What is the future of data driven hospitals?

One of the critical factors for patient safety in hospitals, is that you've identified the patient correctly. The wrong medication given to the wrong patient at the wrong time could have serious, even fatal consequences. Patient wristbands are a start, but wristbands that contain barcodes are even better. According to GS1's website, in October 2013, it became mandatory in NHS England for all patient wristbands to contain a GS1 barcode. I wonder if we can improve even further?

A couple of things I've seen or tried recently got me thinking. 

My Samsung Gear Fit

My Samsung Gear Fit

Spanish airline Vueling is first to send boarding passes to a smartwatch

My experience wearing the Samsung Gear Fit on my  wrist 

Software from Japan that works with smart glasses to help you get info by looking at a barcode

In the future, if you were due to go into hospital, what if you could get your hospital 'boarding pass' sent to your smartwatch 24 hours before your visit? What if when you 'checked in' at the hospital, a member of staff was automatically notified of your arrival, on THEIR smartwatch? What if when a member of hospital staff wearing smart glasses wants to identify who you are, they simply look at your smartwatch that's displaying your barcode? 

Could that do even more to improve patient safety? Many observers continue to regard these individual technologies as crude & clumsy, and I'm right there with you.

However, when you stop for a moment, to imagine how they could be used together to do something that's never been done before, it makes you think. I ask you, what currently exists, that alone is not that great, but when combined with a couple of other technologies, solves your problem? 

Or it simply a case of repurposing wearable tech to suit your own needs, as in the case of this creative friend of mine, Anthony Harvey who want to see if the Gear Fit is capable of something new?

Now add to the mix, Bluetooth 4.1 at the end of 2014. What will moving from the current Bluetooth 4.0 to 4.1 mean for hospitals? Well, in theory, your 2015 heart rate monitor/activity tracker worn on your wrist could send data directly from your wearable device into your medical records, via the cloud.

So even before you've arrived at hospital for your surgery, they could have much more data about you, compared to the hospitals of today. As you can observe, the role of data in providing the best possible care, becomes even more paramount. 

How safe is your data in the hospital?

I shared an article on the Internet of Things via Twitter recently, and one of the people who engaged with me as a result was Scott Erven, based in the USA. He's done significant research into the security risks associated with the use of hospital equipment, and there's an eye opening WIRED article recently published about his work, and what needs to change. 

Quoting from the article, how many of you are shocked to read his findings? "In a study spanning two years, Erven and his team found drug infusion pumps–for delivering morphine drips, chemotherapy and antibiotics–that can be remotely manipulated to change the dosage doled out to patients;

Bluetooth-enabled defibrillators that can be manipulated to deliver random shocks to a patient’s heart or prevent a medically needed shock from occurring; X-rays that can be accessed by outsiders lurking on a hospital’s network;

temperature settings on refrigerators storing blood and drugs that can be reset, causing spoilage; and digital medical records that can be altered to cause physicians to misdiagnose, prescribe the wrong drugs or administer unwarranted care."

It certainly gave me a wake up call. Now, I had a video call with Scott this week, and the conversation was illuminating. With Wearables and the Internet of Things touted as technologies that are going to lead to an explosion in data (about each of us), and ultimately, be used to drive potential improvements in health & social care, there is also a dark side. 

Many of the articles, talks & press releases in Digital Health make it appear that this bold new world will be everything we've wanted in health & social care, it will be Utopia. Without stringent governance, accountability & trust, it could end up being our worst nightmare. 

What if someone wanted to hack into hospital equipment, your wearable devices or your health data, because they had malicious intent? What if an organisation, or even one person wanted to inflict a terrorist attack, and cause a serious loss of life? Instead of bombs, would they simply sit in front of a laptop & exploit the cyber security vulnerabilities that exist today (and may still exist tomorrow) in hospitals?

What if someone wanted to specifically target you, by modifying your health records to show that you'd had a mental health issue? It was just reported that a British woman had her employment offer for Emirates Airlines withdrawn after they found out her medical records revealed an episode of Depression in 2012. 

The UK has taken a bold step last year to publish the publication of mortality rates for individual hospital consultants in ten specialties. Greater transparency is to be encouraged, and hopefully will improve levels of care. Do we also campaign for publication of the hospital data breaches too? 

Can we actually trust the data the government publishes? Look at the recent scandal in the USA, at the Veteran's Adminstration, where it's come to light that the waiting time for medical treatment was misreported. 

A recent survey found that 50% of UK citizens don't trust the NHS with their personal data.

Today, when I speak to people around the world, who use any form of health & social care, they are primarily concerned about access, quality & cost. In the future, those people may be adding 'privacy & security of my data' to that list. 

