Health Data Privacy and Data Protection as an Enabler of Innovation

Updated: Apr 28

Author: Laura Murphy




“No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”


-Article 12, United Nations Declaration of Human Rights (UDHR)


Data privacy experts gathered on March 11, 2021, in a panel discussion on “Healthcare: The Digital Revolution for a More Resilient Society” hosted by the Institute for Technology and Global Health (ITGH). The event was the first installment of a series focused on health data privacy and aimed to foster inclusive, systematic innovation in the digitization of the health-care sector. Moderators from the Institute, Khahlil Louisy, Maurizio Arseni, and Renaud Falgas, interviewed five experts with a full gamut of perspectives: James Small, specializing in Interaction Design at IDEO; Ramesh Raskar, Associate Professor at MIT Media Lab and Chairman of PathCheck Foundation; Mary Nunn, international privacy coordinator with Doctors without Borders; Riddhiman Das, co-founder and CEO of TripleBlind; and Dr. Shikha Jain, Associate Professor at the University of Illinois Cancer Center and Director of Communication Strategies and Digital Innovation.


The discussion touched on essential questions in digital health solutions: How can sharing best practices from different sectors drive inclusive and transparent digital health solutions? How can human-centered design enrich relevant fields and anticipate future obstacles? Are decentralized solutions in digital health the best strategies to advance? After examining the challenges of exposure notification technology developed during the past year to mitigate the spread of SARS-CoV-2 amidst the COVID-19 pandemic, ITGH recognizes that data privacy and protection are essential to future innovations in the field of digital health. Supplementing the focus on, equity among, and protection of individual users, additional stakeholders--chiefly governments, NGOs, and private entities--all play distinct roles in the digitization of the health-care sector. Systemic coordination will improve the digitization of healthcare systems in the community and around the globe.


Mary Nunn (whose Op-Ed on our website can be viewed here) emphasized the challenges and importance of data privacy in the humanitarian sector. Ms. Nunn underlined that at its core, healthcare is a human right. She compared data privacy and protection in the healthcare sector among different populations, particularly highlighting its necessity in vulnerable populations and high-risk situations. Data Protection Frameworks, including Data Protection Impact Assessments, can help define the data that will be processed along with its scope, context, and purpose--incorporating both risk assessments and all stakeholders--to go beyond risk assessment as a one-time project and instead make it routine. In the case of telehealth solutions that contact teenage patients about reproduction and sexual health, the framework must guarantee that only the patient will be able to access the data and that each solution is provided in the most secure way possible.


This example leads to the crux of Ms. Nunn’s discussion: the necessity of privacy by design and by default. “It’s hard to make it privacy friendly if you haven’t made it that way from the start,” Ms. Nunn added. Before any personal data are collected or the first line of code is written, technological measures must be put into place such that each solution takes into account the right to privacy from the get-go. Within the data life cycle, multiple individuals and entities handle data, each carrying different roles and responsibilities. This requires an interdisciplinary approach that goes beyond doctors and is shared in a language understood by all those involved.


In humanitarian contexts, data protection is not merely another legal compliance hurdle, obstacle to innovation, or low-risk issue; the coordination of digital literacy, data system complexity, and differing priorities must rise to meet the goal of improving emergency responses in off-the-grid locations for whom these questions are of vital importance. Ms. Nunn draws on her experience as an international privacy coordinator with Doctors Without Borders, an NGO comprised of 35,000 professionals operating in 70 countries struggling with endemic disease-- often operating in emergency responses that introduce additional time constraints, remote locations, and insecure contexts to complicate how digital solutions are implemented among doctors with varying levels of digital literacy and expertise.


