Healthcare // Security & Privacy
News
8/25/2014
12:35 PM
Connect Directly
RSS
E-Mail
50%
50%

When Big Data & Infants' Privacy Collide

Technology allows researchers to discover newborns' genetic secrets, but the long-term repercussions worry some parents and privacy advocates.

Healthcare Dives Into Big Data
Healthcare Dives Into Big Data
(Click image for larger view and slideshow.)

For decades, hospitals have conducted blood tests on newborns, checking babies for various conditions, treatable and not. Today's less costly tests, genomic research, and technological advances, coupled with differing policies across states, worry some privacy and ethics advocates.

Whereas some states allow parents to opt-in for testing, others have an opt-out approach. Critics argue parents have little to no say in whether this data is collected, where and how long it's stored, and what organizations do with this information. Lower genome testing costs sparked debate about researchers' right to use this information; who should learn of infants' chronic conditions and when; and the type of data government, researchers, payers, or healthcare providers can cull. Other concerns surround the storage and transmission of data that's not de-identified and its potential theft.

"With genetic testing, you always have to find out the results. You need counseling. You deprive the child of genetic privacy forever," said Twila Brase, president and co-founder of the Citizens' Council for Health Freedom. "The only person who should sequence a person is the person."

[Two sides to the same coin. Healthcare Big Data: Blessing And Curse.]

Policies vary by state -- and by legislation.

In May, Minnesota Gov. Mark Dayton signed a law allowing the state to indefinitely store blood spots for future research. Parents can opt out. In New York, parents can decline testing for religious reasons, said the Wadsworth Center, NY Department of Health, which screens the state's newborns for more than 40 inherited metabolic conditions.

Opting out of a process, especially when parents typically receive a pamphlet on DNA collection within 24 hours of birth, is not informed consent, said Brase. In response to a lawsuit, Minnesota in 2011 destroyed all previously collected blood samples. Likewise, in 2009 Texas destroyed more than 5 million samples after plaintiffs successfully argued the state failed to get parental authorization. Parents, fearful their infants' DNA would be stored in perpetuity and potentially used by groups such as law enforcement or insurance companies, argued the collection violated constitutional protections against unlawful search and seizure. After this lawsuit, another family worked with the Texas Civil Rights Project to sue Texas regarding at least 8,800 samples that could not be destroyed because they were in the hands of the federal government for use in a DNA database designed to identify missing persons and solve cold criminal cases. This national database of mitochondrial DNA includes de-identified DNA information, Texas officials told the Texas Tribune at the time.

Some people wanted Texas officials to individually contact parents for retroactive permission to store the data. But that would have been expensive and time consuming.

"The state kept those blood spots, de-identified them, and then stored and used the blood spots for research. People found out about this and were upset because the government kept their infants' DNA without parental consent," Brenda Tso, a healthcare attorney at Khouri Law Firm told InformationWeek. "In reaction to the Texas Department of State Health Services blood spot fiasco, the legislature passed a law requiring that a disclosure statement be given to parents about their infant's blood spots being collected, stored, and used for research. Under the law, parents can request to have the blood spot destroyed. When the infant reaches adulthood, he can also request to have his blood spot destroyed."

As a result, millions of blood spots were destroyed, said Tso, who worked on public health legislation for the Texas House of Representatives in 2011.

Destroying samples after researchers conduct infant tests and allowing parents to opt-in to further testing would promote transparency and trust, privacy advocates have said. This way, healthcare organizations could continue checking babies for inherited diseases while preventing newborns' DNA from further use or inclusion in any database, state or national.

You've done all the right things to defend your organization against cybercrime. Is it time to go on the offensive? Active response must be carefully thought through and even more carefully conducted. This Dark Reading report examines the rising interest in active response and recommends ways to determine whether it's right for your organization. Get the new Identifying And Discouraging Determined Hackers report today (free registration required).

