Big tech and its access to our data is a juicy target. But policy makers need to be careful or they will upend interoperability and turn back the clock on American healthcare.
It’s an outrageous invasion of privacy!”
Early in the days of the COVID pandemic, a friend and I were discussing “contact tracing” the technology that would use a smartphone to tell someone whether they had been near someone who tested positive for COVID. “It’s an outrageous invasion of privacy,” my friend bellowed. I replied by asking him whether it bothered him when his iPhone pinged with a severe weather warning in his area, or whether he had ever slowed down on the highway because his GPS told him there was a change in speed limit, disabled vehicle, or police officer ahead. You can imagine the response.
So let me get this straight: Technology that alerts you of an exposure to a deadly disease is an outrageous, and to many, an unacceptable privacy risk, but the same technology that alerts you to an impending snowstorm, or keeps you from getting pulled over on the interstate, is perfectly fine?
This illustrates a conundrum facing policy makers. How do they regulate an area where the stated sentiment and behavior of the same consumer differs so greatly?
First, people theoretically care a lot about data privacy.A 2019 PEW poll found that “majorities think their personal data is less secure now, that data collection poses more risks than benefits, and…it is not possible to go through daily life without being tracked.” Second, despite self-reported concerns about privacy, people’s behavior suggests they see enormous benefits in trading access to their data for an increasingly connected world. There are more than 100 million iPhone users in the U.S., nearly 300 million Facebook users, almost 65% of Americans use online banking and as many as 100 million Americans have swabbed their cheek and mailed their DNA to two for-profit companies.
The point is we care about our data privacy in the abstract, yet we willingly offer it up when doing so results in cost-savings, convenience, the ability to stay connected, or even just the curiosity of knowing whether we are ¼ or ½ Irish.
In fact, the same PEW poll found that only 9% of Americans (always) and 13% (often) read privacy policies online before agreeing to them. Ask yourself how much you care about privacy the next time you mindlessly click “Accept All” at the bottom of the webpage you’re trying to view.
This puts policymakers and politicians in a tough spot. If people care (or think they care) about privacy, then laws and regulations that purport to protect privacy will be politically popular. Let’s face it, big tech makes a convenient political target. Not surprisingly, we see Congressional hearings, 24 privacy bills currently introduced in Washington, and in state capitals, a host of potentially conflicting privacy laws being introduced and enacted, as if data recognizes the state border when it passes by.
There is significant risk for unintended consequences in of all of this. Taking healthcare. for example, the risk is that we stymie the important work underway to make our healthcare system more interconnected.In the last ten years, the U.S. has spent tens of billions of dollars trying to transform healthcare from paper records to digital records, and now to get disparate siloed health IT systems and networks to talk with one another.
To be fair, while much great work, and sensible public policy has been put to this task, we are only a few short steps into the marathon that is healthcare interoperability. Health data remains disastrously siloed and our system relatively undisrupted by technology, particularly when you compare it to the vast connected ecosystem that is the rest our daily existence.
If healthcare data is not approached appropriately – that is in a way to leverage data and insights to improve a patient’s health and provider tools without sacrificing security, the result will be a healthcare system that looks more like 1980 than 2030.
Perhaps that’s why Senators Bill Cassidy (R-Louisiana) and Tammy Baldwin (D-Wisconsin) introduced the bipartisan Health Data Use and Privacy Commission Actlast month. The commission established by this bill will make recommendations to Congress to help modernize health data regulations to ensure clear, consistent, and reliable patient protections while simultaneously ensuring health data gets where it needs to go to improve care and outcomes.
Blue ribbon commissions aren’t always politically popular. Sometimes, though, the nuances of policymaking are so complex, and the risk of unintended consequences so significant, that a group of experienced, engaged stakeholders rolling up their sleeves is exactly what’s necessary.
There is no place for bad actors and misuse of personal data, but we shouldn’t be so hysterical to think that any use of data is abuse. In the meantime, policymakers should resist the urge to “fix” what isn’t broken.
Joe Ganley is vice president, government and regulatory affairs at athenahealth in Wellesley, Massachusetts.