Presentation is loading. Please wait.

Presentation is loading. Please wait.

Healthcare Data Privacy and Security in the Era of Big Data

Published byDerrick Ellis Modified over 6 years ago

Similar presentations

Presentation on theme: "Healthcare Data Privacy and Security in the Era of Big Data"— Presentation transcript:

1 Healthcare Data Privacy and Security in the Era of Big Data
John P. Houston, J.D. Vice President, Privacy & Information Security, Associate Counsel University of Pittsburgh Medical Center Adjunct Assistant Professor of Biomedical Informatics University of Pittsburgh School of Medicine

2 Learning Objectives Identify privacy considerations associated with big data. Compare/contrast privacy rights associated with the use of identifiable and de-identified data in analytics and research. Differentiate between societal rights verses personal privacy rights in the use of big data in analytics and research. Explain the role of autonomy in the use of big data for analytics and research.

3 What Is Your Opinion? (VIDEO)

4 Electronic Records - Global Availability
Smartphones, iPad, IoT – the accelerating evolution of transformative technologies. Growth of Smartphones Ability to push large amounts of data to the device anywhere in the world – as long as there is an internet or cellular connection. These devices are going to be transformative…

5 Electronic Records - Global Availability
Cloud Services– Providers are becoming increasingly dependent on internet-based services (SaaS, IaaS PaaS ASPs, etc.). Enterprise Cloud Services

6 Electronic Records - Global Availability
Consumer engagement – Consumers expect to engage their providers and payers through the Internet. At the end of the day, these examples speak to a substantial change in the manner in which we process data. No longer is data going to solely reside within our data center or on our internal network. Overall, the complexity of the environment is increasing dramatically.

7 Electronic Records - Global Availability
Data Explosion – there is a substantial increase in the amount of data that is collected and disseminated. Ability to push large amounts of data to the device anywhere in the world – as long as there is an internet or cellular connection. These devices are going to be transformative…

8 Questions What is Privacy? What is Confidentiality?
What is (Information) Security?

9 Security, Privacy & Confidentiality
Privacy - the state of being free from intrusion or disturbance in one's private life or affairs. (Random House Dictionary) Confidentiality - The ethical principle or legal right that a physician or other health professional will hold secret all information relating to a patient, unless the patient gives consent permitting disclosure. (The American Heritage® Stedman's Medical Dictionary) Security - Protection against unauthorized access to, or alteration of, information and system resources including CPUs, storage devices and programs. (Free On-line Dictionary of Computing)

10 Security, Privacy & Confidentiality
Practically Speaking….. (Information) Security Keeping the bad guys out. Privacy Confidentiality Making sure that those people who have access to information, only use the information for appropriate purposes.

11 Societal Rights vs Individual Rights
Privacy Is a Balance. An individual’s right to have his / her information kept confidential. A provider’s need for information to support the delivery of effective and efficient healthcare. Public / societal interests. In good faith people have substantial differences of opinion regarding the value and importance of privacy. Practically speaking privacy is not an absolute

12 Autonomy Autonomy - an individual’s capacity for self-determination or self-governance. Personal autonomy - the capacity to decide for oneself and pursue a course of action in one’s life. Internet Encyclopedia of Philosophy

13 Autonomy – The Belmont Report
 B. Basic Ethical Principles 1. Respect for Persons. -- Respect for persons incorporates at least two ethical convictions: first, that individuals should be treated as autonomous agents, and second, that persons with diminished autonomy are entitled to protection. The principle of respect for persons thus divides into two separate moral requirements: the requirement to acknowledge autonomy and the requirement to protect those with diminished autonomy.

14 Autonomy – The Belmont Report
 B. Basic Ethical Principles 2. Beneficence. -- Persons are treated in an ethical manner not only by respecting their decisions and protecting them from harm, but also by making efforts to secure their well-being.

