Contact Us

Home

About us

Services

AI Excellence

case studies

publications

HEOR Certificationheor Certification

AI for Medical Writing

Contact

  • Tokenization in Real World Evidence Studies: the Concept and its Advantages

    Tokenization in Real World Evidence Studies: the Concept and its Advantages

    With all stakeholders increasingly realising the value real-world evidence (RWE) studies can bring into the healthcare delivery, newer applications of RWE are being discovered with each passing day. RWE has the potential to tremendously enhance the speed of patient access to new drugs. With this background, it is absolutely essential that the quality of RWE and the real-world data (RWD) that is used to generate RWE, are of high quality. To ensure quality RWD, it is also essential to bring about transparency into the RWD collection process. Unfortunately, this is easier said than done! However, various steps have been devised to improve transparency of RWD.[1] Two most prominent ones of these are pre-registration of RWE study protocol, and tokenization.

    The concept of data tokenization is not a new one, but the tokenization of health data is a fairly recent innovation. Tokenization of healthcare data is a process by which patient identifiers are de-identified through generation of a patient-specific ‘token’ that is encrypted.[2] It helps the researchers to link RWD from a patient’s previous medical history from diverse sources, and also aids tracking different active engagement across the healthcare system without any breach in the patient’s privacy.[2] Basically, all the sensitive data that can compromise a patient’s identity are replaced with unique identification symbols (tokens) that retain all the essential information, but without any compromises in the confidentiality. Tokenization can enable the access of health data without the need for decryption and re-encryption. The possibility of linking data with the use of tokens provides a more comprehensive understanding of health and health care.

    Since tokens are unique patient identifiers, they can help recognize a patient who appears across multiple sources of RWD. As the tokens created are patient-specific, the nature of token remains the same across different datasets. Since tokens do not contain any protected health information (PHI) of the patient, such as name, date of birth, and social security number, tokenization can protect against patient reidentification and loss of privacy/ confidentiality. Since the tokens are consistent across different formats of RWE, tokenization also helps to prevent duplication of data while collecting for RWE generation. In other words, tokenization acts as a ‘matchmaker’ to link patient data.[3] Since blockchain technology is generally used in creating tokens, the data is secure and free of manipulation.[4]

    Healthcare data tokenization has immense value from the viewpoint of all stakeholders in the healthcare industry. For clinical trial professionals, tokenization can improve study protocol design and can help in anticipating resources and support during a clinical trial. Tokenization also helps to expand follow-up data on trial participants and ensures representation of eligible participants. For healthcare providers, tokenization helps to match their patients’ clinical records accurately, enables keeping track of their patient’s clinical progress, and assists to combine healthcare data from different sources to allow new use cases.[5] For the pharmaceutical company and payers, tokenization provides immense value by helping analyse patient behaviour by tracking patient interactions with hospitals, clinics, pharmacies, laboratories, help groups, and other locations, in a completely de-identified manner. Thus, only the data relevant to the patient’s health is shared with the pharma, by keeping the patient’s personal details hidden. For the regulators, tokenization brings in an unmatched level of transparency in data, and the comprehensive data access that comes with healthcare data tokenization enables the regulators to perform appropriate and unbiased data review. Tokenization also helps data aggregators to meet regulatory compliances surrounding patient data confidentiality, such as HIPAA (Health Insurance Portability and Accountability Act) in the US. [6] Finally, patients can also benefit through tokenization of their health records. The confidentiality ensured by tokenization enables patients to securely organize, compile, share, and trade their personal medical records with relevant stakeholders.[7]

    The proliferation of tokenization software and other technologies helps in obtaining a more comprehensive approach of data. The USFDA advises using common data elements to provide a standard, consistent and universal data collection format for better results when linking of patient data is done. Maintaining the data integrity is a must as it may impact the overall scenario. The common issues can be redundant data, inconsistencies across data, privacy and data security. The integrity of data should be assessed for the compatibility and interoperability of data systems and the results produced must be consistent and repeatable, so that relevant data is obtained accurately.[8] Tokenization has the potential to improve the data integrity and enhance the quality of RWE studies.

