Abstract

http://ssrn.com/abstract=2153269
 


 



Protecting Patient Privacy in the Age of Big Data


Nicolas Terry


Indiana University Robert H. McKinney School of Law

September 27, 2012

Indiana University Robert H. McKinney School of Law Research Paper No. 2013-04
University of Missouri-Kansas City Law Review, Vol. 81, No. 2, 2012

Abstract:     
This essay discusses the threats to health privacy posed by “big data;” an ongoing revolution in data collection and processing. The essay takes the position that big data poses an exceptional group of problems for health care, its providers, researchers, and patients. Faced with increased privacy risks an exhaustive overhaul of HIPAA/HITECH is not proposed. Rather, this essay suggests an incremental approach, adopting aspects of the recent privacy proposals published by the White House and the Federal Trade Commission. The essay suggests that the battle to preserve health privacy needs to be fought on three fronts. First, while HIPAA/HITECH provides increasingly robust protections against unauthorized uses of health information by a relatively narrow set of traditional health care provider data stewards, it does almost nothing to regulate the collection of health data. It is time that the federal government put real limits on the collection and processing of personal information. Second, the U.S. has adopted a sector-based approach to data protection. HIPAA, as amended by HITECH, and the “privacy” and security regulations made thereunder apply only to a narrowly constructed version of the vertical health care market. Such sector-based approaches to regulation are frequently flawed because of poor calibration. Further, the very concept of health sector specific regulation is flawed because health related or medically inflected data frequently circulates outside of the traditionally recognized health care sector. Third, there is great value in patient information that could be extracted and used by responsible medical and public health researchers. Responsible public policy suggests that researchers should be able to request that information from patients. Many of the existing HIPAA and HITECH security and confidentiality protections apply here but are fundamentally flawed. Neither current policy nor regulations supply the key component: a coherent choice architecture for dealing with appropriate patient decision-making regarding research use of personal or familial health data.

Number of Pages in PDF File: 32

Keywords: Health, Law, Health Privacy, HIPAA, data aggregation, FTC

JEL Classification: I11, K23, K32

Accepted Paper Series





Download This Paper

Date posted: September 27, 2012 ; Last revised: February 20, 2013

Suggested Citation

Terry, Nicolas, Protecting Patient Privacy in the Age of Big Data (September 27, 2012). Indiana University Robert H. McKinney School of Law Research Paper No. 2013-04; University of Missouri-Kansas City Law Review, Vol. 81, No. 2, 2012. Available at SSRN: http://ssrn.com/abstract=2153269 or http://dx.doi.org/10.2139/ssrn.2153269

Contact Information

Nicolas P. Terry (Contact Author)
Indiana University Robert H. McKinney School of Law ( email )
530 W. New York St
Indianapolis, IN 46202
United States

Feedback to SSRN


Paper statistics
Abstract Views: 1,910
Downloads: 519
Download Rank: 30,223

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo7 in 0.250 seconds