Big Data and the Impact on Healthcare
The big data revolution affects every industry, but few can gain more from better uses of data than the healthcare industry.
Big data highlights some of the information opportunities for healthcare. Big data provides more opportunities to analyze a wider variety of data, and to make connections based on facts that never before were possible. In the United States, for example, the White House—led Precision Medicine Initiative is trying to harness the power of big data as a means of successfully creating individualized approaches to medicine through creation of a massive database of more than 1 million patients.
Big data also highlights how “non-healthcare data” can be used for many healthcare purposes. We are seeing in big data how information not typically thought of as “health” information can be used for healthcare purposes. We’ve seen recent news stories discussing how:
- ? “You may soon get a call from your doctor if you’ve let your gym membership lapse, made a habit of picking up candy bars at the check-out counter or begin shopping at plus-sized stores.”9
- ? Health plan prediction models using consumer data from data brokers (e.g., income, marital status, number of cars), to predict emergency room use and urgent care.10
- ? Healthcare analytics companies can mine workers’ medical claims, pharmacy claims, and search queries to figure out if an employee is trying to conceive or is already pregnant.11
- ? Employee wellness firms and insurers are working with companies to mine data about the prescription drugs workers use, how they shop and even whether they vote, to predict their individual health needs and recommend treatments.12
These big data projects show both opportunity and potential for concern related to the healthcare industry and how it uses big data. The recent White House Report on Big Data13 indicated that:
- ? A significant finding of this report is that big data analytics have the potential to eclipse longstanding civil rights protections in how personal information is used in housing, credit, employment, health, education, and the marketplace.
- ? The privacy frameworks that currently cover information now used in healthcare may not be well suited to address these developments or facilitate the research that drives them.
At the same time, the report also noted that “Modernizing the health care data privacy framework will require careful negotiation between the many parties involved in delivering health care and insurance to Americans, but the potential economic and health benefits make it well worth the effort.”
Big data also highlights how much new “non-HIPAA” healthcare data is being collected by websites and other new technologies that gather and distribute healthcare information without the involvement of a covered entity, including a broad range of commercial and patient support websites, personal health records, mobile applications, and wearables. Many of these new technolo- gies—which can provide important benefits to both patients and the healthcare system—are outside the scope of HIPAA and potentially outside the scope of any current regulation. As former FTC Commissioner Julie Brill has noted,
Then the question becomes, though, if we do have a law that protects health information but only in certain contexts, and then the same type of information or something very close to it is flowing outside of those silos that were created a long time ago, what does that mean? Are we comfortable with it? And should we be breaking down the legal silos to better protect that same health information when it is generated elsewhere.14
These developments highlight the current gap in the legal structure for protecting healthcare privacy, based on the language and history of the HIPAA law itself, which focused on the “portability” of health insurance coverage and “administrative simplification” involving standardized transactions for certain core healthcare transactions (such as submission of a claim), rather than any specific principles about privacy.
For those organizations handling healthcare data outside of HIPAA’s reach, the FTC will attempt to fill in some of the enforcement gaps, but its ability to regulate data practices is limited by its current statutory authority to regulate only “unfair and deceptive” trade practices. Moreover, any efforts by the FTC to develop enforcement approaches for “non-HIPAA” healthcare data may lead to (1) continuing differentiation in healthcare data based on the originating source of the data (HIPAA rules for healthcare providers and health plans, some other principle for other entities). In addition, the current sectoral approach to privacy also creates real concerns as “big data” and increasingly sophisticated data analytics tools also lead to innovative uses of “non-healthcare data” (e.g., income levels, marital status, number of cars) as means of predicting health-related behavior.
All of these developments point in the same direction—more and more information is being gathered about the health of individuals and other data that may lead to judgments about the health of these individuals (and the broader possibility of more societal learning about health), and there is an increasingly complicated array of laws and practices that may provide better or worse protection for this information, depending on who is gathering and holding it. Under the current approach, particularly under U.S. law, there will continue to be differences in principle and practice based on these regulatory and legal quirks. We can expect to see continuing pressure—from a variety of interested audiences—to “fix” this existing problem and fill these regulatory gaps, but there currently is no consensus whatsoever on how best to do this.