Why isn’t digital health more prevalent?
Have you noticed everyone talking to Google or Siri from their phones? WIRED magazine reported that about one third of teenagers use voice search to call (43%), play songs (30%) or get help with homework (31%). As a kid watching the “Knight Rider” TV show, I would scoff at the idea of getting help from the voice activated computer in a 1982 Trans Am. Yet voice search is here, and much faster than expected.
The idea of Digital Health has also been around since the 80s, but progress is not so inspiring. The need is surely there, given today’s complicated care and chronic conditions. By 2020 medical knowledge is expected to double every 0.2 years, so good luck trying to keep up on our own.
We are not getting the high level of care that today’s digital world can offer. Three digital health barriers are holding us back:
Information Security is the ability to protect information assets and control access to them. If the information is to be of use, then the degree of protection should correspond to its value. Some information is of high commercial value (e.g. intellectual property) and other information requires protection to comply with legislation and standards (e.g. PIPA, FOIPPA, HIPAA).
Most attacks on information systems target vulnerabilities in people, processes or technology to circumvent the controls put in place to protect the information assets (e.g. theft, hacking, phishing, social engineering). One particular security wrinkle unique to information is the concept of “Data Sovereignty” and the fact that once information crosses a country’s borders, it is no longer subject to the controls of the country of origin. If any of the controls mentioned have been compromised, then the situation is described as a “data breach”.
During the first half of 2015, a surprising 187 data breaches were reported in healthcare records. That accounts for 21.1 percent of all breaches worldwide and the worst rate in any industry. One large breach of 78.8 million records, 32% of all records stolen, was an especially bad incident, but even so this breach and other breaches occurred from a systemic issue of poor security practices. A report on health apps is another example. The apps were from a library provided by the English National Health Service (NHS). The NHS curated apps and hosted download links in a library, using an appraisal process that examined clinical safety and compliance with data protection law. Researchers at Imperial College London discovered that despite the vetting, 23 of the 79 apps sent personal data to online services without encryption! They also found vague privacy policies which did not clarify what the data would be used for and where it would go. Which brings in the second issue: online privacy.
In a data context, privacy is the ability to define and govern the collection, use and disclosure of personal information. Privacy is affecting every part of our digital lives from our credit cards to our family picture albums. In health, the stakes are high. It is one thing to look goofy on Facebook, quite another to have your ailments detailed in clinical precision for all to see. But there is good news: healthcare comes from strong roots in privacy practices. Patient confidentially is essential to good doctoring, and part of every-day practice. The trust required between patient and doctor is well understood, but the real issue in digital health privacy is the changing political climate across governments. On October 6th (2015), the European Court of Justice killed the Safe Harbor data-transfer agreement. This agreement enabled personal data from European citizens to flow into the US for the last fifteen years. Frankly, the laws governing the storage and transfer of personal data between countries is a bit of a nightmare and hinder development and clinical success.
The third and final issue holding back digital health progress is interoperability. Data is hard to share even with the best privacy and security policies in place, when every organization has a different system. It has almost been 30 years of data exchange standards (HL7 v1 was presented in 1987), and yet major translation efforts are typical and costly when integrating two systems together.
Though security, privacy and interoperability are issues, the time is right for real change. In the case of security, small procedural changes can have a big impact. Losing data through careless handling of thumb drives or laptops is still common in healthcare breaches. Can you imagine the blowback if Visa or MasterCard left thousands of records on their laptops? It’s unthinkable with your financial data, yet we are complacent with our personal data. The financial world has loads of experience with secure data sets. We should follow their examples.
The solution to online privacy will also likely come from the good practices of another industry. The established internet companies need to, and will, drive online privacy regulations with our governments. The big four: Google, Apple, Facebook, and Amazon (GAFA) have a combined market capitalization of 1.54 trillion dollars. That relates to a lot of political and legal clout, so chances are that they will get online privacy regulations figured out. For us in healthcare, it is matter of following the leaders, and the resulting government guidances.
Governments are helping in many ways as well, particularly in interoperability. They are figuring out how to drive adoption. The Office of the National Coordinator for Health Information Technology (ONC) is providing clear direction and incentives. Health 7 International’s (HL7) Fast Healthcare Interoperable Resource (FHIR) standard has growing support, and there are even rumblings of penalties for organizations who block adoption through unfair competitive practices. No more proprietary plugs that only work for one socket!
Security, privacy and interoperability have not been easy for digital health. There is a fairly clear path to a better landscape. The financial sector works, digital commerce works, and privacy policies will catch up with the digital world. With the right changes in place, we can finally progress as well as a talking computer driving a Trans AM. And yes, Google has got that figured out too.