Healthcare Big Data Debate: Public Good Vs. Privacy - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Data Management // Big Data Analytics
11:55 AM
Connect Directly

Healthcare Big Data Debate: Public Good Vs. Privacy

Big data's role in healthcare could be hindered by government privacy regulations such as HIPAA, say experts at the Body Computing Conference. Who should own health data?

25 Years Of Health IT: A Complicated Journey
25 Years Of Health IT:
A Complicated Journey
(Click image for larger view and slideshow.)

Big data is good for medical science, but potentially risky for the patient. By amassing and analyzing massive quantities of digital information from multiple sources, including an emerging class of wearable devices and smartphone apps, medical professionals will be well equipped to solve major health problems and warn people of emerging threats like the Ebola virus.

That's the goal, anyway. But big data's role in healthcare may be hindered by government privacy regulations such the US Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, which regulate the security and disclosure of personal health information by health insurers, medical care providers, and other entities.

And then there's the question of data ownership: In a world of information-sharing wristbands, watches, phones, and sensors, who owns the health data generated by these devices?

These were just a few of the big-data topics debated Friday at the 8th annual Body Computing Conference at the University of Southern California (USC) in Los Angeles.

The event, which drew healthcare, legal, investment, and tech industry professionals from across the country, included a panel discussion titled "Big Data Privacy and Health." The three-member panel consisted of health law and life sciences attorney Jill Gordon, a partner in the law firm Nixon Peabody; Matt Hogan, CEO of DataCoup, a two-year-old startup that enables consumers to aggregate and sell their anonymous personal data; and Dr. Michelle Longmire, CEO of Medable, a development platform provider that enables health-tech companies to build HIPAA-compliant apps and services.

[Want to learn how doctors are using data to improve patients' health? See Healthcare & Data: Partners At Last.]

The session's hot topic: From a consumer's perspective, health data is by far the most personal of big data. So who owns it?

"It's one thing for me to have an interaction and sign a form in my doctor's office, or participate in a clinical trial," said Gordon.

But in a data-sharing environment, this old-school approach won't always work.

Smartphone apps, for instance, may store personal data in two or more places -- on the device itself and elsewhere in the cloud.

Apple's HealthKit and other smartphone health apps raise privacy, data ownership questions.
Apple's HealthKit and other smartphone health apps raise privacy, data ownership questions.

"It's really complicated," said Hogan. "Data can exist in two different places at once, and the legal framework in the US is set up to deal with physical goods... It's harder to do when I swipe that debit or credit card, and data exists with the merchant and data exists with me.

"It's logical that if I'm creating all this data and I'm the chief stakeholder, I should have a seat at the negotiating table with regards to what happens to that data. And, perhaps more importantly, be the chief beneficiary of that data."

Longmire pointed out that HIPAA compliancy is a complicated, multi-faceted process that may prove challenging to tech companies, including app developers.

"HIPAA is understood to be one big term, but the truth is it's use-case specific," she said.

Longmire added: "HIPAA-compliant storage is encrypted; it's in one siloed place. But the technology behind HIPAA-compliant applications is a far more complicated use case. You have two-factor authentication, device verification, [and] encryption on device in transit."

Might HIPAA and other privacy safeguards limit the potential benefits of big-data aggregation and analysis?

"There are a lot of protections around data, but there are also reasons why you can access data," said Gordon. "For example, if you have a public health issue, there are lots of exceptions for the government to access data."

In the Q&A after the main discussion, one audience member cautioned the panel that "alarmist tendencies" of privacy advocates may indeed hamper big data's healthcare promise.

Longmire responded: "I think the challenge... is actually meeting the good and diverting the harm, because... the sensitivity of the data cannot be understated."

The owners of electronic health records aren't necessarily the patients. How much control should they have? Get the new Who Owns Patient Data? issue of InformationWeek Healthcare today.

Jeff Bertolucci is a technology journalist in Los Angeles who writes mostly for Kiplinger's Personal Finance, The Saturday Evening Post, and InformationWeek. View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
10/27/2014 | 4:49:30 PM
Tough call, but the middle ground here probably would reap the best results.  Being able to leverage healthcare data is meaningful in making crucial decisions. However, we need to learn to better respect privacy, especially in an environment were everythinig is collecting data and the level of access only continues to grow. Fortunately we seem to be addressing these issues at the same time that data usage is maturing. As a recent SAS poll shows there is still a long way for most organizations to grow. 


Peter Fretty
User Rank: Author
10/6/2014 | 5:04:47 PM
Re: 2 states of data
Information I found when researching Who Owns EHR Data? seems to point out that many patients are extremely willing to share data -- even data covered by HIPAA (such as ZIP code, condition, and age) with researchers who are seeking a treatment or want to prevent a disease, for example. That said, while I didn't look into this aspect, I would imagine the percentage of patients willing to release this information so a third-party can profit off their data is way, way lower. The same would go for advertising purposes, I'd imagine. And, despite legal protections, people have valid worries that they will or could be penalized if a health condition gets shared with an employer, potential employer, or other third party because of the merger of multiple, disparate data sources (such as credit card information -- that, perhaps, showed someone buying X, Y, and Z) and medical information.
User Rank: Ninja
10/6/2014 | 4:24:31 PM
2 states of data
Great points here about the need for balance of ownership for health data.  For one, having anonymous data is a great source for firms who use medical data for research purposes and other "good" intentions.  That being said, there needs to be a second layer of more in-depth information that belongs to individuals that can hopefully later be used in the health care system for more specific treatment and monitoring purposes.  The two should absolutely be kept separate, but sadly, I don't think device manufacturers or other application creators have figured out how to split the two to ensure the more comprehensive data is secured solely for users while the anonymous data is made available to researchers and third parties.  I'd love to hear any suggestions how a two-layer approach could be done, or if there is indeed a better way to keep the data separate while still making it available for each party.
10 Top Cloud Computing Startups
Cynthia Harvey, Freelance Journalist, InformationWeek,  8/3/2020
Adding Fuel to the MSP vs. In-house IT Debate
Andrew Froehlich, President & Lead Network Architect, West Gate Networks,  8/6/2020
How Enterprises Can Adopt Video Game Cloud Strategy
Joao-Pierre S. Ruth, Senior Writer,  7/28/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Enterprise Automation: Do More with Less
In this IT Trend Report, we highlight the benefits of automation and the various tools as enterprises navigate turbulent times, try to do more with less, keep their operations running, and stay on track with digital modernizations.
Flash Poll