IoT
IoT
Data Management // Big Data Analytics
News
10/6/2014
11:55 AM
Connect Directly
Google+
RSS
E-Mail
50%
50%
RELATED EVENTS
Core System Testing: How to Achieve Success
Oct 06, 2016
Property and Casualty Insurers have been investing in modernizing their core systems to provide fl ...Read More>>

Healthcare Big Data Debate: Public Good Vs. Privacy

Big data's role in healthcare could be hindered by government privacy regulations such as HIPAA, say experts at the Body Computing Conference. Who should own health data?

25 Years Of Health IT: A Complicated Journey
25 Years Of Health IT:
A Complicated Journey
(Click image for larger view and slideshow.)

Big data is good for medical science, but potentially risky for the patient. By amassing and analyzing massive quantities of digital information from multiple sources, including an emerging class of wearable devices and smartphone apps, medical professionals will be well equipped to solve major health problems and warn people of emerging threats like the Ebola virus.

That's the goal, anyway. But big data's role in healthcare may be hindered by government privacy regulations such the US Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, which regulate the security and disclosure of personal health information by health insurers, medical care providers, and other entities.

And then there's the question of data ownership: In a world of information-sharing wristbands, watches, phones, and sensors, who owns the health data generated by these devices?

These were just a few of the big-data topics debated Friday at the 8th annual Body Computing Conference at the University of Southern California (USC) in Los Angeles.

The event, which drew healthcare, legal, investment, and tech industry professionals from across the country, included a panel discussion titled "Big Data Privacy and Health." The three-member panel consisted of health law and life sciences attorney Jill Gordon, a partner in the law firm Nixon Peabody; Matt Hogan, CEO of DataCoup, a two-year-old startup that enables consumers to aggregate and sell their anonymous personal data; and Dr. Michelle Longmire, CEO of Medable, a development platform provider that enables health-tech companies to build HIPAA-compliant apps and services.

[Want to learn how doctors are using data to improve patients' health? See Healthcare & Data: Partners At Last.]

The session's hot topic: From a consumer's perspective, health data is by far the most personal of big data. So who owns it?

"It's one thing for me to have an interaction and sign a form in my doctor's office, or participate in a clinical trial," said Gordon.

But in a data-sharing environment, this old-school approach won't always work.

Smartphone apps, for instance, may store personal data in two or more places -- on the device itself and elsewhere in the cloud.

Apple's HealthKit and other smartphone health apps raise privacy, data ownership questions.
Apple's HealthKit and other smartphone health apps raise privacy, data ownership questions.

"It's really complicated," said Hogan. "Data can exist in two different places at once, and the legal framework in the US is set up to deal with physical goods... It's harder to do when I swipe that debit or credit card, and data exists with the merchant and data exists with me.

"It's logical that if I'm creating all this data and I'm the chief stakeholder, I should have a seat at the negotiating table with regards to what happens to that data. And, perhaps more importantly, be the chief beneficiary of that data."

Longmire pointed out that HIPAA compliancy is a complicated, multi-faceted process that may prove challenging to tech companies, including app developers.

"HIPAA is understood to be one big term, but the truth is it's use-case specific," she said.

Longmire added: "HIPAA-compliant storage is encrypted; it's in one siloed place. But the technology behind HIPAA-compliant applications is a far more complicated use case. You have two-factor authentication, device verification, [and] encryption on device in transit."

Might HIPAA and other privacy safeguards limit the potential benefits of big-data aggregation and analysis?

"There are a lot of protections around data, but there are also reasons why you can access data," said Gordon. "For example, if you have a public health issue, there are lots of exceptions for the government to access data."

In the Q&A after the main discussion, one audience member cautioned the panel that "alarmist tendencies" of privacy advocates may indeed hamper big data's healthcare promise.

Longmire responded: "I think the challenge... is actually meeting the good and diverting the harm, because... the sensitivity of the data cannot be understated."

The owners of electronic health records aren't necessarily the patients. How much control should they have? Get the new Who Owns Patient Data? issue of InformationWeek Healthcare today.

Jeff Bertolucci is a technology journalist in Los Angeles who writes mostly for Kiplinger's Personal Finance, The Saturday Evening Post, and InformationWeek. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
pfretty
50%
50%
pfretty,
User Rank: Ninja
10/27/2014 | 4:49:30 PM
Non-identifyable
Tough call, but the middle ground here probably would reap the best results.  Being able to leverage healthcare data is meaningful in making crucial decisions. However, we need to learn to better respect privacy, especially in an environment were everythinig is collecting data and the level of access only continues to grow. Fortunately we seem to be addressing these issues at the same time that data usage is maturing. As a recent SAS poll shows there is still a long way for most organizations to grow. 

 

Peter Fretty
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
10/6/2014 | 5:04:47 PM
Re: 2 states of data
Information I found when researching Who Owns EHR Data? seems to point out that many patients are extremely willing to share data -- even data covered by HIPAA (such as ZIP code, condition, and age) with researchers who are seeking a treatment or want to prevent a disease, for example. That said, while I didn't look into this aspect, I would imagine the percentage of patients willing to release this information so a third-party can profit off their data is way, way lower. The same would go for advertising purposes, I'd imagine. And, despite legal protections, people have valid worries that they will or could be penalized if a health condition gets shared with an employer, potential employer, or other third party because of the merger of multiple, disparate data sources (such as credit card information -- that, perhaps, showed someone buying X, Y, and Z) and medical information.
Stratustician
50%
50%
Stratustician,
User Rank: Ninja
10/6/2014 | 4:24:31 PM
2 states of data
Great points here about the need for balance of ownership for health data.  For one, having anonymous data is a great source for firms who use medical data for research purposes and other "good" intentions.  That being said, there needs to be a second layer of more in-depth information that belongs to individuals that can hopefully later be used in the health care system for more specific treatment and monitoring purposes.  The two should absolutely be kept separate, but sadly, I don't think device manufacturers or other application creators have figured out how to split the two to ensure the more comprehensive data is secured solely for users while the anonymous data is made available to researchers and third parties.  I'd love to hear any suggestions how a two-layer approach could be done, or if there is indeed a better way to keep the data separate while still making it available for each party.
6 Tools to Protect Big Data
6 Tools to Protect Big Data
Most IT teams have their conventional databases covered in terms of security and business continuity. But as we enter the era of big data, Hadoop, and NoSQL, protection schemes need to evolve. In fact, big data could drive the next big security strategy shift.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.