By Bruce Stanley
Dire news stories appear daily describing how Big Data is overtaking industries, economies and even individual lives. I believe the real dilemma is the ownership of “Little Data,” that is, data that belongs to individuals and is one of the essential building blocks of Big Data.
The issue of patient medical data ownership and how, when, and where to protect it has been around for quite some time. In the past, most patients trusted their clinicians to provide sufficient security to ensure that little harm could come to their (paper) files/data. There was a free exchange and acceptability of risk by the patients. They accepted the equation “use my data = my treatment.” That was the end of the story.
Only recently, with the advent of accelerated technology and problems associated with it, have greater concerns been raised. Examples include misaligned EHRs, miscoding, ICD-10 delays, insurance mismatches and treatment delays and refusals, federal incentives for quickly moving to electronic media, innovative technologies using personal data, identity theft and vendor credentialing.
Today, simple questions, such as “WHAT is the data?” and “WHO owns it?” aren’t so simple anymore, and the risks are higher than ever.
Who’s worried?
Has technology created the risky world of patient data corruption, or is patient data technology a victim of bad processes and handling? Many of us remember when lists of college grades were posted with social security numbers instead of students’ names in an effort to protect their identity. Some states even resorted to using social security numbers as driver license ID numbers.
In the past, if you were lucky enough to get hold of your hardcopy patient file, you probably couldn’t read the clinician’s handwriting anyway. Patients believed their records were stored securely in each practitioner’s office.
But concerns are mounting, given various personal data compromises like social security numbers and passwords, large data breaches, encryption struggles between the government and technology providers, and for vendors, credentialing concerns. Over time, patients have become aware that personal medical data is becoming much more susceptible to potential criminal activity.
What’s more, innovators and venture capitalists would love to have free access to patient data. Entrepreneurs see it as a way to innovate and thus help control costs and improve care while building new platforms for innovative science. It’s hard to disagree with their posture.
But patient data needs to be guarded, just as we protect our personal investment accounts or as a company protects its intellectual property. It’s a valuable asset. As investors and as healthcare recipients, we release certain data under strict regulations against fraud and abuse to better our investment/treatment and to support the larger market.
Power to the patients
The answer of ownership appears easy. It belongs to the patients to do as they see fit. Our dilemma is that the healthcare system is not yet sophisticated enough so that patients can make good choices on how or when to share their medical data. Often they are thrust into data decision-making mode when they are most vulnerable. In the future, patient data advocates may be needed to assist patients and caretakers in the decision-making process.
Concerns about the security of patient data don’t appear to be age-related. Students in my MBA class have told me they aren’t worried about their medical data. They like having access to it at their fingertips on a hand-held device. But I also hear many seniors say they appreciate being able to read their lab test results on a patient portal and to see their physician’s comments online.
There are many thoughts on who owns what and who is responsible for which data. Recently, I heard of a patient receiving an email from their physician prescribing serious treatment for a disease that the patient did not have. In fact, the email was meant for another patient. How embarrassing and potentially serious is this? That patient may now have this miscommunication in their permanent record unless its technological trail is fully redacted.
It’s quite possible that there are many owners of the specific data that comprises a complete patient data file. If the premise is that patients own their records, do they really own the prescribed treatments and the doctor’s comments?
Lastly, some argue that we need personal healthcare data to drive more innovation and without that, it slows the entire system and processes down. Others believe that technology and the potential benefits from innovation far outweigh the concern of privacy of patient data records.
Business rules and common sense regulations that can be easily understood by patients, clinicians and entrepreneurs need to be in place before patients feel comfortable in sharing their data for any clinical or commercial purpose. In the end I say, protect my “Little Data.”
Bruce Stanley is a supply chain and contracting operations consultant with over 30 years in the healthcare industry, and an MBA adjunct professor teaching global supply chain, contracting and healthcare informatics and regulations. He is an advisory board member at SiftWisdom, an on-demand healthcare learning and engagement platform. He served as senior director, contracting operations, for Becton Dickinson and is a former chairman of the AdvaMed working group focused on vendor access-credentialing, and has collaborated with MassMedic and AdvaMed on legislative initiatives related to this topic. In 2011, he co-founded The Stanley East Consulting Group, in Ipswich, Mass., a global consulting practice specializing in supply chain, contracting, order fulfillment and project management for small and medium-sized companies, startups, and companies in transition or divestiture.