Balancing Privacy and Access to Health Information in the Age of Big Data

Europeans enjoy “the right to be forgotten,” which is enshrined in a series of laws designed to protect citizens’ personal information and identity. While perhaps not as robust, the U.S. also has laws and protocols to protect our information, most notably around health data. While protecting our right to be forgotten is important, there are many legitimate uses for health data outside our immediate care. Healthcare organizations face demand for data in order to solve some of the industry’s most challenging problems, including research around improving healthcare outcomes and cutting unnecessary costs. Is it possible to strike a balance between the right to privacy and the need to access data? There are benefits in doing so, including more effective drug therapies for serious diseases and more efficient ways to manage costs so that more people have access to better healthcare.

The answer to the question about balancing competing needs is a resounding yes. Medical innovation and advances in data science improve our ability to treat patients. Big Data in healthcare has exploded. As more and more data is linked from EHRs, physicians’ notes, health insurance records, medical devices and beyond, this data can offer insight into better and most efficient ways to deliver care. This is a new era for healthcare - but we need to have the right tools and mindsets to take advantage of it.

For almost a decade, health data has been used to help researchers solve medical puzzles while adhering strictly to the principle of protecting the privacy of individual patients. By using risk-based de-identification, health organizations have been able to minimize privacy concerns when sharing protected health information (PHI) for secondary use.

Anonymous data?

Organizations in possession of protected health information (PHI) have a legal obligation to protect identities. Failure to do so can result in penalties, legal action, and damage to their reputation.  Individuals are immediately identifiable through the direct identifiers found in health data – names, social security, or email addresses. However, these are not used for research. Individuals can be readily re-identified by combining indirect identifiers, items such as date of birth, profession, diagnosis or zip code. Indirect identifiers can be problematic because while they are useful for analysis, in combination, they can make a person knowable.  Precautions must be taken to minimize the risk around these identifiers while still allowing granularity needed for insight.

Legally, HIPAA has specified two standards for the de-identification of health information. The first, Safe Harbor, specifies 18 data elements that must be removed or altered to make patients anonymous. This rules-based approach is easy to implement but limits how the data can be used. For instance, Safe Harbor indicates that dates be reduced to the year. When looking at efficacy of treatments and progression of diseases, this change renders the data meaningless.

The second way of protecting patient privacy lies in the Expert Determination Method, or Statistical Method. This method requires an expert, familiar with the principles of de-identification and techniques, examines the data and determines risk by taking into consideration the sensitivity of the data, context for its release, and the controls in place.   

Expert Determination provides a more specific and granular method for assessing risk and de-identifying health data.  It not only protects individual privacy but also ensures that the value of the data remains high. Use of this methodology has traditionally been inaccessible for many organizations due to lack of training, expertise and time needed to apply it.  

What does industry say?

Not only does this methodology optimize data privacy and use, it is also recommended by leading industry groups. Developed in collaboration with healthcare, information security, and de-identification professionals, the HITRUST De-identification Framework provides a consistent, managed methodology for the de-identification of data built on the Expert Determination method. This framework is used for the sharing of compliance and risk information among healthcare entities and their key stakeholders. Use of Expert Determination is supported by the Institute of Medicine, PhUSE, the Council of Canadian Academies, as well as the EU General Data Protection Regulation.

Change over the horizon

Overly rigid de-identification in the name of privacy can seem counter-intuitive. By balancing use and privacy with better techniques – such as a risk-based approach – health data organization can ensure they are minimizing the risk but not the rewards around data sharing. While Expert Determination is not the main form of de-identification being used today, already there is a shift towards it. There are now commercially available tools that operationalize this methodology. New training courses to build a pool of experts in this methodology – like those offered by HITRUST – are also available now through a collaboration with Privacy Analytics, a provider of de-identification solutions.

There is growing demand for better data for research and analytics in healthcare. By using the Expert Determination method of de-identification, healthcare organizations are able to provide a viable solution in response to this demand.

Sam Wehbe is Director of Marketing for Privacy Analytics