for the BRCA genes, are still unavailable, but the expanded offerings are a step in the right direction for the personal ownership of genetic data.
Before you head over to 23andMe to order your own test vial (results come after you provide a saliva sample of non-trivial volume), however, you should also know that law enforcement agencies are interested in your DNA. Five customers have had their data requested by state authorities and the FBI, to test against material recovered from crime scenes. The company was able to successfully deny all of these requests, keeping customers’ genomes safe, but that doesn’t mean they will be forever—from the cops, or from hackers.
I can trick my fitbit by giving it to my dog; how useful is this data, really?
Our ability to extract useful insights from personalized medical data is still growing. While fitbits and other trackers can be “hacked” by attaching them to a bicycle tire, or other clever contraptions, dedicated use will provide more signal than noise. What’s more, statisticians are uncovering unexpected connections (remember from episode 1 that you’re bad at anticipating inferences…) including the notion that the emotional valence of words used on Twitter can predict coronary heart disease by county more accurately than indices like smoking that have an obvious correlation. These surprising outcomes don’t always stand up to the test of time; for example, you may have heard about Google Flu Trends outperforming the CDC’s prediction algorithms, but that turns out to have been a short-lived success that was probably a fluke, not the flu. A prediction is only as good as the data it’s fed, and bigger isn’t always better, but I’d rather know what 23andMe can tell me about my risks than remain in the dark. I ordered my test results in 2012, pre-FDA complaints, and I’m more Neanderthal than 98% of the population—but hey, no one’s perfect.
Read More (includes links to interviewees’ work):