Startseite: Titel 32pt Arial regular

Bern University of Applied Sciences Engineering and Information Technology

Medical Evaluative Research and Privacy Protection Jan Sliwa & Emmanuel Benoist Bern University of Applied Sciences Switzerland

Developments in e-Systems Engineering DeSE 2012, Bucharest, Sep. 5-7, 2012


Outline • • • • • • • •

Actors, their roles and interests Evaluating health technology - finding the truth in medicine Privacy legislation Consequences – cost and additional bias Medical registries Privacy by design Trade-offs – technical and ethical Conclusions and recommendations


Medical research – process and actors  standard data flow get feedback

Doctors

e us

de

liv

profit from research

treat

Health technology suppliers

Knowledge base

er

Patients Health technology (drugs, devices)

ov

e

Researchers

generate

us

e

a

r pp

c re

Approval authorities

Data

ate


Medical research – process and actors  privacy protection aspects get feedback

Doctors

e us

de

liv

profit from research

treat

Health technology suppliers

Knowledge base

er

Patients Health technology (drugs, devices)

ov

e

ate

Privacy protectors

Researchers

generate

us

e

a

r pp

c re


Data

deliver technology

conflict !

Data protection authorities

protect (mis)use

Insurance companies, employers Lawyers


Interests of various actors (1) Patients

Doctors

• want the optimal health technology at a reasonable price • do not want their data to be misused for discrimination

• need to know which treatments to use, when and how


Researchers

• need information to support evidence based decisions

• need data to deliver statistically valid technology evaluations • want to publish


Interests of various actors (2) Health technology suppliers

Insurance companies and employers

• need data to improve their products • …and to prove their quality

• want to select healthy customers and employees

Lawyers

Privacy protectors

• want a clear legal basis • may look for damaged patients for a class-action lawsuit

• want to hide all data not directly needed for a declared and approved goal


Positions of various actors (2) Health technology suppliers

Insurance companies and employers

• need data to improve their products • …and to prove their quality

• want to select healthy customers and employees

Lawyers

Privacy protectors

• want a clear legal basis • may look for damaged patients for a class-action lawsuit

• want to hide all data not directly needed for a declared and approved goal


Privacy legislation in medicine • main legal acts: • Europe - Data Protection Directive 95/46/EC • USA - Health Insurance Portability and Accountability Act (HIPAA) • no processing of personal data: racial/ethnic, political opinions, religious beliefs, health or sex life • limited collection – only declared, necessary data • secondary use with explicit consent (opt-in, opt-out?) • special cases of processing of health data: • preventive medicine • medical diagnosis • management of health-care services


Privacy legislation - problems • • • •

lack of precision in Europe: directive and national implementations which law applies in the networked world? legislation slower than the technical progress


Legal rules (typical) • collecting limited, well defined data • secondary use limited • connecting various sources limited • consent necessary

 but: special rules for police, epidemics control...


Legal rules (typical) • collecting limited, well defined data o a new hypothesis formulated, historical data missing • secondary use limited • connecting various sources limited o polymorbidity, geographic, social and lifestyle influences • consent necessary o cost and bias  but: special rules for police, epidemics control...


Evaluating health technology  drugs • well-defined process by national approval authorities (FDA, SwissMedic, Agenţia Naţională a Medicamentului şi a Dispozitivelor Medicale, …) • phases of clinical trials o (pre-clinical studies) o I – determine a safe dosage and identify side effects o II – proof of concept: is it effective? o III – large-scale double-blind randomized trials o IV – post-marketing surveillance


Evaluating health technology  drugs: problems • goal: o statistically valid evidence – large, unbiased set of data o side effects, rare events and long term consequences identified • but: o fast: I don’t want to wait for my medicine o tested on other people o people are not identical • special case: personalized medicine based on the genetic profile – how to obtain enough data, how to protect identity


Evaluating health technology  medical devices • process not well defined because of the great variety of devices • in USA it is enough to prove substantial similarity to an approved device


Evaluating health technology  intelligent (wireless, software based) medical devices: special problems • Vulnerable to attacks o eavesdropping o remote activating o denial of service, battery depletion • Software update – new device? • Part of a system o power supply o wireless signal, positioning o Body Area Network (smartphone, etc.) o Wide Area Network o user (obtrusiveness, usability)


Connecting data • Classical example: Broad Street cholera outbreak London, 1854 John Snows links medical and geographical data: disease locations + water pumps  Cause: sewage polluted water pipes • Today: e.g. linking health with lifestyle and social conditions o Public Health Observatories o Born in Bradford


Consequence:  researchers need data !

Otherwise:  like driving a bus with closed eyes Propagating false information is unethical


Medical registries • separating data for treatment (full identity) and for research (only medical data) • example: MEMdoc registry for (mostly) orthopedic cases University of Bern and Bern University of Applied Sciences o evaluation of devices and treatment methods o makes use of similar cases from many clinics worldwide o permits publishing valuable scientific results o > 100’000 cases


Privacy by design • removing identities  problem: identifiable with other data • de-identifying data by obfuscation  problem: still valid for research? • role-based access control • logging data accesses and modifications


Conclusion: recommendations • Organisation o honest researchers identified and registered • Technology o role based access control o basic anonymization for researchers o “total” anonymization for public access o logging the actions o tracing the leaks • Law o punishing misuse after data leak

and... communicate !


Thank you for your attention !

Jan Sliwa & Emmanuel Benoist Bern University of Applied Sciences Switzerland