Categories

Category: The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?

Why Should Anyone Care About Health Data Interoperability?

By SUSANNAH FOX

This piece is part of the series “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?” which explores whether it’s possible to advance interoperability while maintaining privacy. Check out other pieces in the series here.

A question I hear quite often, sometimes whispered, is: Why should anyone care about health data interoperability? It sounds pretty technical and boring.

If I’m talking with a “civilian” (in my world, someone not obsessed with health care and technology) I point out that interoperable health data can help people care for themselves and their families by streamlining simple things (like tracking medication lists and vaccination records) and more complicated things (like pulling all your records into one place when seeking a second opinion or coordinating care for a chronic condition). Open, interoperable data also helps people make better pocketbook decisions when they can comparison-shop for health plans, care centers, and drugs.

Sometimes business leaders push back on the health data rights movement, asking, sometimes aggressively: Who really wants their data? And what would they do with it if they got it? Nobody they know, including their current customers, is clamoring for interoperable health data.

Continue reading…

Thinking ‘oat’ of the box: Technology to resolve the ‘Goldilocks Data Dilemma’

Marielle Gross
Robert Miller

By ROBERT C. MILLER, JR. and MARIELLE S. GROSS, MD, MBE

This piece is part of the series “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?” which explores whether it’s possible to advance interoperability while maintaining privacy. Check out other pieces in the series here.

The problem with porridge

Today, we regularly hear stories of research teams using artificial intelligence to detect and diagnose diseases earlier with more accuracy and speed than a human would have ever dreamed of. Increasingly, we are called to contribute to these efforts by sharing our data with the teams crafting these algorithms, sometimes by healthcare organizations relying on altruistic motivations. A crop of startups have even appeared to let you monetize your data to that end. But given the sensitivity of your health data, you might be skeptical of this—doubly so when you take into account tech’s privacy track record. We have begun to recognize the flaws in our current privacy-protecting paradigm which relies on thin notions of “notice and consent” that inappropriately places the responsibility data stewardship on individuals who remain extremely limited in their ability to exercise meaningful control over their own data.

Emblematic of a broader trend, the “Health Data Goldilocks Dilemma” series calls attention to the tension and necessary tradeoffs between privacy and the goals of our modern healthcare technology systems. Not sharing our data at all would be “too cold,” but sharing freely would be “too hot.” We have been looking for policies “just right” to strike the balance between protecting individuals’ rights and interests while making it easier to learn from data to advance the rights and interests of society at large. 

What if there was a way for you to allow others to learn from your data without compromising your privacy?

To date, a major strategy for striking this balance has involved the practice of sharing and learning from deidentified data—by virtue of the belief that individuals’ only risks from sharing their data are a direct consequence of that data’s ability to identify them. However, artificial intelligence is rendering genuine deidentification obsolete, and we are increasingly recognizing a problematic lack of accountability to individuals whose deidentified data is being used for learning across various academic and commercial settings. In its present form, deidentification is little more than a sleight of hand to make us feel more comfortable about the unrestricted use of our data without truly protecting our interests. More of a wolf in sheep’s clothing, deidentification is not solving the Goldilocks dilemma.

Tech to the rescue!

Fortunately, there are a handful of exciting new technologies that may let us escape the Goldilocks Dilemma entirely by enabling us to gain the benefits of our collective data without giving up our privacy. This sounds too good to be true, so let me explain the three most revolutionary ones: zero knowledge proofs, federated learning, and blockchain technology.

Continue reading…

Protecting Health Data Outside of HIPAA: Will the Protecting Personal Health Data Act Tame the Wild West ?

Vince Kuraitis
Deven McGraw

By DEVEN McGRAW and VINCE KURAITIS

This post is part of the series “The Health Data Goldilocks Dilemma: Privacy? Sharing? Both?”

Introduction

In our previous post, we described the “Wild West of Unprotected Health Data.” Will the cavalry arrive to protect the vast quantities of your personal health data that are broadly unprotected from sharing and use by third parties?

Congress is seriously considering legislation to better protect the privacy of consumers’ personal data, given the patchwork of existing privacy protections. For the most part, the bills, while they may cover some health data, are not focused just on health data – with one exception: the “Protecting Personal Health Data Act” (S.1842), introduced by Senators Klobuchar and Murkowski. 

In this series, we committed to looking across all of the various privacy bills pending in Congress and identifying trends, commonalities, and differences in their approaches. But we think this bill, because of its exclusive health focus, deserves its own post. Concerns about health privacy outside of HIPAA are receiving increased attention in light of the push for interoperability, which makes this bill both timely and potentially worth of your attention.

HHS and ONC recently issued a Notice of Proposed Rulemaking (NPRM) to Improve the Interoperability of Health Information. This proposed rule has received over 2,000 comments, many of which raised significant issues about how the rule potentially conflicts with patient and provider needs for data privacy and security.

For example, greater interoperability with patients means that even more medical and claims data will flow outside of HIPAA to the “Wild West.” The American Medical Association noted:

“If patients access their health data—some of which could contain family history and could be sensitive—through a smartphone, they must have a clear understanding of the potential uses of that data by app developers. Most patients will not be aware of who has access to their medical information, how and why they received it, and how it is being used (for example, an app may collect or use information for its own purposes, such as an insurer using health information to limit/exclude coverage for certain services, or may sell information to clients such as to an employer or a landlord). The downstream consequences of data being used in this way may ultimately erode a patient’s privacy and willingness to disclose information to his or her physician.”

