For Your Eyes Only: Data Privacy and Best Practices
While the statement may be trite, trust is a vital component of any relationship, and lately, trust in online relationships has been sorely tried. With Facebook and Cambridge Analytica being featured prominently in news stories, commentators are debating whether or not one should, or even can, opt out, and how to best protect and manage data privacy.
The recent scandal is only the latest jaw dropper in a series of data privacy headlines, and in response, a number of regulations have surfaced to help restore order to the chaos. Most notably, The European Union (EU) put The General Data Protection Regulation (GDPR) into place. The law requires all companies in the region that collect data on citizens to comply with strict new rules to protect customer data. Don’t comply, and a hefty price tag will be hand delivered to your door.
Still, while regulations of this nature have never been more needed, we must also consider how this mishmash of data privacy regulations put in place by states, nations and specific industries will come into direct conflict with the best practices of modern collaboration, the desires of data scientists, and the often-conflicted consumer who wants both privacy and personalized experiences. The challenge is how businesses can effectively walk that tightrope between the demands of business best practice and privacy best practice.
Thankfully, striking that perfect balance can – and has been – achieved within a number of industries. The U.S. healthcare industry is a prime example. In our healthcare system, information sharing consent rules generally begin with opt-in or opt-out decisions, and proceed to varying levels of information sharing granularity. Providers, and health information networks, which are frequently confronted with competing consent frameworks, often making the choice to apply the strictest of standards rather than risk oversharing. We all know the statistics around the resulting duplicative testing, missed diagnoses, and less-than-optimal transitions in care. Still, we’ve seen different entities effectively navigate this maze of data privacy regulations to put patient care – as well as the patient experience – first.
New York State, for example, recently made the decision to modify its incredibly strict health information sharing policies in an effort to keep patients from falling through cracks in the system. By putting the technology in place to make sharing clinical information across provider networks easier, the state is ensuring that physicians and care managers have access to – and can quickly act upon – clinical events in real time. Not only will this allow for more efficient care coordination for the millions of patients in New York City and Long Island, but it will also ensure that patients’ private information remains just for the eyes of the clinical team.
Similarly, the state of Rhode Island has also recently made significant strides with enabling greater data transparency while still keeping patient information private. The Rhode Island Quality Institute (RIQI), for example, has just created a mechanism for allowing local residents to appoint family members, friends, or other trusted individuals as members of their care teams. As a result of this new data-sharing capability, when a provider updates a patient’s status within the state wide health information exchange network, the previously selected designee will receive a notification (via email, text, etc.) that their loved one, for example, has been admitted to Butler Hospital in Providence. They’ll also receive notifications when each transition in care takes place, such as when they are transferred to another hospital or when they are discharged. This alerting capability positively impacts both the patient as well as their personal community by decreasing confusion and uncertainty through improved communications.
Healthcare isn’t the only sector that we’re seeing this balance of data privacy and best practice achieved. In financial services, organizations are managing to maneuver thousands of complex compliance rules while streamlining the investment decision-making process. MSF Investment Management, for example, which manages more than $410 billion in assets for clients around the world, has been able to give its portfolio specialists immediate feedback on risk and other significant client data metrics when determining where to invest their dollars – all while keeping that information confidential and staying compliant.
Few of us want to rely on tightropes to keep both our business successful and information secure. As we look ahead, we need to continue to look to the newest advances in data-sharing innovation to keep the equilibrium between data privacy, consent and best practices in check– and to finally manage the balance of business best practice and privacy best practice.
Follow Kathleen on Twitter @KathleenAller.
Kathleen Aller leads business development for InterSystems HealthShare. She has over 30 years of experience in healthcare and technology, with expertise in patient engagement, enterprise intelligence, electronic health records, healthcare information sharing and quality and performance measurement.