With the recent upheavals of civil liberties in the US, particularly the deterioration of our rights to privacy and our rights to be free from unreasonable searches, I have been thinking about what this means to us in this digital age. I am concerned about all manner of data related to details about our health - specifically, the intentional and unintentional inadequacies of data and privacy protection by companies, and the web and mobile apps that process this information.
Consumers have an expectation of privacy for their protected health data. This is true whether the data is expected to be accessed by organizations via health apps (such as electronic medical records by care providers or claims by insurance) or meant for individual use only (such as menstruation/ovulation tracking or mental health wellness apps.)
Yet there is no universally adopted Patient Bill of Rights, and current variations do not explicitly include anything about control and usage of your data or data about you.
Rightly so, consumers are increasingly more aware and distrustful of how digital tools, especially health-related tools, use their data. People should not fear having their data being weaponized and used in ways contrary to their beliefs or infringe on their privacy or personal health decisions.
What, then, can healthcare companies do with their data platforms and practices to build trust in the data and trust in the process?
Building trust in the data and trust in the process is foundational to emTRUTH’s mission. We believe that people should own and control their own data, especially in healthcare. We've created our company and our solutions to empower just that, including the ability to share the right data, with the right people, at the right time. All with clear consent.
Here are four achievable ways to build trust.
1. Protecting the data from unwanted access: Enable each individual to own and control their own data, including the ability to grant or rescind custodial rights to a trusted person who can update or share data on their behalf.
At emTRUTH, for example, we capture patient data in encrypted blockchains, and these blockchains are created under patient ownership. Much like how domain names are created under their respective owners. Each patient can share or rescind sharing of their data. Patient consent for usage is also immutably part of their data in blockchain tied to specific data combinations (e.g., your current conditions and medications you take) or expressions (e.g., anonymized for use as part of population health or for clinical trials) of that data. Because data is encrypted and patients hold the key, organizations do not bear the liability or burden of exposing protected health data, even under subpoena, in a sea of conflicting and often ill-defined legislation that differs state by state.
2. Designing for privacy and security: Privacy and security should be considered holistically and designed into every layer of a solution and approach, including data governance policy.
At emTRUTH, for example, not only is data protected and encrypted at more granular levels in blockchain, but even our QR codes are encrypted and have security embedded in each code. Furthermore, access to this data represented by a QR code is permissioned. Data is contextual, and one size does not fit all. For example, your primary care provider should see what medications you take, your mailman should not.
3. Strengthening and fortifying anonymization practices: Basic to building trust is never sharing patient data without consent. When sharing data for purposes like training AI models for trends in population health or selection for clinical trials, there should be deliberate action to better anonymize patient data. Data sharing, of electronic medical records as an example, should not be all or nothing. What is shared, who it is shared with, how it can be used, and how long it can be used should be aligned with the purpose, or the why, this data is being shared.
With emTRUTH, for example, different blockchains that contain only anonymized data can be shared with people authorized for access. Even emTRUTH logs are immutably captured in blockchain, so there is a clear audit and accountability trail.
4. Improving communication around data practices: The who, what, when, where, and why of data should be described in easy-to-understand language. Not buried in the fine print. Not obfuscated by complex legalese. The complexities and chaos created by different state-by-state abortion legislation, for example, necessitates that companies be clear about a patient’s personal data. This is not only the right thing to do, but it also manages liability exposure.
With recent decisions by the supreme court regarding Roe vs Wade, the legal landscape is shifting, and there will be intended and unintended consequences. The mad scramble to try and protect what have been considered rights in the US, like access to contraception and interracial marriage, highlights the uncertainty and likely dire consequences, especially for people without the means or resources for personal choice.
While emTRUTH can help with data management improvements, including privacy and data protection, my hope is that healthcare companies will, more importantly, give thoughtful process to their current data platforms and practices, and distinguish themselves with consumers by responding in ways that inspire trust.