Saturday, April 7, 2018

A Healthcare IT Consultant’s take on Facebook’s play for patient data →

Christina Farr for CNBC:

Facebook has asked several major U.S. hospitals to share anonymized data about their patients, such as illnesses and prescription info, for a proposed research project. Facebook was intending to match it up with user data it had collected, and help the hospitals figure out which patients might need special care or treatment.

And:

While the data shared would obscure personally identifiable information, such as the patient’s name, Facebook proposed using a common computer science technique called “hashing” to match individuals who existed in both sets. Facebook says the data would have been used only for research conducted by the medical community.

A supposed use case:

The project would then figure out if this combined information could improve patient care, initially with a focus on cardiovascular health. For instance, if Facebook could determine that an elderly patient doesn’t have many nearby close friends or much community support, the health system might decide to send over a nurse to check in after a major surgery.

Alright, I’m putting my Healthcare IT Consultant hat on here and calling bullshit on multiple levels. To note a couple:

  1. If you’re going to receive anonymized data, hash it, then cross-reference it, you don’t really have anonymized data in the end-run. This implies Facebook was seeking data without patient consent. Otherwise, why anonymize it in the first place? Just do it the right way and ask patients for it. Many healthcare pilots and/or clinical trials deal with patient data, and many are done with proper consent.

  2. You don’t need to cross-reference Facebook to figure out if someone needs a follow up home visit after surgery. These are common for many different types of surgeries, not just for the elderly who live alone. Medical professionals have access to patient history and other means of expertise to make this decision.

As for the whole plan, I think it’s quite ridiculous. Sure, it’s popular to jump all over Facebook right now because of the Cambridge Analytica catastrophe, but I also think this is warranted outcry. There are extremely strict laws, rules, regulations, and policies you must follow when dealing with Protected Health Information (PHI). The most stringent and cited one of all is HIPAA. HIPAA training and compliance is mandatory for all healthcare employees. It’s taken extremely seriously and ingrained into every employee’s mind.

The only large Silicon Valley company that doesn’t scare me in this area is Apple. They have time and again proved that customer privacy is of the utmost importance, and they are the only ones I would trust with using my data in the future. In fact, you may be interested in my first entry on how I think they can improve healthcare overall.

Any healthcare system that partners with Facebook on something like this is now being extremely risky with their brand and reputation.