The Digital Health community, along with government, has to address this sooner, than later.

Quite frankly, I don't see the point of gathering all this data on patients, if we can't assure them, that we've taken every step possible to keep it private & secure. 

[Disclosure: I have no commercial ties with any of the companies or individuals named in this post]

Enter your email address to get notified by email every time I publish a new post:

Delivered by FeedBurner

Think twice before sharing your data

Who needs hospitals? We have smartphones, sensors and data!

According to Eric Topol, who is one of the leading voices in Digital Health, the smartphone is going to be the healthcare delivery platform of the future. Awesome right? No need to go into a hospital in the future, the app on your phone can record your blood pressure and transmit it to your doctor via the internet etc. 

Is it just a few rich people in California who believe this? Not according to Intel's latest research (see infographic below on what health information people are willing to share). The survey collected responses from people in Brazil, China, France, India, Indonesia, Italy, Japan and the United States. 84% would share their vital stats like blood pressure and 75% would share information from a special monitor that's been swallowed to track internal organ health. In fact, India is the country most willing to share healthcare information to aid innovation. Super awesome news, right?

Eric Dishman, Intel fellow and general manager of the company's Health and Life Sciences Group, says "Most people appear to embrace a future of healthcare that allows them to get care outside hospital walls, lets them anonymously share their information for better outcomes, and personalizes care all the way down to an individual's specific genetic makeup." 

Also, this week was the mHealth Summit in Washington, DC. It's the largest event of it's kind, over 5,000 people from around the world gathered. I attended last year, but participated this year from London via Twitter. Amazing energy and bold visions of the future on mHealth. 

In fact, this week, I also participated in the world's first G8 Dementia Summit via Twitter. "Big Data" captured from patients around the globe was cited by many of the leaders as one of the ways in which we can work to beat Dementia by 2025. Yes, the G8 put a rather ambitious  goal of a cure (or disease modifying drug) by 2025. Again, we just need to collect all this data from individuals, remove personal information, make it anonymised, and Global Health in the future will be transformed, right?

Easier said than done

Unfortunately, many of the people at conferences who are envisioning a world where we happily share our personal health data altruistically for the benefit of medical research to improve Global Health are unaware of the realities on the ground. "Big Data" seems to be inserted by anyone and everyone into their speeches and tweets. Doctors, politicians, and corporate leaders frequently use the phrase, in the hope that more people will sit up and pay attention to what they are saying.

Let's take anonymisation. If someone tells you that your personal data will be anonymised and then aggregated and made available to 3rd parties, you believe them, when they tell you your data can't identify you. Let's see what the report from the Royal Society in June 2012 said; 

"the security of personal records in databases cannot be guaranteed through anonymisation procedures"

"Computer science has now demonstrated that the security of personal records in databases cannot be guaranteed through anonymisation procedures where identities are actively sought"

It's good to have people like Professor Ross Anderson who dare to question the viability of anonymisation

Now, there are tens of thousands of health apps, and generally how many of us take the time to read terms and conditions before downloading any app, let alone a health app? We trust the brand, don't we? How do we determine as consumers and patients, whether a health app is safe to use? 

A company in the US, Happtique is working on a program of certification for health apps. Definitely a worthwhile initiative. So whilst I was monitoring the Twitter stream during the mHealth Summit, I noticed a software developer, Harold Smith, at the event had shared his blog post with his findings that there were security issues with some apps that had passed the certification process at Happtique. Yes, shocking news, but even more shocking is how a lot of people in this industry don't seem to care. Kudos to Happtique, they did react swiftly to this news by suspending their certification program

Here in the UK, the NHS have set up a health apps library. Their review process is listed too. Their website says, "All apps submitted to the Health Apps Library are checked to make sure that they are relevant to people living in England; comply with data protection laws and comply with trusted sources of information, such as NHS Choices". I've got no reason to doubt the security of the apps on the NHS library, but I'm curious - what if someone independent like Harold Smith took a look at these apps? What would his findings be? 

2014 & beyond 

In an ideal world, none of us as end users would have to worry about the security & privacy of our personal health data. We all want improved health, and improved healthcare, and we are told that mobile technology, sensors & big data could make the world a much better place. As a Digital Health Futurist, I truly want to believe that. 

However, the road ahead is potentially very dangerous, largely because the froth and hype in Digital Health is overshadowing the need to have an open and candid discussion in society on the risks and benefits of going down this road. Companies such as GE, Intel, & Cisco are pumping billions into the Internet of Things. This week the Allseen Alliance was announced, standards to allow different devices to connect to each other. Again, exciting stuff, right? 