    With the increasing stress by multiple stakeholders on data security and patient privacy, and increasing awareness about the importance of RWD transparency, and considering the unique advantages brought about by blockchain technology, healthcare tokenization has the potential to become a multibillion-dollar industry in the near future.

    Become A Certified HEOR Professional – Enrol yourself here!

    References

    1. Patorno E, Schneeweiss S, Wang SV. Transparency in real-world evidence (RWE) studies to build confidence for decision-making: reporting RWE research in diabetes. Diabetes Obes Metab. 2020 Apr;22 Suppl 3(Suppl 3):45-59.
    2. Weng I. Linking RWE to Clinical Trials. 2022. https://www.komodohealth.com/insights/linking-rwe-to-clinical-trials
    3. Dagenais S, Russo L, Madsen A, Webster J, Becnel L. Use of Real-World Evidence to Drive Drug Development Strategy and Inform Clinical Trial Design. Clin Pharmacol Ther. 2022;111(1):77-89.
    4. Scheuer E. Blockchain solves healthcare data obstacles. https://healthmanagement.org/c/hospital/issuearticle/blockchain-solves-healthcare-data-obstacles
    5. Healthcare Data Tokenization. https://risk.lexisnexis.com/healthcare/healthcare-tokenization
    6. Pezold A. HIPAA compliance requirements and tokenization. https://www.tokenex.com/blog/hipaa-compliance-and-tokenization .
    7. Dimitrov DV. Blockchain Applications for Healthcare Data Management. Healthc Inform Res. 2019 Jan;25(1):51-56.
    8. Trial Tokenization: Building A Bridge Between Clinical Trial Data And Real-World Data. E-Book. July 13, 2021.

    MarksMan Healthcare

    , ,

  • Federated Data Networks (FDNs): Enhancing the Quality of RWE Research

    Federated Data Networks (FDNs): Enhancing the Quality of RWE Research

    Real-World Data (RWD), from which Real-World Evidence (RWE) is generated, has the unique capability of depicting real-world outcomes. RWD can also reduce timelines for research and development, and generate profound insights into the disease process. However, RWD from a single source often suffers from bias relating to equipment, lack of phenotypic diversity, limited training models, and diverse cohorts. RWD are also scattered and structured in diverse formats, which makes it difficult to unlock its full value. Furthermore, health data are personal, highly sensitive, and subject to data privacy rights and regulations.[1] As a result of these barriers, new methods are needed to enable unlocking the full potential of RWD, and Federated Data Networks (FDNs) are one such attempt.

    FDNs are a string of decentralized, interrelated nodes that allow data to be challenged and analysed by the other nodes in the network, without the data leaving the parent node.[1] The member nodes involved in FDNs are governed by a common framework which allows harmonized standards and tools for data access. Each member node is semi-independent as they can make decisions on ceding data access. Since the shared data are masked, blocked or anonymized, the member nodes have limited idea on the identity of the data contained in the other nodes; as a result, data ownership is maintained. The algorithms are trained collaboratively without data exchange by study models called federated learning. Thus, FDNs provide safe data mining with regulated access to diverse data, without crossing the legal barriers.

    In contrast to data sharing, data transfer, or data pooling, FDN is simply data visiting, and applying or modifying the results on the existing guidelines and practice.[1] To illustrate, consider two persons in a phone call: here, ideas are shared without sharing their identities, billing address etc. Similarly, FDNs involve sharing of only mathematical values and metadata sets, without sharing confidential patient identity. An example of FDN is the TIES (Text Information Extraction System) Cancer Research Network (TCRN). This FDN has 4 active nodes that search across 5.8 million cases and 2.5 million patients assess cohorts with rare phenotypes.[2]

    FDNs can create huge impact on the stakeholders such as physicians, hospitals, insurance companies, researchers and patients. With the surge in digital health devices, the federated model assures good training options for the physicians and hospitals. FDNs are useful in disease classification, mortality forecasting, and predicting treatment outcomes. Proven applications of FDNs include prognosis of stroke prevention, improving patient pathways in cancer, coronary artery disease, classification of EEG recordings, brain tumor classification, breast density classification, multi-disease chest X-ray classification, adverse drug reaction prediction, recognition of human activity and emotion, and prediction of oxygen requirements in COVID patients.[3,4] A federated approach using diverse datasets from different institutions had a 98.3% accuracy in COVID-19 detection, 95.4% accuracy in recognizing human activity and emotions, and 97.7% accuracy in mortality prediction.[3]

