BIG DATA USE BY GENOMICS AND HEALTH INFORMATICS RESEARCHERS: IDENTIFYING THE “TOP TEN” IMPEDIMENTS AND SOLUTIONS: As reported previously this project evolved over time, following new developments in the literature and in policy regimes around the world. A systematic review has been completed by Meslin and team at the IU Center for Bioethics. It will be archived on the CLEAR website, maintained by the IU Center for Bioethics. The proposed one-day workshop was not convened due to scheduling challenges. As we also noted, there were some unanticipated, but welcome consequences of Meslin’s work on this issue including: an invitation to become a member of the Council for Big Data, Ethics, and Society of the Data and Society Institute http://www.datasociety.net/initiatives/council-for-big-data-ethics-and-society/, and a member of the Safe Harbor Team/Regulatory Ethics Working Group of the Global Alliance for Genomics and Health http://genomicsandhealth.org/our-work/initiatives/ethics-review-safe-harbor.
INDIANA PATIENT NOTIFICATION PILOT STUDY: As described in previous reports, CLEAR co-director Stan Crosley provided an analysis of the study phase of patient device data flow, including the legal and regulatory aspects of the data movement in both the HIPAA-covered ecosystem and the non-HIPAA ecosystem. We also reviewed and provided assessment of the informed consent process as it relates to the actual data flow and what might have been anticipated by the patients. Mr. Crosley is completing final edits to this project.
HEALTH INNOVATION PRIVACY: As described in previous reports, CLEAR co-director Stan Crosley was responsible for convening CLEAR’s third annual health innovation privacy conference, entitled “IU CLEAR and IAPP Health Privacy Clinic,” on September 17, 2014, in San Jose, California. The conference had strong attendance, being held in conjunction with the prominent IAPP Privacy Academy. Presenters included executives from GE Healthcare, PWC, Booz Allen & Hamilton, Intel, Acxiom, the law firm of Morrison & Forster, the law firm of Drinker Biddle & Reath, and CLEAR co-directors Fred H. Cate and Stan Crosley. The agenda promoted the concepts of critical data use and critical data privacy and security protections. Attendees engaged on the presentation topics of Data De-identification, Use of Health Data in Behavioral Advertising, the Future of Healthcare Data Collection, Current Privacy Issues in Healthcare, and Cybersecurity Concerns in Light of Recent Breaches. The clinic program and a full list of speakers can be found here: https://www.eventsential.org/Sessions/Details/39593.
CLEAR DATA ANALYTICS PROJECT: CLEAR co-director Stan Crosley explained the significant momentum with the quantified-self movement that focuses on sensor-based health data and a “Patients like Me” type of analysis. CLEAR hosted a focused discussion with participation of leadership at Acxiom, one of the world’s largest data broker/analytics companies, along with stakeholders from Eli Lilly and Company, Abbott, Amgen, 3M, staff of a prominent interventional cardiologist/clinical investigator, and Indiana University. The meeting was held at the Indiana University Maurer School of Law in Bloomington, Indiana on December 12, 2014. The discussion focused on case studies developed by CLEAR in consultation with Acxiom and based on Acxiom’s extensive data analytics experience in other industries. The idea was to bring that experience to bear in the healthcare industry to discuss potential data use that could be practical and beneficial to patients and researchers. The discussion was robust and has led to multiple follow up steps and project possibilities. This project showed the value of an analytics-based approach, and could give rise to further projects. One such project is considering the potential for development of a framework of acceptable data use for data that is not currently regulated and that is either directly health data or could be used to infer health status.
OECD COLLABORATION/RISK PROJECT: In 2013 CLEAR co-directors Fred H. Cate and Stan Crosley were appointed to the OECD’s Advisory Panel of Experts on Health Information Infrastructure. We continue to work to create an evidence-based, practical framework of privacy interests and risks in health research and practice. The goals being to assess those risks for demonstrated likelihood of occurring and impact if they do; and to propose technology, policy, and legal measures for mitigating those risks when real or educating and clarifying them when not. This topic is of interest beyond academia, because concern over privacy—both real and perceived threats—has proven to be a major impediment to data flows essential to health research and care. CLEAR co-directors Fred H. Cate and Stan Crosley engaged in a workshop on September 18, 2014 with Microsoft and focusing on appropriate use of data. CLEAR developed several case studies related to collection and use of health data, including health data analytics concepts that are forward-looking. The conversation included topics that CLEAR later explored in its Data Analytics Project (see below), and included stakeholders from multiple industry segments, including retail, data brokerage, credit reporting, technology, and healthcare. The workshop was notable for the significant amount of sharing of data practices by the participants and the clarity on the present state of data analytics created by this sharing. In addition, CLEAR co-directors Cate and Crosley worked with CLEAR project manager and policy analyst Drew Simshaw to produce a white paper highlighting the potential for a “use-based” model of health information governance focusing on secondary use of health data case studies that demonstrate the value of health data in this research and the protection of privacy that is easily afforded, even when consent is not obtained. This draft paper was presented at the OECD’s December 2014 meeting, and is now being finalized for public release. In 2015, the OECD project advanced with the Global Life Sciences Innovation Panel of the OECD gaining interest in a data use model that was risk-based and enabled greater efficiency while still protecting against privacy harms. These conversations have led to a new project that the OECD would like to undertake in 2016 building data use models for research based on the white paper CLEAR produced for the OECD. Co-directors Cate and Crosley will continue to track, monitor and engage with the OECD team.
