HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

ONC Turns Attention to Big Data Security

Big data has huge potential for improving patient care and treatment outcomes, but the use of patient information raises some serious questions about privacy and security. The ONC Health Information Technology (HIT) Privacy & Security Workgroup (PSWG) has been discussing the issues faced by the healthcare industry. At a meeting of the group on Monday a number of healthcare big data issues were raised.

The group aims “To address distrust in big data algorithms: Improve trust through algorithmic transparency and to consider applying Fair Credit Reporting Act (FCRA) approaches to promote algorithmic transparency,” in addition to taking action to improve data privacy and security standards.

Issues with HIPAA and Healthcare Big Data

One of the main concerns raised by the group is the fact that HIPAA only covers certain areas of health big data. There are notable gaps which could cause problems down the line according to the group. “Failing to pay attention to these issues undermines trust in health big data, which could create obstacles to leveraging health big data to achieve gains in health and well-being.”

In particular, the lack of “FIPPS-based protections for health data” was mentioned as a major concern along with “the potential for harmful or discriminatory practices with big data.” At present, laws exist to prevent discrimination but these are not nearly comprehensive enough according to the group. There are still a number of areas where discrimination could still occur as they are “expressly permitted” under current legislation.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The group said patients’ distrust of big data must be tackled. The distrust was largely attributed to a lack of transparency about how data is used, as well as a lack of knowledge about the algorithms employed to make decisions about people. The group said, “Poor transparency increases the potential for reinforcing bias that may lead to unfair practices.”

Patients Distrust Healthcare Providers’ use of Big Data

The use of big data will certainly benefit patients; however there is currently a great deal of distrust of data de-identification practices. In many cases this is because there is no clear standard to follow and without a firm set of guidelines it is unlikely that trust will be improved. PSWG recommends that in order to improve the current perception of data de-identification, the Department of Health and Human Services’ Office for Civil Rights must take a much more active role in the creation of data de-identification standards under HIPAA.

The group also recommended that the OCR “conduct [an] ongoing review of the methodologies to determine robustness and recommend updates to the methodologies and policies.”

One way to improve the security of big data and help healthcare providers, is for federal policymakers to introduce incentives for organizations that implement enhanced data privacy and security measures to protected big data. PSWG suggested the incentives be used for the likes of “secure data enclaves, secure distributed data systems, and distributed computation.”

There are clearly still a number of major obstacles to overcome, but this meeting is only the start of the big data review process. In mid-July the group will meet again when it is hoped that final recommendations will be presented.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.