What privacy, advertising and digital media trends will make headlines in 2015? Digital Health for one, Big Data for another.
The 2015 International Consumer Electronics Show (CES) started yesterday. Sessions like “Sensibles: The Smarter Side of Wearables” and “DIY Health: Consumer Accessible Innovation” suggest that the consumer health issues explored by the Federal Trade Commission (FTC) last Spring (see our blog post here) are increasingly relevant. Most notably, as more health-related information becomes digital, digital health businesses will need to revisit long-standing privacy, intellectual property protection, notice and consent practices that may not be well-suited to the more sensitive category of consumer-generated health information (CHI) (i.e., health-related information that consumers submit to or through mobile apps and devices). In many cases, the law is underdeveloped and businesses must develop and implement their own best practices to demonstrate good faith as stewards of CHI.
We predict that CHI and the issues raised by its collection, use, disclosure and storage will stay on the FTC’s radar during 2015. Perhaps the FTC will offer some insight about its position on CHI through guidance or regulatory activity related to a digital health business.
With mobile devices proliferating, the volume, versatility and variety of consumer-generated data, including CHI, also is proliferating. CHI typically stands outside of HIPAA’s regulatory silo. HIPAA regulates health plans, health care clearinghouses, health care providers who engage in standardized transactions with health plans and the business associates that assist health plans, clearinghouses and providers, and need protected health information to provide that assistance. Mobile medical services and environments, however, typically fall outside of this framework: most mobile apps, for example, are used directly by consumers, and often at the direction of and under the control of plans and providers. HIPAA may have, however, more reach into the growing business-to-business mobile app sector.
But, in the CHI arena, the sources of privacy and security regulation are murky. Among likely hot topics in 2015 are:
- When is consumer-generated information also consumer-generated health information?
- Can data ever be “de-identified” or made anonymous in light of the so-called mosaic (or pointillist) effect?
- What role can the “pay with data” model play in consumer protection?
- Is all CHI deserving of the same level of protection?
- What sources of oversight exist and are they sufficient?
The news is ripe with references to data “privacy” and data “security,” but the sensitivity associated with health information requires thinking about data “stewardship” – a broader concept that encompasses not only privacy and security but also data asset management and data governance. Data stewardship captures not only data as an asset, but also as an opportunity to earn public trust and confidence while preserving innovation.
We predict that how to be good data stewards will be a critical issue for digital health businesses in 2015 and that forward-looking and transparent efforts at self-policing will be key to not only avoiding regulatory scrutiny but also fostering consumer trust.
Big Data was big news in 2014. Although the term Big Data has become common place, what it means is not always clear and how it is defined informs both the strategic steps and the compliance guardrails applied to it.
Big Data is, fundamentally, a set of information assets that are so much larger than typical data resources that the data asset – and the bio-specimens that the data annotates — necessarily presents new opportunities and also new challenges. For example, Big Data often describes so many thousands of individuals that the data must be mined, organized and analyzed in new ways.
Some common themes in defining Big Data are:
- Big Data is often longitudinal, tracing an individual over time, and allowing a picture to emerge about that individual that would not be possible if the data had to be gathered prospectively – it would simply take too long.
- Big Data strategies are often defined by speed – the ability to analyze data using ever-faster tools and structures.
- Big Data upends certain long-standing compliance principles, such as the difference between research and quality improvement and what it means to describe data as “de-identified” or “anonymized.” For entities rushing to develop Big Data strategies or for entities implementing those strategies, the Big Data revolution means fundamental changes in degree and in kind. By “degree,” we mean that Big Data stretches and complicates compliance and commercial questions that existed before Big Data became so instrumental to innovation. By “kind,” we mean that Big Data introduces new strategic, commercial and compliance questions that are unique to the possibilities presented by Big Data, and that require new ways of thinking about the interaction of data and individuals with analytic priorities.
Big Data is more than a catch-phrase – Big Data requires that businesses think creatively about how to balance the imperatives of innovation with other core values, such as privacy, autonomy, ownership and consent.
We predict in 2015 that that the privacy and security parameters around Big Data will garner increasing scrutiny and that the marketplace will need to take a lead in defining consumer expectations and reasonable standards for Big Data use.