Healthcare providers handle an inordinate amount of sensitive data, and keeping it all under control must be a logistical nightmare. Enter big-data technology with the promise “this won’t hurt.” Besides being painless, big-data proponents claim improved patient care and reduced costs. And the reduced costs are substantial — according to a 2011 McKinsey report: “If US healthcare were to use big data creatively and effectively to drive efficiency and quality, the sector could create more than $300 billion in value every year.”

The “what if”

However, like any complex subject dealing with sensitive issues there’s always a “what if.” Those concerned about the rush to big-data technology agree the move will be beneficial. Their contention: the healthcare field is unlike any other industry, patient privacy and data security must supercede all other concerns. Having patient data stolen is significantly more serious than, for example, a filched credit-card number. The credit-card number can be replaced, not so with a patient’s health record.

Rather than get caught up in the debate, one organization, the Institute for Health Technology Transformation (iHT2), is working to bridge the chasm. In the paper Transforming Health Care Through Big Data, iHT2 looks at the challenges facing the merger of healthcare and big-data technology. (Note: The iHT2 report was written in 2013, but the issues cited by the paper are still relevant.)

The paper starts out by offering a high-level view of big data: “A report delivered to the U.S. Congress in August 2012 defines big data as a term that describes large volumes of high velocity, complex, and variable data that require advanced techniques and technologies to enable the capture, storage, distribution, management, and analysis of the information.”

Next the paper’s authors ask tough questions about big data with regards to healthcare. How will:

  • Healthcare organizations realize big data’s value for quality patient care?
  • The cost of healthcare be reduced by implementing big-data technology?
  • Patient data be shared across organizations?
  • Patient healthcare records be secured?

Significant challenges

From the questions, one understands what healthcare providers are up against. “Health-care providers face significant challenges in implementing analytics, business intelligence tools, and data warehousing, as well as an overarching general reluctance among organizations to share their data,” mentions the report. The authors go on to describe each obstacle:

  • Industry Readiness: While banking and retail sectors are well along in leveraging big-data technologies, healthcare remains unprepared to handle the data onslaught.
  • Data Usability/Trustworthiness: Two major issues: most clinical data is stored in an “unstructured” format, making it difficult to access for effective analytics.
  • Data Fragmentation: Among labs, hospital systems, financial IT systems, and electronic health records (EHRs), fragmentation is a significant obstacle to merging into a unified database system.
  • Architectural and Infrastructure Issues: Legacy systems and their compatibility with new technologies remain an issue.
  • Health Information Ownership, Use, and Security: Who owns certain forms of health information, how and by whom can that information be used, and for what purposes?

The last bullet is of special concern to the report’s authors — in particular patient data that moves across the healthcare system. That information would include:

  • Personally identifiable information: Information that will link a patient to the data, currently the biggest threat.
  • Biometric and machine-to-machine data: For example: fingerprints, genetics, sensors, X-rays, and other medical imaging.
  • Clinical data: EHRs contain a wide range of patient-specific information, leakage and/or corruption of such information can cause irrevocable harm to one’s personal and professional life.
  • Financial data: The outsourcing of billing activities and increased internet and mobile involvement in healthcare create more avenues for potential data theft.
  • Behavioral data: Behavioral data is becoming the favorite of cyber thieves by allowing human-behavior patterns to be created, which are in demand among marketing companies.

Implementation strategies

To avoid the pitfalls addressed above, iHT2 offers the following suggestions (please refer to the report for iHT2’s entire strategy):

  • Implement a data governance framework: A structured framework for enterprise-wide data governance is the first and most critical priority.
  • Engage providers: Engaging providers is critical to removing resistance to new approaches of data collection and analysis.
  • Bake analytics into training: More institutions recognize that physicians and nurses need training to understand how big data tools add value to overall healthcare performance.
  • Provide for flexibility in information transference: Facilities must show a willingness to deliver data in multiple ways based on clinician preference and style.
  • Close the quality loop: Data analytics teams must work with quality improvement teams so analytics tools can be integrated into quality-improvement methodologies.

Who owns EHR data?

There is another conundrum needing everyone’s attention, one possibly more important than patient privacy or data security. Alison Diana writing for InformationWeek Healthcare wrote an interesting article Who Owns EHR Data? Diana asks, “The owners of electronic health records aren’t necessarily the patients. How much control should patients have?”

Here is a quote from the article: “Consumers don’t ‘own’ their health records any more than they own the vast troves of data that retailers, financial institutions, and government agencies collect about them,” according to Dr. Josh Landy, a physician and cofounder of Figure 1. “Instead of ownership, health-care professionals and patients should discuss electronic patient data in terms of stewardship.”

Is one to assume that patient-data collection signifies ownership? If so, two questions come to mind:

  • Is there some kind of contract giving healthcare providers ownership of patient data?
  • Does this mean healthcare providers can sell patient data the same way retailers sell customer information to third-party advertisers?

Diana ends the article with, “Consumers might generate their personal health data, but they don’t own their records. If we’re all to reap the benefits of that collective knowledge, it’s up to organizations that steward this data to protect it from those that seek to use it for illegal, unethical, or harmful purposes.”