People willingly provide health data to third parties now more than ever. Take, for example, the popularity of mail-in DNA tests, which allow users to collect their DNA at home, then mail it to a laboratory for processing. Or the health apps TAO Connect and You at College, which, when combined, reach more than 200 college campuses across the country and ask students to provide sensitive information, such as whether they’re feeling anxious or depressed, or if they use drugs.
Recently, the Department of Defense released a memo that warned members of the military to stop using mail-in DNA tests. And DoD spokeswoman Elissa Smith later explained to press, “We want to ensure all service members are aware of the risks of Direct to Consumer genetic testing. The unintentional discovery of markers that may affect readiness could affect a service member’s career, and the information from DTC genetic testing may disclose this information.”
That information could also affect your ability to get security clearance.
Not only could the information obtained by those third parties be released during the application process, but Jennifer King, Ph.D., the director of consumer privacy at the Center for Internet and Society at Stanford Law School, points out that the information could be used at a later date as a blackmail tactic. “You are giving apps extremely sensitive data in many cases, data that normally you might only give a doctor, yet it’s not protected by the doctor-patient relationship or HIPAA,” she explains. “So, if I were in the market for a security clearance, I would be very wary.”
People not seeking security clearance might also benefit from thinking twice before using a mail-in DNA test, because we simply can’t know how that data will be disseminated, interpreted, or later used. “The difficulty is understanding what might happen to the various kinds of data you give up,” King explains. “Something that is individually innocuous—like heart rate—might not be so [innocuous] if either aggregated over time, or combined with other data to paint a broader picture—accurate or not—of you and your health.” And that picture could be provided to others, without your consent or even knowledge—and for anyone, that can be a dangerous prospect.
If you’re applying for security clearance and have used a mail-in DNA test, health app, or other third-party program that collected your health data, there may be steps you can take to protect your information. King says that California residents may request that companies delete your data, and they must comply—no questions asked. “Outside of California, you could try to ask a company to delete it, but it’s possible they could refuse,” she says. So, “the only strategy I can imagine is to stop using the apps of concern and asking the companies to delete all of your data.”
Want to Use a Health App? Read the Fine Print.
And if you haven’t yet used a mail-in DNA test or health app but simply can’t resist, then King encourages you to read the company’s privacy policy before submitting your information. “I hate telling people to read privacy policies, since they aren’t written for non-lawyers in most cases, but it’s worth trying in this case in order to try to discern whether the company is sharing or selling it with others,” she says. “Occasionally, some companies are actually straightforward on this issue and will tell you they don’t. Even so, if the company should go out of business in the future, the data could all be sold, so a privacy policy is only reliable up to a point—and then you have to decide if you trust the company.” And if you don’t, wisdom says don’t submit your data.