Better Balance Needed Between Patient Privacy, Data Sharing - InformationWeek
Healthcare // Electronic Health Records
11:00 AM
Eric Rasmussen
Eric Rasmussen
Free Yourself from Legacy Apps
Jun 08, 2017
They've served their purpose years ago, but now they're stretching your IT budget and increasing s ...Read More>>

Better Balance Needed Between Patient Privacy, Data Sharing

The need for more open sharing of medical data is particularly acute in times of crisis.

As a physician and a Navy officer, I've spent a professional lifetime protecting data. I've held very high security clearances in war zones and managed Intensive Care Units with AIDS patients who had nationally recognizable names. I've delivered care in Angolan refugee camps, in Haitian trauma centers, and in the slums of Bangladesh. My reflexes for data protection are carefully honed.

That said, the world has changed, and my reflexes need to give way to rational thought. We need to open both health data and health resource data. I think there are some safe, sensible, and effective ways to do it with benefits that far outweigh the risks.

As a society, we're collecting staggering amounts of data, much of it personal in some form. In 2012, humanity created 2.5 exabytes (2.5 x 10^18) of digital data every single day. Facebook generates 680,000 pieces of content every minute. In that same minute, Google gets 2 million search requests across 50 billion indexed web pages, Tumblr publishes 28,000 posts, and YouTube users upload more than 60 hours of video. By 2015, we'll have stored eight zettabytes of data (8 x 10^21) in everything from floating global datacenters to USB thumb drives. That's many, many times more data than all the words ever spoken by all the humans who have ever lived.

Improvised medical data tracking in Haiti.(Source: Eric Rasmussen, CC Attribution)
Improvised medical data tracking in Haiti.
(Source: Eric Rasmussen, CC Attribution)

A small portion of that stored data is related to medical care, and a much smaller portion is related to personal care of a given patient in a specific facility. We're careful to protect that data because we perceive both personal risk and a sense of violation if that information is disclosed without an ethical reason. Though understandable and admirable, it's a perspective that might benefit from some nuance.

Data worth collecting needs to be useful, usable, and used. To collect data and not allow it to become useful perhaps defeats the effort's value and probably wastes much of the time and treasure used in the collection process. If we're collecting but not releasing because of a potential privacy violation, we're taking a somewhat luxurious view of the value of personal privacy, especially in an emergency. Such a constraining view may not always be shared in the cultures where we work, and it may not fit circumstances in which we find ourselves working. Aggregated personal data can be of great utility in the preparation for a response, in the real-time allocation of resources, and in the recognition of a change in event conditions.

In the surgical tents after the Haiti earthquake, I took photographs of dressed amputations awaiting revisions because, for a while, the entire known medical record was written in Sharpie on that bandage. My photo was the only record not leaving with the patient.

A year ago, I led a team working response on Staten Island in the aftermath of Hurricane Sandy. The specific task for our team was the care of "invisibles" -- those ill, injured, or at risk of exposure who might be illegal immigrants, trafficked sex workers, domestic slaves, the homeless, and sometimes the mentally ill seeking a life of refuge in the woods and fields of that borough of New York. We were obligated to provide care for them without compromising their freedom to remain outside the system if they chose, and without inducing retribution from those who controlled them if we had no other options. That sometimes required a form of medical record that did not touch conventional systems and that incorporated a uniquely identifiable anonymity.

Over the year since Sandy, I've spoken with a range of professionals in medicine, computer science, bioethics, disaster management, and journalism, looking for the best thinking on how to approach keeping track of patients, their data, and the implications of that data when aggregated. My focus has not been the developed North, but the struggling South, and I've heard some very good thoughts.

An important new effort in Latin America and Southeast Asia, for example, is data preparedness. One part of that is a Human Security Taxonomy, an open-standards system used for understanding communities and their demographics, the risks they face, and the resources they can drawn on in an emergency. Medical resources with unique identifiers are an integral part of that. There are also global initiatives that collect critical disease outbreak details from community health workers in the villages of Cambodia, Thailand, Laos, and Vietnam and then funnel that semi-anonymized data to experts able to respond.

1 of 2
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
David F. Carr
David F. Carr,
User Rank: Author
11/21/2013 | 11:44:25 AM
This column gives a whole new perspective on #FirstWorldProblems - and in general the need to understand when privacy might not be the most important thing.
Alex Kane Rudansky
Alex Kane Rudansky,
User Rank: Author
11/21/2013 | 1:54:15 PM
The concepts Eric writes about are important and timely. But where does the funding for these types of projects come from? How do we stress the importance of data/privacy/the underserved?
User Rank: Ninja
11/23/2013 | 9:18:00 PM
Re: Funding
Data privacy is an important aspect. This is mainly affected for industries such as banks and hospitals since they have most of the sensitive customer information.
User Rank: Ninja
11/23/2013 | 9:23:48 PM
Re: Funding
Is there a particular time frame that you can keep data? For banks it's normally 5 years. What about for the medical industry?
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of Data and Analytics
Today's companies are differentiating themselves using data analytics, but the journey requires adjustments to people, processes, technology, and culture. 
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll