What is the future of privacy as real-world data capture becomes more sophisticated?
To cultivate the public’s growing interest in their own healthcare data we need to look to a future of privacy where more value is placed on ownership and accessibility.
As the market builds on a boom in real-world data collection to support a modern pharmaceutical industry in which drugs are becoming more complex, and treatments more personalised, our relationship with healthcare is changing fast. The exciting possibilities opened up by personal health technology highlight a discrepancy between two types of real-world data: that which is individually generated and personally owned, and that which belongs to a centralised record system.
Where new policy, such as the 21st Century Cures Act, has opened the door for real-world data (RWD) to be used alongside traditional clinical trial findings, this is still in the early stages. The main approaches to real-world research are still rooted in clinical trial methodologies, and these are being adapted to late-phase and early access studies which make use of electronic health records (EHRs).
The same largely applies to approaches to patient privacy. As things stand, the current changes in research practice driven by an increased interest in real-world evidence (RWE) haven’t called for a drastic change in privacy standards. These involve complex and sophisticated methods of anonymising personally identifiable patient data, and work well to secure the types of real-world data that are currently being captured.
Yet, taking into account the boom in personal health technology (fitness apps, wearable devices, even home genetic testing kits), there is another aspect of ‘real-world’ in which individuals are collecting their own, increasingly rich, data. Whether it be through completing questionnaires on handhelds or collecting vitals on wearable devices (it is not uncommon for these to gain FDA approval before entering the market) this represents a valuable, yet largely untapped potential to generate wider reaching and more effective real-world insights.
However, a focus on patient entered data brings with it a different set of privacy challenges. This is partly underscored by a general narrative of public distrust surrounding the use of personal data stimulated most recently by stories surrounding Cambridge Analytica and social media’s blurring of the lines between public and private.
On the other hand, there is a tangible public excitement about bespoke healthcare approaches: the 100,000 genomes project, the rise in personalised medicine and the dramatic reduction in cost of sequencing a human genome have all increased access to, and ownership over, personal medical data.
More broadly, the future of big data stores looks bright. We are rapidly moving toward making full use of EHRs: the NHS has recently announced a new initiative to go paperless by 2020 and in the US 87% of office-based physicians and nearly all hospitals are using EHRs to store patient data.
Clearly, we are in the midst of a paradigm shift. There is a distinct public interest in personal medical data, there is the technology to gather and disseminate it intuitively and efficiently, and there are huge sea-changes taking place within the healthcare industry that are starting to reflect this. The challenge moving forward, then, is in finding approaches to data privacy that productively draw these elements together.
For this to work, privacy must place equal value on the individual’s ownership over their personal data, and an accessibility that makes the most of its value to medical progress. This raises an important question:
Is anonymity a viable solution to privacy in the long-term?
In a real-world study, data is collected using a centralised electronic data capture system (EDC), which maintains privacy by anonymising the data through any personally identifiable information. Anonymisation is a tried and tested privacy process and has a strong heritage in the research practices that come out of clinical trials.
However, with the rise in patient engagement in healthcare and data collection, it is becoming more common and practical for patients to take on some data entry in real-world studies. The result of this is that a channel opens up with the patient, EDC systems subsequently need to store personalised data, and so anonymisation is not an appropriate solution.
Currently, when anonymity isn’t viable, 256-bit encryption is used. 256-bit encryption is highly secure — it would take 50 supercomputers 3x1051 years to crack it through a brute force attack — and can easily be expanded to more personal data as needed. Still, there are questions regarding its long-term viability. For one, the exponential rise of computing power and imminent arrival of quantum computers means that high levels of encryption may become less secure. More pressingly, though, encryption alone does not support increased ownership and accessibility for patients and their personal medical data.
As such, there is a clear need to think dynamically about how data ownership and security are handled when designing forward thinking real-world technology.
Ownership and ease-of-access are key.
Personal medical data needs to be stored in a system that makes it easy, safe and intuitive to share with selected parties — what can we look to?
A new way of conceptualising privacy may lie in the blockchain. Much has been written about it in the last year in relation to cryptocurrencies, but the way blockchain allows us to think about security resonates with healthcare data privacy.
“Bitcoin gives us, for the first time, a way for one Internet user to transfer a unique piece of digital property to another Internet user, such that the transfer is guaranteed to be safe and secure, everyone knows that the transfer has taken place, and nobody can challenge the legitimacy of the transfer.” — Marc Andreessen
Medrec, coming out of MIT, are currently developing a system for sharing EHRs on the blockchain, aiming to prioritise patient agency and provide a transparent and accessible view of medical history.
The blockchain allows secure data storage as it uses a shared database over a centralised one. The benefit of this is that for a change to be approved it must be verified and accepted by the majority of computers on the chain. There is built-in accountability, as every user’s action leaves a unique digital signature. If a single user manipulates data then it will be traceable and will be rejected from the growing chain by all the other users. As blocks on the chain never expire, there is a clear potential for blockchain to develop a growing network of medical records in which patients can share specific data with select third parties.
Blockchain also uses encryption keys, but in a different and more secure way than 256-bit encryption. Unlike 256-bit, it uses double encryption, involving a public and a private encryption key. Either key may be used to encrypt a message, but the other key must be used to decrypt the message. In this way, a patient could encrypt their medical records with a public key and be sure that only the holder of the private key, who they choose to share it with, can decrypt it.
What makes blockchain an attractive alternative to 256-bit encryption is that it fits into a vision of healthcare where medical data is in the hands of individuals, and so too are the privacy controls.
The current system of maintaining patient privacy in EDCs through anonymisation is fit for purpose but as the healthcare landscape changes, and the net for real-world data widens, its long-term viability will come into question. Whilst complex encryption is secure it does not offer a practical long-term solution that meets the complexities of data ownership. We need to look to systems for securing data that support a RWD environment where data ownership is both a personal and a collaborative act — the blockchain currently presents us with an exciting means of realising this.