Imagine, your smart toilet connected to your smart fridge connected to your smartphone. Personalised meal suggestions on your phone based upon the combination of the clinical analysis of your urine and what food you have remaining in your fridge? More data about our health, more data about us being transmitted between devices and apps using wifi. Hmmm, how many of us have stopped to reflect upon what safeguards are needed to prevent our bodies from being the target of hackers

In principle, I'm not against any company or government collecting more data about us and our health. If collecting more data can help us develop a cure for diseases such as Cancer or Dementia, that would be an amazing achievement for science. 

However, I do want all of us, wherever we live on this planet, to be able to make INFORMED choices about how we share our health data, and who we share it with. Who will drive conversations that lead to a society where we can make informed choices about our health data? How do we get informed consent to participate in data sharing initiatives from those members of society who are vulnerable, such as children or older people with Dementia? Is that even ethical? 

One piece of good news that came out this week is that the Data & Society Research Institute is a new non-profit organisation launching in 2014. Based in New York City, it will be dedicated to addressing social, technical, ethical, legal, and policy issues that are emerging because of data-centric technological development. 

bill-of-rights.jpg

Data about us may be the key to improving the health of 7 billion people, but that can only happen if our rights are protected at all times. The issues are common to all personal data, not just health data. Perhaps the way forwards is the creation of an international bill of digital rights?

 

[Disclosure: I have no commercial ties with any of the companies mentioned above]

Enter your email address to get notified by email every time I publish a new post:

Delivered by FeedBurner

Who Owns Your Health Data?

"Personal Data will be the new 'oil' - a valuable resource for the 21st century. It will emerge as a new asset class touching all aspects of society”. That's taken from the introduction of a report from the World Economic Forum published in January 2011. It's a fascinating read,  especially when they put forward the vision of a personal data ecosystem where individuals can have greater control over their personal data, digital identity and online privacy, and they will be better compensated for providing others with access to their personal data.

Sounds great, right? Sadly, it doesn't look like we are on the path to that vision.

For this vision to manifest itself, healthcare companies must buy into it, which means that they have to evolve their current business practices and models. The same is true for governments around the world. Given the recent revelations from Edward Snowden, making this vision a reality seems unlikely.

Does anyone believe we should own our health data?

Due to my background, I think a lot about our health data and the steps that we can take as citizens to help in the creation of this vision. I even gave a TEDx talk with my own ideas.

Though some leaders in the industry, such as Walter de Brouwer are stepping forward and bravely advocating that patients should own their own health data,  it's not the norm. Business models for free health apps are based upon users giving permission for those apps to collect, transmit, share and sell their users' personal data.

What are the current risks?

The current estimate is that are 40,000 health apps in the market place. In addition, a recent study by the Privacy Rights Clearinghouse stated that 72% of the assessed health apps presented medium to high risk of personal privacy violation. Additionally, of the free apps they reviewed, only 43% provided a link to a website privacy policy.

When was the last time you read through the terms and conditions, end user licence agreement or privacy policy BEFORE you agreed to download a health app? Take a look at this example of the privacy policy of Fitbit, would you read this?

Now, you may think that your health data alone is not that valuable, and you may well be right. However, if 100,000 people are using a health app, and a corporation accessing that data has heart rate, activity levels, sleep levels etc on all 100,000 people, then that 'cohort' of data becomes considerably more valuable. Whether it's scientists in a pharmaceutical company looking to understand people's health or a fitness company looking to understand which consumers to target for their next fitness product, getting access to this type of data unlocks new value for these organisations. That's not necessarily a bad thing, because we all want society to make progress in improving our health.

Unfortunately, I don't believe that consumers are currently able to make an informed choice. Unless you read through every line of all the policies, it's not that easy to find answers to these 3 questions;

Who owns your data?

Who has access to your data?

Who profits from your data?

Someone must be doing something to help answer these questions? 

The US government has recently published new proposals that lay out a "voluntary" Code of Conduct for mobile application short notices. Whilst it's a modest step forward, it's not enough. With almost 20 years of working with other people's personal data, I knew I had to do something.

As luck would have it, I was introduced to one of the leading  experts in security and privacy of health data, Dr Tyrone Grandison based in the USA. We identified the need for  a simple way of consumers being able to understand what they are agreeing to BEFORE they download a health app.

Dr Grandison and myself are working on a new service, launching this summer, called 'Who Owns Your Health Data?'. We hope that our service will allow each of you to make an informed choice when it comes to health apps. 

We are open to collaborating with others who share the same goal. Feel free to email us at info@woyhd.org