There are various patient confidentiality laws on the books in the US. The idea behind them is to give patients the confidence of confiding in their physicians without the information leaking and their privacy being compromised. This develops a bond between doctors and patients and allows patients to get treatment with confidence.
Hampering big data
On the other hand, this isn't great news for big data analytics. Big data can be used to analyze patient procedures, habits, and other aspects of their medical lives for the benefit of medicine. Without patient confidentiality laws on the books, it may appear that a lot of data is incomplete or cannot be used for the benefit of the field as a whole.
According to the American Medical Association, “a physician may not disclose any medical information revealed by a patient or discovered by a physician in connection with the treatment of a patient.”
What does the Hippocratic Oath
mean for big data gathering?
This means that it isn't just private information about patient habits that is protected by the confidentiality laws. It is any medical information the patient discloses to the physician while he or she is being treated. Big data analytics could benefit from having this information available so treatments can be improved and new symptoms caught early.
The value of complete records
Data processing and analysis should be as complete as possible for the best results so the data can be used in the field. However, with these laws in place, general patient and health information is used for analytics -- rather than specific pool groups of actual patients on a massive scale. Doctors may disclose trends they see, but analytics can't tap into the vast resources of the patient record databases.
Data laws in US healthcare
In the US, there are two current laws that probably pose the biggest obstacle to effective big data analytics in healthcare. They are the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.
HIPAA protects the privacy of individually identifiable health information. It comes with a security rule that sets national standards for securing electronic data and patient records. It also comes with a patient safety rule that protects patient identity and information used to analyze patient safety events.
The HITECH Act expands on the HIPAA law and modernizes it. The act deals with the protection of health records and the electronic use of health information by various institutions.
Because of these laws, health records often cannot be used in a way that would allow big data to really help the medical field. A solution to not being able to use massive patient pools for data collection and information from any source is using volunteers. These volunteer pools of patients can disclose information for the benefit of big data analytics. However, big data deals on a massive scale, and the patient confidentiality laws make data collecting and analysis on such a scale very difficult.
Opting in
Another idea is for the acts to be amended so that patients can be given the option of having their data be used for analytics every time they see their physicians. Disclosure agreement forms could be given every time patients visit their clinics or when they sign up for new clinics. Most patients would probably have nothing against electronic records being used for research as long as personal information like their names would be left out.
The good news is that the data collection, and often even data mining, is already completed and saved in electronic form. The electronic records exist, despite all of these laws and protections. It may take some convincing for the laws to be bent so that cures and other benefits to the field as a whole can take place. Stem cell research proves that the government does care about research despite controversy, so analytics may have a strong future in the healthcare industry despite these handicaps.
The other good news is that despite patient data being protected, data related to the field of healthcare is often available for analytics on a massive scale. Data about diseases, physicians, hospitals, treatments, and more is available for use.
Strong opposition
However, the fact remains that there is a lot of strong opposition to allowing companies or institutions to analyze patient data. I found a paper by Nicolas Terry called "Protecting Patient Privacy in the Age of Big Data" (registration required) showing just some of the arguments against big data analytics from patient records and advocation of patient privacy. It argues that big data analytics is a huge threat to patient privacy.
The abstract alone is worth reading as it mentions some of the solutions that exist in this field to big data analytics:
The very concept of health sector specific regulation is flawed because health related or medically inflected data frequently circulates outside of the traditionally recognized health care sector.
As you see, patient information and data is often still available to tap into -- just in forms other than health records. It may be harder to find it for analytics to take place, but it still may circulate outside of the healthcare records. This may be another solution to overcoming these laws: Finding the information from patients through other sources or records.
Responsible public policy
The abstract also mentions the value in using big data from patient records for analytics, but the author thinks it should be done by request:
There is great value in patient information that could be extracted and used by responsible medical and public health researchers. Responsible public policy suggests that researchers should be able to request that information from patients.
Big data, on the other hand, relies on massive scales of data so tracking down pools of patients after they were treated will probably not be as effective as analyzing data live.
These laws will make effective big data analytics more difficult, but they are needed for the patient-doctor trust to exist and patients being comfortable in going to the doctor without worrying about their privacy being leaked. A woman may get pregnant, for instance, and she may not want her family to find out right away. These acts are designed to protect her.
According to Stanford Law Review, “Information regarding individuals’ health, location, electricity use, and online activity is exposed to scrutiny, raising concerns about profiling, discrimination, exclusion, and loss of control.”
This is a huge concern, and there needs to be a balance between privacy protection laws and research to take place to improve the medical field as a whole.
Related posts:
— Mike Lata, Freelance Writer
Tweet This