    In clinical research, FDNs serve to potentiate protocol optimization, patient selection, and adverse effect monitoring. It also facilitates translational research. Federated approach paves way to research on rare disease where the incidence rates and data sets are very low. FDNs reduce the time and resources by identifying the target patients rapidly for recruitment in clinical trials. Also, FDNs aid disease surveillance process by pooling data from different geographies.[5] For the manufacturers, FDNs facilitate continuous product validation and improvement.

    To ensure data privacy, FDNs work in line with various regulatory provisions such as General Data Protection Regulation (GDPR) of Europe, Data Protection Act (DPA) of UK, Health Insurance Portability and Accountability Act (HIPAA) of the United States, California Consumer Privacy Act (CCPA), CDSCO of India, Personal Information Protection Law (PIPL), Cybersecurity Law (CSL), and Data Security Law (DSL) of China and the On Personal Data (OPD) of Russia.[6]

    Despite their utility in data networking, FDNs face certain challenges in creating robust RWE. Insufficient and inconsistent data, uneven data quality, bias, and lack of data standardization are some of the factors that can lead to inconsistent conclusions. Cloud-based data, which is crucial to develop FDNs, are not enabled by all health care institutions. Practically speaking, debugging and optimizing FDNs is strenuous, because the hardware and networking differs on various sites which makes the learning algorithms diverse.[7] Another important challenge is the discrepancy in research grant funding. Larger hospitals may contribute to more datasets and may expect more research grant funds. However funding should be more towards the value of these contributions than to the size of datasets. That said, the main problem is in the accurate scaling of the value of these contributions.[7]

    The success of FDNs lies with the strong and consistent governance coupled with open lines of communication among partners. Also, an approach involving incentives can boost the quality and quantity of data contributions among the member nodes. With these steps, FDNs can significantly increase the external validity and enhance the robustness and quality of RWD and the resulting RWE, without the need to centralize datasets, thereby realizing the promise of precision medicine.

    Become A Certified HEOR Professional – Enrol yourself here!

    References

    1. Hallock H et al. Federated networks for distributed analysis of health data. Frontiers in Public Health. 2021;9.
    2. Jacobson R et al. A federated network for translational cancer research using clinical data and biospecimens. Cancer Research. 2015;75(24):5194-5201.
    3. Prayitno et al. A systematic review of federated learning in the healthcare area: from the perspective of data properties and applications. Applied Sciences. 2021;11(23):11191.
    4. Joshi M et al. Federated learning for healthcare domain – pipeline, applications and challenges. ACM Transactions on Computing for Healthcare. 2022. https://dl.acm.org/doi/10.1145/3533708
    5. Au F. Aggregated data or federated data: is one better than the other? https://blog.orionhealth.com/aggregated-data-or-federated-data-is-one-better-than-the-other/
    6. The best of both worlds: benefits of applying AI/ML in a federated data network. https://www.bcplatforms.com/the-best-of-both-worlds-benefits-of-applying-ai-ml-in-a-federated-data-network/
    7. Ng D et al. Federated learning: a collaborative effort to achieve better medical imaging models for individual sites that have small labelled datasets. Quantitative Imaging in Medicine and Surgery. 2021;11(2):852-857.

    MarksMan Healthcare

    , , , ,

  • How to Encourage Healthcare Data Sharing?

    How to Encourage Healthcare Data Sharing?