Shikha Jain, Assistant Professor at the University of Illinois College of Medicine, illustrated the challenges and opportunities of health data privacy within the US healthcare system. Presenting in her white coat from a hospital call room after seeing patients, Dr. Jain discussed how IMPACT (Illinois Medical Professionals Action Collaborative Team) has been able to amplify physician voices during the COVID-19 pandemic and use digital innovation to break out of silos. “Medicine, and healthcare in general, is very siloed--even just amongst physicians and nurses and other healthcare workers,” she prefaced. Dr. Jain elaborated that when it comes to branching out into the digital space, the challenge mounts since many healthcare workers do not have time, desire, or an impetus to connect with tech companies and break out of the silos. She highlighted the ways in which digital innovation can improve communication strategies, especially in light of the fact that “healthcare in general...has been very behind when it comes to utilizing modalities such as social media and communications strategies, because for years, as physicians, and nurses, and other healthcare workers, we’ve been encouraged not to utilize social media due to concerns over HIPAA and privacy laws.” Dr. Jain is an advocate for science-based public health messaging and public health strategies, and she is currently advising the development of The Nucleus platform with the Institute for Technology and Global Health.


Riddhiman Das, CEO and co-founder TripleBlind, underscored the central theme of the panel: what does privacy unlock? Mr. Das was optimistic about progress on a global scale with regards to data operations once cryptographically enforced privacy is part of the picture. Mr. Das also questioned whether securing patient data and securing public health data were competing interests or whether they could instead be complementary.


TripleBlind currently works to unlock private data sharing and collaboration at a scale never before possible, ensuring “dark data,” and data that was previously inaccessible and/or unmonetized, is used but not abused. Mr. Das noted that the media industry has figured out global cryptography of music and videos to enable digital property rights, yet there is not yet the same set of digital rights with protected information and protected health information. TripleBlind’s solution uses cryptographic software that de-identifies without anonymizing data in a regulatorily compliant way, thus prohibiting re-identification of the patient. Subsequently, this solution lifts liabilities from senders of data, namely hospitals, as well as from receivers of data. According to Mr. Das, such encryption allows the secure use of data for training of algorithms while preventing the risk of sensitive data breaches. Additionally, this solution permits countries outside of public cloud jurisdictions from violating data residency rules--when data of residents cannot be used outside of the country--as they send diagnostic data through a one-way, irreversible transformation of data.


Dr. Ramesh Raskar, associate professor at MIT Media lab and Camera Culture lab and Co-founder and Chairman of PathCheck Foundation, focused the conversation on crowdsourced epidemiology and pandemic response with a participatory privacy-preserving approach. Dr. Raskar claims that anonymizing the data is not enough and furthermore examined the differences between confidentiality and data privacy, culminating in what he called “No Peek'': data and identity that cannot be reconstructed or seen by either other humans or machines, analyzing and serving one or more clients without “peeking” at any client raw data. “No Peek'' solutions would allow the effective sharing of data and therefore eliminate data silos and inefficiencies. Those, according to Dr. Raskar, only widen the gap between those who can utilize solutions and those who cannot, ultimately driving up costs--making solution implementation especially challenging in low and middle income countries. Dr. Raskar sees great potential in incentivizing people to share health data; he believes that empowering citizens to play an active role in their health journey will ease the burden on public health systems and provide real-time insights into public health programs.


James Smalls, Senior Interaction Designer at IDEO, shared his ideas on how “collaboration by design” and “human-centered design” are processes of inspiration, ideation, and execution, in which a designer must listen to what is needed rather than prescribe a solution. Many times, he said, stakeholders are part of the product team; the boundaries between who is the designer and who is bringing the design to fruition break down and result in the best work from the team. Mr. Smalls’ recent challenge was to conceptualize the innovative design of vaccine record cards for stakeholders who either do not understand or are afraid of technology and those who are concerned about the intersection of technology and sensitive patient data. The IDEO team recognized the need for an accessible design and created one that incorporated paper and a simple, inclusive solution to privacy: folding the paper to show or hide vaccination status. The vaccine card is intended for use in disparate locations, underscoring the impact of a design that considers both individuals and the resources within their environment.


Along with other panel guests, Mr. Smalls offered his perspective that accessibility and inclusivity are critical components of proactive designs that include stakeholders from the start of the design process. He sounded a closing statement with broader implications for the discussions to come: “While our work has changed [during the pandemic], I wouldn’t say that it suffered; and the fact that we’re able to be here, as this group of diverse people and have this conversation, I think, is emblematic of that.”