Skip to content
Why this doctor posted his medical history online for anyone to see
Naked Security Naked Security

Why this doctor posted his medical history online for anyone to see

Would you want anyone and everyone to be able to see all your medical records? One doctor posted his entire medical history online, and he wants others to do the same.

Health privacyWould you want your friends and family to know your entire medical history?

How about sharing your personal health information with your employer, potential employers, insurance companies – anyone at all?

One doctor, John D. Halamka, MD, has posted his entire medical history online, and he wants others to do the same.

His wife, daughter, mother, father and father-in-law also volunteered to make their medical records publicly available for demonstrations of electronic health records and health information exchanges.

In a biographical article published on, Halamka explains his decision and rationale for sharing his medical history and his genome as part of the Personal Genome Project.

Dr. Halamka isn’t a run-of-the-mill family physician – he’s a professor, chief information officer (CIO) and dean of technology at Harvard Medical School, the CIO at Beth Israel Deaconess Medical Center in Boston, and practices emergency medicine.

He’s also chairman of the New England Health Electronic Data Interchange Network (NEHEN), CEO of a regional health information organization, and chair of the US Healthcare Information Technology Standards Panel (HITSP).

Clearly, this is a highly educated, credentialed and technologically-savvy person – so why is Halamka, in his words, voluntarily giving up his privacy?

Halamka says it’s for science – specifically, the data in his genome and medical records can be used for clinical trials and medical research.

It’s not like Halamka is putting his Social Security number out there for anyone to steal his identity (as the CEO of LifeLock did, with predictable results). That wouldn’t be wise.

Cybercriminals have breached millions of records at hospitals and major health insurers like Anthem in recent years not because they’re looking to find embarrassing medical facts about patients – they want personally identifiable information like Social Security numbers, names and addresses to commit identity theft and fraud.

But the information Halamka is giving away is highly personal, even if it’s not particularly embarrassing.

I’m no doctor, but examining his medical history it’s clear to me that Halamka is a very healthy 53-year-old: he’s a vegan who doesn’t smoke or drink alcohol; exercises at least 10 hours per week; has no unresolved medical conditions; and his family history shows no risk of cancer, diabetes or hypertension.

Halamka readily admits that this kind of openness is not for everyone – nor should it be.

To quote Halamka:

I am very sensitive to the fact that everyone has different privacy preferences. Data in the medical record could include sexually transmitted diseases, HIV status, domestic violence, substance abuse, and mental health issues that individuals do not want to share openly. I absolutely respect that.

He says sharing of health records should be “patient-driven,” and calls for legal protections for those who share their information publicly.

There are laws prohibiting medical discrimination by employers and insurers – such as the Genetic Information Nondiscrimination Act, and the Patient Protection and Affordable Care Act (“Obamacare“) in the US.

But existing laws might not be enough to protect people against discrimination – computer programs that slice and dice our data can learn things about us, including our health, even if we don’t publish our medical records online.

You’ve heard about “Big Data,” and how it can increase efficiencies in a host of ways. It can certainly be used improve medicine and the quality of healthcare.

But the vast quantities of data collected about us can be used in ways we might not ever know about, understand, or approve.

Data about our activity on Facebook can be used by algorithms to predict outcomes – such as substance abuse or sexual orientation – better than even our friends and family.

Algorithms also tend to discriminate against minorities, women, and other subjugated classes of people, like the poor – a kind of “data redlining.”

For instance, researchers recently discovered that men are far more likely than women to be shown ads on Google that are related to high-paying jobs.

And because machine-learning algorithms evolve based on what people do online, they tend to reinforce people’s prejudices – as an example, web searches involving names more closely identified with black people are more likely to turn up ads with “arrest” in them than searches for white-identified names.

As a Big Data review ordered last year by President Obama found, this kind of data-driven discrimination can have profound effects:

... outcomes like these, by serving up different kinds of information to different groups, have the potential to cause real harm to individuals, whether they are pursuing a job, purchasing a home, or simply searching for information.

Halamka argues that, because his medical records are out in the open for anyone to see, he doesn’t have to worry if hackers get them.

And that’s his choice.

Yet in our data-driven world, technology providers and policymakers should put the proper protections in place to make sure health openness or privacy is a choice for everyone.

Image of physician on a tightrope courtesy of


The doctor has no reason to fear consequences from making his medical record public. Privacy of medical information is the best choice for the majority of our population.