    Last few years have seen data as well as data exchange emerging as the new currency in healthcare. Data sharing is a powerful force that is transforming conventional relationships in the healthcare marketplace as the global healthcare platform moves from being volume-based to quality-based. (1) Around 30% of the stored global data is generated within the healthcare industry. Also, a single patient normally generates about 80 MB of data every year in the form of imaging and electronic medical records (EMRs). The abundance of such data has substantial clinical, financial as well as operational value for the healthcare industry. (2) Moreover, such data could enable new value pathways, which would be worth more than $300 billion annually in reduced costs alone. (3)

    However, at present, the essential value of these data has not been recognized to the fullest by the industry. Also, this value is realized only when the raw data is converted into knowledge that would lead the change in practice. It is also explained by more inclusive data sharing and insights from within the hospital or healthcare organization, health insurance partners and community stakeholders; and most importantly, by tailored partnering with individual patients to better understand chronic conditions, enhance adherence and compliance, boost self-care, and avoid costlier treatments at costlier sites of care within the hospital’s overall population base.2

    Data is the basis for healthcare and medical research, therefore data sharing expedites the progress of research. Data sharing in research is widely discussed in the literature. Conversely, there are seemingly no evidence-based incentives that promote data sharing. In order to fully utilize the power of data and data sharing, providers, payers, and purchasers must be willing to work together to share cost and quality data across the entire healthcare system; instead of treating data as an exclusive asset. Patients routinely receive care and services from different providers, health systems, and health plans. In such instances, health data may not be consistent; which can create gaps in coverage leading to uneven, uncoordinated care of poor quality and high costs.1

    Furthermore, in spite of numerous benefits, such as addressing emergencies on the global public health platform, data sharing is still not a common research practice. For example, the severe acute respiratory syndrome (SARS) disease was controlled within only 4 months after its appearance by a WHO-coordinated effort, which focused on extensive data sharing. Nevertheless, several studies have demonstrated as low rates of data sharing as 4.5% [as seen in the British Medical Journal (BMJ)] in the field of health care. The global spending on health and medical research is 85% of the total expenditure, out of which an estimated $170 billion is lost every year, leading to questions about the authenticity of scientific knowledge. Open data sharing should be vital to understand the source of ever expanding base of scientific knowledge. Open data will most certainly reduce waste in case of time, costs, and patient burden; eventually strengthening scientific knowledge by guaranteeing research integrity. (4)

    The increasing gap between healthcare costs and outcomes can be attributed to poor management of research insights, poor usage of available evidence, and poor capture of care experience as well as valuable data, all leading to lost opportunities as well as resources, and potential harm to patients. To bridge this gap, the research and operational arms of healthcare can be used effectively to effectively harness data and encourage data sharing. (5)

    Many approaches can be applied to encourage data sharing. While organisations are likely to favour an ‘opt-out’ model, expecting an opt-in approach based on active patient consent to be impractical that might yield low participation rate, patients must be conversant about the projected uses and benefits of sharing their data for research; which will generate awareness in data sharing and reduce the number of patients opting out. (6)

    Another approach that can possibly boost data sharing would be the use of incentives. A recent systematic review has identified strategies that would facilitate data sharing practices among researchers. These strategies include the introduction to data systems, such as electronic laboratory notebooks and databases for data deposition in order to integrate a credit system through data linkage; group collaborations to use data attribution as an incentive; association among groups by means of workshops and agendas for data sharing; implementation of data sharing policies; and campaigns to promote data sharing. These strategies emphasize on the need of rewards to increase the rate of data sharing and the only form of incentive that has been successfully used is via data attribution and advertising on websites. Therefore, studies assessing the attribution efficacy and advertising as a form of credit are crucial. (4)

    There are innumerable benefits of openness in research, such as verification of research findings, progress in health and medicine, increase in new insights as well as in research value, reduction in research waste, and promotion of transparency in research findings. However, there’s a lack of evidence-based incentives for researchers that hinders data sharing even in today’s evidence-based world. We have tried to suggest ways to encourage data sharing through the use of incentives. Using strategies like implementation of data systems can be adopted even by journals to use as reward for promoting reproducible and sharable research. (4,7)

    Become an Certified HEOR Professional – Enrol yourself here!