Alison Diana has written about technology and business for more than 20 years. She was editor, contributors, at Internet Evolution; editor-in-chief of 21st Century IT; and managing editor, sections, at CRN. She has also written for eWeek, Baseline Magazine, Redmond Channel ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/25/2014 | 2:11:18 PM
Pros and Cons
One side of me wants infants to get as much DNA testing as possible, recognizing early treatment can vastly improve a child's life in the case of many conditions. Yet critics raise valid points: What if tests show your child is at risk for a condition that will affect them when they are an adult -- Does the parent or state have the right to know? Who tells the child and when? Or should the chlld have the option not to know, in the same way many adults choose not to undergo genetic testing? What happens to the DNA? What safeguards are in place to prevent its use by police; no one wants to believe their child will become a criminal, but if that happens could law enforcement already be able to access their DNA? And what processes do states use to de-identify data? Are we secure that this database can't be hacked?

You don't need to be a conspiracy theorist to admit there are some ethical and security questions here. And you don't need to be a huge privacy advocate to also admit there are some real benefits to those children found to flourish with very early medical intervention. 

Must say though, when I learned more about this process and found out how it was done where my daughter was born, I was upset that I knew nothing about the bigger implications of the heel test. Granted, my daughter is a teen now, genetic testing was more expensive and big data wasn't a catch phrase (although I had been covering tech for many years prior to her birth), but you'd hope institutions were more transparent about this whole area. Let consumers know what's going on. Usually, we're much more approachable and agreeable when we're educated.
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
8/25/2014 | 2:19:38 PM
Re: Pros and Cons
I agree that this is a very sticky issue. Education and informed decision making is the only way to work through this. As a father of two, I can definitively state that I was not really in sound mind during the first 24-48 hours at the hospital. Do the immediate tests if necessary, but don't do anything else with that sample until the parents can make an informed decision.
D. Henschen
50%
50%
D. Henschen,
User Rank: Author
8/25/2014 | 3:21:36 PM
Re: Pros and Cons
I think states and medical researches should have carte blanch to collect any data, so long as it's NOT attched to personally identifiable information. The good of public health can only be served by having as much data as possible on the human populace. No names, no social security numbers, no addresses, no phone numbers, but everything else? Have at it. Perhaps down the road it will lead to a genomic text for X predisposition or disease and the DNA I shared will come back to help me.
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
8/25/2014 | 3:28:11 PM
Re: Pros and Cons
I don't think I could go as far as to say carte blanch. That's a pretty big jump for "the good of public health." I'm sure others would agree with you, though.
D. Henschen
50%
50%
D. Henschen,
User Rank: Author
8/25/2014 | 3:41:45 PM
Re: Pros and Cons
I wrote carte blunch with the exclusion of personally identifiable information. How could such aggregated data possibly hurt anybody?
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
8/25/2014 | 3:50:13 PM
Re: Pros and Cons
DNA is basically a fingerprint. Perhaps the likelihood is remote, but I don't think there's a big gap between starting with a de-personalized sample and then linking up more identifiable data when more data points enter the system in the future. Once it's out there, it's out there. Given the rate of technology and medical research change over the last several decades, I don't think it is possible to foresee either the positive or negative ramifications of data like this. That uncertainty, which could lead to cures and to various forms of discrimination, is why I'm hesitant.

There is tremendous value in medical research. For me, the public good of having access to that data doesn't automatically trump privacy issues.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/25/2014 | 4:45:00 PM
Re: Pros and Cons
Deidentificated data is tricky. Under HIPAA's deidentification approach, 18 points are removed (such as name, address, DOB, ZIP, etc.) Under another statistical approach, you need a lot more data and controls, but it's more accurate. Personally, I think a lot of places probably do a really good job. But there's always that one, like the boiler room trader who defies SEC rules in order to grab a quick buck. Why should we presume such operators don't also exist in healthcare?
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/25/2014 | 4:42:15 PM
Re: Pros and Cons
One thing I have heard discussed among big data and analytics professionals is whether there will eventually be a way for patients to voluntarily disregard HIPAA, allowing researchers to use identifiable information to gain better access to the demographic data that adds a lot of insight to their studies. If that ever happens, I would be vehemently against allowing parents to give away their children's identifiable DNA or genomic information voluntarily. That right resides with the individual when they're considered adult. No one else.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/25/2014 | 4:38:58 PM
Re: Pros and Cons
That's a sound approach. Or ask for permission before the baby's born. You have to do so many other things in advance, when feasible - register at the hospital, find and enrol with a pediatrician - so discussing heel tests is certainly not unreasonable. I'd imagine there'd be more buy-in if obsetricians discuss this with parents. By the time you actually have the baby, you're well-acquainted with that docotr (and hopefully trust him/her implicitly!).
securityaffairs
50%
50%
securityaffairs,
User Rank: Strategist
8/25/2014 | 6:24:12 PM
Re: Pros and Cons
Big data and privacy are two concepts that collide.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/26/2014 | 9:13:59 AM
Re: Pros and Cons
On Twitter, @InternetEthics cited a story that appeared in MIT Technology Review on June 13, 2014: "For One Baby, Life Begins With a Genome Revealed." Father Razib Khan, a grad student and professional blogger on genetics, roughly mapped out his son's genomes before the infant's birth, after getting his hands on the unborn baby's placenta during the second trimester. Khan did it from curiousity, not from any real medical reason (that is, there were no great risks for serious medical conditions facing the baby, apparently -- unlike the only other instance MIT Tech Review found).

