Examining the Relationship between HIPAA and Healthcare Data
HIPAA, the Health Insurance Portability and Accountability Act, was adjusted recently and healthcare data collection initiatives are keen to understand what it means for their efforts. John W. Loonsk, the Chief Medical Information Officer at CGI Federal, examined both the adjustment and the overall impact of big data on medical research.
Overall, Loonsk argues that the limitations of big data result as much from the failure of policy to adapt to new information standards than the ability of technology to keep up.
“Part of the delay is that ‘new’ technologies, like big data, are frequently restrained by ‘old’ policies and the ‘old’ approaches of existing technologies,” Loonsk said. “It takes time, and sometimes policy and utilization changes, to fully accommodate a new technology’s potential.”
One of the benefits of big data in non-healthcare sectors is information that ended up being unimportant and irrelevant noise in one context ends up being quite useful in another. In healthcare, multiple ‘contexts’ take the form of clinical studies. Per HIPAA, according to Loonsk, that data must go through the patient’s consent again if to be used for a different study.
That rule came about recently in an Omnibus adjustment to HIPAA, where somewhat contradictory data collection regulations were implemented. On the one hand, according to Loonks, the new rule allows for something called ‘compound authorizations,’ which allow multiple research organizations to be consented at the same time for two different studies. On the other, the rule requires a re-consent for any planned future usage.
These statements are not contradictory in the sense that they will overlap (or overrule) each other, but rather in that they represent opposite viewpoints. “The conflict here,” Loonks explained, “is that while Big Data approaches offer great opportunity for additional queries and subsequent analysis of large data sets for unexpected findings and secondary conclusions, HIPAA requires that patients be re-consented if the new investigations are of a different nature than the original work.” Further, such re-consent must include a description in ‘sufficient detail,’ a notion ripe for misinterpretation.
Privacy and policy concerns aside, there also exists a lack of standardization that hampers data analysis efforts. Instances like unstructured narrative text along with various types of audio and video files make life difficult for an analytics system to aggregate all of the information in a useful manner. “In health,” Loonsk argued, “these format considerations are critical because there are so many ways that information is recorded in clinical care (imaging devices, sensors, software systems…) and because the health industry continues to struggle to get even a fraction of its information into standardized formats.”
For Loonsk, big data in healthcare must evolve from a standardization standpoint along with being aided by policy implementation to reach its full potential.