From Commercialization to Accountability: Responsible Health Data Collection, Use, and Disclosure for the 21st Century

 

 Permissions and Reprints

Introduction

Proposed initiatives in the U.S. that require sharing of clinical health information and facilitate easier access to that information through open, standard digital interfaces raise risks that sensitive information may be shared more broadly outside of legal protections for health data and may be more readily commercialized, in addition to existing commercialization of health data by health care institutions allowed by federal privacy laws. Is commercialization truly health data's “boogeyman” or is the problem the sharing of health data without sufficient protections against harm or inappropriate use? Can privacy risks be mitigated while still enabling value to be gleaned through more widespread sharing of health information? In this editorial, we argue that the focus should not be on whether the entity is or is not currently covered by federal health privacy laws, or whether the data are or are not “commercialized.” Instead, U.S. policies and practices should encourage (or outright require) (1) responsible use of data to improve health and health care, (2) greater transparency to and participation by patients and consumers, and (3) controls to minimize harm to individuals and populations.

Authors' Contributions

D.M. and C.P. wrote the first draft and revised the manuscript.

Protection of Human and Animal Subjects

This work involved no humans or animals, and so was not subject to institutional review board oversight.

• References

• 1 United States Congress. Health Information Technology (HITECH Act). United States Congress; 2009 . Available at: https://www.healthit.gov/sites/default/files/hitech_act_excerpt_from_arra_with_index.pdf . Accessed February 16, 2020
  PubMed
• 2 Sheikh A, Sood HS, Bates DW. Leveraging health information technology to achieve the “triple aim” of healthcare reform. J Am Med Inform Assoc 2015; 22 (04) 849-856
  CrossrefPubMedSearch in Google Scholar
• 3 Lehmann CU, Kressly S, Hart WWC, Johnson KB, Frisse ME. Barriers to pediatric information exchange. Pediatrics 2017; 139 (05) e20162653
  CrossrefPubMedSearch in Google Scholar
• 4 Office of the National Coordinator for Health Information Technology. Report on Health Information Blocking. Department of Health and Human Services; 2015 . Available at: https://www.healthit.gov/sites/default/files/reports/info_blocking_040915.pdf . Accessed February 16, 2020
  PubMed
• 5 United States Congress. Public Law 114–255. United States Congress; 2016 . Available at: https://www.congress.gov/114/plaws/publ255/PLAW-114publ255.pdf . Accessed February 16, 2020
  PubMed
• 6 Department of Health and Human Services. 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program. Department of Health and Human Services; 2019 . Available at: https://www.healthit.gov/sites/default/files/cures/2020-03/ONC_Cures_Act_Final_Rule_03092020.pdf . Accessed March 24, 2020
  PubMed
• 7 Department of Health and Human Services. Medicare and Medicaid Programs; Patient Protection and Affordable Care Act; Interoperability and Patient Access for Medicare Advantage Organization and Medicaid Managed Care Plans, State Medicaid Agencies, CHIP Agencies and CHIP Managed Care Entities, Issuers of Qualified Health Plans in the Federally-Facilitated Exchanges and Health Care Providers. Department of Health and Human Services; 2019 . Available at: https://www.cms.gov/files/document/cms-9115-f.pdf . Accessed March 24, 2020
  PubMed