    References

    1. Steele G. The culture of data sharing has to change. September, 2016. 
    2. Huesch MD, Mosher TJ. Using it of losing it? The case of data scientists inside healthcare. May, 2017. 
    3. Kayyali B, Knott D, Van Kuiken S. The big-data revolution in US healthcare: Accelerating value and innovation. McKinsey. April, 2013. 
    4. Rowhani-Farid A, Allen M, Barnett AG, et al. What incentives increase data sharing in health and medical research? A systematic review. Research Integrity and Peer Review 2017; 2:4.
    5. Lee CH, Yoon H-J. Medical big data: promise and challenges. Kidney Research and Clinical Practice 2017; 36(1):3-11.
    6. New JP, Leather D, Bakerly ND, et al. Putting patients in control of data from electronic health records. BMJ 2018; 360:j5554
    7. Ioannidis JA, Khoury MJ. Assessing value in biomedical research: The PQRST of appraisal and reward. JAMA 2014; 312(5):483–4.

    Written by: Ms. Tanvi Laghate

    MarksMan Healthcare

    , , , , ,

  • How Integration of Multiple Data Sources can Improve Patient Insights?

    How Integration of Multiple Data Sources can Improve Patient Insights?

    There are humungous quantities of data existing in healthcare; data from all kinds of sources, such as clinical, patient, payer, R&D, pharmacy as well as revolutionary technologies that are being quickly embraced, for e.g. data from wearable devices. According to a report by International Data Corporation (IDC), (1) the volume of healthcare data which was observed to be around 153 exabytes in 2013 is estimated to reach around 2,314 exabytes in the year 2020. Therefore, integrating data from all types of diverse sources and clinical systems is a fundamental challenge for any healthcare entity in order to enhance patient care and performance indicators. (2)

    It’s obvious that these huge amounts of health data are essential for betterment of both the cost as well as the quality aspects of care. Also, analyses of these data can provide significant insights for patients and researchers. However, methods to merge data from multiple formats and sources ranging across various systems used within clinics are still unclear. Data quality and accessibility provided by these systems can vary to a great extent. The healthcare industry has been traditionally observed to embrace new technologies; however, it lags behind while handling data, particularly data sharing and integration. To add to the practical challenges of data integration processes, compliance and capability to join forces with all the healthcare stakeholders also faces problems. As a consequence, data collection, storage, integration, and analysis make up for complicated processes. (2)

    There are some specific underlying concerns surrounding multiple, un-integrated data sources, viz. lack of broad view into enterprise-wide data as well as data standardization and governance, and matching patients to care events. Lack of broad view can impose challenges resulting in time consuming and expensive procedures during development of meaningful internal and external reports, like quality and patient safety regulatory and accreditation reporting. It may also hamper efforts to identify and prioritize opportunities to reduce costs, while improving care and patient experience. Lack of data standardization and governance can hamper performance of important analytics owing to multiple data sources, definitions and terms. Last but not the least, it is crucial to match patients accurately to their respective care events across multiple sites of care, which can be a complicated process. (3,4)

    There is no doubt that the Healthcare systems undoubtedly require effective data integration tools and greater level of flexibility when handling data, typically from multiple sources. The standards implemented in many countries recently have been intended for healthcare data integration and unification. For instance, in the USA the Health Information Technology (HITECH) Act (5) offers incentive payments to health care providers implementing certified EHR technology while showing meaningful use of that technology. HIPAA standards provide healthcare data protection; while HL7 standards allow clinical and administrative data communication between software applications used by various healthcare providers. (6)

    In order to gain patient insights, integration of data from multiple sources can prove to be beneficial. One way to facilitate data integration can be incorporating data warehouses [enterprise data warehouses (EDWs)], which can facilitate easy data mining in case of faster, major data initiatives. These methods can pull in and push out data with just one interface. Furthermore, data governance policies focusing on data standardization, advances in data reporting and further education and communication need to be in place in order to make changes in how data is to be collected, defined, and consumed. By integrating health data with financial and cost data to track patient encounters across multiple care locations and information systems, it is easier for health systems to compare patient quality and cost, i.e. comprehending the exact process of ‘value’ delivery. This insight is the difference between surviving and thriving in the new value based purchasing environment. (4)

    Clinical data integration from multiple sources can provide a wide-ranging perspective across care delivery systems. Health systems can easily carry out reporting while employing quality improvement initiatives, such as analytical care variation and measuring implementation of evidence-based guidelines. (4)

    To sum it all up, multiple data integration can obviously facilitate electronic exchange of information, while also reducing the costs and intricacies of building interfaces between different systems; thus proving valuable patient insights. The foundation of the healthcare industry’s data-sharing conundrum is data interoperability. Genuinely integrated systems must be easily understood by users, i.e. these systems must be able to exchange data and consequently put it forward through inclusive and user friendly interface.

