Practices with healthcare data sets involving consumers are shifting. Will privacy laws adapt, or will it be up to healthcare organizations to make the right decisions?
We are fascinated with our origins and discovering more about who we are.
Millions of individuals have turned to DNA-testing companies like 23andMe, Ancestry and Helix to satisfy their curiosity. According to MIT Technology Review, more genetic ancestry tests were taken in 2017 than in all previous years combined. Consumers send in spit samples and receive a data file. But what happens to the DNA sample and the data? How is the data used, and when are the samples destroyed?
Practices in healthcare data involving consumers are shifting. Will privacy laws adapt, or will it be up to healthcare organizations to make the right decisions?
Personalizing the digital health experience
Personalized advertising is one example of data being used to improve the patient experience. But not all consumers consider this to be an ethical practice.
In a survey of 6,000 adults across the U.S., France and Germany, 28% of respondents considered using a “like” history to recommend content to be an ethical personalization method. In the survey 25% deemed recommendations based on purchase or browsing history to be ethical, and 24% felt personalized news feeds did the same.
According to a 2016 survey of American digital health consumers, 86% of respondents said they should know what personal healthcare data is collected. In the survey 77% of respondents stated they would share personal healthcare data sets in exchange of better care from their physicians, while 62% said they had used internet searches to learn about prescription drugs.
Customizing and trading healthcare data
In certain instances, healthcare organizations don’t need personally-identifiable health information to deliver a personalized experience. According to an article by Adobe, “customized healthcare portals are so beneficial because they don’t rely on PHI or individually identifiable health information.”
A healthcare organization can also personalize its website content. For instance, Thomas Jefferson University and Jefferson Health leverage website analytics about users’ on-site behavior to provide personalized on-site content recommendations for further reading.
More than 12 million consumers have taken direct-to-consumer genetic genealogy tests. Over the past few years, hundreds of millions of dollars have been spent on advertising by top companies in the field such as Ancestry, 23andMe, MyHeritage and FamilyTreeDNA. In these cases, consumers are freely giving their medical data. But what do consumers know about the multibillion-dollar industry that legally trades medical data?
Trading healthcare data sets
According to a report by The Century Foundation, companies can “buy, sell and barter anonymized but intimate profiles of hundreds of millions of Americans.”
Under the Health Insurance Portability and Accountability Act (HIPPA), this trade is legal if the patients’ names are removed. This anonymized patient data is shared by pharmacies, insurers, medical labs, and electronic record systems, and it’s also shared by the middlemen that bind these entities together.
Some of the shared data types include prescription records, blood tests, and hospital visits, and the information may include age, gender, partial zip codes, and doctor names. There are benefits to this type of trading. For instance, sharing data can help pharmaceutical companies develop drugs and treatments that can target doctors and patients directly.
Some of the companies participating in healthcare data mining include IBM, LexisNexis, and IQVIA. These companies can also collect data from devices not protected by HIPPA or anonymity requirements, such as fitness devices and health apps.
There are a few dangers associated with trading healthcare data sets. For example, profiles with enough information can eventually be identified by data scientists. Unlike breaches affecting consumer finances, breaches into medical data can be much more personally damaging.
Protecting anonymized healthcare data sets and monetization
With all of the data that’s being collected to, presumably, benefit patients with more personalized experiences, should the patients receive compensation if their medical records help develop a revolutionary drug or treatment? And how are the healthcare organizations protecting patient health data?
Under HIPPA privacy rules, patient data can be used for research and to improve care delivery. However, since HIPPA doesn’t explicitly describe what is a healthcare operation, if a company’s using healthcare data to develop a product it plans to sell, the company may choose to classify itself as a healthcare operation.
For example, hu-manity.co was established to “make personal medical data a person’s legal property – to get away from the current system,” per an NPR article. The company’s app will allow users to do business with and receive compensation from companies that would like to use their healthcare data sets.
It’s unlikely that data ownership laws will be updated across U.S. states soon. That’s why it’s important for healthcare organizations to take steps to anonymize and safeguard personally identifiable healthcare data sets.
Safeguarding personal healthcare data sets
To lower the risk of identifying individual health information, the U.S. Department of Health and Human Services (HHS) recommends a few protective techniques:
• Suppression removes or eliminates certain features from a record that may be too unique;
• Generalization uses abbreviated data or places information into data ranges;
• Perturbation replaces specific values with specific values in a range.
It shouldn’t be a surprise that big data in healthcare is creating more questions than solutions. Current privacy laws can only hint at how leaders should govern data in ethical gray areas. Healthcare data leaders should be prepared to make decisions that may cost revenue in order to maintain consumer privacy. After all, broken trust can’t be repurchased.
For more information or to see the full infographic go to https://healthcaremba.gwu.edu/blog/the-ethical-gray-areas-of-data-in-healthcare-business/.