You’re not so anonymous
When you visit a pharmacy to pick up antidepressants, cholesterol medication, or birth control pills, you might expect a certain measure of privacy. In reality, prescription information is routinely sold to analytics companies for use in research and pharmaceutical marketing. That information might include your doctor’s name and address, your diagnosis, the name and dose of your prescription, the time and place where you picked it up, your age and gender, and an encoded version of your name. Under federal privacy law, this data sharing is perfectly legal. As a safeguard, part of the Health Insurance Portability and Accountability Act (HIPAA) requires that a person “with appropriate knowledge of and experience with generally accepted statistical and scientific principles and methods” must certify that there is a “very small” risk of re-identification by an “anticipated recipient” of the data. But Latanya Sweeney, A.L.B. ’95, a visiting professor of computer science at Harvard’s School of...