Fair Compensation for Data: Privacy, Blockchain, Ethics, and Data Science Converge
When we look at privacy, many goals converge. I separate constitutional privacy and protection from government surveillance from personal confidentiality. Having explored whether one can survive without the other, I remain uncertain. But I am certain that a balance of values would lead to more fairness and that confidentiality is not the only important ethical parameter in big data.
I especially like this article in the Verge, “Hospitals are selling treasure troves of medical data — what could go wrong? They don’t need patient consent to use de-identified data,” in which Nicole Wetsman interviews Eric Perakslis of Duke Clinical Research Institute. The interview notes that deidentification sort of provided a windfall, yet it is neither foolproof nor necessarily the best way to engage in medical research. Perakslis says, “I think most healthcare institutions are interested in using data for profit and for research. I don’t think there’s anything wrong with that if you can actually say how you’re returning the benefit back to the core mission of the place.” If the data ends up in a large repository for shared data for medical research, it is often assumed that the public benefit (more research and larger data sets contribute to public health) and the potential personal benefit (research may cure a disease the subject of the data has) ethically justify uncompensated data use. Here, the unfairness I address is the absence of payment for personal (later deidentified) data. It is a “treasure trove” and financial deals should include the subjects of the data.
Fairness in Data Practices
Cybersecurity is an ethics issue that is especially pressing in the healthcare community with patient data and records at the forefront of privacy concerns. In many posts, I have addressed the role and inadequacy of informed consent in the privacy arena. Specifically, informed consent should not be used to place responsibility in the hands of potential victims of security breaches and unwanted surveillance, nor should it be used to justify uncompensated commercial uses. Other areas of the law, from subpoena power to pharmaceutical advertising must change to meet the new world of data to prevent exploitation of people’s data for commercial uses.
Deidentification does not equate to it no longer being “yours” or being something derived from a person who could be compensated. It simply meets HIPAA requirements and allows the free flow and accessibility of data. Permission in the form of informed consent, arguably not a voluntary thing, does not give free rein over deidentified data.
We already see online access to reports from doctors to patients confirming that cybersecurity efforts create an atmosphere of acceptable safety for identifiable communications. If records can travel both directions, and bills and insurance reimbursements go directly to patients as well, data compensation must be achievable. Its having been deidentified is not necessarily the line in the sand that prevents compensation.
In Barcode Me, I argue for payment for data that is sold and resold. This post explores the role of blockchain technology in repairing the ethical lapse of failure to compensate. Privacy is conceptually entangled with the goal but is not necessarily an impediment. While deidentification is currently required (in certain circumstances), deidentification rules must not be an excuse for a failure to compensate.
Background on Blockchain and Health Care
(From a tech-ish bioethicist not a data scientist.)
Blockchain’s application to health care is promising for several reasons. Its decentralized ledger that allows secure transactions involving personal data also offers validation. Improving trust in the data and avoiding opportunities for data corruption, while making data accessible can help in the delivery of care as well as in medical research. The ability to have accessible data offers convenience as well as security, especially if the transactions can be transparent as well as private. (Transparency in the transactional verifiability yet deidentified by codes and encryption for many uses.) A major use is securing patient data. The decentralized aspect of blockchain could be a device for patient health records shared across a consortium of companies, but not all uses of blockchain in health care are as patient-centric.
Blockchain technology can give providers more access more easily, arguably improving care and efficiency, while allowing patients to have more control. One article asserts that “miscommunication between medical professionals costs the healthcare industry a staggering $11 billion a year.” Its ability to prevent miscommunications and offer access to data make blockchain poised to help the industry save money, something that may equate to healthcare improvements that benefit people. It may lead to efficient diagnosis, improved access to large databases, and arguably it could work to improve delivery of precision medicine. (Even with blockchain, arguably institutions should use some kind of zero trust or perimeter-less security—not all people or devices in an organization should have access to even deidentified data.) Blockchain is also being used in supply chain, and even to track custody of pharmaceutical shipments.
Could Blockchain Be the Answer to Paying Individuals for Their Data?
Blockchain is likely the technology best positioned to work backwards and create a method of fair payment for data without any publicly accessible deidentification. One idea could be setting up transactions on a decentralized ledger that go seemingly backwards. That is, usually we see the patient as the provider of a primary piece of data in a medical record, and then the hospital deidentifies, aggregates, and uses it for research or eventual sale. Then data miners and other aggregators continue to resell it. Additional transactions could start from another point or various other points in the system. For example, the “seller” (e.g., hospitals, drugstore chains, radiology businesses, and consumer genetics businesses) could create a new transaction (after selling the data) sending payment back to the original person whose data it is (the subject) through either a tokenized currency or a payment system. The original organization (the seller) could distribute back to the individual without any accessible deidentification using blockchain and decentralized ledgers. Blockchain might hit some of the key issues like reliable payment, preventing any changes when data travels, and it would prevent mass storage of data payment records in one place.
Pooling and Group Payback
Even without any special technology, the pooled idea could operate through an industry standard or regulation simply saying if you receive services here and signed off on anything using your data, you will be paid if it is ever sold. If companies or hospitals do not want to risk the chance of reidentification through any direct payment scheme, they can pay at the point of data collection. As is, access to data is fueling largescale marketing that pays off for corporations while the people are expected to be happy without compensation.
The solutions I propose are highly simplified versions. Whether paying for each additional aggregation or sale is possible or not, some payment upon the initial sale or at collection is feasible and would solve the injustice of signing off for one purpose while data makes its way to commercial use.
Side Note
Others recognize a different ethical problem with deidentification—that it precludes a built-in outreach to people who would benefit directly and personally from a medical discovery predicated upon their data. The article provides an innovative idea (using NFTs) and cites the inability to legally deidentify as a roadblock to patient care predicated on research using the patient’s own data. Gross M, Hood A, Miller Jr R, Nonfungible Tokens as a Blockchain Solution to Ethical Challenges for the Secondary Use of Biospecimens: Viewpoint JMIR Bioinform Biotech 2021;2(1):e29905 URL: https://bioinform.jmir.org/2021/1/e29905 DOI: 10.2196/29905
While care is a worthy reason possibly to deidentify in a private way, it is also something doctors could address by remaining well-versed on new discoveries in their field. That is, if data from a person with a given disease were used for research and a cure were found for that disease, that person’s doctor should be constantly reading up on the state of the care for the disease. Such a person also could be in touch with researchers by searching who is researching a disease. Yet the NFT idea or other ways to direct research benefits to patients is compelling.
Disclaimer: I am not a data scientist but enjoy tech, crypto, big data ethics, etc.
Featured Photo 126119576 / Blockchain © Iurii Motov | Dreamstime.com