PRIVACY CONCERNS OF PEER-BASED HOME-BASED TECHNOLOGIES: In collaboration with an existing project underway at the Indiana University School of Informatics and Computing, CLEAR co-director Kay Connelly is studying peer-based technologies that support older adults in staying in their homes for as long as possible. Instead of sharing data with informal caregivers (e.g. adult children), the technologies share information amongst older adult peers (the first such project, to our knowledge). While not traditional health data, the prototypes share data about times older adults wake up, how much they move around their house, and share “errand” information in order to coordinate trips between older adult peers. These prototypes help older adults help each other with normal daily activities, an essential part of staying out of assisted living facilities. The primary questions of this project revolve around data sharing and privacy amongst older adult peers. Project staff deployed prototypes in 16 homes in Indianapolis in a tightly knit peer group and found that older adults who could control their data were more comfortable with having the prototypes, even though they rarely restricted the data sharing in any way. The prototypes were deployed in two additional settings (“familiar groups” and “strangers”) to see if privacy concerns and data sharing patterns are similar or different than the closely knit group.
RARE DISEASE PROJECT: The recent ALS challenge brought a lot of publicity to ALS—a rare yet devastating disease. There are over 7,000 rare diseases, each with a small number of patients. The total number of people who have a rare disease is around 10% of the world’s population. Sharing health information about these patients is problematic from a privacy perspective because it is easy to identify an individual patient based on their disease and location. Yet these patients are also eager for any research to be done on their disease. CLEAR co-director, Kay Connelly has been conducting research with patients with rare disease to identify how technology could assist them. The initial interview study indicated that they desperately need tools to help them communicate with a wide-variety of people, including doctors, family members and friends. One publication has resulted with more planned as the data are analyzed.
Comprehensive Health Regulations Project: The Healthcare Information and Management Systems Society and others have noted that there is no comprehensive guide to the federal and state laws and regulations applicable to health data. CLEAR has created an interactive database of the health care regulatory landscape, including laws and regulations at the federal and state level that affect the creation, use, movement, and maintenance of health information. The project began with existing surveys, then updated and expanded on them. The project covers laws and regulations governing the processing and use of health data, including bio- and tissue-banking, genetic data, health information breach data and research data restrictions.
Health Information Mapping Project: Ironically, given the amount of federal and industry investment in this area, no one has identified with any specificity the broad range of health information potentially available for treatment and research today, much less in the future. CLEAR will work with health care organizations and stakeholders to map the generation, use, and destruction of the health information and assess the value at the time of the data creation, the initial use of the data, other uses made of the data, and the entities benefitting from such creation and use. This work will extend into non-traditional data generation areas such as social media and mobile devices. The results will be stored in an interactive database, capable of being displayed through advanced, three-dimensional visualization applications.
Centerstone Research Institute Collaboration: CLEAR and the Centerstone Research Institute, the research arm of the nation’s largest not-for-profit provider of mental health services, are collaborating to investigate how information technology can be used with mental health patients to improve diagnosis and treatment. In this project, we will investigate how cell phones, PDAs, and other common devices that measure location or motion can be used to provide patients and providers with reliable, quantified information that may be useful in determining treatments and measuring their success. This work will not only assess the usefulness of such devices and determine practical applications, but it will also carry out studies to address important issues about privacy, consent, and the applicability of health data regulations to such information in an effort to facilitate easier use through a number of approaches including stakeholder engagement, study groups, and surveys.
Protecting Privacy in Health Research Project: The Privacy Rule adopted by the Department of Health and Human Services under the Health Insurance Portability and Accountability Act (HIPAA) imposes significant restrictions on health research. Those restrictions are magnified by the Privacy Rule’s inconsistencies with the Common Rule. The Institute of Medicine Committee on Health Research and the Privacy of Health Information reported. in February 2009 that “the HIPAA Privacy Rule does not protect privacy as well as it should” and “as currently implemented, the HIPAA Privacy Rule impedes important health research.” To address these critical issues, the IOM committee recommended “first and foremost” that Congress should authorize HHS to develop “a new approach in protecting privacy in health research” that would “exempt health research from the HIPAA Privacy Rule.” This project seeks to implement the IOM recommendations. It has assembled a blue-ribbon panel of experts in medical research, privacy, law, ethics, and patient advocacy to flesh out the IOM’s proposal and move it forward in the regulatory environment.
Information and Intellectual Property Issues in Health Innovation (HI4): HI4 is a neutral forum for health innovation industries to discuss approaches to quickly-evolving information-related challenges. Pharmaceutical, biotech, medical device, health care services, and related industries increasingly face significant issues as they research, develop, market, and improve life-saving therapies and services. Examples include: Complying with a growing swath of often inconsistent information privacy and security laws, protecting valuable intellectual property and sensitive consumer and research subject data from theft or misuse, or guarding against intellectual property infringement and product defamation online. The inaugural HI4 forum, held in Chicago in May 2012, addressed the myriad legal, technical, and policy issues facing the health sector as it responds to the Bring Your Own Device movement. The meeting included privacy, security, IT, research, and litigation/investigations professionals from 3M, Acxiom, CVS Caremark, Drinker Biddle & Reath LLP, Eli Lilly and Company, Iowa Health System, IMS, Takeda, and Vitalogix Consulting LLC. HI4 is supported through three Indiana University centers: CLEAR, the Center for Applied Cybersecurity Research (CACR), and the Center for Intellectual Property Research (CIPR).
CLEAR NIH panelist authors report backing health info de-identification
Personal information can be routinely de-identified before it is used or disclosed for a wide range of purposes, such as research, where it is not necessary to know the identity of individuals. Recently, however, the practice of de-identification as an effective tool to protect privacy has been challenged by those who claim it is possible to re-identify individuals from seemingly anonymous data. Today’s report refutes this position, and further validates that anonymizing data is a reliable, safe and practical way to protect personal information.
Launched at the University of Alberta’s National Access and Privacy Conference, the new paper entitled, "Dispelling the Myths Surrounding De-Identification: Anonymization Remains a Strong Tool for Protecting Privacy" shows that the re-identification of properly de-identified information is not, in fact, an easy or trivial task, and rather requires concerted effort on the part of skilled technicians. De-identification is a vital first step in protecting privacy, by drastically reducing the risk that personal information will be used or disclosed for unauthorized or malicious purposes.
“Not only does de-identification protect individual privacy, it also enables the valuable use of information for authorized secondary purposes, such as health research, which benefits not only individuals but society as a whole. This enables the shift from a zero-sum paradigm to a positive-sum paradigm, a key principle of Privacy by Design,” says Commissioner Cavoukian.
“De-identification techniques are gaining serious traction and Canadians are leading this conversation abroad,” adds Dr. El Emam. “Collaborating with the Commissioner’s Office to compile this report is an important achievement. Privacy topics get a lot of attention only when something goes wrong. Today we are sending a positive message that personal information can get protected and utilized for good reasons, in the safest way possible.”
Dr. Cavioukian is a member of the expert panel convened by Fred Cate and Stan Crosley under the auspices of their NIH grant on “Protecting Privacy in Health Research.”
NSF grant will help underserved older adults age in place
A $500,000 grant from the National Science Foundation will help Indiana University researchers better understand how technologies can assist underserved older adults as they age in place. The grant has been awarded to School of Informatics and Computing Associate Professor Kay Connelly and Principal Research Scientist Kelly Caine, co-directors of the Pervasive Health Information Technology (PHIT) lab and core members of the Center for Law, Ethics, and Applied Research in Health Information.
"The shifting demographics associated with an aging population require novel solutions to meet the health needs of the growing number of older adults around the world," Connelly said. "Since caring for individuals in assisted-living and long-term care facilities costs nearly twice that of care for their non-institutionalized counterparts, and older adults prefer to stay in their own home, technologies that support aging in place are one way to address these pressing problems."
Connelly and Caine said their research will focus primarily on the groups at the highest risk for extensive care and services: individuals from rural areas and underprivileged urban areas.
"Of those two subpopulations, rural individuals make up one fifth of the elderly population and are at the highest risk for requiring long-term care services and support," Caine said. "Similarly, urban-dwelling older adults in low-socioeconomic-status neighborhoods often experience higher rates of functional loss and poorer overall health outcomes. Thus, there is a lot of room to help both of these groups."
The project will ultimately provide guidance to community members, service providers, and governmental agencies about how to wield technology to enable those populations to age in place. Researchers will identify and analyze existing technologies, then compare and contrast those with the specific needs of low-SES older adults.
"We'll take into account factors like proximity of caregivers, access to transportation, access to health services, technology infrastructure, and attitudes toward technology," Connelly said.
Once the guidelines are established, Connelly and Caine will customize a suite of technologies for the specific needs of the two populations. The researchers will then be able to assess how older adults use and adjust to the technologies, and how that may help their ability to age in place.
"The broader impact in terms of benefit to society is inherent in the research," Caine said. "We're looking for ways to provide more appealing, less invasive, less costly options while simultaneously serving underserved caregivers and older adults."
The grant was awarded from the NSF's new Smart Health and Wellbeing program, which seeks improvements in safe, effective, efficient, equitable and patient-centered health and wellness services through innovations in computer and information science and engineering. The Smart Health and Wellbeing program aims to facilitate large-scale discoveries that yield long-term, transformative impact in how we treat illness and maintain our health. Besides Indiana University, teams from MIT, Georgia Tech and Carnegie-Mellon were among the universities to receive one of the 21 awards given by the Smart Health and Wellbeing program in this, its first year.