In his 2015 State of the Union address President Obama announced the launch of his precision medicine initiative, an audacious initiative to address these issues. In a nutshell, precision medicine customizes health care; That is, medical decisions are tailored based on the individual characteristics of the patients, ranging from their genes to their lifestyle. To have a clear understanding of the relationship between individual characteristics of patients and medical outcomes, it is necessary to collect various types of data from a large population of individuals. The precision medicine initiative requires a longitudinal cohort of one million individuals to provide researchers with various data types including DNA, behavioral data, and electronic health records. Assembling such a large sample of many different data types proposes two unique challenges pertaining to healthcare information technology: interoperability and privacy.
The federal government has already spent $28 billion to incent medical providers to adopt electronic health record (EHR) systems. As a result, almost all of the medical providers in the United States currently compile an electronic archive of their patients’ medical records. However, most of the EHR systems are not able to exchange information with each other. This is a strange problem in the age of information technology and Internet connectivity. There are a variety of technical and economic reasons, which make it especially complicated and difficult to solve. Given the current lack of interoperability between EHR systems, it seems highly unlikely to be able to obtain a complete medical history of one million Americans. To succeed, the precision medicine initiative has to either overcome the lack of interoperability problem in the nation’s health IT system or to find a way around it. Congress members in both the House and Senate are considering new rules that would stop EHR vendors from interfering with medical providers that had already started transferring records. These efforts are fraught with difficulty and will take a very long time to produce tangible results.
In the meantime, the researchers involved in precision medicine initiative should do their best to gain access to as many health records as possible. After assembling the initial sample, theyshould negotiate with both medical providers and EHR vendors to gain access to future medical records. This will ensure a complete medical history and will also lead to the creation of technologies which can be used for health information exchange at the national level for other purposes beyond those of precision medicine.
With regards to privacy, there are two different types of challenges that should be addressed. The first one is implementation of appropriate security technologies and strict privacy-regulations. The health care sector has become the new target for computer hackers. According to the data provided by the Department of Health and Human Services, the number of breaches that involved at least 500 patients has increased from 13 in 2008 to 256 in 2013.While hackers have very high incentives to break into medical databases, the incentives to protect these datasets are almost non-existent in the health care sector.
The most important, yet least discussed threat to patient privacy arises from the data fusion process. Medical researchers will likely need to merge and analyze different data sets which were collected with the consent of the patient. However, the analysis of the data results in other types of information about the patients which is currently unknown to the patients and even researchers involved in this project. It’s practically impossible for a person to provide consent to researchers in this scenario because the patient can’t know what details will be able to be uncovered about their lives in the future with the use of advanced analytic techniques. The scale of this initiative and the large population of volunteers that it requires will only intensify the concerns over privacy and the implication of its possible findings about a large number of individuals.
This initiative has enormous value for the future advancement of medical science. We will most likely be able to identify the characteristics that are associated with certain types of cancer and thus act much sooner and save the lives of the individuals which models predict to be more susceptible to such diseases. I would personally appreciate a call from my doctor telling me that based on a comparison of my biologic specimens and health records to the national average, I have a 95 percent chance of having cancer in the next 10 years unless we act right now and prevent it. But what if my primary care physician’s computer gets hacked and such information happens to be revealed to my employer? What if I refuse to share certain types of data but researchers come up with smart algorithms to correctly impute them anyway? To what extent is government allowed to use such information?
Given the high profile of the precision medicine initiative, one can expect that appropriate security technologies and policies would be in place to protect the privacy of patients. To ensure these safeguards are in effect there should be routine and independent privacy audits by third party organizations. The results of such audits should be publically available and accessible. More importantly, the precision medicine initiative should take responsibility in the event of a data breach. To achieve this, the precision medicine initiative should agree that in case of privacy breaches: 1) A patient’s participation in the study will be automatically terminated 2) the patients will automatically receive significant financial compensation, without a lawsuit. These conditions increase the incentives of the precision medicine initiative to proactively implement security technologies and strictly adhere to privacy policies to prevent data breaches from happening.
The precision medicine initiative is a “Big Hairy Audacious Goal” with exciting promises and priceless implications, however to believe in its future success, it should first propose a plan to resolve the above mentioned patient privacy concerns and health IT challenges.
More TechTank posts are available at the TechTank Homepage