A Perspective on Data Protection, Privacy, and Security
Data is at the heart of making healthcare more affordable and accessible. Protecting this data and enabling sharing of the right data, with the right people, at the right time is crucial.
Culturally, I grew up sharing best wishes of health, wealth and happiness. These three things are not always inherently bound. Nevertheless, in the United States, wealth can buy you healthcare which in turn can greatly increase your chances for better health. The desire for health and wellbeing is something we all share as people. However, healthcare disparity exists not only in developing countries, but also in the US where many remain uninsured or under insured, meaning that some are one health incident away from financial ruin. Disparity typically falls along socio-economic divides where people with less resources, people of color or different orientation are disproportionately impacted.
There is ample evidence that harnessing healthcare data improves outcomes and lowers cost of care. There is near universal agreement that making healthcare data more integrated and interoperable improves outcomes and lowers cost; And, consequently, could make healthcare more accessible, more affordable and more inclusive to a larger population. A major challenge is that much of healthcare data is disconnected and in data silos, even for just one patient. There’s a system for electronic medical records (EMR), another for drugs, another for labs and so on. Now, every system and device is online; yet healthcare data becomes ever more fragmented and disconnected with every new system and device.
Technology exists today to address the problem of disconnected data. Technology is, however, agnostic and is only one pillar needed to make quality healthcare more available. This is where DataTech For Good can help as it recognizes the need for more than just technology to address complex and nuanced problems. In addition to technology, we also need to address data governance, especially privacy and security, as well as empowering end users and companies to make healthcare more inclusive.
Let’s talk first about enabling technologies. For example, my own company, emTRUTH, recognizes that healthcare data always has been and always will be from many systems (e.g., EMR, radiology images, etc.) and from many places (e.g., primary doctor, lab tests, insurance, drugs, smart watch, etc.), because they serve different purposes and functions in the spectrum of caring for you, as one individual. emTRUTH advanced blockchain and AI technologies embrace that data is distributed and in many forms. We also believe that people should own and control their own data which blockchain as a peer-to-peer technology is well suited to support. With our technology, data integration and interoperability is achieved in days, not month; All with one API; Without IT intervention; While offering the best in data protection and privacy; All at scale, performance and sustainability that crypto-currency blockchains cannot do today. This makes healthcare data more accessible to many who currently cannot afford the very expensive approaches commonly used today.
Another enabling technology is AI, especially machine or deep learning on images like radiology, for predictive or identification use cases. There are many companies offering these solutions like PathAI, Enlitic or Zebra Medical Vision to name a few. As healthcare becomes more digital and enables use of technologies like AI, we need thoughtful process around data governance and unintended bias. One unintended bias is from the absence of more diverse data that skew some AI models. For example, facial recognition doesn’t work as well on people of color, because training data is not diverse enough. This same bias applies to healthcare when underlying data does not truly reflect patient populations. We also need more transparency and traceability to how these AI algorithms arrive at their findings to better understand if there is inherent bias in the data or flaws in the training. What this means is that there is a need for data about the data (e.g., metadata), including full traceability back to data used in training or assumptions made, if any, on which features to train on. Metadata addresses what’s in it, what’s been done to it, where does it come from and how it has been handled. Trusting in results from these models means instilling trust in data used and mechanics of these underlying models.
Data Privacy and Security
Data security and privacy is central to almost every industry and person in our increasingly digital world and this is especially true for healthcare where data is highly sensitive and regulated. In the US, the Health Insurance Portability and Accountability Act (HIPAA) is one such regulation. Many use HIPAA as a shield to prevent data sharing. Some because they truly cannot ensure data privacy and protection. Some because their financial rewards are not aligned with data sharing or collaboration.
There are many best practices addressing data security, including encryption at rest and in transit. Some standards and guidelines to leverage for the best data protection and security beyond HIPAA and General Data Protection Regulation (GDPR) requirements include NIST 800 for Controlled Unclassified Information (CUI) and DoD Cloud Computing Security Requirements Guide. When using cloud services, selecting the right cloud provider is also important. IBM HyperProtect and AWS GovCloud are examples of more secure cloud services. Be aware that data security is not a onetime thing, but a continuous and holistic approach, because threats are ever evolving. Healthcare is a prime target, because of the enormous impact should this data be breached or compromised. Financial impact is measured not only in operational downtime for a critical business, but also in liability when patient data is compromised.
Data privacy also requires vigilance. Many healthcare organizations are hesitant to send data to a third party that could aggregate and monetize this data without consent. Use of your data is often buried in the fine print of terms and conditions that span many pages of legal, but not easy to understand, words. We see this often in consumer services, for example, that rely on advertising, selling of your data or selling data about you as their primary revenue model. In a true patient-centric model, people own and control their own data, including consent for different uses. Patients, for example, can grant custodial rights to their providers who can update a patient’s healthcare data on their behalf. Should a patient want to change providers, they can revoke custodial rights to their healthcare data from the old provider and grant it to the new one. Once we remove barriers from the mechanics of data integration and interoperability, focus should be on data governance. A part of data governance should be adoption of a patient’s bill of rights that supports patient-centric data usage and practices. Even better is a broad coalition of organizations and companies supporting and adopting a common patient’s bill of rights.
Empowering End Users and Companies
What does empowering end users and companies mean in healthcare? In an ideal world, perhaps it means everyone is incentivized to provide the best quality healthcare at the lowest possible costs for everyone, not just for some. This is a noble goal, yet a daunting challenge. What are some practical approaches that can be accomplished now? Because the US health system is for profit and mostly based on fee for service, we can use data and technology to enable new financial and contractual models that incentivize all parties (e.g., patient, provider, payers, pharma, etc.) to adopt practices and behaviors that make quality healthcare more inclusive and affordable. One innovative approach is by a fellow cohort, Zenda.la, who have a freemium level of service for healthcare in Latin America. Perhaps this model could also work in the US? Another practical approach is by some health insurance companies who are including in their contracts, with in network care providers, risk/reward sharing of patient outcomes based on treatment of a condition (e.g., broken hand) rather than discrete, separate, unrelated fee for services (e.g., x-rays, diagnosis, surgery, blood tests, rehab). This type of integrated healthcare is key to realizing value-based care, especially for chronic and expensive to treat diseases like diabetes and cancer.
We believe in Data Tech for Good, because it is a coalition of people, not just technology, working toward more inclusive solutions. Technology, as an enabler, is an important component in a strategy for making quality healthcare affordable and available to more people than it does today. In addition to technology, there are other facets to consider, because ultimately, healthcare is about people.
Wishing each of you health, wealth and happiness!
About the Author
Irene Woerner is CEO and Co-Founder of emTRUTH. Irene and Ron (CTO and Co-Founder) chose to focus their foundational technologies in healthcare, because of the meaningful impact it can have in improving outcomes while managing costs. emTRUTH was a member of the IBM Hyper Protect Accelerator's third cohort.