We are now, unquestionably, living in the age of big data. The vast amounts of traceable data generated daily can direct everything from digital transformation strategies to epidemiology. And nowhere is this more relevant than in healthcare, especially at a time where analysing COVID-19 data is crucial to tackling the global pandemic.
The amount of health data being generated is growing at a 48% rate annually. This year alone, an estimated 2,314 exabytes of healthcare data will be produced. Rapid technological advancements are creating new challenges in the industry when it comes to data privacy. But, at the same time, the opportunity to transform this mass of data into actionable insights could power the future of healthcare.
While public confidence in the collection and use of personal data has been tested by several high-profile data breaches, there are strong motivations to analyse individual patient data for secondary purposes. In research and drug development, for example, the use of large and highly relevant data sets can augment the findings of individual research projects and help to empirically prove concepts, emerging treatments and diagnostics. By enhancing healthcare delivery methods, society as a whole will benefit from healthcare professionals having the ability to predict epidemics, advance cures, and make patient stays in hospitals safer and more pleasant.
This is data science that saves lives, improves the health of the nation and provides a level of social care.
Yet healthcare is trapped in a unique double bind. If medical researchers are unable to extract analytical insights from data, then lives will unnecessarily be lost and quality of life will be needlessly diminished. At the same time, healthcare is bound by some of the most stringent data protection regulations. Clinicians who analyse patient data without detailed permissions risk major sanction, including loss of registration, as do their employers.
The lack of these permissions for historic data is in large part because the types of research now being conducted didn’t exist when the data was collected. Recent data regulations have further underscored the need for transparency and consent regarding the use of personal data. The unintended consequence is that valuable repositories of medical data are now out of reach to researchers who need it to conduct work that greatly benefits society at large, or even worse these datasets face deletion entirely.
In other words, the sector has the data to transform lives and healthcare – but is frequently unable to use it.
How to release the double bind?
The assurance of patient privacy is fundamental to healthcare, even where patients give permission for their information to be used. Many support the use of their data for research, but this is accompanied by the expectation that it will be used appropriately for specific purposes and is adequately protected. Therefore, personal health data is unlikely to ever be truly open. But the rewards for use of such data sets are so great, altruistic and universal that means must be found, especially as new avenues or fields of research will likely require analysing this data in new and unforeseen ways.
Finally, there is the future. Technology moves fast, and healthcare resources are precious. If providers are to invest in data-leveraging tech, they need to know it can cope with new approaches as they arise.
Genuine anonymization changes everything
If patient data is rendered truly anonymous, data protection regulations, such as the GDPR do not apply and organisations are no longer subject to limitations that apply to personal data. Provided the original data was lawfully collected, a healthcare organisation can use data from all their patients, not just those that consented to analytics being conducted. They can use the data for all types of research and the data is not subject to retention requirements. Truly anonymized data is also not subject to data subject rights such as access requests, the right to be forgotten and the right to object to processing. This delivers a comprehensive and stable analytics data universe that can provide longitudinal views essential for research programmes studying a particular area over a long period of time.
Effective anonymization provides the ability to access extensive, coherent and historic data that can be built upon each day without ever damaging patient trust. Achieving the right balance between the desire to maximize data analytics initiatives and the demand for protecting privacy requires a sophisticated approach. It is often an iterative process and requires cutting-edge technology and a deep appreciation of current data protection regulations.
No other option
Enormous transformations are taking place across the healthcare sector, but trust issues are not going away. With 60% of consumers revealing they are uneasy with companies using their personal data for analytics, the opportunity for anonymization is clear. Many healthcare professionals realise the huge benefits that data and data analytics can bring but they cannot yet access those benefits. But we must find a way to unlock those benefits. With an ageing population, greater medical understanding and increasingly sophisticated tech, the time has come for the sector to overcome current barriers while still assuring patient privacy. It’s time for clinicians to demand securely anonymized, historical and verified data sets that will let science and knowledge advance, while protecting the privacy rights of the people behind those data sets. This will be a win-win for society in general.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.