    Become an Certified HEOR Professional – Enrol yourself here!

    References 

    1. Corbin K. How CIOs can prepare for healthcare ‘data tsunami’. December, 2014.
    2. Healthcare data integration: How to combine data from multiple sources. 
    3. Managing the integrity of patient identity in health information exchange. American Health Information Management Association. 2009. 
    4. Turning Data from Five Different EHR Vendors into Actionable Insights. Health Catalyst.
    5. Health Information Technology (HITECH Act). 2009. 
    6. Summary of the HIPAA Privacy Rule. 

    MarksMan Healthcare

    , , , , , ,

  • Best Practices for Protecting Privacy While Conducting Big Data Analytics

    Best Practices for Protecting Privacy While Conducting Big Data Analytics

    The concept of “Big Data” is #trending today, which is characterized by types of data sources with huge quantities, high speed and broad diversity of information. Healthcare industries are trying to apply Big Data analytics to reform data into a workable platform in order to generate information that would help making better and faster clinical decisions, such as reduced readmissions, scaling down hospital-associated illnesses, identifying and eliminating waste, improved clinician workflow etc. Government and the private sectors are taking in Big Data to enable better, quicker and more valuable care delivery to people. (1)

    With rising discussions about Big Data, artificial intelligence, and related techniques in health care, the need for the appropriate and more importantly, ethical use of these methods is becoming increasingly relevant. (1) Privacy and confidentiality associate closely with each other. Data privacy talks about the rights of individuals to maintain control over their own health information; while confidentiality is the responsibility of entities handed over with those data to maintain privacy. (2) Concerns of data privacy and confidentiality hamper their scope, proper storage, accessibility, and propagation, particularly in case of highly sensitive or personal data. The ever expanding scope of data collection, storage and analysis (3,4), further add to the risk of data privacy infringements. (5,6) In addition, data anonymity does not ensure against individuals’ identity subsequently through the joining of data sets and re-identification, (7) data manipulation and discrimination, (8) or other inappropriate ways of data uses. (9) Therefore, protected management of patient data is necessary, since healthcare clouds link large amounts of data from disparate networks. (10)

    There are several factors of privacy and security that must be taken into consideration while using Big Data analytics for healthcare. For instance, although it has the potential to provide an understanding on the huge volumes of heterogeneous data, challenges arise with respect to potential security and privacy breaches; which, as a result, hinder the process of appropriately accessing the value held within the data. (11)

    Big Data platform must embrace multiple layers of security for data at rest and the data in flight. All communications between data sources, data consumers and the Big Data warehouse should be encrypted to provide security to the data. There are some methods that can be applied to ensure data security in Big Data analytics. A traditional method to prevent the confidential information disclosure by de-identifying, i.e. rejecting any information that can identify the patient, either by removing specific identifiers of the patient or by the second statistical method, where the patient verifies himself that enough identifiers are deleted. The traditional method can be enhanced with the help of concepts like k-anonymity, l-diversity and t-closeness. Moreover, hybrid execution model ensures confidentiality and privacy in cloud computing by utilizing public clouds only in case of non-sensitive data and computation classified as public; i.e., when the organization declares no privacy and confidentiality risk in exporting the data and performing computation on it using public clouds. While it uses private cloud in case of sensitive, private data and computation, some techniques do apply identity-based anonymization. However, due to increased complexity as well as several limitations, these models need to undergo further research and tests as they are getting more difficult to interpret and less reliable. (12)

    Patient data security and privacy are crucial in driving the healthcare transformation. With Big Data in healthcare becoming more omnipresent with cloud computing, the host companies will be more reluctant to share massive healthcare data for centralized processing. Hence, distributed processing across different clouds and pulling up on cumulative intelligence is foreseen.

