The following is a guest article by Philip Russmeyer, Founder and CEO at FITFILE
Patient health and activity data has the potential to be an invaluable resource for healthcare organizations. The vast quantity of data points generated each day could be used to improve treatment pathways, manage demand and capacity, raise safety standards, and accelerate research projects. However, confusion and concerns around the safe and compliant use of patient data are preventing many of these benefits from being realized. With regulations on data use evolving as rapidly as the opportunities and technologies, here’s what healthcare leaders ought to know about patient data best practices.
Opportunities and Risks
Patient data – which might include information on medication outcomes, duration of hospital visits, disease progression metrics, demographic information, and much more – has a latent power that is universally under-utilized.
This is because the information is locked up in silos and stored in a multitude of formats across a number of locations. In order to be made available for analysis and to deliver insights, this data needs to be united at the record level for computation.
However, moving data from one location (where it is currently stored) to another (where the analysis can take place) is a process fraught with risk. Moving data increases the risk of a security breach which could put patient safety under threat and destabilize any future organizational data projects.
European data protection regulation mandates that patient data can only be used by healthcare and research organizations (without explicit consent or specially approved purpose) if all identifying features are removed, and the individuals concerned can never be re-identified. This means that in order for care planning and operational planning needs to be met, patient data must be anonymized. In the US, these regulations are currently slightly more permissive but are likely to soon become more stringent.
Anonymization Explained
Anonymization is a method by which both existing and newly-created data, collected from and about patients at every touchpoint in the healthcare system, can be used securely, safely, and scalably.
The anonymization process irreversibly removes all identifiable information from the data, which makes it the best possible option for preserving patient privacy. Historically, anonymized data could not be linked contemporaneously or longitudinally. But that’s changed with advances in proven cryptography. Following anonymization, the data can now be safely united at the record level and used for all purposes without breaking regulations or requiring patient consent.
Crucially, anonymization is different from tokenization. Tokenization, although useful in certain circumstances, involves the replacement of identity with a token. This process is reversible and the data can be re-identified, which means that the process does not fully protect privacy. Because of this, the use of tokenization can raise concerns over patient safety, especially regarding secondary use of the data, and patient consent or other specific legal bases are required for every use of the data. This is costly and time-consuming to obtain.
Achieving Anonymization
Successfully anonymizing data requires healthcare organizations to deploy technologies such as FITFILEs. The FITFILE platform uniquely anonymizes within the data controller’s own environment, and then connects, unites, and integrates that data at a record level.
In order to minimize the movement of data, even if already anonymized, technologies such as FITFILEs can compute the data at the source and perform statistical analysis without moving any data in order to deliver truly federated insights to leaders.
Fully and irreversibly anonymizing the data ahead of unification ensures the best possible privacy preservation, and federated computations at source mean that there is minimal movement of data. This mitigates risk and helps build trust and buy-in for data projects.
This process allows health services and clinical teams to identify local population trends and individual needs, supporting more granular and near-time case finding, augmenting care allocation, and improving health outcomes.
Important Considerations for Healthcare Leaders
The introduction of the American Data Protection and Privacy Act, and several ongoing projects at the state level, are evidence of growing concern over patient data security. The signs suggest that the US will soon converge with Europe with regard to the stringency of legislation and rules regarding secure data use.
The coming regulatory evolution is an opportunity for healthcare organizations to implement powerful new technologies to safely unlock the power of their patient data.
About Philip Russmeyer
Philip Russmeyer founded FITFILE in 2020, following many years of working with healthcare technology companies. Today, his team works alongside major healthcare providers, global companies, and national organizations to unite record-level health data and deliver safer, faster, and better profiles of record-level health. From these firm foundations of evidence, informed decisions can be made to improve patient outcomes, save lives, and accelerate global disease eradication.