• 8 Office for Civil Rights. OCR Settles First Case in HIPAA Right of Access Initiative. Department of Health and Human Services; 2019 . Available at: https://www.hhs.gov/about/news/2019/09/09/ocr-settles-first-case-hipaa-right-access-initiative.html . Accessed February 16, 2020
  PubMed
• 9 Kent J. . AMA calls for more data privacy in proposed health IT rules. Health IT Analytics; 2019 . Available at: https://healthitanalytics.com/news/ama-calls-for-more-data-privacy-in-proposed-health-it-rules . Accessed February 16, 2020
  PubMed
• 10 Farr C. . Epic's CEO is urging hospital customers to oppose rules that would make it easier to share medical info. CNBC; 2020 . Available at: https://www.cnbc.com/2020/01/22/epic-ceo-sends-letter-urging-hospitals-to-oppose-hhs-data-sharing-rule.html . Accessed February 16, 2020
  PubMed
• 11 Department of Health and Human Services. Covered Entities and Business Associates. Department of Health and Human Services; 2017 . Available at: https://www.hhs.gov/hipaa/for-professionals/covered-entities/index.html . Accessed February 16, 2020
  PubMed
• 12 Petersen C, Lehmann CU. Social media in health care: time for transparent privacy policies and consent for data use and disclosure. Appl Clin Inform 2018; 9 (04) 856-859
  Thieme ConnectPubMedSearch in Google Scholar
• 13 Huckvale K, Torous J, Larsen ME. Assessment of the data sharing and privacy practices of smartphone apps for depression and smoking cessation. JAMA Netw Open 2019; 2 (04) e192542
  CrossrefPubMedSearch in Google Scholar
• 14 Grundy Q, Chiu K, Held F, Continella A, Bero L, Holz R. Data sharing practices of medicines related apps and the mobile ecosystem: traffic, content, and network analysis. BMJ 2019; 364: l920
  PubMedSearch in Google Scholar
• 15 ForbrukerRådet. Out of Control: How Consumers Are Exploited by the Online Advertising Industry. Available at: https://fil.forbrukerradet.no/wp-content/uploads/2020/01/2020-01-14-out-of-control-final-version.pdf . Accessed March 22, 2020
  PubMed
• 16 Trotter F, Harlow D, Patient A. , et al. FTC Complaint: Multiple Ongoing Patient Privacy Breaches in the Facebook PHR (Groups Product). 2018 . Available at: https://missingconsent.org/downloads/SicGRL_FTC_Compliant.pdf . Accessed February 16, 2020
  PubMed
• 17 Davis J. . Facebook accused of exposing user health data in complaint to FTC. Health IT Security; 2019 . Available at: https://healthitsecurity.com/news/facebook-accused-of-exposing-user-health-data-in-ftc-complaint . Accessed February 16, 2020
  PubMed
• 18 Zuboff S. . ‘Surveillance capitalism’ has gone rogue. We must curb its excesses. Washington Post; 2019 . Available at: https://www.washingtonpost.com/opinions/surveillance-capitalism-has-gone-rogue-we-must-curb-its-excesses/2019/01/24/be463f48-1ffa-11e9-9145-3f74070bbdb9_story.html . Accessed February 16, 2020
  PubMed
• 19 Hartzog W. . Privacy's Blueprint: The Battle to Control the Design of New Technologies. Cambridge, MA: Harvard University Press; 2018
• 20 Japsen B. . Mayo Clinic, Google partner on digital health analytics. Forbes; 2019 . Available at: https://www.forbes.com/sites/brucejapsen/2019/09/10/mayo-clinic-google-partner-on-digital-health-analytics/#5320766a36e7 . Accessed February 16, 2020
  PubMed
• 21 Farr C. . Microsoft joins hospital chain Providence to build ‘hospital of the future’. CNBC; 2019 . Available at: https://www.cnbc.com/2019/07/09/microsoft-and-providence-medical-building-hospital-of-the-future.html . Accessed February 16, 2020
  PubMed
