Understanding Personal Health Data: Not All Bits Are the Same (Part 1 of 4)

Posted on September 28, 2015 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

When people run out of new things to say in the field of health IT, they utter the canard, “Why can’t exchanging patient data be as easy as downloading a file on the Internet?” For a long time, I was equally smitten by the notion of seamless exchange, which underlies the goals of accountable care, patient-centered medical homes, big data research, and the Precision Medicine Initiative so dear to the White House. Then I began to notice that patient information differs in deep ways from arbitrary data on the Internet.

Personal health data isn’t alone in having special characteristics that make handling it fraught with dangers and complications. In this article, I’ll look at several other types of online data laden with complexity — money, personal data, media content, and government information — and draw some conclusions for how we might handle health data.


I am not an early adopter by habit, even though I work in high tech. When someone announces, “Now you can pay your bills using your phone!” it sounds to me like “Now you can mow your lawn using your violin!” Certain things just don’t go together naturally. Money is not like other bits; you can’t copy it the way people casually share their photos or email messages.

Of course I endorse the idea of online payment systems. They have transformed the economies of rural communities in underdeveloped parts of the world like sub-Saharan Africa. They can be useful in the U.S. for people who can’t get credit cards or even checking accounts.

Perhaps that’s why there are at least 235 (as of the time of publication) online payment systems. But money isn’t a casual commodity. It requires coordination and control. Even the ballyhooed Bitcoin system needs checks and balances. Famously described as decentralized because many uncoordinated systems create the coins and individuals store their own, Bitcoin-like systems are actually heavily centralized around the blockchain they hold in common.

Furthermore, most people don’t feel safe storing large quantities of bitcoins on personal servers, so they end up using centralized exchanges, which in turn suffer serious security breaches, as happened to Mt. Gox and Bitstamp.

So let’s look at some special aspects of money as data.

First, money has value. Ultimately — as we have seen in the crisis of the Euro and the narrowly averted default by Greece — money’s value comes from guarantees by banks, including countries’ central banks. Money’s value is increased by the importance placed on it by the people that want to steal it from us or cheat us out of it.

Second, money has an owner. In fact, I can’t imagine money without an owner. It would be like gold bullion buried on a desert island, contributing nothing to the world economy. So, the Internet culture of sharing has no meaning for money.

Third, money must be protected. Most of us — who can — use credit cards, because they are backed by complex systems for detecting theft and fraud run by multinational corporations who can indemnify us and handle our mishaps. If we store our money outside the banking system, we lack these protections.

These three traits — value, ownership, and protection — will turn up again in each of the types of Internet content I’ll look at in upcoming installments of this article. Does a review of money on the Internet help us assess health data? Comparisons are shaky, because they are very different. But because health data is so sensitive, we might learn a lot about its protection by paying attention to how money is handled.