Continue reading…

Health Data Outside HIPAA: The Wild West of Unprotected Personal Data

Deven McGraw
Vince Kuraitis

By VINCE KURAITIS and DEVEN McGRAW

This post is part of the series “The Health Data Goldilocks Dilemma: Privacy? Sharing? Both?”

“…the average patient will, in his or her lifetime, generate about 2,750 times more data related to social and environmental influences than to clinical factors”

McKinsey analysis

The McKinsey “2,750 times” statistic is a pretty good proxy for the amount of your personal health data that is NOT protected by HIPAA and currently is broadly unprotected from sharing and use by third parties.

However, there is bipartisan legislation in front of Congress that offers expanded privacy protection for your personal health data. Senators Klobuchar & Murkowski have introduced the “Protecting Personal Health Data Act” (S.1842). The Act would extend protection to much personal health data that is currently not already protected by HIPAA (the Health Insurance Portability and Accountability Act of 1996). 

In this essay, we will look in the rear-view mirror to see how HIPAA has provided substantial protections for personal clinical data — but with boundaries. We’ll also take a look out the windshield — the Wild West of unprotected health data.

Then in a separate post, we’ll describe and comment on the pending “Protect Personal Health Data Act”.

Continue reading…

Pending Federal Privacy Legislation: A Status Update

Vince Kuraitis
Deven McGraw

By DEVEN McGRAW and VINCE KURAITIS

This post is part of the series “The Health Data Goldilocks Dilemma: Privacy? Sharing? Both?”

In our initial blog post of February 20th, “For Your Radar – Huge Implications for Healthcare in Pending Privacy Legislation,” we broadly discussed six key issues for healthcare stakeholders in the potential federal privacy and data protection legislation. We committed to future posts comparing and contrasting specific legislative proposals.  

What’s happened since then? 

Additional bills have been introduced and hearings have been held in both the House and the Senate.  The Federal Trade Commission (FTC) also hosted two days of hearings on the FTC’s Approach to Consumer Privacy.  

The buzz around federal privacy legislation continues, but as of yet there appear to be no proposals or bills that have emerged as the lead bills. 

In the meantime, the clock is ticking.  As we mentioned in our February 20th post, a significant catalyst for federal privacy legislation is the desire of companies covered by the California Consumer Privacy Act (CCPA) to have that broadly-applicable, stringent state law preempted by a more company-friendly federal law.  The CCPA, which sets stringent consent and other requirements for large companies, or companies collecting or monetizing large amounts of consumer data from California residents, goes into effect January 1, 2020 – less than six months from today.  

Is it possible for a legislative body to move quickly on such a controversial topic?  Again, California’s experience may be instructive. The CCPA was passed into law and signed on June 28, 2018, about a week after it was introduced. Lawmakers were in a rush in order to keep a popular and even stricter consumer privacy ballot initiative from being put before the California voters.  (The sponsors of the ballot initiative agreed to withdraw it if the CCPA were enacted by the June 28th deadline.). 

Tech companies held their noses and supported the legislation because changing legislation is easier than changing a ballot initiative adopted by the voters. However, this strategy is not fool-proof.  Although the CCPA has been successfully modified once to address some company concerns and to clarify confusing language, more recent attempts to amend it have failed (modification bills are still pending).  With the deadline fast approaching, and the prospect for further significant modifications to the CCPA looking less likely, the pressure on Congress is reaching a fever pitch.

Continue reading…

Announcing a New Series: “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?

By ZOYA KHAN

I would like to introduce you to a new ongoing series that THCB will be featuring called “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?”. It is about time we started talking about health data privacy and policy, and we have just the experts on hand to do so: Vince Kuraitis and Deven McGraw.

The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?” series will cover a whole host of topics that discuss, clarify, and challenge the notion of sharing data and if it should be kept private or made public. On the one hand, sharing health information is essential for clinical care, powering medical discovery, and enabling health system transformation. On the other hand, the public is expressing greater concerns over the privacy of personal health data. This ‘Goldilocks Dilemma’ has pushed US policymakers towards two seemingly conflicting goals: 1) broader data interoperability and data sharing, and 2) enhanced data privacy and data protection.

But this issue is even more nuanced and is influenced by many moving parts including: Federal & State privacy legislation, health technology legislation, policy & interoperability rules, data usage from AI & machine learning tools, data from clinical research, ethical concerns, compensating individuals for their data, health data business models, & many more. 

Fear not, Deven & Vince are here to walk readers through this dilemma and will be providing pieces to help explain what is going on. Most of their discussion & pieces will cover 2 specific affected areas: 1) How are policymakers addressing health data privacy risks, and 2) The impact on business models within the Health Data Goldilocks Dilemma.

We hope you enjoy the series and if you have any pieces to add to it, please email me zoya@thehealthcareblog.com

Zoya Khan is the Editor-in-Chief of THCB & an Associate at SMACK.health

Registration

Forgotten Password?