Editor’s note: Jessica Santos is the global compliance and quality director for Kantar Health, U.K.
As one of the most-mentioned buzzwords in the market research industry, it is impossible to avoid the phrase big data at any major conferences, keynote speeches or business meetings. Big data is poised to deliver “big savings”1 and “transform health care”2 and it is certainly full of promise for the future with its “big benefits.”3 However, big data comes with a big challenge: privacy. Most data subjects - that is, you and me, ordinary people - are unaware of how our personal data is collected (not only when we provide our details while shopping online but also when we simply browse the Web), stored (in which country?), transferred (where will it go?) and used (where it is going?). Simply asking data subjects to click on and agree with lengthy pages of “terms and conditions” before allowing them to use a service is no longer sufficient from the Federal Trade Commission’s (FTC) perspective. Strong advocates and an increasing amount of fines for big data misuse show that the “big privacy” movement is already building momentum.
Will big privacy kill big data? Will consumers let go of their privacy for the benefits of big data? Will the few privacy advocates talking about privacy violations reverse the trend?
Big data
There are many questions about big data and heath care. Some argue that the focus of the big data phenomenon has already moved from “should we adapt big data into our business?” to “how can we use big data to make our business grow?” We have moved on from the data-scarce era to an era where we are being flooded with more data than we can comprehend. Undoubtedly, big data is helping researchers beyond their dreams: comprehensive medical records covering a wider population, holistic health care evaluation from primary care to secondary care and multiple perspectives of a single case are all easily available.
Expenditure relating to big data is expected to grow from $27.7 billion in 2012 to $54.4 billion in 2016. And, thanks to big data, 4.4 million jobs will be created globally by 2015.4 Big data will benefit not only the private sector but also large public authorities like the Food and Drug Administration (FDA), which already has plans for its big data ambitions.5 SEER-Medicare – a combination of National Cancer Institute registry data and enrollment and claims data from Medicare – has allowed researchers to calculate the risk of hospitalization after prostate biopsy, the cost of breast cancer recurrence and other health care metrics. Such studies have implications for the commercial success of drugs but exist beyond the control of pharma companies. By working with the holders of real-world data, drug developers can at least ensure they know how their products fit into treatment pathways. This can ensure companies are prepared in the event a third party presents data questioning the safety or efficacy of a drug. The FDA now has access to a wealth of safety data with a pilot Sentinel System Mini-Sentinel, a database, which contains records on more than 178 million individuals, 4 billion medication dispensing and 4.1 billion unique medical encounters as of July 2014.6
The FDA set up the database in the wake of safety concerns involving Merck’s arthritis drug Vioxx. The data is currently helping the FDA assess rates of bleeding among patients taking Boehringer-Ingelheim’s Pradaxa. The FDA might be able to identify groups of high-risk patients by diving into big data. The FDA is also making raw downloads and application programming interfaces (APIs) of adverse events data available publicly.
Big privacy
The big question often ignored by big data worshippers is, where are these data coming from and do we have the proper informed consent in place from all of these sources? One common reason this question is swept under the carpet is the answer: We don’t know. Data on your desk right now could have been transferred from hundreds of different data brokers already; maybe they are part of an extraction from a larger database so that the original source becomes untraceable. However, “unknown” doesn’t mean it is legal and ethical or even “totally anonymous.” Especially with big data analytics, some argue that anonymized data no longer exists.7
The next big question is, what can or will big data analytics do? If these actions involve any possible disadvantages to the data subject even in the future (an increase in insurance premiums or the potential for employment discrimination) or occur without proper consent (or simply discontent by the data subject), big privacy will likely win. Facebook8 and Google9 have made headlines because of fraud claims over data or privacy violations. And privacy advocates and the FTC have called fitness-tracking apps10 a “nightmare” and “very disturbing.”
After all, whose data is it? Does data belong to the individual or the company who collects it or analyzes it? Ownership of a database is often sold with a price tag but what percentage went to the individual data subject?
In the battle with big data, individuals do not need to “identified” in order to be placed in a disadvantageous position. For example, if all de-identified medical records were openly available, will health insurance premiums increase simply because we live in an area with a high prevalence of smoking and obesity? Even when medical records are available only for public-sector research, a sharp drop of women reporting post-natal depression has been observed because of the fear that their babies may be taken away. Or will we refuse to be treated by an HIV-positive nurse11 or not go near a hospital with higher-than-average rate of hepatitis infections? Given enough money, resources and time, all de-identified data can be identified again.