15 Autonomy – The Belmont Report
An autonomous person is an individual capable of deliberation about personal goals and of acting under the direction of such deliberation. To respect autonomy is to give weight to autonomous persons’ considered opinions and choices while refraining from obstructing their actions unless they are clearly detrimental to others. To show lack of respect for an autonomous agent is to repudiate that person’s considered judgements, to deny an individual the freedom to act on those considered judgments, or to withhold information necessary to make a considered judgment, when there is no compelling reason to do so.

16 Value - Why is Big Data Different?
Volume Complexity Use interest Business/commercial Value Inference power

17 Risk - Why is Big Data Different?
Most activities involving big data will involve the use of existing data sets. Is there an opportunity for individuals to provide informed consent? The risk to each patient remains the same whether small cohorts or large cohorts are used. However, large cohorts either (a) increase the number of individual affected, or (b) the likelihood that an individual may be affected. “Data Numbness” – there is so much data and so many people want to use it for so many purposes, that some people become numb to both the risk and rights of individuals.

18 The “Big Three” Research
Quality Improvement / Quality Assurance (QI/QA) Health Care Operation (HCO)

19 The “Big Three” Research – An activity designed to test a hypothesis, permit conclusions to be drawn, and thereby to develop or contribute to generalizable knowledge. Quality Improvement - Quality improvement (QI) consists of systematic and continuous actions that lead to measurable improvement in health care services and the health status of targeted patient groups. Healthcare Operations -Health care operations means any of the following activities of the covered entity to the extent that the activities are related to covered functions: (1) Conducting quality assessment and improvement activities; (2) Reviewing the competence or qualifications of health care professionals; (3) underwriting, enrollment, premium rating, and other activities; (4) Conducting or arranging for medical review, legal services, and auditing functions; (5) Business planning and development; and (6) Business management and general administrative activities.

20 Research and Big Data What is the role of the Common Rule and the IRB in the oversight of research data use? Privacy is one human subjects protection that the IRB is responsible for considering. HIPAA allows for an IRB or Privacy Board to grant a waiver of authorization for the use of identifiable data. What is the threshold for the use of identifiable data in research? Is convenience a factor in allowing a waiver? How do we address massive data sets where some level if identification is necessary? What are the rights of deceased individuals?

21 QI and Big Data What is the threshold for the use of identifiable data in QI? HIPAA sets a “lower bar” for QI. No approval is required. However some institution require QI committee oversight. Who should evaluate QI activities and provide oversight? How do we address massive data sets where some level if identification is necessary? What are the rights of deceased individuals?

22 Healthcare Operations and Big Data
What is the threshold for the use of identifiable data for HCO? HIPAA sets a lower bar for HCO. No approval is required. How do we address massive data sets where some level if identification is necessary? What are the rights of deceased individuals?

23 The Role of Data Governance
Data governance (DG) refers to the overall management of the availability, usability, integrity, and security of the data employed in an enterprise. A sound data governance program includes a governing body or council, a defined set of procedures, and a plan to execute those procedures. Data governance provides a structure for classifying data. Data governance allows for an organization to decide how data is used in a methodical fashion. Decisions regarding data are aligned with the individuals within the organization whose functions “own” the data. For example, the CFO would own financial data.

24 Identified vs De-Identified Data
Should individuals have concerns regarding data that has been properly de-identified? Can the patient be harmed by data that is properly de- identified? Genetic data de-identification – is that actually possible?

25 Security Considerations
Securing data the does not differ when considering small and large data sets. Each deserves the same rigor. The number of individuals affected by the breach or inappropriate use of a Large data sets is significantly greater. Does this increased risk affect the decision whether de-identified data should be used? Or, if the activity should be undertaken?

Download ppt "Healthcare Data Privacy and Security in the Era of Big Data"

Similar presentations

Basic Principles of Research Ethics

Basic Principles of Research Ethics
Informed consent in research ethics

Informed consent in research ethics
Criteria For Approval 45 CFR 46.111 25 CFR 56.111 Minimized risks Reasonable risk/benefit ratio Equitable subject selection Informed consent process Informed.

