An Overview of Data Privacy in Healthcare in the Current Age
Reinaldo Padilha Franga, Ana Carolina Borges Monteiro, Rangel Arthur and Yuzo lano
Healthcare big data refers to collecting, analysing and leveraging consumer, patient, physical and clinical data that are too vast or complex to be understood by traditional means of data processing. Instead, big data are often processed by machine learning algorithms and data scientists. The importance of big data in health is immense, but it is not only about the amount of data that an institution has, but what each one extracts from them .
The concept of big data refers to the daily generation of a huge and very diverse amount of data, which can no longer be analysed only by humans. These data reach institutions through numerous sources, such as social networks, public and private information banks and internal files, among others .
The rise of healthcare big data comes in response to the digitization of healthcare information and the rise of value-based care, which has encouraged the industry to use data analytics to make strategic business decisions. Faced with the challenges of healthcare data such as volume, velocity, variety and veracity, health systems need to adopt technology capable of collecting, storing and analysing this information to produce actionable insights. In the case of health, the main providers of information today are applications and devices for monitoring personal activities, electronic medical records, exams and online reports sent remotely and digital files provided by healthcare institutions, such as clinics, among others .
Examples of what is generated and what can be captured in the health area are personal data regarding personal document identification number, gender, name, date of birth, affiliation, place of residence; clinical data regarding risk habits, diagnoses, medications taken, vaccinations, allergies; exam data for image exams, electrocardiogram, electroencephalography, blood tests, oximetry and spirometry, among others; and data on procedures such as hospitalizations, interventions received, surgeries and length of stay in the ICU, among others .
Institutions must guarantee data protection through firewalls and access controls, and encourage a culture of security in the company, among other actions. The exchange of information online between supplier and pickup systems also needs end- to-end encryption, in addition to anonymizing data before making it public, which concerns the ability for IT professionals to filter, for example, removing information that can identify patients, but leaving clinical information. In this sense, using big data in health requires security. Privacy and information security are even more delicate factors when it comes to medical records about patients .
Therefore, this chapter aims to provide an updated overview of the privacy of medical data, showing its successful relationship with other technologies, with a bibliographic background, refining and sharpening the potential of applied technology in health.
Data Privacy Relevance and Healthcare Need
Technologies applied to health are essential for the provision of care to patients, based on observance of the relevance of certain information to public health and the need to identify the bearer of that information; in a way all this digital innovation presents digital risks [6, 7].
If these threats are not properly managed, they result in disruptions to healthcare operations, costly data breaches and damage to patients. In this regard, the management of digital certificates should be discussed concerning the security of data on the medical care of patients due to other security priorities, based on the legal premise related to the protection of life and the physical safety of third parties. What to do with this aspect should be considered to make data publicly accessible through clear identification of interest [6, 7].
Through digital signature using cryptographic methods, digital certificates and critical metadata belonging to an electronic signature, a “fingerprint” of the data is created, guaranteeing the authenticity of the patient’s data, and thereby reaching higher levels of privacy of these data, providing responsibility, the confidentiality of the data and avoiding undue tampering [8-10].
Still reflecting on the technological aspects of digital signatures, encryption and authentication, and electronic signatures offer health and medical care institutions valid and manageable digital certificates. This impacts data protection and privacy, given the growing significant concern regarding the use of personal data in the health area and its privacy [8-10].
In the same sense as dealing with digital privacy in the age of current technology, it is essential to understand and know the fate of data in the world outside the domain of an individual, whether they are users or even specifically patients. This is combined with the premise that health and medical care institutions are responsible for what they do regarding patient data, and the patients also need to have greater digital responsibility for what is their property, i.e., data and personal digital information [8-10].
The circumstance and opportunity that the digital age offers and provides, open up several possibilities for the handling of patients’ personal digital information, ranging from new types of treatment to even concerning new forms of disease dignity. However, it is necessary and important that a protocol is followed, in order to avoid violation of the fundamental rights of patients, which, in general, is present in the general data protection laws, specific to each country [11, 12].
Based on the understanding that medical data are sensitive, it is necessary to review the use and manipulation of data, since situations such as the protection of life, health and sometimes the public interest provide a legal basis for this treatment. From the premise on the use of patients’ data, the logic of the individualization of modern society is related, be it in behaviour change, in the digital aspect and even related to the creation of laws on the protection of personal data .
The perspective of forming codes that can guarantee public rights in data “transactions” must be established, and in the opposite direction of the premise of exchanging digital privacy for connection as a way for users to be connected easily and dynamically. The use of personal data, as in a health environment, concerning the patient, is linked to the logic of individualization of being, which also relates to the individual right to exist (an exclusive right as a natural person), concerning their personal information such as name, identity or identification document [14, 15].
It is necessary to understand what data are being collected, processed and becoming intelligence for the whole society, just as there must be a separation between the crucial information for public health, which must be preserved and managed, and the personal information of each patient, which must be processed anonymously, considering a legal basis for the treatment of these medical data, even without the patient's consent document [14, 15].
Digital privacy is an ethical perspective of data privacy. The general data laws, exclusive to each country, make it mandatory to share data essential to the identification of infected people between public administration bodies and entities, with the sole purpose of preventing spread in the case of a pandemic (such as COVID-19). However, in this respect, it is important to understand where the data go and how they converge in this larger system, concerning digital privacy, since in addition to the dissemination of information to the private sector keeping the data public and up-to-date, it is necessary to safeguard the right to confidential personal information. Classifying that it is in the public interest means, however, that the personal data can be disclosed, as long as they are anonymized [14-16].
The e-Health Benefits of Data Sharing
The impacts of digital transformation on health include understanding how professionals in the field and patients are affected, concerning the benefits justifying investment in digital technology, both from a digital and a human point of view, since the use of digital devices as a more active tool in medical treatment generates financial savings and health costs, opening the possibility for more people to have access to quality healthcare .
The technology innovation in health presents a universe of possibilities, which impact the way in which the ability to provide the best possible treatments through data sharing is seen. These range from genetic studies, cancer and chronic disease records, even substance abuse, and population health management, still assessing the character of large-scale analyses, epidemiology and disease tracking, to interoperability for routine emergency patient care .
In addition to clinical and patient-oriented use cases, data exchange is essential to ensure that best practices can be shared between healthcare organizations. As diagnostic conditions improve, inevitably, patients will also feel the positive impact on waiting times in medical care lines, access to reliable diagnostics coupled with care and prevention that increase patient safety, and access to surgery, among many other aspects. However, a greater commitment to data protection and privacy is valid, so that incidents of internal or cyber threats, such as ransomware attacks, can be avoided .
Promoting the sharing of health information can help with incident reporting and potentially prevent future cybersecurity incidents from occurring. This is allied to the digital technological revolution in health in the use of digital solutions for the diagnosis and treatment of patients with various types of diseases, directly reflecting on cost control and patient care .