Data is a hot currency within the clinical and pharmaceutical environment, especially data relating directly to patients with a specific illness or who are on a course of medicines. This raises data privacy concerns. Even when data is rendered anonymous, records can quite easily re-identify patients. For this reason, data privacy advocates stress the importance of ensuring the proper de-identification of patient records; whereas others argue that no data should be made available without informed consent. Such processes are important since many retail pharmacies sell prescription records to commercial data aggregators (who undertake analyses for pharmaceutical companies). With most of the data processed it is possible that patients can be re-identified from these data.
Even with the anonymization of data, there is a risk of a third party still gaining insights about specific people. This is a legal practice in many countries because the data ceases to be subject to data protection regulations. When such data is sold to third parties it can, at least in theory, be reverse engineered using machine learning to re-identify individuals, despite the application of anonymization techniques.
A further danger lurks with artificial intelligence. As AI advances, this has created new threats to the privacy of people’s health data, with laws and regulations not being anywhere near sufficient to keep an individual’s health status private in the face of AI development. For example, with smart devices it is possible to apply artificial intelligence to identify individuals by learning daily patterns in step data. These types of data are captured by activity trackers, smartwatches and smartphones. This is through correlating data to location and area demographics.
Given that patient data is not only a commodity worth millions of dollars to pharmaceutical companies, it is also a rich repository to help to develop new treatments and medical technologies, can a balance be struck? A new framework attempts to do so, outlining what can be done beyond the minimum legal requirements as well as respecting patients and users of health technology. This through giving people a greater say in how their individual health-related data may be used.
Such a framework could be based on an easy-to-understand informed consent document which patients can choose to sign. Such documentation would focus on agreeing to share personal information, and any samples taken from a patient, outside a hospital or university.