Protecting the world’s most valuable commodity

The sharing of medical data has extremely positive potential. It can help with predicting rare diseases, early detection and more exact diagnoses than are possible with existing medical capabilities.

A surgery room at a Jerusalem hospital (photo credit: MARC ISRAEL SELLEM)
A surgery room at a Jerusalem hospital
(photo credit: MARC ISRAEL SELLEM)

The reports about Google amassing health records from Ascension to store and analyze the data of millions of patients brings forth questions on how to balance privacy rights alongside opportunity to implement data toward improving medical services as well as big business opportunity.
Data has replaced oil as the world’s most valuable commodity. Medical data, usually held by governments, care providers, and insurance companies, is perhaps the most valuable form of data of our time. That is why governments across the globe are actively seeking to monetize personal health information.
To be sure, the sharing of medical data has extremely positive potential. It can help with predicting rare diseases, early detection and more exact diagnoses than are possible with existing medical capabilities.
At the same time, we cannot ignore the dangerous implications of secondary uses of health data, which have become more apparent over the past years, for two reasons. The first is that companies have perfected their art of building data-based psychographic profiles of consumers, in order to fine-tune their marketing and target weaknesses and emotional characteristics of specific customers. Political campaigns are doing the same to persuade voters of the justness of their causes. The recent fine by the FTC levied against Facebook in the wake of the Cambridge Analytica scandal exposed just the tip of the iceberg when it comes to the harvesting and processing of personal information.
The second reason, and maybe the core of the issue, is that while governments and corporations claim that data undergo an anonymization process, academic studies and investigative reporting have proven that capabilities exist to re-identify the individuals involved.
A recent study has even shown that researchers armed with only 15 demographic attributes were able to ascertain with almost 100% certainty the identities of individuals, despite being provided with a heavily incomplete data set. Israel, where a “pilot program” is already under way, is an excellent case study of this new reality. That is because 98% of Israelis are members of only four quasi-governmental health funds (HMOs). All their medical information is already centralized, accessible and shared easily among hospitals and medical professionals.
Without waiting to revise Israel’s outdated privacy law, the government passed a decision in March 2018 to adopt a national digital health plan. The plan will invest almost $300 million over the next five years in leveraging the existing medical databases by building relationships between health providers, private companies and international investors. The Israeli government, it seems, views this as a matter of furthering the country’s innovative spirit, while disregarding privacy concerns. But once the anonymized information is re-identified, it is a ticking time bomb waiting to explode.
To contend with this new reality, we need to take a number of practical steps, and entertain a complete change in mindset. First, every country with a modern healthcare system must pass significant legislation to regulate and provide effective oversight. To start, an “opt out” option – often used now by governments opening up medical data sets for secondary uses – should not be the default. Instead, individuals must be offered the possibility to “opt in” at every step in the process.
Regulators must also do away with the idea that they can “release and forget” information once they think it’s anonymized. Instead, they must analyze each piece of data and assess its risk of exposure. Regulators also cannot treat all medical data the same. Information that will be used in labs or companies to fine-tune research methods, or worse, for fully commercial purposes should not be treated in the same manner as data that could potentially cure cancer.
Even after these safeguards are put into place, innovative new technologies should also be utilized to safeguard people’s data. One possibility is to appropriate Blockchain technology to safeguard information. Other options are to secure multiparty computation so that we can use the latest cryptography to apply several anonymization techniques simultaneously; or to create synthetic data sandboxes by inserting fake properties into the databases even if it means the data sets will be somewhat less useful.
Most importantly, governments and healthcare providers must change their overall mindset about this whole process. In the wake of the atrocious experiments conducted on human subjects during World War II, the Helsinki Declaration was conceived to ensure the rights of individuals in medical trials and pharmaceutical testing. At its core, the declaration promised all individuals a right to self-determination and the ability to make informed decisions when it comes to their medical care.
While there have been revisions since then, now is the time to amend the declaration to grapple with experiments done with data, to reflect an understanding that although such experiments are not physically invasive, they can lead to the ability to control our autonomy and our minds. Though such amendments would likely slow scientific progress in certain instances, this was the price also paid when the original document was implemented, and it has proven to be well worth the expense over the years.
I do not call for stopping scientists from utilizing the most advanced methods available to solve some of the world’s enduring problems. But we should not allow innovation to hurtle us forward, blindly, without proper checks and balances. After all, we are not dealing with credit cards or online passwords that can be reset, restored or even canceled. Health data is the most sensitive information of all, and must be treated as such by companies, doctors and scientists, and most of all by the governments elected to safeguard our well-being.
Dr. Tehilla Shwartz Altshuler is a senior fellow at the Israel Democracy Institute