This column addresses the role of data in the field of healthcare known as “preventive healthcare.” Preventive healthcare is undergoing changes as data increases its scope and the role it plays in healthcare.
What Is Preventive Healthcare and Its Data?
For the purpose of this article, traditional healthcare refers to patient care received from a physician or hospital to treat an illness or medical condition. Traditional healthcare includes “interventions,” such as surgery or the prescription of pharmaceutical medication. A core characteristic of preventive healthcare is that it uses a combination of data in addition to traditional healthcare data such as that covered by HIPAA. The other data sources are fitness data, wellness data, remote monitoring data, sports activity, and self-reported data. The Internet of Medical Things (“IOMT”) is used to connect data from these data sources with devices and IT systems used in healthcare, including by hospitals and physicians. The general Internet of Things can exchange data with non-hospital devices. For example, data from company wellness programs can be transmitted to consumer fitness devices or applications.
Preventive healthcare proactively supports healthcare as broadly defined and allows both healthcare professionals and individuals, either in an individual’s capacity as a patient or as users of fitness devices, to monitor health and wellness and improve self-care. It also allows an individual to assist family members. In this sense, preventive healthcare addresses a broader scope of health and wellness and at an earlier stage than traditional healthcare services do.
Who Are the Users of Preventive Healthcare Data and Analytics?
A range of people and institutional entities can use preventive healthcare. In addition to traditional healthcare institutions are fitness programs, company wellness programs, addiction treatment facilities, and pharmacies. An important aspect of preventive healthcare is providing individuals with the control to access and use of their information.
What Data Regulatory Regimes Apply? What Consent Is Needed and Why?
At a high level, HIPAA applies to personal health data as defined in the governing statutes. Other laws and regulations are state data privacy, and state database laws apply to personally identifiable information. Other federal and state statutes apply to personal information in specified contexts. In addition, Canadian, European and other foreign laws may apply.
In most of these circumstances, personal information cannot be collected or used without the consent of the individual. The importance of this is that entities in the preventive healthcare ecosystem face legal liability if data is used without consent, and the entities may also face possible regulatory sanctions if data is used outside the scope of permitted regulatory authorization.
In addition to regulatory schemes, the use of data may be subject to licenses in private commercial transactions. Take for example, the situation where a subset of preventive healthcare data is held under license by a company. First, that company must have the right under the license to grant a license of the data to another entity. Significantly, this includes having the necessary consents from individuals that allow licensing when such consents are required. Second, the company must provide the data within the scope of its license. It cannot grant rights to the data it holds even if its right to use the data exceeds its right to sublicense it. Third, the party receiving the data must comply with the terms of the license. Fourth, the data in the subset may be subject to confidentiality and non-disclosure agreements. These may impose requirements that are more stringent than those taken in isolation. In addition to the potential for liability for a breach of contract, there could also be liability for a breach of a nondisclosure obligation.
The Data Supply Chain for Preventive Healthcare and the Importance of Timely Updates
It is important that healthcare data be updated as health status changes. This means updating the information with any changes to HIPAA-protected healthcare data, as well as any new data from fitness devices and other sources. The data supply chain for preventive healthcare encompasses data quality, legal rights to use the data in changing contexts, regulatory compliance, and other considerations. One of my prior articles addressed the data supply chain, and I reference that article for further information about the issues with supply chain quality.
Is Solid Protocol Relevant?
The Solid protocol (which stands for “socially linked data”) is a Web3 protocol developed by Sir Tim Berners-Lee in conjunction with MIT to provide individuals with control over data in a way not possible over current World Wide Web technology. Individuals store their data in “Pods” and control the use and access to their data by persons and things (“things” are Internet technology). Significantly in the context of preventive health, it provides a means to allow individuals access and use of their own data. Here, this would include fitness data and other data from personal devices.
Because individuals are contributing their own personal data for use in preventive healthcare, vesting control of access and use of that data should remain with the individual. The Solid protocol is a means to provide this level of control to the individual.
Data as a Change Agent in Healthcare
Preventive healthcare is an example of how data can change wellness and healthcare. This change is enabled because of the scope of data that is available not only from traditional healthcare records, but from consumer devices. The important caveat is that healthcare data must be updated on the basis to make the data trustworthy.