Criteria For Approval 45 CFR CFR Minimized risks Reasonable risk/benefit ratio Equitable subject selection Informed consent process Informed.
Informed consent requirements

Informed consent requirements
A Multi-Disciplinary Approach. Darran Boyer, Moderator Alicia (Ali) Craig-Rodriguez President, Comprehensive Neuroscience, Inc. Kim Lerner Chief Executive.

A Multi-Disciplinary Approach. Darran Boyer, Moderator Alicia (Ali) Craig-Rodriguez President, Comprehensive Neuroscience, Inc. Kim Lerner Chief Executive.
Ethical Considerations when Developing Human Research Protocols A discipline “born in scandal and reared in protectionism” Carol Levine, 1988.

Ethical Considerations when Developing Human Research Protocols A discipline “born in scandal and reared in protectionism” Carol Levine, 1988.
Ethical and Legal Implications of Practice Chapter 5.

Ethical and Legal Implications of Practice Chapter 5.
Obtaining Informed Consent: 1. Elements Of Informed Consent 2. Essential Information For Prospective Participants 3. Obligation for investigators.

Obtaining Informed Consent: 1. Elements Of Informed Consent 2. Essential Information For Prospective Participants 3. Obligation for investigators.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
PPA 691 – Seminar in Public Policy Analysis Lecture 1d – The Belmont Report.

PPA 691 – Seminar in Public Policy Analysis Lecture 1d – The Belmont Report.
بسم الله الرحمن الرحيم. THE TITLE “INTRODUCTION”

بسم الله الرحمن الرحيم. THE TITLE “INTRODUCTION”
THE ETHICAL CONDUCT OF RESEARCH Chapter 4. HISTORY OF ETHICAL PROTECTIONS The Nuremberg Code The Office for Human Research Protections (OHRP), United.

THE ETHICAL CONDUCT OF RESEARCH Chapter 4. HISTORY OF ETHICAL PROTECTIONS The Nuremberg Code The Office for Human Research Protections (OHRP), United.
Scientific Data Management for the Protection of Human Subjects Robert R. Downs NASA Socioeconomic Data and Applications Center (SEDAC) Center for International.

Scientific Data Management for the Protection of Human Subjects Robert R. Downs NASA Socioeconomic Data and Applications Center (SEDAC) Center for International.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Research Methods for the Social Sciences: Ethics Ryan J. Martin, Ph.D. Thomas N. Cummings Research Fellow March 9, 2010.

Research Methods for the Social Sciences: Ethics Ryan J. Martin, Ph.D. Thomas N. Cummings Research Fellow March 9, 2010.
The Nuffield Council on Bioethics Report : The collection, linking and use of data in biomedical research and health care: ethical issues. Martin Richards.

The Nuffield Council on Bioethics Report : The collection, linking and use of data in biomedical research and health care: ethical issues. Martin Richards.
Autonomy: Respect for Persons, Decision-making Capacity, & Informed Consent Walter Limehouse MD MUSC Ethics Committee Chair.

Autonomy: Respect for Persons, Decision-making Capacity, & Informed Consent Walter Limehouse MD MUSC Ethics Committee Chair.
Cornell Evaluation Network The Use of Human Participants in Research Office of Research Integrity and Assurance 255-3943 ~ May 14, 2007.

Cornell Evaluation Network The Use of Human Participants in Research Office of Research Integrity and Assurance ~ May 14, 2007.
A History of Human Research Protections and Institutional Review Boards Roger L. Bertholf, Ph.D. Associate Professor of Pathology Chair, University of.

A History of Human Research Protections and Institutional Review Boards Roger L. Bertholf, Ph.D. Associate Professor of Pathology Chair, University of.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.

Similar presentations

Ads by Google