January 2, 2020

Big Tech is calling hospitals 'once a day or more' to ask for patient data

Daily Briefing

    With many hospitals strapped for cash, tech companies are making increasingly aggressive pitches to buy their patient data—and some observers are worried that the deals could lead to the data being misused and potentially harming patients, Christina Farr reports for CNBC. 

    Infographic: How to be a cybersecurity sentinel

    Tech companies pursue hospitals

    As researchers continue to explore the role of machine learning in health care, more startups are turning to hospital data to help train their systems. In fact, some tech companies are soliciting hospitals directly to establish deals that would give them access to the hospital data they need. 

    Aaron Miri, CIO at Dell Medical School and University of Texas Health Austin, said tech companies approach him "all the time" for data deals and partnerships. Miri has received these requests for years, and while the requests used to come about once a quarter, he now hears from tech companies "often, once a day or more."

    Stephen Klasko, CEO of Jefferson Health, said he gets requests from companies "at least once a week." He added that some companies are so persistent that, after receiving a "no" from hospital officials, they will then pitch deals to individual physicians.

    The deals

    Some of the tech organizations will tell hospital officials that the partnerships will help make their medical records "more searchable," according to Klasko, while others request access to hospital data through research partnerships with the intention of publishing the findings.

    However, most of the time, the companies are interested in using the information to develop a lucrative product, according to Miri. For instance, Google-backed Flatiron Health partners with health systems to analyze patient data to determine how well certain drugs are performing, and then sells those insights to pharma companies. On its website, Flatiron says it has access to 2.2 million active patient records and in 2018, the company was bought by Roche for about $1.9 billion—which some health tech experts have said amounts to about $1,000 per patient record, Farr reports.

    Miri and Karen Knudsen, chair of Jefferson's cancer center, said they use an extensive process to determine what each company wants out of the deal. "We often find, once we look deeper into the pitch, that it starts as a joint development project and ends up somehow with us being both the product and the customer that pays for the product," said Knudsen.

    Privacy implications

    In most cases, health system data is "de-identified," or stripped of patient characteristics like social security numbers, before it is shared with companies, Farr reports. However, some hospital officials are concerned that even after it's been stripped, the data could be used in potentially harmful ways.

    Some critics of the practice are worried that de-identified data could be cross-referenced with other datasets to match a patient to their information. For instance, a Carnegie Mellon University study found that U.S. census data could be used to identify individuals by matching some "rare" characteristics, such as ZIP code or birth city, Farr reports. In another study, published earlier this year, researchers in Europe claimed they could identify 99.98% of Americans in de-identified datasets based 15 demographic traits.

    Once the data is re-identified, health care companies, including insurers, could use the information to identify patients at higher risk of disease and further analyze the data to find out what that particular patient might cost them to further justify higher premiums, according to Farr. 

    Technology companies on the other hand could pair the new data with existing information on people to target advertisements to people with certain health conditions, Farr reports.

    These concerns are why hospital officials like Miri are wary of data-sharing requests from technology companies, according to Farr.

    "All of this outreach is putting tremendous pressure on us provider organizations as we generally want to do the right thing," said Miri. "I don't believe that most people are in it for the wrong reason, but it's often not easy to make heads or tails of what's legitimate and what isn't, and the real intention behind it" (Farr, CNBC, 12/18/19).

    Have a Question?

    x

    Ask our experts a question on any topic in health care by visiting our member portal, AskAdvisory.

    X
    Cookies help us improve your website experience. By using our website, you agree to our use of cookies.