Healthcare Big Data Debate: Public Good Vs. Privacy
Big data's role in healthcare could be hindered by government privacy regulations such as HIPAA, say experts at the Body Computing Conference. Who should own health data?
25 Years Of Health IT: A Complicated Journey
(Click image for larger view and slideshow.)
Big data is good for medical science, but potentially risky for the patient. By amassing and analyzing massive quantities of digital information from multiple sources, including an emerging class of wearable devices and smartphone apps, medical professionals will be well equipped to solve major health problems and warn people of emerging threats like the Ebola virus.
That's the goal, anyway. But big data's role in healthcare may be hindered by government privacy regulations such the US Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, which regulate the security and disclosure of personal health information by health insurers, medical care providers, and other entities.
And then there's the question of data ownership: In a world of information-sharing wristbands, watches, phones, and sensors, who owns the health data generated by these devices?
These were just a few of the big-data topics debated Friday at the 8th annual Body Computing Conference at the University of Southern California (USC) in Los Angeles.
The event, which drew healthcare, legal, investment, and tech industry professionals from across the country, included a panel discussion titled "Big Data Privacy and Health." The three-member panel consisted of health law and life sciences attorney Jill Gordon, a partner in the law firm Nixon Peabody; Matt Hogan, CEO of DataCoup, a two-year-old startup that enables consumers to aggregate and sell their anonymous personal data; and Dr. Michelle Longmire, CEO of Medable, a development platform provider that enables health-tech companies to build HIPAA-compliant apps and services.
The session's hot topic: From a consumer's perspective, health data is by far the most personal of big data. So who owns it?
"It's one thing for me to have an interaction and sign a form in my doctor's office, or participate in a clinical trial," said Gordon.
But in a data-sharing environment, this old-school approach won't always work.
Smartphone apps, for instance, may store personal data in two or more places -- on the device itself and elsewhere in the cloud.
Apple's HealthKit and other smartphone health apps raise privacy, data ownership questions.
"It's really complicated," said Hogan. "Data can exist in two different places at once, and the legal framework in the US is set up to deal with physical goods... It's harder to do when I swipe that debit or credit card, and data exists with the merchant and data exists with me.
"It's logical that if I'm creating all this data and I'm the chief stakeholder, I should have a seat at the negotiating table with regards to what happens to that data. And, perhaps more importantly, be the chief beneficiary of that data."
Longmire pointed out that HIPAA compliancy is a complicated, multi-faceted process that may prove challenging to tech companies, including app developers.
"HIPAA is understood to be one big term, but the truth is it's use-case specific," she said.
Longmire added: "HIPAA-compliant storage is encrypted; it's in one siloed place. But the technology behind HIPAA-compliant applications is a far more complicated use case. You have two-factor authentication, device verification, [and] encryption on device in transit."
Might HIPAA and other privacy safeguards limit the potential benefits of big-data aggregation and analysis?
"There are a lot of protections around data, but there are also reasons why you can access data," said Gordon. "For example, if you have a public health issue, there are lots of exceptions for the government to access data."
In the Q&A after the main discussion, one audience member cautioned the panel that "alarmist tendencies" of privacy advocates may indeed hamper big data's healthcare promise.
Longmire responded: "I think the challenge... is actually meeting the good and diverting the harm, because... the sensitivity of the data cannot be understated."
The owners of electronic health records aren't necessarily the patients. How much control should they have? Get the new Who Owns Patient Data? issue of InformationWeek Healthcare today.
Jeff Bertolucci is a technology journalist in Los Angeles who writes mostly for Kiplinger's Personal Finance, The Saturday Evening Post, and InformationWeek. View Full Bio
6 Tools to Protect Big DataMost IT teams have their conventional databases covered in terms of security and business continuity. But as we enter the era of big data, Hadoop, and NoSQL, protection schemes need to evolve. In fact, big data could drive the next big security strategy shift.
Big Data Brings Big Security ProblemsWhy should big data be more difficult to secure? In a word, variety. But the business won’t wait to use it to predict customer behavior, find correlations across disparate data sources, predict fraud or financial risk, and more.
Top IT Trends to Watch in Financial ServicesIT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Join us for a roundup of the top stories on InformationWeek.com for the week of September 18, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."