Of course, the ethical dilemma is apparent: While parents are responsible for everything to do with their children, once they become adult offspring take over those rights. Unlocking one's genes is about as personal as it comes -- and the potential harm is pretty obvious. Now genetic testing is getting cheaper and cheaper, more people will no doubt conduct these tests on their own children. One day, we will probably see some of these parents in court, although that's not necessarily the right place for this either.
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
8/26/2014 | 10:09:10 AM
Re: Pros and Cons
Privacy and big data definitely collide, but we have to find a way to make them coexist in a reasonable way that allows the strong privacy concerns to be met while also allowing big data research to do what it does best using a wide variety of data sources.
jdb8432
50%
50%
jdb8432,
User Rank: Apprentice
8/27/2014 | 2:57:40 PM
Some Consumers Choose to Ignore HIPAA Intentionally
While I work in the information privacy arena including HIPAA, the law has many positives to protect personal privacy but considerable difficulties in its practical implementation. Many individuals in support groups in this connected, networked world have chosen to disclose health status and other PI (personal information) for themselves or family members. That may make sense in a certain context if someone is disparate for a cure for themselves or family where they reach out for solutions.  In that scenario they may or may not be objectives about evaluating the efficacy of the cure. Health professionals need to be supportive to their patients and their familes that go this route. 

 
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
9/8/2014 | 10:30:13 AM
Re: Some Consumers Choose to Ignore HIPAA Intentionally
There is actually a movement that supports empowering patients to release organizations from HIPAA, in part because of that reason, @jdb8432. I can only imagine, thankfully, the horrors some families go through if a loved one has a serious condition -- especially a rare condition -- and seeks an experimental or costly treatment. Often, they'll do that by sharing their story via social media, traditional media, or any means possible to get support or seek out others in similar positions. It really goes back to "who owns this data" and, in this case, I wholeheartedly believe it is the patient -- or guardian -- who owns it and is using their ownership in the only way they possibly can. Sometimes privacy is over-rated. Sometimes it's not.
pfretty
50%
50%
pfretty,
User Rank: Moderator
9/8/2014 | 9:35:37 AM
Weighing the risks
In no way am I saying the risks should be ignored, but we need to remember to focus on how meaningful the potential outcome could be in situations like this.  Obviously privacy needs to be the core of all data decisions. Just like we weigh potential, we need to be weighing risk. Why can't data be stripped of its identifying characteristics? Data cleaning, data quality, etc. are all skills we need to better develop as we enter into these areas of opportunty. Unfortunately, most organizations are still behind the eight ball in these areas according to the results of a recent SAS survey.

Peter Fretty

 
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
9/8/2014 | 10:36:01 AM
Re: Weighing the risks
I think what we're seeing is a lack of trust, Peter, brought on in part due to very complex legalese and lack of transparency in what data is used and how it's used, at times. When clearly asked, most people are open to de-identified use of their data for health reasons. I think it's the lack of insight into the technologies and processes that causes concern many times.
Healthcare Data Breaches Cost More Than You Think
Healthcare Data Breaches Cost More Than You Think
Healthcare providers just don't get it. They refuse to see the need to fully secure their protected health information from unauthorized users -- and from authorized users who abuse their access privileges. As a result, they don't allocate enough budgetary resources for securing medical data.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government Oct. 20, 2014
Energy and weather agencies are busting long-held barriers to analyzing big data. Can the feds now get other government agencies into the movement?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.