The possibilities and pitfalls of monetizing healthcare data

Bryn Roberts, PhD

Global Head of Data Services at Roche Diagnostics

Simone Edelmann, PhD

Editor at

The possibilities and pitfalls of monetizing healthcare data

8 December 2021 | 10min

Quick Takes

  • Data monetization in healthcare is a growing business with companies using it to negotiate beneficial terms or conditions with business partners; for bartering information; to sell outright; or to add value to an existing offering

  • There is tremendous opportunity and innovation that can be linked to monetization, but this raises several questions around data privacy and security

  • Blockchain technology may provide one avenue to allow patient-level data to be shared and monetized securely, whilst preserving privacy

Data are often seen as the new “oil” or “gold,” and the one who has data will be able to convert their potential into improved insights, services, and financial advantages. For healthcare, this means the chance to revolutionize healthcare delivery into a more personalized approach. This also means that healthcare companies and patients alike sit on an ever-growing mountain of valuable resources and the trend of healthcare data monetization will continue to grow.1

Data open the door to innovation and new revenue streams

With a projected compound annual growth rate of 36% between 2018 to 2025 – data generated in healthcare are expected to surpass the growth of data generated by manufacturing, financial, and media & entertainment industries within this timeframe.2

Driven by its potential to unlock innovation, the main reasons for this data explosion in healthcare are:

  1. Digitalization and disruptive technologies such as imaging, sequencing, wearables, mobile health apps, big data analytics, cloud computing, and blockchain, among others, are leading to increased data generation, as well as novel ways for companies to create insights and value from data
  2. Healthcare is currently undergoing a paradigm shift towards patient-focused outcomes and services to meet the needs of digitally-empowered patients3

Given all the benefits that data and data-driven insights can deliver, it is not surprising that ways to monetize data have been growing in interest. 

Data monetization in healthcare 

Data monetization refers to the process of using data to obtain quantifiable economic benefit.4 Organizations can monetize their data by providing data access to third parties, commonly referred to as direct monetization, or by using analytics to derive insights from data to improve internal processes, products, and services, known as indirect monetization. The overall data monetization market is poised to touch a valuation of $USD 707.86 billion by 2025,5 making it a valuable instrument for healthcare systems and related companies.

There are various ways that data can be used to generate revenue: to negotiate beneficial terms or conditions with business partners; for bartering information; selling data outright, either via a data broker or independently; or as information products and services, including information as a value-added component of an existing offering.4

Let’s take a closer look at how data monetization, particularly direct monetization, could work in healthcare.

  • Data-oriented, personalized products as add-on services: A health insurer can provide wellness recommendations utilizing data from an individual’s personal health devices, in the form of a fee-based offering.
  • Data-as-a-Service: Share the data assets in their raw, native form. In this case, diagnostic labs might share de-identified diagnostic data as a paid offering to pharmaceutical research organizations, who could in turn use them to gain more insights into disease conditions and symptoms. Learn more about data privacy and security in our recent article. 

Patient empowerment and digital savviness as a driver and barrier to data sharing

One of the major trends in healthcare is patient empowerment. Patients are empowered regarding information about themselves, and they may choose to share that information – data – with people and organizations that they believe will give value back to them. 

Studies show people are comfortable providing their own doctor with this information, but significantly fewer want that information shared among other groups, such as other doctors, health insurers, or healthcare companies – and even less so with technology or social media companies.6  For instance, companies like Google and Microsoft have tried entering the health data arena with initiatives that were focused solely on data integration and management for patients, but these didn’t take off as hoped.7,8 Apple has made some inroads with its Apple Health Records app, yet it is still too early to know how this field will progress in the future.9

Ironically, it is the growth in the use of social media, wearables, and apps that is driving this move toward patient empowerment – and people are already sharing extensive amounts of data on these platforms, with or without their knowledge.

What becomes apparent, however, as reported in a recent survey by McKinsey & Company, including 1,000 North American consumers, is that people are becoming increasingly intentional about what types of data they share and with whom they share them.10 Although respondents were more likely to trust healthcare organizations to protect their privacy and data over technology companies (44% vs 17%), there is still a way to go in terms of consumer or patient trust.10

Adapted from McKinsey survey of North American consumers on data privacy and protection, 201910

What is clear is that the healthcare industry is different from others, such as music and entertainment. For one, it is a highly regulated industry that is local in its execution. This means that, for example, while data security and privacy are issues facing all organizations, healthcare is governed by a multitude of strict national and regional laws, particularly when it comes to data protection, which perhaps makes it more trusted. 

