Privacy Workgroup Prepares ‘Big Data’ Recommendations

June 8, 2015
The Privacy and Security Workgroup of the Health IT Policy Committee is preparing a set of recommendations about how the Office of the National Coordinator for Health IT should approach “big data” issues.
The Privacy and Security Workgroup of the Health IT Policy Committee is preparing a set of recommendations about how the Office of the National Coordinator for Health IT should approach “big data” issues for both HIPAA-covered entities as well as for the marketplace outside the HIPAA sphere. 
At a June 8 meeting, Deven McGraw, a partner in the healthcare practice of Manatt, Phelps & Phillips, LLP and the workgroup’s chair, led a discussion of draft recommendations to identify gaps in law and regulation around issues including data de-identification and security as well as areas for further inquiry.
McGraw noted that outside the HIPAA-covered space, there is not a clearly defined right for patients to access data collected about them. She said there has been a debate with respect to medical devices, such as one patient who made a public argument that he had the right to access data from his pacemaker. The workgroup proposes to remind ONC that outside the HIPAA space, voluntarily adopted codes of conduct can be enforced by the Federal Trade Commission, and many of those codes are under development. 
During the meeting there was discussion of, but not agreement about, what it would mean to ask for greater transparency about the algorithms healthcare organizations use to make decisions about individuals and populations, and whether provisions of the Federal Credit Reporting Act could be applied to give consumers more access and help promote trust. Several committee members mentioned that the algorithms themselves could be accurate and valid, yet still be used for discriminating against specific populations or individuals. They also said there would be resistance to opening up proprietary analytics systems for inspection. 
“All of this rests on a presumption of data quality,” said Gil Kuperman, director of interoperability informatics at New York-Presbyterian Hospital. “If you have poor quality data, your model could be wrong. Or the model could be good, but if the input data is wrong, you get a poor prediction. To me the quality of the data is still a challenge around ‘big data’ approaches.”
McGraw admitted the workgroup has more questions than obvious answers and no consensus about areas of potential harm to consumers. She said there is a need for more inquiry to understand the scope of the issue and where there are gaps in legal protections. There was a general reluctance among workgroup members to suggest that Congress act, given its questionable track record legislating about complex health IT issues. 
The workgroup is drafting language to call on the HHS Office for Civil Rights to be a better “steward” of HIPAA de-identification standards and conduct ongoing review of the methodologies and policies and seek assistance from third-party experts, such as NIST. But it is still not clear how big a problem data re-identification is. Noting that the workgroup was not made aware of any HIPAA de-identified data set that has been re-identified, McGraw said, “It is never good to regulate a problem that doesn’t exist yet.”

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?