Healthcare Data Privacy: Who’s Doing It Right?
By Dr. George Mathew, CMO
Ever hit ‘Accept’ on the Terms & Conditions of a newly downloaded app, skipped the fine print, and scrolled all the way down to move ahead? It’s a likely scenario, but now we’re facing the reality of what we may have agreed to. Up until recently, most of us fell for this standard practice, something the tech industry counted on and benefited from: gathering personal data from mobile devices and well beyond the app. What they did not account for was the consumer distrust of this sneaky behavior, developing very protective boundaries around the use of their private information, once becoming informed.
For example, Apple recently updated its privacy label to clearly reveal how data is obtained, giving the consumer a choice. At that time, a reported 95% of all Meta (formerly known as Facebook) users with an iPhone iOS opted not to share their data*. Social media platforms could expect a hit to their revenues and could see people start to leave the platform as a compromise of their non-health data privacy breeds mistrust.
Healthcare industry is no different, but there’s time to correct the pattern
Healthcare systems and payers are using consent forms in the same way and with a similar purpose, having patients sign away their rights to their data, and not fully explaining the multitude of secondary data sales (from operational improvements to clinical research) that they may have unknowingly agreed to share.
As this becomes more apparent, if healthcare systems do not get out in front of this they risk consumers questioning the intent of their care teams and the security of their personal information. They can easily say, “if I pay for my services at the hospital, I expect that only the provider and I will access my data for my personal care. When did I agree to having my data re-used and re-sold?”
Legally in almost all states, healthcare systems actually do own the data that they collect – though this is not apparent to many patients. Neither are the long-term repercussions if that data is ransomed, stolen, or used to make more expensive healthcare products or services that might be out of their price range.
Healthcare systems and organizations have a vital opportunity to rebuild trust with their consumers by embracing privacy by consent and being transparent with the use of their data.
Consumer as a Partner: Two-way trust system
The opportunity is ripe for building consumer engagement around creating transparent methods of information gathering. Safely, securely, and in most recent cases, virtually, consumer engagement can be the differential consent-based business model that can harness user trust through reciprocal data sharing and rewards for participation.
So, who is doing this right? One of the best examples of a privacy-based consent approach is the All of Us Research Program, led by the National Institutes of Health, with support from Scripps Research Translational Institute, where Dedalus has been conducting ongoing customer service with participants.
With a unique and intimate view into this two-way engagement approach, it’s clear that consumer trust can be gained when there’s unwavering privacy in this current environment and they’re positioned as a key stakeholder.
While stating ambitious goals of recruiting one million or more participants, the most notable part of the program is that it was designed around privacy and security, to build trust with communities, especially those who have been underrepresented in biomedical research, including racial and ethnic minorities, LGBTQ+ people, residents of rural areas, and other groups. As a trusted partner, Dedalus developed and maintains an ongoing FISMA Moderate security posture. In other words, Dedalus operates under an extensive set of security controls while engaging with participants and when collecting their healthcare data.
Positioning participants as active partners, helping to guide efforts and decide how their data will be used for research, is only going to lead to more trust, discovery and interest in their wellbeing in the long term.
The All of Us Research Program to date, has engaged more than 400,000 participants in sharing their data, and is the first of any program that provides information back to the participant, if interested, as a benefit of their participation. The participant is also made aware of the outcomes their data has served, developing a true partnership when the reciprocation is valued on both sides and utilized for the greater good of our future generations.
About Dr. George Mathew, CMO
George Mathew, M.D. M.B.A, F.A.C.P. is the Chief Medical Officer for Dedalus Group, North America, and serves as the clinical informaticist, expert and healthcare thought leader to our customers in the transforming healthcare marketplace of payer, provider, life sciences and federal, state and local government healthcare businesses.
His experience includes consulting, technology development, and business development work at GE, Goldman, Sachs and Co., WebMD, Pfizer, Medidata Solutions, and Aetna/CVS. Dr. Mathew brings a strong technology innovation focus to this role having founded a healthcare technology start-up earlier in his career and continues to advise several healthcare IT startups through the Health 2.0-NYC community.
George is based in the greater New York City area and continues to practice medicine as a hospitalist.