Society is becoming sensitized to how some tech companies and advertising companies have been accessing and using data, through mechanisms like third-party cookies, and I anticipate the bar being raised significantly as healthcare apps and data become more widespread on platforms like smartphones.

Bryn Roberts, PhD, Global Head of Data Services at Roche Diagnostics

Clearly, the use of patient data and the emerging models of commercializing innovation raise specific questions: who has what rights relating to the data, who gets access to them, and who gets to share the benefits when the data are monetized?  For this reason, data anonymization, security, and informed consent are essential components for any sharing of patient health data, as patients are often reluctant to share their health data if they believe their privacy or other interests may be compromised.

Consent for data use

It is debatable whether large organizations should be allowed to make money by selling or trading healthcare data without obtaining patients’ consent, especially if those data are not fully anonymized.

For example, concerns were raised in relation to Google’s acquisition of Deepmind, which could potentially have given Google access to patient data through inherited partnership agreements entered into with a number of UK NHS trusts.11,12 Google’s further acquisition of Fitbit resurrected fears that Google would combine users’ health and fitness data, along with related data collected through other Google services, without users’ knowledge or consent.13

Does anonymizing data really protect the patient?

De-identification, or “anonymizing”, datasets before sharing them, means stripping any information from the data that could, under reasonable conditions, be associated with a specific individual. These identifiers (names, dates, addresses, identification or account numbers, etc.) must be removed from a dataset before it can be shared with any third parties to ensure the preservation of privacy. 

De-identification has been the primary method of protection when healthcare data are used, shared, and sold while preserving people’s privacy. However, there are two questions related to data de-identification. First, are these data truly anonymous? And second, should there be a mechanism to re-identify them in certain cases? 

Recent research has demonstrated that de-identified data does not necessarily remain truly anonymous. By cross-referencing information from multiple other sources, one can associate a person with particular information even after it is anonymized. A 2019 study showed that researchers could correctly reidentify 99.98% of Americans in any dataset using 15 demographic attributes.14 Companies or groups could leverage other data – purchased data, social media, data from technology – to reconstruct anonymized data and use it for their own gain. 

But what about the flip side: data that are pseudonymous (processed to no longer be attributed to a specific individual without the use of additional information), but could benefit the individual if they could be identified? Genomics England is a project set up in 2014 to sequence 100,000 genomes from NHS patients with rare diseases and cancer15. Healthcare and pharmaceutical companies are able to access and work with those data in a pseudonymized form. However, if these companies find patients carrying a specific genetic variant for which they are developing a drug, there is a mechanism to enable the company to reach out to those individuals and invite them to join a clinical trial.  This reconnection process is fully consented to and handled in a privacy-preserving process via the appropriate healthcare professional. 

Likewise, if healthcare companies discover something, for example from a clinical trial, that has some health implications, are they able – or even obliged – to provide that information back to the individual? The question becomes: What are the responsibilities over time to maintain the integrity of that privacy arrangement or the data contract that is held with an individual? How can this be done safely and securely? 

Additional considerations when dealing with genetic and genomic data, such as sequences, is that:

  1. These data are extremely difficult, if not impossible, to fully anonymize,16 and
  2. They have implications that go beyond the individual concerned, to affect family members or members of other identifiable groups.  Therefore, sharing or monetizing such data may arguably require consent from multiple individuals.17

Blockchain as a tool to address privacy issues

Blockchain technology may provide one possible solution for patients to share and monetize their health data in a secure and private way. Blockchain is a peer-to-peer decentralized distributed ledger technology that makes the records of any digital asset transparent and unchangeable, and it doesn’t involve any third party to do so.18

Blockchain uses cryptographic keys that can give patients access control to their data. In essence, a patient would have a “master” key to “unlock” health data. They could then decide to give a copy of this key to health care professionals or institutions, as needed. Actions may be restricted to reading or writing information, to subsets of information, and the keys can be revoked by patients in the event of a data breach. 

Because they are transparent, unalterable, and open source, blockchains serve as the basis for a new generation of transactional applications. Using blockchain could give patients control over their data and the power to grant access to providers, entities, or companies for communication, collaboration, or research in disease treatment and prevention, without sacrificing privacy.

