Question refers to this Newsweek article: http://www.newsweek.com/2016/07/29/war-over-cancer-patient-data-myriad-481608.html
Anonymized
patient data is already easily and legally available to the highest
bidder, if one knows where to look. But its use in research isn't as
much of a priority among the main healthcare data brokers as is making
money off of it. Thus, at the intersection of business and science of
health, there are currently three main approaches towards health data
sharing, the first two prioritizing business while the last one prioritizes science,
- Hold on to patients' health data as tightly as possible as if it were the proverbial gold mine, an approach exemplified by Myriad Genetics, also the approach discussed in the Newsweek article referenced in the question.
- Sell it behind the scenes to the highest bidder, all legally of course, an approach exemplified by IMS Health.
- Partner with academic partners and share it fully with them, an approach exemplified by 23andMe.
Which
course(s) will prevail will depend on how the politics of health plays
out, specifically future legislation and the outcome of legal challenges
to any or even every one of these three prevailing approaches.
The Health Data Marketplace Where Anonymized Patient Dossiers Are Freely Bought & Sold
In a Feb 2016 Scientific American article (1), Adam Tanner states that IMS Health dominates the medical data trading industry. Apparently it automatically receives Petabyte (>10^15), yes with a p,
of data from computerized records of pharmacies, insurance companies,
and medical organizations including US federal and state health
departments. Specifically, Tanner states that 3/4ths of all retail pharmacies in the US send some portion of their electronic records to IMS Health but that's not all.
According to Tanner, IMS Health itself claims to have half a billion
individual patient 'dossiers' from the US to Australia. Anonymized to
protect patient privacy, they're stripped of individual identifiers such
as social security numbers, names, addresses. This way, data transfer
to and from IMS Health and other data brokers doesn't violate medical privacy rules such as the 1996 US Health Insurance Portability and Accountability Act (HIPAA), which applies only to transfer of medical information directly tied to a patient's identity.
Even anonymized, such data's extremely lucrative. For example, Tanner's article (1) quotes Marc Berger
who heads the analysis of anonymized patient data at Pfizer as saying
it annually pays US $12 million to buy health data from a variety of
sources including IMS Health.
As well,
the public is largely unaware of the extent to which such companies go
to maintain their business practices. For example, HIPAA only applies to
patient records, not to doctors' prescribing habits. Starting in the 1990s, IMS Health started selling US doctors' prescribing data. Obviously this helps pharma companies tailor
their sales pitches to individual doctors. According to Tanner, even
though 36 US states, the US Department of Justice and advocacy groups
challenged such a practice, IMS Health fought all the way to the US Supreme Court and prevailed in 2011 on the grounds of corporate 'free speech' (2). Upshot? Even today, US doctors' prescribing habits are up for grabs, sold and traded freely in the marketplace.
One bright spot in this otherwise bleak story? IMS Health also shares some data for free or at a discount with academia. As proof of its academic partnerships, IMS Health's web-site offers a browsable database of >3000 scientific publications (3) they claim span 'virtually all therapy areas and projects completed in more than 50 countries worldwide' (4).
Health Data Privacy Concerns: Anonymized Data's Not Always So Anonymous
In a famous example from 1997 (5), back when she was still a graduate student, Latanya Sweeney identified then Massachusetts Governor William Weld
through publicly available hospital records. Apparently all it took for
her to identify him from anonymized hospital records was to compare
them with the voter registration rolls for the governor's city of
residence, Cambridge, MA. Doing so, Sweeney was able to pinpoint records
based on age and gender that could only pertain to Weld. This included a
recent hospital visit, diagnosis and prescriptions.
Of course, Weld being a public figure with a highly publicized hospitalization obviously helped Sweeney succeed in rather easily re-identifying him (6).
As an outcome of Sweeney's re-identification of Weld,
important changes were made to HIPAA. These include public records now
including only 3-digit rather than 5-digit zip code and only year, not
year and day of birth. These changes do make it more difficult to
re-identify people from anonymized patient data (7).
Despite such changes, it's still possible to re-identify medical research study participants (see table below from 8).
While people like George M. Church and Steven Pinker are openly unconcerned about their health data privacy (9),
human history provides compelling countervailing examples of research
abuse in the form of Nazi experimentation and the Tuskegee syphilis
experiment. Scope for health data misuse can't simply be wished away.
