Data privacy in health - a US perspective


A few weeks ago some of our team were lucky enough to be out in San Francisco with our partners ReadWrite Labs’ at an event around healthcare data they were co-hosting with Western Digital.

The team brought together a panel of experts to explore what’s real and what isn’t in big health data, how users and developers alike can get ahead of the curve, how to address the challenges of adoption and scaling, and what’s driving this industry through the transition to value-based care.

Including the following:

Needless to say a lot was discussed but the key issue which roused the most passionate debate was data privacy. It raised some interesting questions...

Should we give up on data ownership and focus on data use?

Much of the initial data privacy debate revolves around the assumption that the individual should own their own data, but as Christine from Evidation Health pointed out there is already SO much data out there, that it’s impossible to claim it back and tie it to the individual. Instead she advocates that we should regulate the way the data is used, rather than the ownership. This very much places the responsibility in the governments who legislate it and the companies who adhere to these legislations or not.

Should data privacy be legislated on a sliding scale?

At the moment data privacy is treated by the regulators as a black and white decision but the panel questioned whether, given how consumers seem to grade the information they share publically over social media, legislation should follow similar rules. For instance, information about health, emotions and finances are things which people tend to be intensely private about. While we’re all more than happy to share details of where we’ve been on holiday and how much fun we’ve had. We treat our information on a sliding scale and perhaps the law should follow suit.

Why are patients being blocked from accessing what’s rightfully theirs?

According to members of the event’s audience, some organisations are refusing to give patients access to the data that is rightfully theirs in the first place. The panel debated as to why this might be and concluded that it was most likely to retain a financial monopoly on the individual. We found this particularly shocking. Everyone should be given complete access to their medical records and healthcare data, even in a privatised health care economy.

Is there ever a case for illegal data harvesting?

Our gut instinct and that of the audience and majority of the panel was no. But Thomas from Zebra Technologies highlighted that lots of cures have been developed by illegal harvesting of data. He specifically referenced HeLa examples from the 50s where cells were taken from a woman without her permission and have since lead to key medical breakthroughs. Do these subsequent positive outcomes outweigh the fact that someone’s rights were violated? We’d argue that, instead of debating this, health organisations need to develop ways to better incentivise people to share this information freely with consent.

Should health providers be offering better benefits in return for data sharing?

Consumer brands have long cottoned on to the fact that consumers will happily share their data in return for something. And healthcare organisations are just starting to wake up to this trading technique as a way to build richer data sets to get to the desired outcome faster. Alexander Gruneworld of Johnson & Johnson explained how they are experimenting with giving their medical trial patients access to post-study data 12 months after the trial finishes to help them better understand the results and what it means for their illness.

Should the US be paying closer attention to the EU?

Technology is moving significantly faster than the law can keep up. And data privacy laws vary across the US, state by state. Of course in a borderless digital world this poses serious issues. This is why the EU is updating and implementing the General Data Protection Regulation to standardize data privacy laws across the EU. They won't take effect until 2017, but according to a fact sheet from the European Commission, users can expect greater control over their personal data and device makers will have stricter requirements to build data protection into their devices from the very beginning of the design process. This will mark the start of a decade of change and is something that the US should learn from.

Here at Sensum we feel so passionately about data privacy that we’ve baked it into our manifesto. We believe in creative thinking, with healthcare data; and responsible doing.

For us this means that every data transaction must be opted into and provide the offer of anonymity for participants. The consumers that are being measured and analysed must be in control at all times, and we must be consistently clear about what data is gathered, where it is moving and what it is being used for.