Using blockchain in this way could be an essential tool as patients consider monetizing their own data, or if they have a special interest in a particular disease area, because blockchain provides the controls, measures, and checkpoints to ensure that this happens in a secure way.

In one example, Open Health has launched a platform called PatientSphere that allows patients to monetize their health data by connecting companies or research institutions with people who fit the criteria for different studies or analytics. Users can share their health records with pharmaceutical companies, health systems, and insurers in return for a fee. This model uses blockchain technology to secure its data exchange, and this helps resolve data governance and privacy concerns seen elsewhere. 

Industry expert insights on healthcare data monetization   

Bryn Roberts, Global Head of Data Services at Roche Diagnostics, shares his responses to the following questions regarding the monetization of data in healthcare, its risks and rewards, and potential solutions to secure data sharing. 

HT: What are your top recommendations for organizations looking to monetize data?  

Bryn Roberts: Initially, focus on indirect monetization.  Every healthcare organization should be leveraging analytics to derive insights from data to improve its efficiency and effectiveness. Direct monetization requires careful analysis of the risks/benefits and may not be appropriate in many cases. 

HTCurrently, do you think the benefits of sharing patient data outweigh the risks from an organizational and patient-level perspective?  

Bryn Roberts: Yes, as long as they are processed and managed in a compliant fashion, by trusted parties, for the creation of value in healthcare.

HT: What is your take on blockchain, and its ability to unlock the exchange and monetization of health data? Could blockchain be the guarantee for safe data sharing that patients might need?  

Bryn Roberts: Blockchains certainly have the potential for the management of contracts and transactions between data providers and consumers.  They have particular value when working in an ecosystem of untrusted or unknown parties.  For healthcare data, this may not be the ideal environment so blockchain may not be a requirement for success, even if it is one potential solution approach.

Read our full interview with Dr. Roberts on, “How to successfully ensure data privacy and security to transform healthcare?” to learn more.

Bryn Roberts, PhD has a PhD in Pharmacology and a background in Data Science. He joined Roche in Basel in 2006 and, in his current role as Global Head of Data Services within Roche Diagnostics, Bryn’s accountabilities include data strategy, architecture and governance, data engineering, and data science. Beyond Roche, Bryn is a Visiting Fellow at the University of Oxford, with interests in AI and machine learning, systems biology, and scientific software development. He is an Associated Faculty member with the University of Frankfurt Big Data Lab and lectures in medical informatics at the University of Applied Sciences, NW Switzerland. He is a member of several advisory boards including the Pistoia Alliance, University of Oxford Dept of Statistics and SABS Centre for Doctoral Training, the Microsoft Research/University of Trento Center for Computational and Systems Biology, and RoX Health.

Simone Edelmann, PhD is an editor and contributor at After completing her PhD from the Institute of Biotechnology at the University of Lausanne, Switzerland, she found her passion in medical and scientific communications. She is dedicated to delivering high-quality content on the topic of the future of healthcare to our readers.


  1. Businesswire (2021). Global Data Monetization report available from—Growth-Trends-COVID-19-Impact-and-Forecasts— [Accessed November 2021]
  2. Reinsel, Gantz, & Rydning. (2018). International Data Corporation (IDC) white paper available from [Accessed October 2021]
  3. Srinivasan et al. (2019). Tata Consultancy Services white paper available from [Accessed November 2021]
  4. Gartner. (2021). Information Glossary available from [Accessed November 2021]
  5. Transparency Market Research (2018). Data Monetization Market report available from [Accessed November 2021]
  6. Lewis. (2019). Article available from [Accessed November 2021]
  7. Google. (2011). Article available from [Accessed November 2021]
  8. TRUONG. (2019). Article available from [Accessed November 2021]
  9. TRUONG. (2019). Article available from [Accessed November 2021]
  10. Anant et al. (2020). Article available from [Accessed November 2021]
  11. Reuter. (2021). Article available from [Accessed November 2021]
  12. Stokel-Walker. (2018). Article available from [Accessed November 2021]
  13. Osterloh. (2021). Article available from [Accessed November 2021]
  14. Rocher et al. (2019). Nat Commun 10, 3069. Study available from [Accessed November 2021]
  15. Genomics England (2021). Website available from [Accessed November 2021]
  16. International Association of Privacy Professionals (IAPP). (2021).  Article available from [Accessed November 2021]
  17. National Human Genome Research Institute. (2019). Article available from [Accessed November 2021]
  18. Srivastava (2021). Blockchain Council article available from [Accessed November 2021]