By Melanie Evans
Hospitals have granted Microsoft Corp., International Business
Machines Corp. and Amazon.com Inc. the ability to access
identifiable patient information under deals to crunch millions of
health records, the latest examples of hospitals' growing influence
in the data economy.
This breadth of access wasn't always spelled out by hospitals
and tech giants when the deals were struck.
The scope of data sharing in these and other recently reported
agreements reveals a powerful new role that hospitals play -- as
brokers to technology companies racing into the $3 trillion
health-care sector. Rapid digitization of health records in recent
years and privacy laws enabling companies to swap patient data have
positioned hospitals as a primary arbiter of how such sensitive
data is shared.
"Hospitals are massive containers of patient data," said Lisa
Bari, a consultant and former lead for health information
technology for the Centers for Medicare and Medicaid Services
Innovation Center.
Hospitals can share patient data as long as they follow federal
privacy laws, which contain limited consumer protections, she said.
"The data belongs to whoever has it."
Microsoft and Providence, a Renton, Wash., hospital system with
data for about 20 million patient visits a year, are developing
cancer algorithms by using doctor's notes in patient medical
records. The notes haven't been stripped of personally identifiable
information, according to Providence.
And an agreement between IBM and Brigham and Women's Hospital,
in Boston, to jointly develop artificial intelligence allows the
hospital to share personally identifiable data for specific
requests, people involved in the agreement said -- though so far
the hospital hasn't done so and has no current plans to do so,
according to hospital and IBM officials.
Microsoft executive Peter Lee in July described how his company
would use Providence patient data without identifying information
for algorithm development. In a December statement, he said
patients' personal health data remains in Providence's control and
declined to comment further.
B.J. Moore, Providence's chief information officer, said
executives involved in that agreement at first planned to use data
without information identifying patients; later they found they
couldn't remove it all from doctors' notes. "It was not intended to
mislead," he said.
Brigham and Women's announced a 10-year agreement with IBM in
February 2019. David Westfall Bates, the hospital's chief of
general internal medicine and primary care, said last year that
initial work would use data stripped of names and other identifying
details. In December, Dr. Bates said he hasn't publicly commented
on IBM's ability to access identifiable data but Brigham and
Women's would follow federal privacy rules should it do so.
"Responsible data stewardship is core to our mission," an IBM
spokeswoman said.
The Fred Hutchinson Cancer Research Center, in Seattle, granted
certain Amazon Web Services employees access to health information
that identifies individual patients, a Fred Hutchinson spokesman
said. The Hutch trained and tested Amazon Web Services software
designed to read medical notes.
An AWS spokeswoman said it doesn't use personally identifiable
data protected under federal privacy laws to develop or improve its
services.
Digitizing patients' medical histories, laboratory results and
diagnoses has created a booming market in which tech giants are
looking to store and crunch data, with potential for groundbreaking
discoveries and lucrative products.
There is no indication of wrongdoing in the deals. Officials at
the companies and hospitals say they have safeguards to protect
patients. Hospitals control data, with privacy training and close
tracking of tech employees with access, they said. Health data
can't be combined independently with other data by tech
companies.
But recent revelations that Alphabet Inc.'s Google has the
ability to tap personally identifiable medical data about patients,
reported by The Wall Street Journal, has raised concerns among
lawmakers, patients and doctors about privacy.
The Wall Street Journal also recently reported that Google has
access to more records than first disclosed in a deal with the Mayo
Clinic. Mayo officials say the deal allows the Rochester, Minn.,
hospital system to share personal information, though it has no
current plans to do so. "It was not our intention to mislead the
public," said Cris Ross, Mayo's chief information officer.
Dr. David Feinberg, head of Google Health, said Google is one of
many companies with hospital agreements that allow the sharing of
personally identifiable medical data to test products used in
treatment and operations. The companies typically don't disclose
their use of such data, Dr. Feinberg said. "We didn't hide it."
Amazon, Google, IBM and Microsoft are vying for hospitals'
business in the cloud storage market in part by offering algorithms
and technology features. To create and launch algorithms, tech
companies are striking separate deals for access to medical-record
data for research, development and product pilots.
The Health Insurance Portability and Accountability Act, or
HIPAA, lets hospitals confidentially send data to business partners
related to health insurance, medical devices and other services.
The law requires hospitals to notify patients about health-data
uses, but they don't have to ask for permission.
Data that can identify patients -- including name and Social
Security number -- can't be shared unless such records are needed
for treatment, payment or hospital operations. Deals with tech
companies to develop apps and algorithms can fall under these broad
umbrellas. Hospitals aren't required to notify patients of specific
deals.
"The patient doesn't have absolute control. They don't have much
control, " said Ellen Wright Clayton, a Vanderbilt University
biomedical ethics professor.
Under HIPAA, hospitals must divulge as little as possible about
patients under agreements. But in some cases, the minimum amount
needed by tech companies can be everything in patients'
records.
Ascension, a Catholic chain with 150 hospitals across 20 states
and the District of Columbia, is testing whether Google's
technology can accurately search and retrieve all information for a
single patient -- a widely known challenge that frustrates doctors
and patients.
"By definition this means that the 'minimum' necessary dataset
for the creation of this capability is the entire longitudinal
health-care record" for each patient, said Eduardo Conrado,
Ascension's chief strategy and innovations officer.
Hospitals involved in the deals say data use is reviewed by
research-ethics review boards or data-use committees, which can
include compliance, law, tech, medicine and other experts.
Mayo's data team will vet future data requests for projects with
Google, probing how much data to share, said Mayo's Lois Krahn, a
data-team member. "We are a tremendously cautious and conservative
organization," she said.
Hospitals also stand to gain financially from some deals. Tech
companies' agreements with Providence, Mayo, and Brigham and
Women's include intellectual property rights for hospital
contributions to new products.
Some hospitals are saying no to tech agreements.
"We're not giving anyone data," said Jim Beinlich, chief data
information officer for Penn Medicine, the University of
Pennsylvania health system. Penn Medicine halted a possible
research pilot with Microsoft in response to public concern over
Ascension's Google deal. Hospital executives are drafting policies,
such as how to tell patients about data sharing.
"We don't have all the rules of the road written down," he
said.
Write to Melanie Evans at Melanie.Evans@wsj.com
(END) Dow Jones Newswires
January 20, 2020 05:44 ET (10:44 GMT)
Copyright (c) 2020 Dow Jones & Company, Inc.
Amazon.com (NASDAQ:AMZN)
Historical Stock Chart
From Aug 2024 to Sep 2024
Amazon.com (NASDAQ:AMZN)
Historical Stock Chart
From Sep 2023 to Sep 2024