Thursday, May 25, 2017

A Useful Analysis Of The Health Data Re-Identification Issue. Great Read.

This appeared a few days ago:

Health Data Governance: Re-identification of health records

Australia, USA May 11 2017
Australian governments have long recognised the potential of big data, which can provide the depth of insight about the community to enable genuine evidence-based policy development, public infrastructure planning, and service delivery innovation.
The intensive analysis of data sets drawn from a range of different sources to uncover important trends and insights, commonly referred to as `Big Data', has a particularly important role to play in Australia's health system, which comprises a complex web of medical, social and behavioural influences. Rich data sets exist at patient and system levels, reflecting the dominant role that Australian Governments play in our system, anchored in the Medicare Benefits Scheme (MBS) and the Pharmaceutical Benefits Scheme (PBS) and now-ubiquitous My Health Record (MHR).
Big data can improve population health, stimulate therapeutic innovation and enhance system efficiency and sustainability. The benefits can only be realised with the trust and confidence of citizens, bringing privacy issues into sharp relief. The use and management of data and health information is now regulated by the Privacy Act 1988 (Cth) (Privacy Act) and health records legislation in most States and Territories.
In this article, we consider some of the regulatory issues relating to the de-identification and reidentification of health records data, particularly in light of a September 2016 incident in which deidentified PBS / MBS data was re-identified. We also highlight the challenge facing legislators in managing the tension between protecting personal information and allowing innovation to enable the promise of big data to be realised.
Increasingly sophisticated data management techniques have been developed to de-identify health records information, to enable data to be used, whilst complying with regulatory obligations. Those same techniques may, however, enable data sets to be re-identified, highlighting the need for a range of responses to adequately protect personal information.
There is an inherent tension between using big data sets to benefit the community and the personal privacy of the individuals to whom the data relates. Appropriate policy, contractual and technical controls are needed to maximise privacy protections without limiting the usability of the information (by, for example, over-use algorithmic de-identification which can reduce the integrity of the information). Finding the right mix of controls will maintain public confidence and spur further innovation in the health sector, realising the potential of big data for better health outcomes and system sustainability.
There is vastly more detailed information here:
Usefully PwC also provides coverage of the New Zealand approach to the same issue.
Well worth the time to read.
David.

No comments: