Curiosity killed the cat, as they say in English, and the medical confidentiality cat is one cat we may not want to kill too lightly.
I had the fortune of being invited to a panel discussion at European Health Forum in Gastein, Austria, on big data and medicine. This is a rapidly developing field – how can we exploit and make use of personal data to provide better medical services and get better research. In one way, the pharmaceutical industry and many medical companies are jumping on the already existing bandwagon from the advertisement industry. But it's also important to realize that the pharmaceutical sector is suffering from blockbuster patents expiring – having been able to extort the legislator for only two additional years of market exlusivity and seeing their ability to ever-green patents reduced by competition law, they need to quickly replace their existing block-buster based sales model with something else. And they have went for big data.
Because the discussion was freeform I will recount from memory the discussions.
I would like to open by talking about trust. We need for people to trust healthcare systems because it is not good for society if people, from distrust or suspicion, start preferring being sick or dying over approaching health care. In my region in Sweden, for instance, they decided to put all patient dossier on the internet – including my health care dossiers. I assure you that I would have never consented to this measure because this is very personal to me – I suffered a period of illness in my youth which I see as my business and mine alone, with the possible exception of close family members. Because patient data laws in Sweden don't permit this type of publication, my region has decided to make it a research project. We have worse data protection for individuals such as myself in my country when it comes to research than when it comes to health care, and so in order to exploit me and my personal history and that of my family they cleverly relabelled my history scientifically necessary. I can assure you that I am in no way amused by being the guinea pig of database engineers.
Historically we award health records a very high level of protection because often the information contained therein is sensitive. Courts cannot access it however they want, neither can the police. Doctors undertake an oath to not violate their patients confidentiality because it is seen that an integral part of the system of trust for doctors, and what they do with our lives or the lives of close ones. It is also a question of social, political and economical freedom – the wrong information in the wrong hands can have very negative consequences for individuals which they may have to live in fear of for their entire lives if these systems aren't well-constructed.
It's therefore strange that while traditionally we have understood the nature of this information very closely, we are now putting it on the internet – a very large place where very many people can access this information illegitimaly. And in databases which, when they leak, will leak the information of thousands of citizens rather than just one, as it would with paper journals. We unify patient dossiers in the same system so maximize the damage of any mistake – rather than keeping dossiers and systems separated, we put all eggs in the same basket.
There is effectively no way for citizens to feel ultimately comfortable with this system, and that will end up being a problem for both citizens, doctors and researchers in the field of medical sciences.
In some ways, it is as though we've discovered the internet is a solution to some problems, and now we're assuming it solves every other problem also. But just like hammers, the internet is a good solution sometimes, and other times it really isn't a good solution at all. It is my belief that we need to be more careful with how we use the internet for things it ultimately wasn't meant for – the internet is great when we want to spread and disseminate information widely, but is not that great when it comes to information we don't want to spread. It is my belief that the internet can be very useful for everyone in society, and should be used to spread information, culture and research that we want to be accessible, but that we need to reconsider its use in other circumstances.
To some extent these thoughts are lacking in the medical sciences and in medical research. This is only natural: it is very difficult for every individual to understand or relate to other people's privacy. Normally we have a natural relationship only to our own privacy, and when we deal with the personal information of our patients, or our guinea pigs, we may not be as inclined to appropriately assess how much that information means to them. But it is an integral challenge for researchers and doctors to see how privacy must be parts of these systems, and that the protection of individuals makes a difference.
There were some topics raised in the following discussion.
Dialogue I:
Science|Europe: The European data protection regulation threatens researchers and should be made weaker.
Me: As I mentioned, my region in Sweden violated my medical privacy by classifying their publication of all their patients' health records online as a research project. I am disinclined to make this protection weaker and rather believe we need a stricter regulation of research projects when these things are possible.
Researcher from Netherlands: We need to remove consent from this. We should rather just put all the patients' dossiers somewhere and do data mining on them, and then inform people when we're doing it. It's important to empower people by letting them know. Also we have nice database systems for this.
Me: You are aware that the database manufacturers are paid to sell this stuff to you right?
Researcher from the Netherlands: We simply don't agree with each other.
Me: ….
Dialogue II:
Researcher from Switzerland: We could make a sort of cloud which is ran as a cooperative of 10 million individuals, with democratic governance and so. All the patients dossiers would be there and could be accessesd against payment which goes to the cooperative. The people will be empowered by this arrangement, and everyone's influence is guaranteed and we also let people get paid for the exploitation of their data.
Me: A cooperative of 10 million people sounds like it could be many of the member states – why not simply then make it a government project? Or is the democracy in the member states not good enough?
Researcher from the Netherlands: A cooperative is simply more democratic than a government. But it isn't actually. Democracy works in the member states also.
Me: ….
Dialogue III:
IBM guy: Of course it's a trade-off. We can never guarantee 100% security so it's a cost-benefit analysis. We had a great research project in Scotland which I was asked to mention: basically we behaviourally profile teenagers to see when someone is close to being diabetic, and if they are we can nudge them into behaving differently. Also if they are diabetic they can be helped by knowing how other people act in similar situations.
