This paper is the first in a series of three, each of which explores health big data in a different context. The second — on health big data in the clinical context — is available here, and the third — on health big data in the commercial context — is available here.
Data-driven and information-based systems have quickly become the new paradigm for American health care. Using the vast amounts of data produced from both traditional healthcare records and newer commercial sources like mobile health apps, the techniques of big data analysis can contribute significantly to the continued transformation of the health care landscape. Health big data can help clinicians to make more cost-effective, high-quality decisions, improve medical research, and more fully engage consumers in managing of their health.
Government agencies, which collect huge amounts of health data, are eager to take advantage of these opportunities. They are applying big data techniques internally, and they are providing unprecedented access to their health data holdings both by granting researchers access, and by opening data sets to the public. However, the serious privacy and security considerations that arise from collection and use of sensitive health information pose a barrier to the realization of big data’s benefits. Currently, health data privacy and security are addressed in a multitude of state and federal laws and regulations, which, in their very complexity, can seem to fail to offer comprehensive guidance on the ethical and responsible use of personal health information.
To explore the privacy and security implications of health big data, and to develop concrete proposals for how to address those issues and at the same time reap the benefits of big data, CDT is undertaking a series of consultations with stakeholders and experts. We are examining three scenarios: (1) clinical and administrative data generated by health care providers and payers; (2) health data contributed by consumers using the Internet and other consumer-facing technologies; and (3) health data collected by federal, state, and local governments.
In this paper, we focus on the third of these scenarios: health data collected by federal, state, and local governments. We examine the current legal landscape for the collection and use of health data by governments. We ask provocative questions, such as, for what secondary purposes should government health data be used or disclosed? Most importantly, we seek to identify ways in which the collection and use of health data by governments can be performed in privacy and security-protecting ways. As our guide, we use the Fair Information Practice Principles (FIPPs), a framework that has informed most modern data privacy laws.