1-Page Summary

Take a look at what the leading data broker, IQVIA (with a market cap of $20 billion), boasts to have:

• 530 million non-identified patient records
• 85% of global pharma sales tracked
• 400,000 sources of social media
• 15 million healthcare professionals

It's no exaggeration to assume that all your health providers are reselling all your medical data to brokers like IQVIA.

Nearly all information is sold—your disease diagnoses, what drugs you take for which conditions, what your most recent lab tests say, who your doctors are and when you saw them. Every vendor you interact with to get medical service is able to sell medical data. Reselling data is a high-margin business, and thus tantalizing for managers to add to their bottom line. Companies you interact with that sell your data include pharmacies, medical providers, and insurers.

The only restriction they have by HIPAA law is to remove identifying information like your name, address, and Social Security Number, instead creating a unique personal code for you.

The removal of your name from your record is little barrier. With so much data and this unique code, the data broker compiles data streams into a new patient record. Any new data the broker receives is associated with your personal record, making it more and more identifiable.

Simply picture your entire medical record owned by multiple third parties, just with your name and SSN replaced by a unique ID—this reflects reality.

The broker then resells your health record, along with those of hundreds of millions of other patients, for marketing, industry analysis, and research purposes. Note that in large part, the data buyers (eg pharma companies) are interested not in you as an individual but how you fit into general trends—what drugs you're taking or switching to, what drugs your doctors are prescribing compared to other doctors, how disease prevalence varies by location.

But there is always a risk of a data leak. And given how much information your patient record has, it can likely quickly be matched back to you, especially if you have a rare condition or see a unique combination of doctors, or have any other public health-related information (for example, a Twitter post about seeing your doctor on a particular day, or public exercise data from health devices).

In some sense, it’s already too late to opt out or take back your data. Data brokers say your records can’t be traced back to you, so even if you wanted to opt out, it claims to have no way to tell which data to delete. But at a minimum, you should be aware of the extent to which your data is shared and be sensitive to future opportunities to opt out, should you so choose.

History of Medical Data Gathering

Our Bodies, Our Data contains a useful history of how resold medical data became increasingly personal and detailed.

The overall trend over the past decades is toward 1) more granular data consisting of more detail about a patient’s history, 2) data linked to distinct providers and patients, and 3) piecing together large datasets longitudinally across time. A few examples:

• Wholesalers and pharmacies started by selling bulk sales data. This allowed study of pharmaceutical company market share, overall and by territory.
• Prescription data with doctor identification allowed data companies to create profiles on the prescribing habits of individual doctors.
• Anonymized patient data from wide sources were linked together to get patient dossiers.

Brief History

1930s: Nielsen pays pharmacies to share wholesale invoices every 2 months to project overall US sales. Staffers also count products on shelves to monitor sales rates. This data helps firms target advertising and sales to regions and seasons.

Pharma research firm Davee, Koehnlein and Keating uses receipts from US pharmacies and manufacturers to estimate pharma market sizes by category.

1947: Graduate student Gosselin asks drugstores for permission to copy their prescription records. Pharma companies get interested in this service to get precise sales and compare their presence vs. the competition. He starts a company in 1952 to send bimonthly nationwide pharmacy surveys. He eventually asks physicians to share their prescription writing to correlate physician attributes with specific drug sales.

• Note that understanding drug sales (what leaves the door) is distinct from drug prescriptions, since sales are what actually gets pharma revenue.

1957: IMS acquires purchase data from wholesale pharmacies to estimate market sizes in Germany.

1960s: IMS begins asking doctors to share what they prescribe for different diagnoses.

• Generally it tries to get data for free, arguing the data will help science. Otherwise they give $50 a month for this data.

IMS starts the Drug Distribution Data service which merges data from drug wholesalers and pharma to determine total sales by salesperson territories.

• Weakness: misses traveling prescriptions (script written in one territory and filled in another) and doesn’t have per-doctor granularity

1978: McKesson starts Pharmaceutical Data Services, which sends surveys to 100k’s of doctors.

• In the early 1980s, PDS starts buying doctor-identified prescriptions from pharmacies.
• PDS generates physician profiles by matching doctor prescribing data with prescription filling data, to get real sales, not just prescriptions.

