Using brainware to store patient data and ensure patient privacy

Tuesday, October 16, 2012

Danny Lieberman

959779642e6e758563e80b5d83150a9f

There is a great deal of talk about how big data is going to revolutionize healthcare. I have talked at length in my post “Why big data for healthcare is rubbish” about why I think we need to take big data for healthcare with a big grain of salt.

There is also a great deal of discussion in the healthcare and security compliance communities about protecting patient privacy. Here I have discussed in detail why data privacy crusaders are their own worst enemies and why the US would be better off with a national id number and standard vendor-neutral interfaces like HL7 for exchanging patient data between providers and ensuring patient privacy.

In a world where data is the coin of the realm, and transmissions are guarded by no better sentinels than man-made codes and corruptible devices, there is no such thing as a secret. Dr. Kio Masada, “The enemy among Us”.

This Alien Shore, by C.S. Friedman, is a space opera that tells the story of a girl called Jamisia. Jamisia has an extremely advanced biological brainware system (brainware is data storage and processing hardware that is implanted into the brain at a young age). She (as everyone else in the novel) interface external networks to their brainware using headsets which provide a Brain-Computer Interface.

We need to empower patients to drive their own healthcare, with an emphasis on preventing rather than curing illness, and with support from the right information and technologies. …

By adopting this new mind set, pharma companies will find it increasingly easier to decide how to capture, collate and analyse data. The company will also position itself strongly to identify and design market-leading products and services for a patient-centric world. http://www.pharmaphorum.com/2012/10/04/patient-centric-care-data-big-picture/

It seems clear that if pharmaceutical companies can access the right data from patients, then they can design and develop and manufacture better products. This is good for patient health but possibly problematic for current regulation and gatekeepers of patient privacy.

However, as Dr. Kio Masada correctly notes, there is no such thing as patient privacy once big commercial ventures like large pharmas get involved.

A patient-centric world

To help counter these trends, medical providers, governments and financing entities in the U.S. and a number of other countries are applying patient-centric approaches to healthcare. Patient-centric does not imply a fixed set of guidelines; rather it is a fluid and still-evolving definition characterized by practices that benefit patients: ensuring that they receive the best treatment, at a reasonable cost, while putting into place strategies that will help individuals avoid becoming sick in the first place.http://www-03.ibm.com/industries/ca/en/healthcare/files/060516_PatientCentric_Briefing.pdf

Cardiovascular disease (CVD) remains the leading cause of death in the US. Therapeutic lifestyle change (TLC) is an effective intervention to reduce the risk of CVD. In developing a patient-centric electronic health record (PC-EHR), our project aims to build an evidence-based support system to facilitate patient-provider interaction, foster cooperative chronic disease management, and promote adherence to TLC guidelines by both providers and patients.http://www.ncbi.nlm.nih.gov/pmc/articles/PMC2656008/

There are 4 dimensions to patient data:

  1. Data security.  We have to give some credit to the healthcare providers with all their HIPAA compliance requirements, security professionals, systems, policies and procedures and awareness training that they know and try to protect data.Yet – with all their resources, it seems that the average HCP cannot reliably prevent data loss, so we know that awareness of the importance of data security is not sufficient.Putting it differently, if I cannot convince my children to protect their data online how can I reasonably expect awareness to be a sufficient countermeasure for HCPs?
  1. Data quality. The quality of data that is used in the clinical decision making process should be rated against standards of evidenced based medicine. Introspective data, data culled on Google by the patient are important but cannot be the primary source for the data used by a clinician to make a decision. This is why doctors went to medical school and with all due respect to involving patients in the decision process and reinforcing a strong and positive patient-doctor relationship, it is incorrect to predicate medicine on user-generated content.
  2. Data ownership. One can definitely argue, that patients already “own” the data and that this data ownership is already provided for by law in most countries in the Western world. If this is the case, then since a patient owns his data, patient privacy should be an issue of consent and access granted by the patient. In a patient-centric world, the patient would have complete control of her data.
  3. Data accessibility.  Data accessibility means that any patient or empowered caregiver should be able to access patient data using a common and well known key, such as a national ID number. The fact that the US for libertarian reasons continues to object to national ID does not change the fact that the rest of the world has found this a useful and economically effective way of accessing data.In a patient-centric world, the patient would would always have access to their data.

Although I don’t believe in technology silver bullets for the problems of mankind,  brainware and headsets that provide an interface to external networks is an extremely seductive notion that will may eventually be the way we all  store our medical and personal data.

Imagine a hypothetical patient, aged 75 with Parkinson’s disease.

Our patient has developed CHF (congestive heart failure) and has been admitted to hospital after collapsing at home.

Today, the patient would be admitted and wait 1-2 hours (at least) to see a cardiologist, probably a resident with 1 hour of sleep the past 72 hours who would then spend another 30-45′ minutes interviewing the patient and reverse engineering her condition. The patient and caregiver might or might not provide accurate information regarding the drugs she is taking and in particular where she is holding on her Dopicar regime.

Now imagine that the patient has implanted brainware

The patient also has  a headset with a BCI (Brain-Computer Interface) that can interface with a hospital network.

The brainware has a Careseeker module which administers her Dopicar and keeps track of falls, dizziness, heart rate and other vital signs. Using the headset, the patient jacks into the hospital network and her symptoms and history are presented immediately.

Patient privacy is a non-issue since the data is interfaced with a trusted computing interface at the hospital and people are not involved.

The access is on a consensual basis and once consent is given, care can be provided far faster than with the current system where a patient may die just waiting to see a cardiologist.

Not so far in the future – it seems that brainware, headsets and Careseeker modules will be the best way that satisfy the requirements for all 4 aspects of data: patient data privacy, patient data quality, patient data ownership and patient data accessibility.

The impact of brainware and patient data that  is truly owned by the patient will be huge. It will probably impact the doctor-patient relationship, freeing the data from data collection and enabling the doctor to focus quickly and more effectively on the best therapeutic plan.

Cross-posted from Pathcare

Possibly Related Articles:
11223
HIPAA
Healthcare Provider
HIPAA Data Loss Prevention Healthcare Personally Identifiable Information
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.