Panel: Big data’s role in healthcare remains unclear

Big data is an enigma when it comes to healthcare, as described by a panel on Wednesday at the third annual Health Privacy Summit in Washington, D.C., hosted by Patient Privacy Rights. On one hand, according to Deloitte principal Deborah Golden, there are infinite positive possibilities for big data use, such as improving patient safety via openly available medication information.

On the other hand, according to Harvard professor Latanya Sweeney, big data also represents big privacy issues.

“A lot of our problems come from giving data away,” Sweeney said.

Much of the conversation focused on those problems, particularly as they related to data being used without patient consent–or knowledge that they gave consent.

“In the U.S., we tend to take a sector-specific approach to privacy regulation,” David Jacobs, an attorney with the Electronic Privacy Information Center, said. “We’re nowhere near where we should be as far as consumer access to their own medical information to find out where it does and to exercise control over it.”

States’ Hospital Data for Sale Puts Privacy in Jeopardy

Before speaking at the 3rd Annual Summit on the Future of Health Privacy, Jordan Robertson did extensive research with Latanya Sweeney, PhD and team to expose a nationwide privacy problem. MANY states are selling de-identified hospital records, which can be easily re-identified by using your local newspaper. Using other publicly available information makes re-identification even easier.

From Jordan Robertson’s article in Bloomberg News: States’ Hospital Data for Sale Puts Privacy in Jeopardy

Hospitals in the U.S. pledge to keep a patient’s health background confidential. Yet states from Washington to New York are putting privacy at risk by selling records that can be used to link a person’s identity to medical conditions using public information.

Consider Ray Boylston, who went into diabetic shock while riding his motorcycle in rural Washington in 2011. He careened off the road and was thrown into the woods, an accident that was covered only briefly, in the local newspaper. Boylston disclosed his medical condition and history to a handful of loved ones and the hospital that treated him.

After Boylston’s discharge, Washington collected the paperwork of his week-long stay from Providence Sacred Heart Medical Center in Spokane and added it to a database of 650,000 hospitalizations for 2011 available for sale to researchers, companies and other members of the public. The data was supposed to remain anonymous. Yet because of state exemption from federal regulations governing discharge information, Boylston could be identified and his medical background exposed using only publicly available information.

Putting Health IT on the Path to Success

“The promise of health information technology (HIT) is comprehensive electronic patient records when and where needed, leading to improved quality of care at reduced cost. However, physician experience and other available evidence suggest that this promise is largely unfulfilled.

Comprehensive records require more than having every physician and hospital use an electronic health record (EHR) system. There must also be an effective, efficient, and trustworthy mechanism for health information exchange (HIE) to aggregate each patient’s scattered records into a complete whole when needed. This mechanism must also be accurate and reliable, protect patient privacy, and ensure that medical record access is transparent and accountable to patients.”

*Subscription needed to see full article.

Harvard’s Data Privacy Lab Launching HRB

We are proud that one of our Board of Directors of Patient Privacy Rights, Latanya Sweeney, PhD, is leading this major project that puts patients in control of the collection and use of sensitive personal health information in a very secure ‘health bank’. No information can be disclosed without the patient’s informed consent.

Link to Harvard’s Data Privacy Lab
Link to Article in Healthcare IT News

Health banks can enable health information to exchange data for treatment and other uses WHEN patients say so, instead of the way today’s electronic systems operate: millions of employees of “covered entities” like hospitals and hospital chains, clinics, doctor’s offices, health plans, and health clearinghouses decide when to use, sell, or disclose patients’ health information for a myriad of reasons without obtaining informed patient consent or giving advance notice.

Today, Americans have no idea which parts of their sensitive personal health data is being disclosed to whom or for what purposes. Moving to a health banking system would put patients back in charge of records, not corporate and government users, or researchers.

PPR is working with Professor Sweeney and her lab on a complementary project to map where health data flows. Patients cannot weigh the risks of using electronic health systems without knowing where their data goes and who is using it. Professor Sweeney will unveil the PPR/Harvard Data Privacy Lab Health Data Map on June 6th in DC at the 2nd International Summit on the Future of Health Privacy. Registration to attend or watch via live-streamed video is free.

Re: Data Privacy, Put to the Test

Great story in the NY Times about the fact that patients’ rights to health privacy are being violated by the sale of prescription records. It quotes three of the big stars who will be speaking June 13th at the First Summit on the Future of Health Privacy: Chris Calabrese, Latanya Sweeney, and Lee Tien. See

See the full story: Data Privacy, Put to the Test

Latanya Sweeney Briefs Congress

See Latanya Sweeney’s Written Testimony

Latanya Sweeney’s riveting testimony April 22nd at a roundtable discussion on the “Implementation of Health Information Technologies in a Healthcare Environment” was highly praised by Representative Patrick Kennedy, a co-host of the event.  The briefing hosted by Representatives Patrick Kennedy and Tim Murphy was sponsored by the Capitol Hill “Steering Committee on Tele-health and Healthcare Informatics” and the Institute for e-Health Policy.

From Professor Sweeney’s testimony:

  • Secondary use of protected health information (PHI) by Business Associates is “unbounded, widespread, hidden, and difficult to trace.”
  • Implementing EHRs that meet ‘Meaningful Use’ criteria will “increase data sharing, but adding the NHIN will massively increase data sharing.”
  • There are significant defects in the two National Health Information Network models which are supposed to link all Americans’ health information online that HHS plans to implement.
  • The proposed NHIN models aren’t capable of exchanging enough needed health data (i.e., do not have enough “utility”) nor do they permit patients to have any control access sensitive health data by the millions of “Covered entities” and their employees who will use the NHIN (i.e., do not offer enough “privacy”).

In other words, the NHIN solutions currently on the table give Americans the worst of both worlds: no privacy at all (patient control over personal health information) and the inability to exchange all the health information we need for clinical and other uses.

After she spoke, Representative Kennedy commented:

  • “Your role is very, very significant.”
  • “If the issues you just raised aren’t addressed, then everything else is meaningless. Without trust we will have the most difficult implementation with consumers.”
  • “You went into specific examples and anecdotes that [show how the NHIN models] could blow the whole thing up. It doesn’t take political sensitivity to understand what the reaction from the public will be.”

We applaud Professor Sweeney for pointing out the serious technical problems with the NHIN proposals AND proposing the solution: risk analysis of all technical systems for exchanging health data. We applaud Congressman Kennedy’s wisdom in seeking Professor Sweeney’s response to plans for the NHIN.

Dr. Sweeney recommended that ALL proposals for exchanging health information be subjected to risk analysis, so HHS and the public can compare the proposals ‘apples-to-apples’ and so the specific flaws/defects of each approach can be addressed in advance.

We agree with her. We need to know what we’re getting into before we build poor systems that will exponentially increase the theft, misuse, and exposure of Americans’ sensitive health information, from prescription records to DNA, to millions more strangers across the globe.

Professor Sweeney has been trying to get the national HIT Policy and Standards Committees to face the consequences of choosing from the various technology strategies for health information exchange, always making the obvious point that different systems pose different threats to privacy. The threats and strategies to mitigate them should be dealt with before anything is built.

Patient Privacy Rights fully supports Professor Sweeney’s recommendations. The Administration and Congress should make sure that we build the right NHIN and the right HIT systems. We have only one chance to build a trusted health system. Once public trust is lost, it is very difficult to restore.

See Latanya Sweeney’s Written Testimony