(me, but later in a different conversation: What I don't understand is, I've been in Scotland and it's the only place I've been where I went into a grocery store and two thirds of the shelves are covered in biscuits. The rest is softdrinks, a sad carrot and cheese bathing in brine. Clearly whatever is the cause of diabetes in Scotland is not that IBM does not know enough about people's behaviour or that researchers don't know – their eating habits are horrible, and it's like these big data projects are rather distracting from the real problem which is that they don't have access to real food. Additionally, Scotland is a place where young people frequently have as their passtime to hang around outside grocery store to shout insults at people entering and exiting the store. This phenomenon is so big that they have actual news paper articles about it. It seems, again, that this profiling of teenagers' behaviour which is very invasive och violating of their independent identity formation, is distracting from the fact that they are teens with no cause, nothing to do, have access to only bad foodstuffs, and ultimately this isn't going to be solved by a mobile phone app)
Dialogue IIII:
Elsevier guy: On open access to data and research articles, we want to point out that we want to make money from this.
Me: (didn't have the time to comment on this because of all the medical people looking to invade my privacy).
Later in the day I had a coffee with a person who definitely wasn't lobbying me. That conversation was however so surreal that I feel it needs to be recounted for humour purposes:
Dialogue V:
Person: I liked your analogy with the hammer.
Me: Oh?
Person: Well, but I wasn't sure I compeltely understood. So you mean that in the past we had rocks, and they didn't work so well, and then we had hammers and they were a lot better...
Me: … (oh god where is this going?)
Person: ...and then we got the internet which is an even better tool than a hammer?
Me: No, that really wasn't my point at all.
Person: Then I think you were misunderstood by everyone in the room.
Me: That's unfortunate. My point was rather that hammers are good for solving some problems, like when you have a nail, but for many other problems hammers are entirely inadequate. Just like the internet might be inadequate for many problems, even if it's very good for others.
Person: I don't think anyone understood that. I thought it was more like we have regulated hammers and now the internet will be good if we regulate it also. That's how most people in the room understood it.
Me: Well, it's unfortunate if my point was carried across that badly.
This conversation later lapsed into a discussion about how computers are more reliable than people (which is only true in so far as you are certain that you have control over the computer in question – a person, having independent will, can of course defy you even if you technically have control over them. A computer doesn't do that, but for the computer not to defy you you would first have to assume that you have control over the computer. In the vast majority of cases wont be the case and so mostly anything that follows from that assumption will be untrue).
I pointed out that most computers that we pass our information through are accessible by every other computer on the internet which makes them unreliable by default. That it's important with individual choice. The person agreed vigorously with this, but argued that it was not up to the individual to choose how to store medical information. The person then went on to say that any person could leak medical information just like a computer, and I replied that one person, or even several people, acting on one medical dossier is very different from many computers operating on thousands of medical dossiers in several steps of an internet transfer chain. The person agreed with this noisily and repeatedly and then went on to say that actually he didn't.
Then the person suggested that we should have another coffee in Brussels to which I replied ”uhm.”
I asked the person if they were employed to lobby people in my position to be more positive about personalised medicine apps for mobile phones or some such. The person felt that ”lobbying” sounded like a negative word and that he preferred to think of it as us having a cup of coffee.
It struck me that that person might actually be influential. That is flabberghasting, funny and fills me with fear at the same time. Also with alliterative ambitions.
Upon my return in Brussels I learned that Yahoo! has a patent on estimating and making use of other people's level of influence.
To contextualize: European Health Forum Gastein is Europe's largest health conference and has been held in Gastein for the past 16 years. It enjoys presence of many high level Commission officials, and many lower level officials as well. It is visited by really big companies – Pfizer, Elsevier, IBM obviously were represented only in the short 1,5 hour discussion I was in – and lots of researchers.
Dialogue VI:
I shared a taxi to the airport with a nice researcher from the Netherlands who was doing comparative health care studies between European countries. He was partially concerned that a lot of the discussions on health care development is the victim of heavy lobbying by large companies. I said something sarcastic in reply, which I hope was nevertheless consoling. We had a discussion on making partially accessible medical dossiers: my argument would be that you can choose to put online that which you want to put online (I have a strict definition of ”online” as meaning anything that is reachable in any way through any part of the internet, regardless of how illegal or difficult such access might be). So for instance, you can share information about your wheat allergies if you wish, without having to also share information about your incontinence. The Dutch researcher suggested that this would make it more difficult to study differences in incontinence care. This can partially be solved through anonymization of medical dossiers, but anonymization is notoriously difficult and my personal preference would be also for that kind of access to be optional. One way of reducing sensitivity to publication though would be to make incontinence a more socially accepted problem.
Curiosity killed the cat, as they say in English, and the medical confidentiality cat is one cat we may not want to kill too lightly.
Lägg till ny kommentar