Instead, such misuse can only be thwarted by improving or expanding
scope of specific laws. For example, today in the US, the HIPAA Privacy
Rule only covers government-funded research but could be expanded to
cover the private sector as well (10).
The 23andMe Model: Share Patient Data With Academics To Advance Medical Research
In the 23AndMe model, people send it their saliva and consent to allow it to use anonymized information derived from it for research.
In the most recent example, their collaboration with researchers from the Massachusetts General Hospital and the University of Pennsylvania, published in Nature Genetics, studied 75607 self-reported depressive individuals with 231747 healthy controls, and identified 17 independent Single-nucleotide polymorphism from 15 genetic loci associated with risk of major depression in people of European ancestry (11).
Interesting
nuggets from this study include overlap with genetic regions involved
in neuronal development, schizophrenia, neuroticism. This suggests
future studies examining these conditions in tandem may yield more
insights.
Caveat about 23AndMe samples
is the scientific one about the source, i.e., saliva. Presence of
digestive enzymes and microbes makes saliva less reliable than blood.
While
such data is very far from helping provide patients better Rx, it's
part of the process involved in the first step necessary for improved
medicine, namely, identifying specific genomic targets for Rx.
As well, 23AndMe's approach is certainly refreshing considering how business-related profit motive prevails among dominant players like IMS Health in the health data marketplace.
Summation
In
short, the extremely lucrative market for legally buying and selling
patient data proves it's already perceived to be quite valuable. Many of
us are simply unaware of the extent of this marketplace or even that it
exists at all. 23AndMe's proactive partnering with academia, while laudable, is very much an outlier.
Such practices can only become the norm if the public actively pushes
their governments to make it so through legislation. For that to happen,
first the fact that anonymized patient data is already freely legally
bought and sold needs to become common knowledge. Understandably the
major operators assiduously fly under the radar, careful not to attract
undue attention. Onus is on the media to highlight this practice of
legally buying and selling health data records, and for the public to
fully inform itself of its pros and cons, obviously mainly cons. Another
option, already being practiced by the Framingham Heart Study and by the US state of Rhode Island, is to offer study participants the option of choosing to forbid collection of their medical information for commercial use (1).
Again such options can only become more mainstream with greater public
awareness of the dangers of unfettered market control of patient health
data, a situation that's not theoretical but rather, as the examples of Myriad Genetics and IMS Health show, already a practical reality.
Bibliography
1. Tanner, Adam. "For Sale: Your Medical Records." Scientific American 314.2 (2016): 26-27. How Data Brokers Make Money Off Your Medical Records
5.
Sweeney, Latanya. "k-anonymity: A model for protecting privacy."
International Journal of Uncertainty, Fuzziness and Knowledge-Based
Systems 10.05 (2002): 557-570. http://www.cs.colostate.edu/~cs6...
6.
Barth-Jones, Daniel C. "The're-identification' of Governor William
Weld's medical information: a critical re-examination of health data
identification risks and privacy protections, then and now." Then and
Now (July 2012) (2012). https://fpf.org/wp-content/uploa...
7. Techpinions, Steve Wildstrom, July 9, 2012. Can You Be Identified from Anonymous Data? It’s Not So Simple
8.
Milius, Djims, et al. "The International Cancer Genome Consortium's
evolving data-protection policies." Nature biotechnology 32.6 (2014):
519-523.
9. Forbes, Adam Tanner, April 25, 2013. Harvard Professor Re-Identifies Anonymous Volunteers In DNA Study
10.
Contreras, Jorge L. "The president says patients should own their
genetic data. He's wrong." Nature Biotechnology 34.6 (2016): 585-586.
11. Hyde CL et al, Nature Genetics, Published 1 August, 2016. http://www.nature.com/ng/journal...
https://www.quora.com/Should-patient-data-that-could-be-used-for-lifesaving-research-be-freely-available-to-any-researchers-that-want-it/answer/Tirumalai-Kamala
https://www.quora.com/Should-patient-data-that-could-be-used-for-lifesaving-research-be-freely-available-to-any-researchers-that-want-it/answer/Tirumalai-Kamala
No comments:
Post a Comment