Patient dossiers start to be compiled about distinct patients.

• Anonymized dossiers compile data from multiple data sources.
• IMS Health (now called IQVIA) and Symphony Health are major players.

Sources of Medical Data

Every vendor you interact with to get medical service is able to sell medical data. Reselling data is a high-margin business, and thus tantalizing for managers to add to their bottom line. Our Bodies, Our Data describes the following data sources:

• Pharmacies
  • At the beginning, pharmacies were provided free software by McKesson (a drug wholesaler) in exchange for bulk sales data.
  • In the 1980s, IMS paid $50 per month for the pharmacy to load its prescription files onto a floppy disk.
  • Now pharmacies receive $0.01 per script.
• Clearinghouses and Pharmacy Benefit Managers
  • Their normal function is to route claims from pharmacy or doctor to the payer (usually an insurance company).
• Drug Wholesalers
  • Their normal function is to provide pharmacies with services to maximize reimbursements.
• Medical Providers
  • In the 1960s, IMS asked doctors to complete surveys on prescriptions for different illnesses.
  • PDS sent surveys to doctors, paying $2-$10, on preferred medications and prescriptions per week.
  • Electronic medical records now make data transfer easier.
  • Large hospital networks like the Mayo Clinic, Kaiser Permanente, Geisinger currently provide data for research, pharma, consultants.
• American Medical Association
  • Sells the Physician Masterfile to data companies
• Insurers and Insurance Claims
  • Provide diagnoses, procedures performed, and medications to data companies
  • Optum, HealthCore, BlueHealth Intelligence sell to data miners such as IMS Health
• Diagnostic Labs
  • All test results can be sold.
  • For marketers, these are useful for getting a patient’s diagnosis and rushing a salesperson to the doctor before the patient even knows about her diagnosis.
• Employers
  • Can sell insurance claims to data miners
• Electronic Medical Records
  • Allscripts provides data to IMS Health, receiving $30 million a year in sales
  • GE Healthcare sells data from its Centricity EMR.
• Data Brokers
  • LexisNexis sells medical claims from many payers, covering 250 million patients.
  • Non-medical data brokers like Experian, Epsilon, and Acxiom sell to medical data miners. These brokers aren’t subject to HIPAA and can cell non-anonymized records.
• Public Data on the Internet. Sources include:
  • Social media: miners monitor Facebook and Twitter for mentions of medication, ailments, and keywords like “diagnosed with.”
  • Review sites: for doctors, offices
  • Location and exercise data from devices
  • Real estate transactions
  • Forum discussions
• Proprietary Data—while these haven’t been confirmed to be currently under sale, be aware that in the future they could be.
  • Any trackable activity online, including Google searches, Youtube videos watched, ads clicked
  • Profiles and surveys, like on medical websites such as webMD
  • Data collected by medical devices, such as Apple HealthKit

Uses of Medical Data

What is enabled by having hundreds of millions of patient records?

Many pharma business decisions can be empowered by granular data on which patients take which drugs in which locations. Research studies are also empowered by large datasets.

The risk is that more unsavory, discriminatory uses can arise.

Here’s an array of how different types of firms can use medical data for their own purposes.

