25 Years Of Health IT: A Complicated Journey

Big data is good for medical science, but potentially risky for the patient. By amassing and analyzing massive quantities of digital information from multiple sources, including an emerging class of wearable devices and smartphone apps, medical professionals will be well equipped to solve major health problems and warn people of emerging threats like the Ebola virus.

That's the goal, anyway. But big data's role in healthcare may be hindered by government privacy regulations such the US Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, which regulate the security and disclosure of personal health information by health insurers, medical care providers, and other entities.

And then there's the question of data ownership: In a world of information-sharing wristbands, watches, phones, and sensors, who owns the health data generated by these devices?

These were just a few of the big-data topics debated Friday at the 8th annual Body Computing Conference at the University of Southern California (USC) in Los Angeles.

The event, which drew healthcare, legal, investment, and tech industry professionals from across the country, included a panel discussion titled "Big Data Privacy and Health." The three-member panel consisted of health law and life sciences attorney Jill Gordon, a partner in the law firm Nixon Peabody; Matt Hogan, CEO of DataCoup, a two-year-old startup that enables consumers to aggregate and sell their anonymous personal data; and Dr. Michelle Longmire, CEO of Medable, a development platform provider that enables health-tech companies to build HIPAA-compliant apps and services.

[Want to learn how doctors are using data to improve patients' health? See Healthcare & Data: Partners At Last.]

The session's hot topic: From a consumer's perspective, health data is by far the most personal of big data. So who owns it?

"It's one thing for me to have an interaction and sign a form in my doctor's office, or participate in a clinical trial," said Gordon.

But in a data-sharing environment, this old-school approach won't always work.

Smartphone apps, for instance, may store personal data in two or more places -- on the device itself and elsewhere in the cloud.

"It's really complicated," said Hogan. "Data can exist in two different places at once, and the legal framework in the US is set up to deal with physical goods... It's harder to do when I swipe that debit or credit card, and data exists with the merchant and data exists with me.

"It's logical that if I'm creating all this data and I'm the chief stakeholder, I should have a seat at the negotiating table with regards to what happens to that data. And, perhaps more importantly, be the chief beneficiary of that data."

Longmire pointed out that HIPAA compliancy is a complicated, multi-faceted process that may prove challenging to tech companies, including app developers.

"HIPAA is understood to be one big term, but the truth is it's use-case specific," she said.

Longmire added: "HIPAA-compliant storage is encrypted; it's in one siloed place. But the technology behind HIPAA-compliant applications is a far more complicated use case. You have two-factor authentication, device verification, [and] encryption on device in transit."

Might HIPAA and other privacy safeguards limit the potential benefits of big-data aggregation and analysis?

"There are a lot of protections around data, but there are also reasons why you can access data," said Gordon. "For example, if you have a public health issue, there are lots of exceptions for the government to access data."

In the Q&A after the main discussion, one audience member cautioned the panel that "alarmist tendencies" of privacy advocates may indeed hamper big data's healthcare promise.

Longmire responded: "I think the challenge... is actually meeting the good and diverting the harm, because... the sensitivity of the data cannot be understated."

The owners of electronic health records aren't necessarily the patients. How much control should they have? Get the new Who Owns Patient Data? issue of InformationWeek Healthcare today.