Healthcare organizations and hospitals in the United States all sit on treasure troves: a stockpile of patient health data stored as electronic medical records. Those files show what people are sick with, how they were treated, and what happened next. Taken together, they’re hugely valuable resources for medical discovery.
Because of certain provisions of the Health Insurance Portability and Accountability Act (HIPAA), healthcare organizations are able to put that treasure trove to work. As long as they de-identify the records — removing information like patient names, locations, and phone numbers — they can give or sell the data to partners for research. They don’t need to get consent from patients to do it or even tell them about it.
More and more healthcare groups are taking advantage of those partnerships. The Mayo Clinic in Rochester, Minnesota, is working with startups to develop algorithms to diagnose and manage conditions based on health data. Fourteen US health systems formed a company to aggregate and sell de-identified data earlier this year. The healthcare company HCA announced a new data deal with Google in May.
There may be benefits to sharing this data — researchers can learn what types of treatments are best for people with certain medical conditions and develop tools to improve care. But there are risks to free-flowing data, says Eric Perakslis, chief science and digital officer at the Duke Clinical Research Institute. He outlined the ways the system could potentially harm patients in a recent New England Journal of Medicine article with Kenneth Mandl, director of the computational health informatics program at Boston Children’s Hospital.
“I’m a huge advocate for open data,” Perakslis says. “I think it’s very easy to get excited about the benefits. What we know with medical sciences, though, is that you don’t always understand the risks that come with the benefits until later.”