November 6, 2014
From genome-based therapeutics and diagnostics to pulse-monitoring smart watches, health data is transforming medicine.
But it is also alarming patients, who—aware of the recent cyber-attacks against Target, Home Depot, and JPMorgan that stole personal data from millions of people—are scared that their privacy will be invaded.
Our health data is our most personal asset. Why, in the midst of all of this, should we continue to share it?
Health Data in the Digital Era
First, the law: Health care privacy and security is governed by the Health Insurance Portability and Accountability Act (HIPAA), which limits disclosure of patient data and mandates secure storage and transmission of electronic records. Anybody who violates HIPAA faces civil and criminal penalties. So the law ensures that providers and health plans take steps to protect your health data and that you retain important rights over how it is used.
Today, de-identified data that you share is driving the most important advance in medicine: population-based data discoveries and tools to manage our health, wellness, and diseases.
The signs of digital medicine are everywhere: Four out of every five office-based physicians use electronic health records. The government is releasing new population health data. And the 85 percent of buyers of new handsets who are selecting smartphones will expect to access personal health data on their devices.
We know that health systems charged with keeping this data private have struggled. A cyber-attack this year on a Tennessee-based hospital system, for example, accessed the data of 4.5 million patients. A single hacker penetrated HealthCare.gov this summer. And the industry of collecting and selling personal health data keeps getting bigger.
These problems are real, and we have to solve for them. But they should not impede the advances in health care on the horizon. The next big breakthrough in medicine could develop because you shared your health information. All of us—patients, providers, and entrepreneurs—have a stake in making this happen.
The Patient Perspective
Patients should first understand just how much they benefit when providers and researchers can access their health data electronically in real-time. Your data helps your physician manage your health by providing ongoing, longitudinal, and integrated access to your information within and across providers. Pharmacists will have quick insight into all of the medications you are taking and how they interact, reducing the prescription errors that cause so much damage.
Moreover, population-based de-identified patient data has already produced advances against such diseases as obesity, diabetes, hypertension, and heart failure. Given that five percent of the U.S. population accounts for half of health care costs, population data lets researchers tackle the most vexing problems in medicine. By opting in and sharing your data, you promote the research breakthroughs that can one day improve your own health and help people who are suffering from similar health issues.
But patients have to watch out for the marketing and data brokerage firms that trade in health information and that, as the Federal Trade Commission noted, “operate with a fundamental lack of transparency.” Consider the purpose before you provide personal information to entities not covered by the HIPAA laws that apply to physicians and researchers. Patients should also check if the devices that they are using to track their health information are HIPAA-compliant. In this new era of the quantified self, ask first before uploading data from an unknown source.
The Provider Perspective
Providers today are using electronic tools to schedule appointments, receive ongoing patient metrics, customize treatments, and communicate via telemedicine. The tools, by improving access to patient data, save time, save money, and enable providers to deliver better care.
This matters because the world of fee-for-service is evaporating. In the new era of value-based care demonstrated by the rising number of Accountable Care Organizations (ACOs), these digital tools will be critical for your livelihood as a provider and you will want to embrace them.
But you also must institute advanced security protocols for the data that you use. While all hospital systems have general compliance functions, they need to prioritize these efforts. At Beth Israel Deaconess Medical Center, for example, officials encrypted devices, tightened access to cloud-based services, and strengthened network access controls after several data breaches.
Beyond the significant direct costs that arise from a breach, providers who want patients to continue to provide data for treatment and research must show that they will protect the data. Providers should teach patients how to protect their own data as well.
The Entrepreneurs’ Perspective
There has never been a better time to be an entrepreneur interested in changing health care through the use of digital technology and tools. We are even seeing patients and their parents taking steps themselves to improve the software and data capabilities of the medical technology that they use. But to be successful in this space, you need to know what you do not know.
In addition to HIPAA, entrepreneurs should know the evolving definition of what the Food and Drug Administration will regulate. Apps that are used for diagnosis or that provide a therapeutic recommendation may fall under FDA purview. But do not let these regulatory burdens intimidate you: our health care system needs your creative and altruistic instincts.
What you do need to do is respect the nature of the data, remembering that it’s not just data on the buying preferences of a consumer but data that can save a life. Apple, for example, has instituted new privacy and security requirements for health apps in its App Store even though HIPAA may not apply to user-generated data on mobile health apps. Empathize with consumers and earn their trust.
A New Age of Medicine
Until recently, as my colleague John Doerr observed, there was “more information technology in your average grocery store than in your doctor’s office.” Now, digital technology is here to stay.
But if we truly want to enable the breakthroughs and behavior changes that will transform our health, we must be willing to share our most personal asset: the data about our lifestyle, state of health, and disease.
The privacy laws are not perfect. No system is fail-safe. More breaches will happen. But let’s not let the perfect be the enemy of good. Big data will enable you to make better decisions and, at the population level, will lead to new insights, new discoveries, and better health for everyone.
Sharing your most personal asset may be the best decision of your life.