Healthcare // Mobile & Wireless
Commentary
6/17/2014
12:00 PM
Alison Diana
Alison Diana
Commentary
50%
50%

When Is Anonymous Data Really Anonymous?

Confusion over the standards for anonymous data, or deidentification of data, damages adoption of mHealth apps, curtails innovation, and could generate needless extra laws.

Technology Declares War On Cancer
Technology Declares War On Cancer
(Click image for larger view and slideshow.)

Peer closely through healthcare apps' terms of service and almost invariably you'll discover the information you share ultimately could be "deidentified" or "anonymized."

By reducing your data to one record among many, developers then can share the resulting database with researchers, pharmaceutical companies, government agencies, or anyone else interested in buying this information. What's the harm? Perhaps, hidden among what you ate for breakfast, the hours you slept, or miles you walked, is a cure for cancer. Of course, workout clothing designers, sneaker manufacturers, and granola bar makers could want this information, too.

While the Office for Civil Rights provides guidance on deidentification, there's no way to measure whether app developers abide by these recommendations, says Daniel Castro, director of the Center for Data Innovation, in an interview. Some simply remove users' names from databases before selling them, and call them deidentified, he said. Keeping all other information intact -- such as gender, age, and ZIP code, for example -- could allow another organization or individual to determine a patient's identity.

"A lot of organizations haven't thought too deeply about how to deidentify data. They'll strip out [some] data and that's that," he says. "That's not deidentified data. The government has a really important role to play here. It could really work on developing best practices in this area."

But government has been slow to promote deidentification at all -- and that's a big hurdle that limits healthcare advances, stymies innovation, and is overly protective, given the country's existing patient health information (PHI) privacy rules, according to the Center for Data Innovation. Without patient-created data from apps, wearables, and other sources, the analytics engine will go unfueled. Healthcare providers, payers, and researchers will solely access clinical or artificial data, as they remain locked away from consumers' own information, says Castro. That eliminates too much valuable, honest data from healthcare's datasets, he says.

(Image: Derrick Jones/Flickr)
(Image: Derrick Jones/Flickr)

On Monday, the center released a whitepaper, "Setting the Record Straight: Deidentification Does Work," designed to promote the safe use of deidentified data in healthcare and other markets. "We're really hoping it changes the conversation in Washington about deidentification," says Castro.

While several early studies showed how easily deidentified data was reidentified, standards or mandatory guidelines would prevent organizations from taking shortcuts or empower consumers to avoid developers that don't adhere to deidentification best practices.

To ensure patient privacy, consumers' records must be safeguarded from being uniquely identified and cannot be linked to another database that includes personally identifiable information.

To meet HIPAA requirements for using deidentified data, organizations must modify or remove 17 elements, the Center for Data Innovation wrote. For example, birth dates can only include the year -- no month or day, and only the first three digits of a ZIP code can be shared if the population is greater than 20,000 (or changed to 000 if it's a smaller populace).

Laws such as HIPAA and the Safe Harbor Act protect patients from any harm due to a breach of health information, said Castro. Despite rumblings of concern the White House Report on Big Data generated,

Alison Diana has written about technology and business for more than 20 years. She was editor, contributors, at Internet Evolution; editor-in-chief of 21st Century IT; and managing editor, sections, at CRN. She has also written for eWeek, Baseline Magazine, Redmond Channel ... View Full Bio
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
6/20/2014 | 2:22:00 PM
Researcher Perspective?
Thanks, @RightPatient. I wonder what researchers think about this topic: Do they think lack of transparency and standardization holds back some usage? Most people I've spoken to say they don't mind their information being used for the good of many, as long as it cannot be traced back to them as an individual. 
RightPatient
50%
50%
RightPatient,
User Rank: Apprentice
6/20/2014 | 9:45:19 AM
Re: Imagine the implications of non de-identified data across HIEs
Thank you so much for your feedback Alison. This is such a fascinating topic, we would welcome any follow up articles you can write about this topic as your editiorial calendar permits!
Alison_Diana
100%
0%
Alison_Diana,
User Rank: Author
6/19/2014 | 10:17:48 AM
Re: Imagine the implications of non de-identified data across HIEs
Thanks so much, @RightPatient, for your kind words. It's the kind of article I enjoy writing because it's a topic I think we all have to think about. It is, after all, affecting us and will continue to do so; if we don't figure out the details soon, the status quo will continue and I'm not so sure that's a good thing. 