More frequent privacy audits and increasingly hefty fines seem to be the answer to this battle. Many big names have been caught by big privacy in an effort to protect user data. Snapchat settled with the FTC for a record-breaking $22.5 million in May 2014 over charges that the company inaccurately claimed that messages disappeared once they were sent.12 Ireland’s data protection commissioner will audit companies such as Apple, Adobe and Yahoo, which have offices in Ireland, to ensure their use of online data complies with the EU’s strict privacy laws.13 Regulators are exercising their power by amending laws, increasing fines and offering consumers compensation globally.14 Some practitioners claim these measures might bankrupt tech companies.15
Looking to the future
Should transparency be the new privacy? This might be a compromise between big data worshippers and big privacy advocates. A well-written, detailed privacy policy including all aspects of privacy (what will be collected, how it will be used, stored, transferred, processed, etc.) is a good start, but in reality it is rarely read by consumers. Forcing consumers to read hundreds of pages of privacy policy or carefully select their individual privacy setting before any activity seems to be impractical. Perhaps an industry-wide data transparency principle would better inform consumers and ease their concerns about privacy.
Another idea is to let consumers decide who buys their data. Forbes reported on a working paper that considers “a market where firms set prices and disclosure levels for consumer information, and consumers observe both before deciding which firm to patronize and how much personal information to provide.” The paper, “Competing with Privacy,” by Ramon Casadesus-Masanell and Andres Hervas-Drane of Harvard, looks at how the disclosure of personal information (in privacy policies and via marketing) affects economic competition.16 After all, AT&T is already offering $30 per year for your personal data and all transactions.17 Meanwhile, compliance officials say “the entire technology industry is struggling to keep up” with the relationship between technology and privacy.
The trend is moving toward giving consumers control of their own data and allowing them to change their minds about what they share in a swift, pain-free manner. Regulations always move slower than technology. This time, big data technologists can proactively work with big privacy policymakers to address concerns and issues as they arise.
Steps health care market researchers can take
Big data has certainly gained the attention of health care market researchers. It is important to engage practitioners, patients and regulatory bodies regarding the benefits of participating in big data research by conducting individual needs assessments. Stakeholders need to learn “what’s in it for them,” and an awareness campaign with positive stories from data subjects benefiting from big data is a good start.
Security and accuracy are the two main concerns from big privacy advocates, especially in the health care space. If big data practitioners can gain the trust of practitioners, patients and regulatory authorities by safeguarding a transparent process for collecting accurate, accessible data, we might see a happy ending of both big data and big privacy winning!
1. Bates DW, Saria S, Ohno-Machado L, Shah A, Escobar G. Big Data In Health Care: Using Analytics to Identify and Manage High-Risk and High Cost Patients. Health Affairs. 2014 July; 33(7):1123-31.
2. Weil AR. Big Data in Health: A New Era for Research and Patient Care. Health Affairs. 2014 July; 33(7)1110.
3. Sarasohn-Kahn J. Big Data and Dark Data for Health. The Huffington Post. 18 July 2014.
4. Gartner Says Big Data Creates Big Jobs: 4.4 Million IT Jobs Globally to Support Big Data by 2015. Press Release. 22 Oct 2012.
5. Baker P. The FDA’s Big Data Hunt for Drug Problems in Your Medical Records. FierceBigData. 23 July 2014.
6. Mini-Sentinel Distributed Database “At A Glance.” http://www.mini-sentinel.org/about_us/MSDD_At-a-Glance.aspx. Accessed 5 Aug 2014.
7. Anonymisation: How Anonymous Is Anonymous? IAPP Europe Data Protection Intensive 2014, 29 April-1 May, London. https://www.privacyassociation.org/media/presentations/14DPI/DPI14_Anonymisation_PPT2.pdf
8. Gullo K. Facebook Must Again Face User Fraud Claims Over Data. Bloomberg. 8 May 2014.
9. Whitney L. Google Pays $1.4 Million Fine Over Italian Street View Snafu. CNET. 4 April 2014.
10. Peterson A. Privacy Advocates Warn of “Nightmare” Scenario as Tech Giants Consider Fitness Tracking. The Washington Post. 19 May 2014.
11. Anderson R. Why Anonymisation Doesn’t Protect Privacy. https://www.privacyassociation.org/media/presentations/14DPI/DPI14_Keynote_RAnderson_PPT.pdf
12. Wortham J. Off the Record in a Chat App? Don’t Be Sure. The New York Times. 8 May 2014.
13. Scott M. Irish Regulator Finds Himself at Heart of Privacy Debate. The New York Times. 28 May 2014.
14. Lim J. South Korea Increases Data Breach Fines, Lowers Liability Threshold. Bloomberg. 19 May 2014.
15. Singer N. Federal Regulators Seek to Stop Sale of Students’ Data. The New York Times. 23 May 2014.
16. Gerdeman D. Companies Should Compete for Your Privacy. Forbes. 19 May 2014.
17. Big Data, Privacy and Intangible Assets. IAPP Data Protection Intensive 2014. 29 April-1 May 2014, London. https://www.privacyassociation.org/media/presentations/14DPI/DPI14_Big_Data_Intangible_PPT.pdf