Global CIO: Data Mining Faces The Supreme Court Test
A high court hearing raises a question critical to the number-crunching business world: How much should individuals be able to control the data companies have about them?
On the other side are three data companies--IMS Health, Verispan (now SDI Health), and Source Healthcare Analytics. They make a First Amendment free speech argument -- that pharmacists know prescriber information as part of fulfilling everyday transactions for patients, and they have a Constitutional right to share it. They also argue that the state's not really interested in protecting doctor's privacy, since the law lets pharmacists share data on doctors for lots of other reasons. Lawmakers only want to stop pharma companies from using it for marketing. From the companies' Supreme Court brief:
"For example, … the State and private insurers and benefits managers all use [prescriber information] data to persuade physicians to reject pharmaceutical companies’ marketing messages and instead prescribe generic alternatives. The only restriction on the non-consensual use of PI data is that the information cannot be used for marketing by drug companies. The statute thus is not a genuine attempt to protect prescribers’ privacy."
The 2nd U.S. Circuit Court of Appeals court struck down the Vermont law as a violation of free speech, but a different court, the 1st U.S. Circuit Court of Appeals upheld a similar law in New Hampshire, saying it regulated "only the conduct of data miners" and not speech, writes legal analyst Andrew Cohen. So does the court see the use of this prescription data as protected commercial speech, or just a particular data mining technique that the government is allowed to restrict?
It's possible that the technology itself could be considered in the court case. An amicus brief by the Electronic Privacy Information Center argues in favor of the Vermont law, saying releasing doctors' prescribing history increases the risk that patients could be linked to their treatment histories. Increasing sophistication in data mining, including the ability ot combine the data with third-party data such as online health search queries, poses "a substantial risk that information concerning sensitive medical conditions and prescription habits will be disclosed," EPIC writes in its brief.
This case is particularly emotional and complicated because it involves healthcare data. A key piece of the argument is whether the state has a role in regulating this data because it affects the vital state interest of controlling healthcare costs. But what's interesting for companies in other industries is that Vermont lawmakers have extended control of data earlier into the information supply chain--focusing not just on the patient, but the doctor.
Expect lawmakers to get increasingly interested in regulating data use. Look how long it took them (days) to jump on the question of how much Apple knows about people's location, and what it does with that. To a company, a piece of data might look like just a cog used in running the operation--or even just an inconsequential byproduct. But companies will have to pay more attention to how much customers, as well as suppliers and lawmakers, feel about that data.
6 Tools to Protect Big DataMost IT teams have their conventional databases covered in terms of security and business continuity. But as we enter the era of big data, Hadoop, and NoSQL, protection schemes need to evolve. In fact, big data could drive the next big security strategy shift.
Big Data Brings Big Security ProblemsWhy should big data be more difficult to secure? In a word, variety. But the business won’t wait to use it to predict customer behavior, find correlations across disparate data sources, predict fraud or financial risk, and more.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.