I disagree. (With the first part, not the second :-)

This guy’s a medical doctor himself, so he probably sees “medical record” as something that relates entirely to his own profession, and considers “privacy” more aligned to the idea that you don’t talk to patients in public (somebody tell surgeons that the recovery lounge in a day surgery is not private!) than to the notion that if someone knows a lot of intimate details about your life, they can rip you off more easily.

I wonder if this guy publishes his geolocation data all the time? His credit card transaction records? His tax returns? His email trail? Detailed medical data, if you ignore the purely medical aspects of it, is similarly open to abuse for social engineering and identity crime.

The point is, he shouldn’t give out his medical records willy-nilly *because he doesn’t know what use or abuse they might be put to* in the future. I can probably think of at least as many ways his medical data could be used in a scam centred around him or his family as reasons he can give why it might be useful to have it publicly accessible.

If in doubt, don’t give it out!


I’m not sure I agree with the analogy. I’m not sure that the world knowing that I had a motorcycle accident in 1988 that injured my tibia, femur, and pelvis is anywhere near knowing my present location. Nobody will get to pay my taxes before me because they know there is a scar there. Nobody will access my bank account because they know my most recent blood pressure test results.

You’re comparing age old data to current trending data. My health records don’t show where a frequent, where I work, what I do in my spare time, and what dark little secrets I may keep from the rest of the world. Those are things that can be discovered through email and credit card records, financial statements, tax returns, and geo location tracking.

So I agree with the OP. I doubt he has a single thing to worry about, but that’s a decision people have to make for themselves. Some people might have identifiable information in their records…I go to the doctor so rarely, the only thing anyone could garner from my medical records is that I’m accident prone. Just my $0.02.


It’s not an analogy, but a comparison. I agree that your 1988 medical records are probably not too useful to someone looking to “pretext” you, as would be your 1988 financial records. But don’t forget that for many people – anyone with even a modest and otherwise inconsequential chronic complaint – medical records say a lot about where you were, and also, perhaps, where you’ll be, for example because you make regular visits to a clinic or nurse’s surgery. (Where that surgery is from week to week may very well indicate where you live, or work, or when and where you like to go on vacation, by where it happens to be each week.)

And medical records, at least for those who aren’t 100% healthy all the time, tend to be inextricably linked with your financial records, anyway, unless you live in a country with a truly comprehensive free health service :-)


‘…minorities, women, and other subjugated classes of people…’

There are no such things as ‘subjugated classes of people’, except in the minds of those who write such politically conformist drivel. Every member of all ‘classes of people’ has a choice about ‘subjugation’ and everything else. They can say an individual ‘Yes’ or they can say an individual ‘No’ – and then act accordingly. Proof? Show me any ‘class’ and I’ll show you individual winners and individual losers, those who choose to rise above obstacles and those who choose not to do so. It’s individual human choice and performance, stupid, nothing else, unless you’re looking for excuses for your own individual failings.

‘And because machine-learning algorithms evolve based on what people do online, they tend to reinforce people’s prejudices….’

So the internet is too democratic for you. Suffer it, democraphobe.

As for the doctor featured in the story, it’s obvious what his motives are – he has several blatant individual professional interests in doing what he’s chosen to do. Why not point this out? What I find interesting is that he has persuaded his family and relatives to vote to do the same thing as he has done. They each had an individual choice. No one was ‘subjugated’. Isn’t democracy wonderful?


Perhaps the internet *isn’t democratic enough*? (Ever been homeless and tried to get online? In some countries, you can’t even get a mobile phone without proof of address, even on a pre-paid basis. So, bad luck if you don’t have an address. And in a significant part of the world, even if you can get online, the access speeds just aren’t good enough to make use of the latest “democratic” cloud-based web services, because they simply need too much bandwidth – try reading Gmail on an EDGE connection, for instance.)

The problem with sharing like this – as he has persauded his daughter, who is presumably a minor and legally his dependent, to do – is that *you can never undo it*. Crooks, scammers and charlatans can and surely will try to gain any advantage they can out of the data.

(As for “conformist drivel”…ironically, that’s sort of an implicit point that JZ made when he suggested that machine-learning algorithms tend to copy what the hips kids are saying, and therefore may reinforce prejudice, which is just conformism with some hatred mixed in, wouldn’t you say?)


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!