The secondary use of data has many benefits: making healthcare more cost and time effective, expanding knowledge about disease and treatments, and supporting public health goals, like detecting emerging pandemics, to name just a few.
At the same time, the widespread use of healthcare data raises important ethical questions. Medical data is being used and shared in ways patients had not imagined.
In today’s digital information age, the health data analytics industry knits together comprehensive profiles of individuals’ health information. The linking of disparate, aggregated data sets is common in the US and allowable under HIPAA. By linking aggregate data, patient profiles are created from traditional sources like health records systems (i.e. diagnostic codes), with additional sources such as prescription or insurer reimbursement data.
This means de-identified data, when cross-matched with other sets of public or proprietary data, can become identifiable. A person can be re-identified with just gender, month or year of birth and the first three digits of their zip code. When genomic data is included within the healthcare data, there are limited means to fully de-identify genomic data.
Partly because of its focus on genomics, BC Platforms’ advocates engaging patients in Real World Data (RWD) research and seeking their consent to share data. BC Platforms does this, not just because it is ethically sound, but because full data privacy can guide and facilitate widespread collaboration and speed up treatments. Our Global Data Partner Network is based on the premise of patients willing to share their data to support medical research.
This post is about why and how patient engagement facilitates data access on a global level within a secure framework.
Why Healthcare Entities Sell Data
In the United States, de-identified healthcare data can be sold to third party entities not explicitly covered by the regulatory framework — Health Insurance Portability and Accountability Act (HIPAA). While HIPAA requires de-identification of data, once it moves out into the market it is linked with other data for the predictive analytics that companies crave.
Selling de-identified healthcare data is accessible revenue for healthcare entities, and they would often do so without patient engagement or opt in / opt out clauses in sharing. Niko Hurskainen, CTO at BC Platforms, says “We need to transparently discuss with patients how we would like to use their data, why it matters for the health of others and how we protect data privacy, security and oversight. People are inherently altruistic and this is amplified in patients experiencing life changing medical conditions. There is a deep desire to give back and help others. This is the conversation healthcare entities need to generate and engage to power RWD research.”
He believes health systems have to think about patient engagement differently. Because of the requirements of GDPR, an accepted global gold standard in data privacy and security, healthcare organizations in the EU have gained patient consent for RWD research. EU patients choosing to participate in RWD research can see how their data is being used and are able to withdraw consent at any time. This foundation builds trust and transparency. Because patient consent is provided, RWD researchers benefit from having a depth of understanding of a patient’s health journey and outcomes from their condition, which is far more impactful than the limited de-identified data.
Says Hurskainen, “The more real world data drug developers have at their disposal, the faster they can discover new medications to treat unmet medical needs. With combined genomic and longitudinal clinical data, drug developers can quickly learn about what makes some patients recover and others not. The insights gained from RWD can save years from the R&D process.”
The Rationale for Patient Engagement
More regulation in the US is inevitable due to growing patient concerns. There are a wide array of new rules and legislation: CMS and ONC’s voluminous proposed rules on interoperability, data blocking and patient access, Europe’s General Data Protection Regulation (GDPR), and the California Consumer Privacy Act.
One of the key differentiators of BC Platforms is that it works under the strictest framework—GDPR- to meet global data privacy and security requirements. BC Platforms’ Data Partners recognize the commitment to data privacy and this trust allows BC Platforms to engage new partners and scale RWD access globally.
Says Hurskainen, “The industry is moving in the direction of direct patient engagement, transparency in data usage and well-designed data security measures. Given the depth of RWD insights required by drug developers, it is imperative we engage patients in the discussion on data usage.”
Says Hurskainen, “If [companies] want to have real world data and do public and private collaborations and research, it starts with getting the patient’s permission. That opens the door for important research and findings that can benefit all.”