    The extreme sensitivity of healthcare data makes their confidentiality and integrity crucial. Therefore, in healthcare, Big Data security is fundamental. Additionally, to provide the best care, healthcare providers must have quick, but secure, access to a patient’s medical history. Security solutions should ensure protecting analytics and securing Big Data frameworks. Laying out the right technical foundation is a precondition for successful data analysis.

    Become an Certified HEOR Professional – Enrol yourself here!

    References 

    1. Balthazar P, et al. Protecting Your Patients’ Interests in the Era of Big Data, Artificial Intelligence, and Predictive Analytics.  J Am Coll Radiol 2018; 15(3 Pt B):580-586.
    2. Centers for Disease Control and Prevention. Emergency preparedness for older adults; HIPAA, privacy and confidentiality. Available at:
    3. Mittelstadt BD, et al. The ethics of big data: current and foreseeable issues in biomedical contexts. Sci Eng Ethics 2016; 22:303-41.
    4. Nunan D, et al. Market research and the ethics of big data. Int J Mark Res 2013; 55:505-20.
    5. Andrejevic M. The big data divide. Int J Commun 2014;8:17.
    6. Puschmann C, Burgess J. Metaphors of big data. Int J Commun 2014;8:20.
    7. Choudhury S, et al. Big data, open science and the brain: lessons learned from genomics. Front Hum Neurosci 2014; 8:239
    8. Crawford K. The hidden biases in big data. Harvard Business Review. Available at: https://hbr.org/2013/04/the-hidden-biases-in-big-data.
    9. Tene O, et al. Big data for all: privacy and user control in the age of analytics. Nw J Tech Intell Prop 2012; 11:xxvii.
    10. Patil HK, e al. Big data security and privacy issues in healthcare. Nanthealth: Dallas, US. 
    11. [11] Rao S, et al. Security solutions for big data analytics in healthcare. Second International Conference on Advances in Computing and Communication Engineering – IEEE, 2015. 
    12. Abouelmehdi K, et al. Big data security and privacy in healthcare: A Review. Procedia Computer Science 2017; 113:73-80.

    MarksMan Healthcare

    , , ,

  • How India’s DISHA is Different from Global Patient Data Protection Laws?

    How India’s DISHA is Different from Global Patient Data Protection Laws?

    Currently, the data protection law in India is facing many issues due to the absence of proper legislative framework. The theft and sale of stolen data is happening across vast continents, where physical boundaries pose no restriction in today’s technologically advanced era. India, being the largest host of outsourced data processing in the world, could become the hotbed of cyber crimes; mainly owing to the lack of appropriate legislation. (1)

    To facilitate promotion/adoption of e-Health standards along with entailing privacy and security measures for electronic health data, regulation of storage, and exchange of electronic health records (EHRs); the Ministry of Health and Family Welfare, Govt. of India, is planning to enforce a ‘Digital Information Security in Healthcare Act’ (DISHA). The purpose of this act is to ensure electronic health data privacy, confidentiality, security and standardization, and to provide for establishment of ‘National Digital Health Authority’, Health Information Exchanges, and related matters. (2)

    The Centre has presented the draft of DISHA to ensure protection of health data that makes any breach punishable by up to five years imprisonment and a fine of Rs 5-lakh. This draft further states that any health data including physical, physiological and mental health condition, sexual orientation, medical records and history and biometric information are the property of the person who it pertains to. (2) This law will form the foundation for creating digital health records in India, as it will enable the digital sharing of personal health records with hospitals and clinics, and between hospitals and clinics. Reports also suggest that the National Health Policy approves the conception of a National Health Information Network, for sharing of Aadhaar linked Electronic Health Records. (3)

    What DISHA is all about? (2,3)

    As per the draft, the owners have the right to privacy, confidentiality, and security of their digital health data and the right to give or refuse consent for generation and collection of such data. Additionally, the owner of the data shall hold the rights to – i) give/refuse/withdraw consent for using this data, ii) data collection, iii) transparency, iv) rectification, v) sharing, vi) not to be refused health service if they refuse to give the consent for data use, and vii) protection.

