Frontiers of Health Data Privacy: A RightsCon Discussion

On July 27, 2020, during RightsCon Online 2020, I had the pleasure to have a conversation with Megan Doerr, Principal Scientist for  Governance from Sage Bionetworks, and Teresa Patraquim da Conceição, Head of the Privacy Team  (International) from Novartis on data governance and health data privacy amid the rapid digital transitions of healthcare. Rachele Hendricks-Sturrup, the Health Policy Counsel for the Future of Privacy Forum mediated our panel, which covered a variety of relevant and thought-provoking topics.

Our panel started by identifying the current environmental context: The rapid digital transformation of healthcare around the world means that health data is collected 24/7 using the same kinds of modern technologies in both traditional health and “recreational” contexts (e.g. wearables, health apps, [direct-to-consumer] genetic testing, etc.). Law, policy, and governance are playing a game of catch-up. This remarkable transformation – along with a growing exploration of big data, especially for commercial purposes – has also blurred the lines along a broadening patient-consumer spectrum of expectations of privacy and consent.

Our discussion explored various forms of potential data governance. I pointed out the necessity for schemes that allow for innovation while respecting core human rights. In this regard, also as pointed by the 2019 edition of Global Innovation Index, data sharing accelerates biomedical discovery, creates opportunities for greater research yield, and contributes to the process of solidifying scientific consensus. Open data systems especially yield competitive value, as researchers aim to minimize the transaction cost of acquiring representative, accurate, and ultimately useful data, while also respecting the privacy wishes of data subjects. 

On a related note, Megan Doerr commented that “robust local, regional, and national datasets and repositories hold promise to help researchers better understand disease onset and progression, and ultimately use that data to model or formulate interventions that might improve health care services and lower health care expenditures”.  As these data sets are aggregated, data controllers should attend not only to data quality and other standard metrics of usability, but also their availability and freedoms, as Mangravite and Wilbanks highlighted in a recent perspective on data management and sharing, This availability-freedom axis exists within the patient-consumer spectrum, which includes each individual’s approach to privacy.

Teresa Patraquim da Conceição reminded us of cybersecurity issues, commenting that “it is important to note that there is no failsafe technical mechanism that guarantees privacy or anonymity. As technology advances, so too do hackers. Yet troves of private data, both traditional and non-traditional, are needed to solve our biggest health challenges. Thus, regulations must protect people from stigmatic or discriminatory use of their data.”. Furthermore, data must be collected from all areas of society to actively work against the digital divide: data is not helpful unless it is representative.

All in all, the panel raised a variety of thought-provoking questions about the new and rapidly evolving frontiers of health data privacy in the age of COVID-19. You can read our short report here.