Healthcare // Security & Privacy
News
8/25/2014
12:35 PM
50%
50%

When Big Data & Infants' Privacy Collide

Technology allows researchers to discover newborns' genetic secrets, but the long-term repercussions worry some parents and privacy advocates.

Healthcare Dives Into Big Data
Healthcare Dives Into Big Data
(Click image for larger view and slideshow.)

For decades, hospitals have conducted blood tests on newborns, checking babies for various conditions, treatable and not. Today's less costly tests, genomic research, and technological advances, coupled with differing policies across states, worry some privacy and ethics advocates.

Whereas some states allow parents to opt-in for testing, others have an opt-out approach. Critics argue parents have little to no say in whether this data is collected, where and how long it's stored, and what organizations do with this information. Lower genome testing costs sparked debate about researchers' right to use this information; who should learn of infants' chronic conditions and when; and the type of data government, researchers, payers, or healthcare providers can cull. Other concerns surround the storage and transmission of data that's not de-identified and its potential theft.

"With genetic testing, you always have to find out the results. You need counseling. You deprive the child of genetic privacy forever," said Twila Brase, president and co-founder of the Citizens' Council for Health Freedom. "The only person who should sequence a person is the person."

[Two sides to the same coin. Healthcare Big Data: Blessing And Curse.]

Policies vary by state -- and by legislation.

In May, Minnesota Gov. Mark Dayton signed a law allowing the state to indefinitely store blood spots for future research. Parents can opt out. In New York, parents can decline testing for religious reasons, said the Wadsworth Center, NY Department of Health, which screens the state's newborns for more than 40 inherited metabolic conditions.

Opting out of a process, especially when parents typically receive a pamphlet on DNA collection within 24 hours of birth, is not informed consent, said Brase. In response to a lawsuit, Minnesota in 2011 destroyed all previously collected blood samples. Likewise, in 2009 Texas destroyed more than 5 million samples after plaintiffs successfully argued the state failed to get parental authorization. Parents, fearful their infants' DNA would be stored in perpetuity and potentially used by groups such as law enforcement or insurance companies, argued the collection violated constitutional protections against unlawful search and seizure. After this lawsuit, another family worked with the Texas Civil Rights Project to sue Texas regarding at least 8,800 samples that could not be destroyed because they were in the hands of the federal government for use in a DNA database designed to identify missing persons and solve cold criminal cases. This national database of mitochondrial DNA includes de-identified DNA information, Texas officials told the Texas Tribune at the time.

Some people wanted Texas officials to individually contact parents for retroactive permission to store the data. But that would have been expensive and time consuming.

"The state kept those blood spots, de-identified them, and then stored and used the blood spots for research. People found out about this and were upset because the government kept their infants' DNA without parental consent," Brenda Tso, a healthcare attorney at Khouri Law Firm told InformationWeek. "In reaction to the Texas Department of State Health Services blood spot fiasco, the legislature passed a law requiring that a disclosure statement be given to parents about their infant's blood spots being collected, stored, and used for research. Under the law, parents can request to have the blood spot destroyed. When the infant reaches adulthood, he can also request to have his blood spot destroyed."

As a result, millions of blood spots were destroyed, said Tso, who worked on public health legislation for the Texas House of Representatives in 2011.

Destroying samples after researchers conduct infant tests and allowing parents to opt-in to further testing would promote transparency and trust, privacy advocates have said. This way, healthcare organizations could continue checking babies for inherited diseases while preventing newborns' DNA from further use or inclusion in any database, state or national.

You've done all the right things to defend your organization against cybercrime. Is it time to go on the offensive? Active response must be carefully thought through and even more carefully conducted. This Dark Reading report examines the rising interest in active response and recommends ways to determine whether it's right for your organization. Get the new Identifying And Discouraging Determined Hackers report today (free registration required).