    The required health data can be obtained by consent from the owner, thus informing him on the purpose of collection, identity of the recipients to whom the health data may be transmitted or disclosed, identity of the recipients who may have access to the data on a “need to know” basis. Also, proxy consent may be taken from a nominated representative, relative, care giver or such other person in case if an individual is incapacitated or incompetent to provide consent.

    All digital health data will be held by the clinical establishment or health information exchange on behalf of National Electronic Health Authority. The Act also lists down factors affecting data transmission as to who can transmit, how they can transmit and monitoring of data transmission. The Act further lists down the guidelines on accessing this data, with regards to who can access, how they can access, and purpose of data access by various entities. Moreover, the act also puts forth the implications of any breaches of digital data and the resulting penalties. A serious breach of this data is said to have occurred when the breach is intentional or repeated or its security not ensured as per the standards in the Act or if it is used for commercial gains.(4)

    Patient data protection laws in other countries!

    As India gears up to launch such data protection law, it may be enlightening to look at what other countries have enacted. In this context, the United States, China and the European Union have all taken drastically different directions. As stated earlier, data privacy involves getting consent from individuals before collecting their information, being transparent about why and how the information will be used, and deleting the information when it is no longer needed or when consent is withdrawn. Data protection involves taking adequate steps to protect data from accidental or malevolent leak. (5)

    The US is generally considered to have strong data privacy and protection laws (except one case in early 2017), although entangled in regulations and federal and state laws. Disclosure of health data is highly regulated at the federal level. Also, breach notification laws were pioneered in the US. The threat of legal action lawsuits compels companies to take measures to protect data and privacy. China also has multiple laws and regulations for data protection; wherein individual protections, such as requiring consent, protection of sensitive information, and limitation on use of data are provided. The latest Cybersecurity Law that rolled out on May 1, 2017 forbids people in China from using information networks to violate the privacy of others, using illegal methods to obtain personal data, and using their positions to acquire, leak, sell or share the same. In the European Union (EU), a new General Data Protection Regulation (GDPR) will be enforced starting 25th May 2018, which is expected to have a significant impact beyond the EU, because it applies to any organization that collects or processes data in the EU or from residents of the EU.5 After EU, Japan has also introduced a separate central legislation as the Act on the Protection of Personal Information (APPI) with an aim of data protection. The Act took partial effect in 2016 and has been enforceable from 30th May, 2017. Alike the EU regulation, consent of a data subject forms the essence of this legislation and has been stated as mandatory in case of transmitting data to a third party or for any use beyond communication purposes. (6)

    Amidst issues of data revelations and disclosure of personal information, India is in need of a formal legislation to uphold individual informational privacy and data protection. Internet and privacy rights supporters have demanded for such a law since long time, and the government has finally started taking steps towards this. DISHA is a result of these countless debates over data privacy issues and also, the need of the hour, i.e. protection of patient health data.  India, as a country, lags behind the world leaders when it comes to data protection. Therefore, we feel, DISHA (which is inviting public comments till 21st April) will lay the groundwork for many health exchanges while ensuring privacy and confidentiality of patient data. All we have to do now is wait and watch!

    Become an Certified HEOR Professional – Enrol yourself here!

    References 

    1. Khan MN. Does India have a Data Protection Law? Legal Service India.
    2. Government of India- Ministry of Health and Family Welfare (eHealth Section). Comments on Draft Digital Information Security in Health Care Act.(DISHA).. March 21st, 2018. 
    3. Pahwa N. Summary: Digital Information Security in Healthcare Act (DISHA) to enable electronic health records. March 29th, 2018. 
    4. Ghosh A. In draft digital health security law, 5-year jail term, Rs 5 lakh fine for data breach. March 27th, 2018.
    5. Kambampati S. What India’s data protection committee can learn from US, EU and China. October 3rd, 2017.
    6. Awasthi S. Data privacy: Where is India when it comes to legislation? August 24th, 2017.

    MarksMan Healthcare

    , ,