Better Balance Needed Between Patient Privacy, Data Sharing

As a physician and a Navy officer, I've spent a professional lifetime protecting data. I've held very high security clearances in war zones and managed Intensive Care Units with AIDS patients who had nationally recognizable names. I've delivered care in Angolan refugee camps, in Haitian trauma centers, and in the slums of Bangladesh. My reflexes for data protection are carefully honed.

That said, the world has changed, and my reflexes need to give way to rational thought. We need to open both health data and health resource data. I think there are some safe, sensible, and effective ways to do it with benefits that far outweigh the risks.

As a society, we're collecting staggering amounts of data, much of it personal in some form. In 2012, humanity created 2.5 exabytes (2.5 x 10^18) of digital data every single day. Facebook generates 680,000 pieces of content every minute. In that same minute, Google gets 2 million search requests across 50 billion indexed web pages, Tumblr publishes 28,000 posts, and YouTube users upload more than 60 hours of video. By 2015, we'll have stored eight zettabytes of data (8 x 10^21) in everything from floating global datacenters to USB thumb drives. That's many, many times more data than all the words ever spoken by all the humans who have ever lived.

Improvised medical data tracking in Haiti.
(Source: Eric Rasmussen, CC Attribution)

A small portion of that stored data is related to medical care, and a much smaller portion is related to personal care of a given patient in a specific facility. We're careful to protect that data because we perceive both personal risk and a sense of violation if that information is disclosed without an ethical reason. Though understandable and admirable, it's a perspective that might benefit from some nuance.

Data worth collecting needs to be useful, usable, and used. To collect data and not allow it to become useful perhaps defeats the effort's value and probably wastes much of the time and treasure used in the collection process. If we're collecting but not releasing because of a potential privacy violation, we're taking a somewhat luxurious view of the value of personal privacy, especially in an emergency. Such a constraining view may not always be shared in the cultures where we work, and it may not fit circumstances in which we find ourselves working. Aggregated personal data can be of great utility in the preparation for a response, in the real-time allocation of resources, and in the recognition of a change in event conditions.

In the surgical tents after the Haiti earthquake, I took photographs of dressed amputations awaiting revisions because, for a while, the entire known medical record was written in Sharpie on that bandage. My photo was the only record not leaving with the patient.

A year ago, I led a team working response on Staten Island in the aftermath of Hurricane Sandy. The specific task for our team was the care of "invisibles" -- those ill, injured, or at risk of exposure who might be illegal immigrants, trafficked sex workers, domestic slaves, the homeless, and sometimes the mentally ill seeking a life of refuge in the woods and fields of that borough of New York. We were obligated to provide care for them without compromising their freedom to remain outside the system if they chose, and without inducing retribution from those who controlled them if we had no other options. That sometimes required a form of medical record that did not touch conventional systems and that incorporated a uniquely identifiable anonymity.

Over the year since Sandy, I've spoken with a range of professionals in medicine, computer science, bioethics, disaster management, and journalism, looking for the best thinking on how to approach keeping track of patients, their data, and the implications of that data when aggregated. My focus has not been the developed North, but the struggling South, and I've heard some very good thoughts.

An important new effort in Latin America and Southeast Asia, for example, is data preparedness. One part of that is a Human Security Taxonomy, an open-standards system used for understanding communities and their demographics, the risks they face, and the resources they can drawn on in an emergency. Medical resources with unique identifiers are an integral part of that. There are also global initiatives that collect critical disease outbreak details from community health workers in the villages of Cambodia, Thailand, Laos, and Vietnam and then funnel that semi-anonymized data to experts able to respond.

1 of 2