• 22 Thorne J. . Microsoft lands another healthcare partnership, this time with Humana to take care of aging seniors. GeekWire; 2019 . Available at: https://www.geekwire.com/2019/microsoft-lands-another-healthcare-partnership-time-humana-take-care-aging-seniors/ . Accessed February 16, 2020
  PubMed
• 23 Dorsch A. . The intrusion of big tech into healthcare threatens patients' rights. The Health Care Blog; 2019 . Available at: https://thehealthcareblog.com/blog/2019/12/24/the-intrusion-of-big-tech-into-healthcare-threatens-patients-rights/ . Accessed February 16, 2020
  PubMed
• 24 Wehrwein P. . HHS investigating Google, Ascension's ‘Project Nightingale’ for HIPAA violations. Managed Care; 2019 . Available at: https://www.managedcaremag.com/dailynews/20191113/hhs-investigating-google-ascensions-project-nightingale-hipaa-violations . Accessed February 16, 2020
  PubMed
• 25 Solove DJ, Hartzog W. The FTC and the new common law of privacy. Columbia Law Rev 2011; 114 (03) 583-676
  PubMedSearch in Google Scholar
• 26 Olen H. . Why Facebook's $5 billion settlement with the FTC won't change a thing. Washington Post; 2019 . Available at: https://www.washingtonpost.com/opinions/2019/07/25/why-facebooks-billion-settlement-with-ftc-wont-change-thing/ . Accessed February 16, 2020
  PubMed
• 27 Rich J. . Give the F.T.C. some teeth to guard our privacy. The New York Times; 2019 . Available at: https://www.nytimes.com/2019/08/12/opinion/ftc-privacy-congress.html . Accessed February 16, 2020
  PubMed
• 28 Propes A. . Privacy & FTC rulemaking authority: a historical context. iab; 2018 . Available at: https://www.iab.com/news/privacy-ftc-rulemaking-authority-a-historical-context/ . Accessed March 22, 2020
  PubMed
• 29 State of California Department of Justice. California Consumer Privacy Act (CCPA). State of California Department of Justice; 2018 . Available at: https://oag.ca.gov/privacy/ccpa . Accessed February 16, 2020
  PubMed
• 30 Kuraitis V, McGraw D. . For your radar – huge implications for healthcare in pending privacy legislation. The Health Care Blog; 2020 . Available at: https://thehealthcareblog.com/blog/2019/02/20/for-your-radar-huge-implications-for-healthcare-in-pending-privacy-legislation/ . Accessed February 16, 2020
  PubMed
• 31 American Medical Association. Letter. American Medical Association; 2019 . Available at: https://searchusan.ama-assn.org/undefined/documentDownload?uri=%2Funstructured%2Fbinary%2Fletter%2FLETTERS%2F2019-5-31-Letter-to-Dr-Rucker-re-ONC-NPRM-Comments.pdf . Accessed February 16, 2020
  PubMed
• 32 Jason C. . Epic leads almost 60 health systems against interoperability rule. EHR Intelligence; 2020 . Available at: https://ehrintelligence.com/news/epic-leads-almost-60-health-systems-against-interoperability-rule . Accessed February 16, 2020
  PubMed
• 33 Office for Civil Rights. HIPPA Administrative Simplification Regulation Text: 45 CFR Parts 160, 162, and 164 (Unofficial Version, as amended through March 26, 2013). Department of Health and Human Services; 2013 . Available at: https://www.hhs.gov/sites/default/files/hipaa-simplification-201303.pdf . Accessed February 16, 2020
  PubMed
• 34 McGraw D. Building public trust in uses of Health Insurance Portability and Accountability Act de-identified data. J Am Med Inform Assoc 2013; 20 (01) 29-34
  CrossrefPubMedSearch in Google Scholar
• 35 Arndt RZ. . How third parties harvest health data from providers, payers and pharmacies. Modern Healthcare; 2018 . Available at: https://www.modernhealthcare.com/article/20180407/NEWS/180409938/how-third-parties-harvest-health-data-from-providers-payers-and-pharmacies . Accessed February 16, 2020
  PubMed
• 36 Tanner A. Our Bodies, Our Data: How Companies Make Billions Selling our Medical Records. Boston: Beacon Press; 2017
