Research, Big Data and Patient Privacy
The push is on to collect, test and analyze as much patient information we can to understand and tame COVID-19, which has more than 300,000 lives worldwide while paralyzing the world economy.
And yet, just a few months ago the health care industry was under fire because of reports that some large hospital chains have been providing millions of health records to tech giants tech giants including Amazon, Google and Microsoft. Many were outraged because these apparent gross violations of basic privacy were also completely legal. .
The pandemic may have many sidelined concerns about sharing health information but the medical community should not slouch back to business as usual. Instead the renewed focus on testing increases the urgency to create more transparent approaches for protecting patient privacy while conducting live-saving research.
Here’s why and here’s how.
It is broadly believed that feeding vast troves of patient information into blazingly fast super computers will enable researchers to see now veiled patterns and biological quirks, leading to wondrous treatments and cures.
While that enticing hypothesis remains unproven, there is little question that “Big Data” threatens patient privacy.
The Wall Street Journal’s article on January 20 that hospitals have been allowing tech companies “to access identifiable patient information” was one of a string of reports about the widespread practice of information sharing. More troubling, a study published earlier this year in the Journal of American Medicine found that despite efforts to anonymize personal information, it was relatively easy to re-identify patients in many cases.
The truth is we cannot guarantee patient privacy – in fact, we must weaken it by sharing that information with researchers to conducting crucial work.
This new landscape is complicated by the fact the landmark legislation designed to address patient privacy, the Health Insurance Portability and Accountability Act, was enacted a quarter century ago, before the rise of electronic health records, genome sequence and today’s supercomputers. It allows hospitals to share patient data with consent in part because its authors assumed such transfers would involve individual patient care, not on such a massive scale. As a result, there are currently no agreed upon “best practice” guidelines to follow.
In response, Michigan Medicine – the medical school and health system arm of the University of Michigan – has become one of the first academic medical centers in the country to create a formal process for reviewing proposed sharing of patient data and biospecimens with drug companies, tech firms and other outside entities.
As described in a new article in the New England Journal of Medicine, our guidelines reflect the belief that caregivers owe more to patients and their privacy than just to adhere to current, woefully inadequate law.
These reforms begin with informed consent, which goes far beyond the typical process. Every request for data is reviewed by our Human Data and Biospecimen Release Committee, which now meets twice a month. Comprised of faculty and staff representing the broad range of clinical, research, legal, ethical, conflict of interest, technical, and industry partnership, this Committee makes decisions that support research innovation while adhering to overarching ethical principles.
The balance between life-saving discovery and patient privacy is a difficult one.
Big data is changing medicine in untold ways. What it should never alter is the confidence of patients that their safety and protection come first. We must be transparent about how we are using their data – even if not required by law - as well as the nature of financial transactions between institutions and corporations.
We have never been better positioned to use big data to solve big health problems, like those caused by COVID-19. But the temptation has never been greater to take shortcuts around patient data to vie for huge federal grants or to develop and monetize intellectual property.
Our patients need to know what is happening with their data and how they are protected. This is a trust too important to risk.
Marschall S. Runge, MD, PhD, is Executive Vice President for Medical Affairs and Dean of the Medical School for the University of Michigan. He serves on the Board of Directors for Eli Lilly and Company.