Alison Diana has written about technology and business for more than 20 years. She was editor, contributors, at Internet Evolution; editor-in-chief of 21st Century IT; and managing editor, sections, at CRN. She has also written for eWeek, Baseline Magazine, Redmond Channel ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
9/8/2014 | 10:36:01 AM
Re: Weighing the risks
I think what we're seeing is a lack of trust, Peter, brought on in part due to very complex legalese and lack of transparency in what data is used and how it's used, at times. When clearly asked, most people are open to de-identified use of their data for health reasons. I think it's the lack of insight into the technologies and processes that causes concern many times.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
9/8/2014 | 10:30:13 AM
Re: Some Consumers Choose to Ignore HIPAA Intentionally
There is actually a movement that supports empowering patients to release organizations from HIPAA, in part because of that reason, @jdb8432. I can only imagine, thankfully, the horrors some families go through if a loved one has a serious condition -- especially a rare condition -- and seeks an experimental or costly treatment. Often, they'll do that by sharing their story via social media, traditional media, or any means possible to get support or seek out others in similar positions. It really goes back to "who owns this data" and, in this case, I wholeheartedly believe it is the patient -- or guardian -- who owns it and is using their ownership in the only way they possibly can. Sometimes privacy is over-rated. Sometimes it's not.
pfretty
50%
50%
pfretty,
User Rank: Moderator
9/8/2014 | 9:35:37 AM
Weighing the risks
In no way am I saying the risks should be ignored, but we need to remember to focus on how meaningful the potential outcome could be in situations like this.  Obviously privacy needs to be the core of all data decisions. Just like we weigh potential, we need to be weighing risk. Why can't data be stripped of its identifying characteristics? Data cleaning, data quality, etc. are all skills we need to better develop as we enter into these areas of opportunty. Unfortunately, most organizations are still behind the eight ball in these areas according to the results of a recent SAS survey.

Peter Fretty

 
jdb8432
50%
50%
jdb8432,
User Rank: Apprentice
8/27/2014 | 2:57:40 PM
Some Consumers Choose to Ignore HIPAA Intentionally
While I work in the information privacy arena including HIPAA, the law has many positives to protect personal privacy but considerable difficulties in its practical implementation. Many individuals in support groups in this connected, networked world have chosen to disclose health status and other PI (personal information) for themselves or family members. That may make sense in a certain context if someone is disparate for a cure for themselves or family where they reach out for solutions.  In that scenario they may or may not be objectives about evaluating the efficacy of the cure. Health professionals need to be supportive to their patients and their familes that go this route. 

 
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
8/26/2014 | 10:09:10 AM
Re: Pros and Cons
Privacy and big data definitely collide, but we have to find a way to make them coexist in a reasonable way that allows the strong privacy concerns to be met while also allowing big data research to do what it does best using a wide variety of data sources.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/26/2014 | 9:13:59 AM
Re: Pros and Cons
On Twitter, @InternetEthics cited a story that appeared in MIT Technology Review on June 13, 2014: "For One Baby, Life Begins With a Genome Revealed." Father Razib Khan, a grad student and professional blogger on genetics, roughly mapped out his son's genomes before the infant's birth, after getting his hands on the unborn baby's placenta during the second trimester. Khan did it from curiousity, not from any real medical reason (that is, there were no great risks for serious medical conditions facing the baby, apparently -- unlike the only other instance MIT Tech Review found).

Of course, the ethical dilemma is apparent: While parents are responsible for everything to do with their children, once they become adult offspring take over those rights. Unlocking one's genes is about as personal as it comes -- and the potential harm is pretty obvious. Now genetic testing is getting cheaper and cheaper, more people will no doubt conduct these tests on their own children. One day, we will probably see some of these parents in court, although that's not necessarily the right place for this either.
securityaffairs
50%
50%
securityaffairs,
User Rank: Strategist
8/25/2014 | 6:24:12 PM
Re: Pros and Cons
Big data and privacy are two concepts that collide.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/25/2014 | 4:45:00 PM
Re: Pros and Cons
Deidentificated data is tricky. Under HIPAA's deidentification approach, 18 points are removed (such as name, address, DOB, ZIP, etc.) Under another statistical approach, you need a lot more data and controls, but it's more accurate. Personally, I think a lot of places probably do a really good job. But there's always that one, like the boiler room trader who defies SEC rules in order to grab a quick buck. Why should we presume such operators don't also exist in healthcare?
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/25/2014 | 4:42:15 PM
Re: Pros and Cons
One thing I have heard discussed among big data and analytics professionals is whether there will eventually be a way for patients to voluntarily disregard HIPAA, allowing researchers to use identifiable information to gain better access to the demographic data that adds a lot of insight to their studies. If that ever happens, I would be vehemently against allowing parents to give away their children's identifiable DNA or genomic information voluntarily. That right resides with the individual when they're considered adult. No one else.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/25/2014 | 4:38:58 PM
Re: Pros and Cons
That's a sound approach. Or ask for permission before the baby's born. You have to do so many other things in advance, when feasible - register at the hospital, find and enrol with a pediatrician - so discussing heel tests is certainly not unreasonable. I'd imagine there'd be more buy-in if obsetricians discuss this with parents. By the time you actually have the baby, you're well-acquainted with that docotr (and hopefully trust him/her implicitly!).
Page 1 / 2   >   >>
Healthcare Data Breaches Cost More Than You Think
Healthcare Data Breaches Cost More Than You Think
Healthcare providers just don't get it. They refuse to see the need to fully secure their protected health information from unauthorized users -- and from authorized users who abuse their access privileges. As a result, they don't allocate enough budgetary resources for securing medical data.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.