  Search in Google Scholar
• 37 Department of Health and Human Services. May a Health Information Organization (HIO), Acting As a Business Associate of a HIPAA Covered Entity, De-identify Information and Then Use It For Its Own Purposes? Department of Health and Human Services; 2008 . Available at: https://www.hhs.gov/hipaa/for-professionals/faq/544/may-a-health-information-organization-de-identify-information/index.html . Accessed March 22, 2020
  PubMed
• 38 Quora. What is Practice Fusion's business model? Quora.com; 2015 . Available at: https://www.quora.com/What-is-Practice-Fusions-business-model . Accessed February 16, 2020
  PubMed
• 39 HIMSS TV. How Health 2.0 Launch! Winner is tapping the value of supply chain data. MobiHealthNews; 2019 . Available at: https://www.mobihealthnews.com/video/how-health-20-launch-winner-tapping-value-supply-chain-data . Accessed February 16, 2020
  PubMed
• 40 Court of Common Pleas of Alleghany County. Pennsylvania. Civil Action: Jane Doe I and Jane Doe II, on behalf of themselves and all others similarly situated v. UPMC. 2020 . Available at: https://higherlogicdownload.s3-external-1.amazonaws.com/AMIA/UPMC%20Jane%20Doe%20Privacy%20Complaint.pdf?AWSAccessKeyId=AKIAVRDO7IEREB57R7MT&Expires=1581928998&Signature=ezkWpx2OhfxuxXg7p7GufzHe4sg%3D . Accessed February 16, 2020
  PubMed
• 41 Wakabayashi D. . Google and the University of Chicago are sued over data sharing. The New York Times; 2019 . Available at: https://www.nytimes.com/2019/06/26/technology/google-university-chicago-data-sharing-lawsuit.html . Accessed February 16, 2020
  PubMed
• 42 Thomas K, Ornstein C. . Memorial Sloan Kettering's season of turmoil. The New York Times; 2018 . Available at: https://www.nytimes.com/2018/12/31/health/memorial-sloan-kettering-conflicts.html?searchResultPosition=1 . Accessed February 16, 2020
  PubMed
• 43 Office of the Inspector General. The Majority of Providers Reviewed Used Medicare Part D Eligibility Verification Transactions for Potentially Inappropriate Purposes. Department of Health and Human Services. Available at: https://oig.hhs.gov/oas/reports/region5/51700020.pdf . Accessed February 16, 2020
  PubMed
• 44 Dimick C. No harm done? Assessing risk of harm under the federal breach notification rule. J AHIMA 2010; 81 (08) 20-25
  PubMedSearch in Google Scholar
• 45 Institute of Medicine. Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research. Institute of Medicine; 2009 . Available at: https://www.nap.edu/catalog/12458/beyond-the-hipaa-privacy-rule-enhancing-privacy-improving-health-through . Accessed March 22, 2020
  PubMed
• 46 Tene O, Polonetsky J. A theory of creepy: technology, privacy, and shifting social norms. Yale J Law Technol 2014; 16 (01) 59-102
  PubMedSearch in Google Scholar
• 47 McGraw D, Dempsey JX, Harris L, Goldman J. Privacy as an enabler, not an impediment: building trust into health information exchange. Health Aff (Millwood) 2009; 28 (02) 416-427
  CrossrefPubMedSearch in Google Scholar
• 48 California Health Care Foundation. Americans Have Acute Concerns about the Privacy of Personal Health Information. California Health Care Foundation; 2005 . Available at: https://www.chcf.org/press-release/americans-have-acute-concerns-about-the-privacy-of-personal-health-information/ . Accessed March 22, 2020
  PubMed
• 49 Cohen JK. . Black, older patients less likely to use hospital patient portals. Modern Healthcare; 2019 . Available at: https://www.modernhealthcare.com/information-technology/black-older-patients-less-likely-use-hospital-patient-portals . Accessed March 22, 2020
