I-MED patients say they’re going to stop using Australia’s largest medical imaging clinic after it was revealed the business was giving medical scan data to a health technology company to train AI, as patient advocacy and privacy groups raise concerns about the practice.
Last month, Crikey revealed that I-MED had given potentially hundreds of thousands of chest x-ray scans to harrison.ai, without patients’ knowledge, to train a radiology AI tool.
While both companies say they’ve complied with their legal obligations, including by “de-identifying” the scans, patients have told Crikey they were unaware and upset about sensitive medical information being used in this way.
Isha Kuhns, who said she’s had chest and spinal x-rays done through I-MED for the past 15 years, said the news has prompted her to reconsider her radiology provider.
“It’s frustrating that these scans were handed over to a third party when I can’t even access a radiology report as the patient without my doctor viewing it first,” she said to Crikey in a message.
Kuhns isn’t opposed to using medical information to help improve technology, but said “ethics always needs to come first”.
She also said switching providers comes with a cost.
“It’s also potentially difficult to switch between providers for folks with a complex medical history — it’s useful (and sometimes necessary) to be able to compare current scans to previous ones and that isn’t an option when swapping to different providers,” Kuhns said.
Melanie de Wit said she has been referred to I-MED for a bone density scan but is going to go to another imaging provider now.
“I’m keen to stay very far away from them now,” de Wit told Crikey.
She’s very conscious of patient privacy issues, citing concerns about the federal government’s My Health Record.
“Sending any of this data out into the world is asking for trouble,” she said.
Australian Patients Association chief executive officer David Clarke said the I-MED harrison.ai AI training deal shows how some medical companies treat patient data as if they have complete control over it.
“Patients own that information, and there are privacies and protections when medical firms and health care providers hold that information,” Clarke told Crikey.
He said this attitude is part of a larger problem of how providers treat patient data, often making it difficult or impossible to access their own medical information.
“Patients are sometimes denied access to their own bloody health records,” he said.
Australian Privacy Foundation chair David Vaile said that ownership and access to patient data is a “big problem” in Australia. He said that there’s a tendency from medical companies to treat this information as an asset without considering legal obligations.
“There are legal entitlements of the person who the information is about. It doesn’t matter that you own the hard disk beneath it. You could sell the hard disk to someone else, but you’d have to scrub the personal information from it,” Vaile told Crikey.
Between I-MED’s handover of chest x-rays and its data breach (first reported by Crikey last week), Vaile said the company’s handling of data should alarm patients.
“You don’t know who’s going to get them. Who’s going to trade them? You don’t know what other datasets they’re going to be combined with. You don’t know what other possible things could be done with that,” he said.
Last week, the Australian Financial Review reported that both the harrison.ai AI training partnership and the data breach had been raised as issues with potential buyers of I-MED as part of its sale process.
While the data breach may be contained, the Street Talk column wrote there was “a question about whether its [harrison.ai partnership] passes the pub test, just as the federal government moves to reform privacy laws, and make some patients think twice about using its services”.