Your question about HIEs is intriguing. As far as I know, deidentification is deidentification and the lack of standards crosses all lines -- from apps to HIEs to EHRs and beyond. So the same confusion that I (hopefully) described in this article similarly occurs in health information exchanges and electronic health records -- with far more dangerous repercussions, since these databases DO contain both Social Security numbers AND real patient data, such as names, addresses, ages, and potentially embarassing information including STDs, drug abuse, contagious diseases, alcoholism, or extra-marital affairs. However, HIEs and EHRs ARE covered by HIPAA (and perhaps other laws regarding privacy?), because of this information, so I would think they must therefore meet the government's deidentification guidelines (which I linked to in the article). These comments are just my musings on the topic; I don't know and have not spoken to anyone about this aspect of deidentification and anonymity. I think I will do some research and follow up in another article at some point, if you think that's warranted?


For sure, though, the data within HIEs is deidentified and mined. There are startups founded specifically to mine healthcare data from various sources, differentiating themselves on their turnaround time (as in the newness of their data), the variety of data, and size of their data pool, for example.
RightPatient
50%
50%
RightPatient,
User Rank: Apprentice
6/19/2014 | 8:50:06 AM
Imagine the implications of non de-identified data across HIEs
Great article Alison. Was just thinking outside of the healthcare app box and how this conundrum could effect the rising use of HIEs to advance population health initiatives. What guidelines are the HIE initiatives following to ensure that data exchanges strip personal, identifiable data from health records when providers look to mine that data for analytical informaiton? Or does this not apply to HIEs?
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
6/18/2014 | 9:05:29 AM
Re: Security
That's true, @Henrisha. I'd think the data from mHealth or wearables is of less interest to hackers, since it does not usually include saleable info like Social Security or insurance numbers. That's the data that's valuable, selling for $50-$60 per record, from what healthcare and security execs told me. 
Henrisha
50%
50%
Henrisha,
User Rank: Strategist
6/18/2014 | 6:27:34 AM
Re: Security
I agree with you. When data is sold, it's done so in an obviously much more controlled manner and environment. When it's stolen, everything's a mess and the actual culprits are difficult to hold accountable because most of them don't end up getting caught and brought before the law.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
6/17/2014 | 3:13:24 PM
Re: Toxic culture
It really is a shame because it's definitely holding people back from using apps they want to leverage for their own health. Standardizing on what deidentification means and equipping consumers so we can decide to only use apps that meet a preset deidentification standard would, I bet, encourage more people to use these apps and wearables. As Daniel told me, before there were cryptography standards, organizations could say their data was encrypted. It may have had some level of encryption, but that didn't mean it was necessarily secure. We need to have the same thing with deidentification - at least a baseline level to assure users, developers, researchers, etc., that a certain minimal level has been met.
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
6/17/2014 | 2:24:23 PM
Re: Security
I don't know about time limits. Trending data over time is one of the most basic forms of analysis.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
6/17/2014 | 2:19:03 PM
Re: Security
That's a good start and could address some privacy and consumer advocates' concerns. That said, I don't know that healthcare researchers, marketers, or other organizations buying this research are interested in older data, even in the 'value' it provides as helping paint a more complete picture of an individual. While it may be helpful to some extent, the information collected via personal health devices and apps doesn't necessarily lend itself to historical research -- or does it? Would it be important to researchers that someone was, for example, a vegeratrian for a year, and then wasn't? Or someone who never walked more than 1 mile a day is now walking at least 3 miles daily? I don't know... 

I like the idea of giving a mandated timeframe for data collection and "ownership." The fact that someone once used an app shouldn't mean a developer or other company then has the "right" to hold onto that data into perpetuity, if they choose to do so. 
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
6/17/2014 | 2:14:17 PM
Toxic culture
It's unsurprising that government has been slow to promote deidentification given the political climate. Can you imagine the spin that ACA critics would put on the concept -- that is, if this administration were to explain the concept in terms simple enough for them to comprehend?

It's a shame, too, because all that data could indeed fuel the analytics engine and power advances that would benefit everyone.
Page 1 / 2   >   >>
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.