Data Digital Health Privacy

Health Data Privacy Is a Social Justice Issue

Voiced by Amazon Polly

Big Tech needs to take the Technocratic Oath to Do No Harm

RinzinFollowDec 15, 2020 · 5 min read

Image for post
https://unsplash.com/photos/w33-zg-dNL4

The COVID-19 pandemic has changed many aspects of our everyday life, from how we work and interact to how we think about health data privacy in the increasingly digitized world of sensors, wearables, and machine learning. While the healthcare sector has continued to garner massive business interest in the last several years, the business of healthcare data is a relatively unpaved path. In the COVID-19 era, telehealth/telemedicine adoption has skyrocketed. The consulting firm McKinsey estimates that up to $250 billion of the country’s current health care spending could be done virtually, considering patients’ embrace of telehealth rose from 11% in 2019 to 46% in 2020. The management of health data increasingly relies on advanced technology. This convergence will shape the attitude and culture around how much say we should have in protecting our health data — our informational DNA — in decades to come.

Digital innovations in health care have and will continue to revolutionize the healthcare delivery system and undeniably add value to society. But they come with many critical challenges: from digital inequity and opportunistic pandemic cybercriminals to lack of comprehensive data-privacy protections. Unless we demand changes, advancements in health technology will continue to offer us little ownership or control over our most intimate health data. The public is often at the mercy of unending pages of “Terms and Conditions” that eventually lead us to checking “I agree”; the alternative, “I disagree,” kicks you out of the services.

This year, the federal government published the final rule of the 21st Century Cures Act, which addresses interoperability, information blocking, and the health IT certification program. The final rule is the most current and significant milestone in modernizing the way the healthcare sector shares, uses, and exchanges our health information. One of the provisions of this landmark rule is to provide patients the freedom to choose a third-party application with the goal of affording us unmitigated access to our health information. In a few years, this will lead to a broader adoption of smartphone apps to host personal health information.

As for the legal landscape of data privacy, the evolution of technology and data markets has outpaced consumer protections. At the constitutional level, the Supreme Court has concluded that the right to “informational privacy” is implicit, meaning it varies by case. Unlike the European Union, the U.S. does not have a privacy-focused regulation like the European General Data Protection Regulation (GDPR) — a legal framework of data protection by design and by default. The closest thing the U.S. has to GDPR is the California Consumer Privacy Act (CCPA), applicable to “for-profit businesses that do business in California” and make “a gross annual revenue of over $25 million.” The privacy regulations of the Health Insurance Portability and Accountability Act (HIPAA), applicable only to “covered entities,” are often called “the floor of privacy protections, not the ceiling.” Health gadgets, sensors, and wearables developed outside those covered entities are not bound by HIPAA.

Recently, the U.S. Department of Health and Human Services (HHS) and the Federal Bureau of Investigation (FBI) warned that cybercriminals are targeting healthcare providers and public health agencies as COVID resurges. Pre-COVID, public health IT infrastructures were underfunded, overburdened, and almost forgotten. Building a digital health ecosystem without investing in public health agencies’ data systems is a recipe to further erode public trust. And trust is key to the success and sustainability of any work sector — be it government or a business entity.

As a few tech giants exert vast control over our online lives, the internet of things is progressively merging digital and physical universes into one online society. The right to data privacy — especially to your own health data — is a nascent social justice issue.

As a few tech giants exert vast control over our online lives, the internet of things is progressively merging digital and physical universes into one online society. The right to data privacy — especially to your own health data — is a nascent social justice issue.

In an increasingly monopolized and lucrative data market, consumers often give away a lot more than we signed up for. Predictive analytics of health data holds critical and actionable information but is also a gold mine in the data market. Whether or not such information will be used to sell you something that you never thought you needed, and/or deliver value-based health care, is largely up to the whims of data markets. In the field of human genomic study, neurotechnology research, and other health-tech areas, how do we ensure that data is strictly used for health purposes alone?

In developing, adopting, and deploying health technology of any kind, it’s critical that we hold certain negotiating power on how our health data is being collected, used, shared, and re-used by third-party vendors. The large-scale collection, storage, sharing, and selling of health data warrants transparency, clarity, and accountability. Ensuring consumer privacy rights is also a good business practice because data breaches are expensive inconveniences, disruptive, and harmful to a company’s reputation.

It’s time for every actor who touches health data to take the Technocratic Oath: a pledge to ensure beneficence, justice, dignity, and transparency around the entire life cycle of data flow (collection, usage, sharing, and deletion). A promise to do no harm to the rightful owners of our health data: us. At the heart of the Technocratic Oath should be a data fiduciary role, upholding the duties of care and loyalty. Furthering the ideals of the Technocratic Oath should be the driving force for every data activity. Regulatory bodies need to get up to speed on how lack of data privacy erodes public trust and offer the opportunity to educate the public. More of us need at least a baseline understanding of current digital capabilities so that we can create viable pathways to civic engagement around data privacy.

It’s time for every actor who touches health data to take the Technocratic Oath: a pledge to ensure beneficence, justice, dignity, and transparency around the entire life cycle of data flow (collection, usage, sharing, and deletion).

This pandemic is teaching us the importance of parallel investment in the IT infrastructure and data governance capabilities of public health agencies at the same pace as digital innovations in the private sector. Or, at a minimum, comprehensive regulations to uphold the fiduciary role when it comes to health data. Like any other social justice issue, the right to health data privacy by design and by default, consistent with technological advancements, will require civic discourse and participation.The Startup

Medium’s largest active publication, followed by +750K people. Follow to join our community.

Follow

1K

1K claps

WRITTEN BY

Rinzin

Follow

Policy Analyst — Health Informatics. Opinions are mine, not employer’s.