Big Data has already made an impact in many industries, and is transforming how we think of healthcare and public health. It will continue to revolutionize healthcare, pharmaceuticals, clinical trial management, administration, and all aspects of the health industry. The US has the highest healthcare costs in the world, and our outcomes are often mediocre. The application of Big Data techniques will help reduce these costs and improve outcomes. As the field matures, we will see a cumulative effect, as insights build atop each other.
Big Data is a revolution, but it is still in its infancy. The truth is, we still have not come close to getting maximum value from our traditional methods of data analysis. Big Data makes use of the unbelievable volume, variety, and velocity of data being produced every second, and applies creative querying to make predictions and to make recommendations. It uses an open source architecture called Hadoop, which runs on commodity hardware, meaning that Big Data will be available to all organizations in the future. The challenge will be in asking the data the right questions, and querying the data sources in an appropriate way. These skills will be in very high demand in the near future.
However, there are some major challenges in applying Big Data in healthcare, particularly when it comes to protecting patient privacy. First of all, Health Insurance Portability and Accountability Act (HIPAA) compliance is mandatory, and violating HIPAA is a serious breach of the law and medical ethics. So, how do we integrate patient data while preserving privacy? Yes, data can be de-identified, but sophisticated analysts could determine the identity of individual patients. In a White House reported on balancing Big Data and privacy, it was noted that policy alone cannot prevent data breaches, and that technology needs to be effectively implemented to prevent breaches. It also makes the case that policy should focus on the harm caused by specific breaches.
Breaches in privacy are a serious matter and companies deploying Big Data, just as before, must be vigilant in their use of technologies, such as encryption, to prevent breaches. With so much data, the consequences of a data breach can be staggering. It was revealed in 2015 that over 4 million current and former federal employees had their personal data stolen by hackers. The data were held by the Office of Personnel Management (OPM). Therefore, companies with access to millions of patient records must be especially vigilant.
Breaches of massive datasets can result in more than just identifying information, such as social security numbers and addresses, as was the case in the OPM breach. As devastating as that was for the millions of victims, the potential damage from, for example, stealing patients’ genomic data could be even worse. We’re at the cusp of a new era in data management. The consequences of privacy breaches in this new domain have yet to be fully understood. Vigilance will be the key for all stakeholders.
The data that patients provide allow researchers to conduct extraordinary analyses and tease out information that was invisible under the old paradigm. Big Data analysis requires many people to share their data. So, policies should be in place that protect patients, while still encouraging them to share their personal information. Data encryption will play a role in preventing breaches. But, intelligent policies will be as important. Many times, hackers can bypass encryption and other tools due to a human vulnerability.
If companies do not enforce their policies effectively, then encryption can be neutralized as a deterrent. The STUXNET virus crippled computer systems in Iran’s Nantanz nuclear facility. The Iranians had physically isolated those information systems from other computer networks and the Internet. The virus exploited a vulnerability by introducing a virus onto the thumb drives of employees. Then, when one or more employees inserted the thumb drive into the computer system, STUXNET was able to spread and cripple the network. While this is an extreme case, and it is widely presumed that one or more intelligence agencies designed the virus, it does highlight how a breach in protocol can be exploited. It is not enough to have strong policies—companies must be able to enforce them as well.
Storing and accessing patient data without violating patients’ privacy is going to be a long-term challenge. Companies should have a clear written policy on patient privacy. In addition, they should take steps to ensure that data are not mishandled by mistake. The damage to patients can be serious, and the consequences to the company could possibly be catastrophic. Not only would they be vulnerable to lawsuits, HIPAA violations could actually lead to criminal charges.
Magdi Stino, Health Policy PhD Candidate