• Pharma Companies
  • Empower their salesforce to market drugs to more susceptible doctors
    • They can get fast feedback within weeks on whether their efforts on greasing doctors are working.
    • Large pharma companies pay $10-40 million per year for IMS Health data, consulting, and services.
  • Understand their competition and breakdown of market share
  • Understand patient behaviors:
    • Persistency (how long they keep a drug)
    • Compliance (how often they fill a prescription)
    • Switching behavior and what specific drugs they switch to
    • Concomitance (other drugs patient takes)
  • Predict which drugs will be sellers, market needs for different illnesses
  • Market medication to patients
    • Combine demographic data from anonymized sources that are enriched for your ailment or treatment, then use named sources to target named users who are more likely to buy. For example, a marketer might find that people who use a particular drug are in their 50s in rural Tennessee; they can then target people with that specific profile for their drug.
  • Market medication to providers
    • They can both market in response to what the provider tends to prescribe, and also customized to what the doctor’s patients have recently been diagnosed with
• Financial Traders
  • Use medical data as info to trade with—for instance, which drugs are popular and not can influence what stocks will rise and fall
• Researchers
  • Study long-term outcomes of different treatments
  • Study the effect of regulation on health outcomes
  • Public health studies, such as epidemics, drug use, health trends
• Employers
  • Study patient and spend data to figure out how to reduce costs
  • Benchmark their costs against other employers
• Healthcare Providers
  • Compare cost and quality with competition
  • Improve care internally
  • Market to recruit new patients
• Payers
  • Find billing fraud
• Insurers, Underwriters
  • Get patient consent for insurer to access named data on prescriptions, tests
  • Insurers can share info with each other through Medical Information Bureau
• Attorneys
  • Contact patients for class action lawsuits
• Advertising Platforms
  • Sell data to Google or Facebook to allow more precise ad targeting of their users
• More controversial or illegal uses—not currently done publicly, but are notable risks in an environment with such granular and plentiful data.
  • Employers can discriminate against people with higher healthcare costs
  • Lenders may charge higher interest to people with specific conditions
  • Insurers may charge higher life insurance premiums to those of a particular profile
  • Blackmailers may use health data to exploit people.
  • Traders may use health data of CEOs.

Notable Players in Medical Data

The book describes the following major players in the medical data industry.

IMS Health (now known as IQVIA)

• Founded by a German man, L.W. Frohlich.
  • He had a medical advertising agency, LW Frohlich & Co.
  • He then partnered with Arthur Sackler, at another ad agency, to split the business between competing pharma companies.
  • Frohlich developed new marketing practices for pharma, like sending telegrams to wholesalers to announce the new drug terramycin. He also developed direct mail to doctors.
  • As an advertiser, it was difficult to prove the effect of marketing on their clients’ bottom line, so Frohlich created Intercontinental Medical Statistics (IMS) with David Dubow to research market share, then use this to inform ad clients.
  • Frohlich died in 1971. Sackler’s brothers inherit the majority of IMS through a tontine. Some suspect Arthur Sackler was the originator of IMS and put Frohlich as its figurehead.
• IMS Health has the popular Drug Distribution Data service.
• Was acquired for $1.7 billion in 1988, under the same umbrella as AC Nielsen.
• In 1993, it started providing doctor profiles with its Xponent service
• It went public with an IPO in 2014.
• In 2015, the company had $2.9 billion in revenue. Half of the revenue came from information, and half from services. It made the logical step of providing consulting to its clients once they had the data.
• In 2016, IMS merged with competitor Quintiles, and the joint company was renamed IQVIA in 2017.
• The firm is said to have 90% of global market share.

PDS (Pharmaceutical Data Services), Source International

• Started by McKesson in 1978
  • Began with doctor surveys, then started buying prescription data from pharmacies
  • Funded by pharma like Merck, Pfizer
• Was purchased in 1988 by IMS execs Evans and Dennis Turner
  • Afterward, pushed into doctor-identified information, getting accurate data on prescriptions and sales per doctor
  • Renames as Source International
• Was acquired by Symphony in 2012

Verispan

• Was created by McKesson and Quintiles in 2002
• Got annual revenue of $100 million, with its biggest customer paying $6 million per year
• Was acquired by SDI, then acquired by IMS

ArcLight

• Started by Krieger from Cardinal Health. It challenged IMS with a few benefits:
  • It provided data reports more quickly
  • It gave large pharmacies equity in ArcLight to avoid upfront fees
  • Walmart stopped working with IMS because competitors could figure out individual store revenue numbers from IMS reports
• ArcLight went out of business in the 2000s a few years after trying to create anonymized patient dossiers. It had difficulty matching joining anonymized data.