  PubMed
• 50 Caulfield T, Ogbogu U. The commercialization of university-based research: balancing risks and benefits. BMC Med Ethics 2015; 16 (01) 70
  CrossrefPubMedSearch in Google Scholar
• 51 Wachter RM, Cassel CK. Sharing health care data with digital giants: overcoming obstacles and reaping benefits while protecting patients. JAMA 2020;
  CrossrefPubMedSearch in Google Scholar
• 52 Savage L. . Why we must remember where informed consent comes from. IAPP; 2018 . Available at: https://iapp.org/news/a/why-we-must-remember-where-informed-consent-comes-from/ . Accessed March 22, 2020
  PubMed
• 53 Nissenbaum H. A contextual approach to privacy online. Daedalus 2015; 140 (04) 32-48
  PubMedSearch in Google Scholar
• 54 Spencer K, Sanders C, Whitley EA, Lund D, Kaye J, Dixon WG. Patient perspectives on sharing anonymized personal health data using a digital system for dynamic consent and research feedback: a qualitative study. J Med Internet Res 2016; 18 (04) e66
  CrossrefPubMedSearch in Google Scholar
• 55 Baker DB, Kaye J, Terry SF. Governance through privacy, fairness, and respect for individuals. EGEMS (Wash DC) 2016; 4 (02) 1207
  PubMedSearch in Google Scholar
• 56 Information Commissioner's Office. Right to Erasure. Information Commissioner's Office; [No date]. Available at: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/ . Accessed March 22, 2020
  PubMed
• 57 Parasidis E, Pike E, McGraw D. A Belmont Report for health data. N Engl J Med 2019; 380 (16) 1493-1495
  CrossrefPubMedSearch in Google Scholar
• 58 Bechtel C, Ricciardi L, deBronkart D, Quinlan C, Cryer D. . Why aren't more patients electronically accessing their medical records (yet)? Health Aff (Millwood) blog January 13, 2020 . Available at: https://www.healthaffairs.org/do/10.1377/hblog20200108.82072/full/ . Accessed April 16, 2020
  PubMed
• 59 van Roessel I, Reumann M, Brand A. Potentials and challenges of the health data cooperative model. Public Health Genomics 2017; 20 (06) 321-331
  CrossrefPubMedSearch in Google Scholar
• 60 Hafen E, Kossmann D, Brand A. Health data cooperatives - citizen empowerment. Methods Inf Med 2014; 53 (02) 82-86
  Thieme ConnectPubMedSearch in Google Scholar
• 61 NICE Citizens Council. What Ethical and Practical Issues Need to Be Considered in the Use of Anonymised Information Derived from Personal Care Records as Part of the Evaluation of treatments and Delivery of Care? NICE Citizens Council; 2015 . Available at: https://www.ncbi.nlm.nih.gov/books/NBK401705/pdf/Bookshelf_NBK401705.pdf . Accessed March 22, 2020
  PubMed
• 62 Stack B. . Here's how much your personal information is selling for on the Dark Web. Experian Blog; 2017 . Available at: https://www.experian.com/blogs/ask-experian/heres-how-much-your-personal-information-is-selling-for-on-the-dark-web/ . Accessed March 22, 2020
  PubMed
• 63 Petersen C. Patient informaticians: Turning patient voice into patient action. JAMIA Open 2018; 1 (02) 130-135
  CrossrefPubMedSearch in Google Scholar
• 64 Petersen C, Austin RR, Backonja U. , et al. Citizen science to further precision medicine: from vision to implementation. JAMIA Open 2019;
  CrossrefPubMedSearch in Google Scholar
• 65 Borda A, Gray K, Fu Y. Research data management in health and biomedical citizen science: practices and prospects. JAMIA Open 2019;
  CrossrefPubMedSearch in Google Scholar
• 66 Singh K, Meyer SR, Westfall JM. Consumer-facing data, information, and tools: self-management of health in the digital age. Health Aff (Millwood) 2019; 38 (03) 352-358
  CrossrefPubMedSearch in Google Scholar