Other data brokers and companies involved with medical data:

• Cardinal Health, ScriptLINE
• Symphony Health
• MedStat
  • Sold to Thompson in 1994 for $339 million
  • Then sold in 2012 for $1.25 billion to form Truven
  • Then sold to IBM Watson in 2016 for $2.6 billion
• Data analysis by insurers
  • United Health and Optum
  • Anthem and HealthCore
  • BlueBCBS and Blue Health Intelligence
• LexisNexis with its medical claims warehouse
• Medivo
• Examone, Milliman—prescription data for life insurance
• Practice Fusion
  • Gave away EMR technology free, to sell ads to users and sell patient data to brokers. Sought between $50,000-$2 million for data sets
  • Raised >$100 million but sold for $100 million to Allscripts, after a Department of Justice investigation into its practices
• Startups
  • Betterpath—shut down?
  • Carenity
  • Patientslikeme

The Forces For and Against Medical Data

Propelling Forces for Patient Data Selling

Here are forces that have propelled patient data selling over the past decades:

• A general public indifference about privacy
  • A majority of people do not opt out of anonymized sharing when given the option.
  • More recently, sites like Facebook, Google train people to expect a lack of privacy in their everyday life.
• Data sources (such as pharmacies and hospitals) want to improve their earnings numbers, and selling data is a high-margin boost to their bottom line.
• HIPAA only protects health data with identifiable info and only applies to providers, payers, and clearinghouses (so-called “covered entities”).
  • Other parties can bypass this with loophole
• Digitization of healthcare info makes transfer of patient data easier than mailing in receipts like in olden days.
• Medical data is sold for its purported benefits about helping people.
  • Manufacturers believe their drugs are good, so selling their drugs more effectively can only help more people.
  • Pharma salespeople believe they’re educating doctors about better medications.
  • Doctors believe more data access helps research studies.
  • Shared medical data is actually useful for research, and it’s legally difficult to block commercial uses while allowing research uses.
• More drugs available in the late 20th century, along with readily available reimbursement from insurers, power more marketing spend by pharma companies.
• Generics and me-too drugs require for more effective marketing to attract attention.
• Salespeople are actually effective—physicians are too busy to read the latest literature, so they’re swayed by salespeople pitches

Opposing Forces

Here are forces that have counteracted the sale of patient data:

• Negative public sentiment in a few dimensions:
  • General fear of privacy invasion
    • Korea has fought against the sale of anonymized data
    • Some patients ask, “If I pay you cash, will you keep my medical records private?”
  • Fear of being discriminated against using your medical record, resulting in:
    • Higher rates for life, health insurance
    • Job rejection
    • Blackmail
  • Providers feel manipulated by being tracked for their prescribing behavior.
    • Increasingly, providers are refusing to see salespeople
• Regulatory changes
  • Gifts to doctors from pharma are now largely prohibited.
    • Current guidelines are for gifts not to exceed $100, and they should be medically related (such as stethoscopes, not golf trips).
  • Some states are outlawing the use of prescription data for marketing.
    • For example, in New Hampshire, Vermont, and Maine.
    • But this was struck down by the Supreme Court, which hesitated to bar pharma but not researchers from accessing doctor-identified data.
  • The FDA is clamping down on me-too drugs, which will decrease the marketing demand to separate drugs that are largely identical.
• Insurance companies are now seeking higher co-pays for branded drugs vs. generics, which limits the marketing efficacy of branded drugs.
• Among researchers, there is a perception that it’s more difficult to get accurate insights from medical record data compared to a randomized controlled trial.

Miscellaneous Points

Here is a collection of notes about the healthcare industry that frame strategy.

• Physicians generally resist trends that threaten their dominance.
  • They resisted computerized patient data, since this would weaken the exclusive control they had over patient data.
• The fragmentation of healthcare across providers and EMRs makes it hard for any single party to force cross compatibility.
  • This gives rise to the problem where if you get emergency treatment in a different state, the hospital may not have access to your home patient record.
• Doctors are easily swayed by their base needs, like any other human.
  • Said one doctor: “Many reps are so friendly, so much fun to flirt with that it’s impossible to demonize them. How can you demonize someone who brings you lunch and touches your arm and remembers your birthday?”
• HIPAA allows any provider to view the whole EMR of a patient.
  • This has caused some consternation about being totally truthful with doctor.
• De-anonymization basically does a cryptographic hash of personal information, such as name, birth date, age, and location.
• It’s not illegal to re-identify anonymized data, though it may be a breach of contract.