Data Management in Healthcare

In the field of healthcare, the biggest challenge in implementation of Artificial Intelligence, besides finances, is data management. Well regulated data will instil confidence not only in the patients but also in the healthcare professionals. As the Indian healthcare market steadily grows towards USD 372 Billion by 2022, the march will be largely affected by the way the Indian Healthcare Industry embraces AI and data management. The major factors fuelling this rise is increase in medical insurance covers, lifestyle diseases and medical tourism and AI can act as the biggest catalyst in this. The cost of surgery in India is one-tenth of that in US or Western Europe.

The use of AI and Big data analysis is expected to bring down this cost further. However, effective use of AI can only be made with effective Data Management backed by suitable legal framework and law supporting ethical use of personal data. Though as of now a typical Indian patient may not be too much aware of the implications of loss of his medical data, let me remind the readers that the patients expected in the medical tourism to India are touchy about the privacy of their data and a fast growing number of Indians are now sensitive to privacy of their personal data as well.

India is already encouraging tech startups in the field of healthcare to provide better coverage within the same budget. At present there are 2975 startups in the field of digital healthcare solutions. The numbers are expected to grow at a fast pace as some of these taste success and their stories are read by the others. Also, many hospital chains are becoming increasingly interested in introducing AI. But use of data collection brings with it the vulnerability of personal medical data. The increase in availability of data online increases the susceptibility and thus great care needs to be taken regarding protection of this data from data breach.

According to IBM’s cost of data breach highlight report 2019, average size of data breach was 25,575 records with healthcare being the worst affected industry with cost of US USD 6.45 million. As per IBM’s report of 2016 also, the cost per breach was highest in healthcare industry at USD 355 as against an average of USD 158 across all industries. The average per capita cost of data breach (as per 2016 report) was USD 221 in the US and USD 213 in Germany and though the cost was lowest in Brazil (USD 100) and India (USD 61), it was merely due to lack of data. In US, 94% of hospitals had at least one security breach between 2013 and 2014 and in most cases the attack were from inside. As the healthcare data increases in our country, so will be the cost per breach, if we do not ramp up the data security. The healthcare industry is presently witnessing wide range of attacks ranging from stealthy malware to Distributed Denial of Service (DDoS) as healthcare is a data-intensive domain where a large amount of data is created, disseminated stored and accessed daily to leverage data analytics towards better health outcomes.

Even offline data is not safe from theft and sabotage. Robust data protection policy and infrastructure is thus essential to ensure confidence of patients and care providers. The organisations handling such data need to have advanced infrastructure and hire cybersecurity experts to prevent data breach. It may be appreciated that we are talking about not only data theft but also tampering of data (data integrity), which may lead to incorrect inferences by unsuspecting care providers. Any instance of data tampering can play havoc with reliability of data and any decisions made on the basis of such healthcare data would be grossly off the mark.

Can a Doctor rely on this data to take decisions which may affect someone’s life based on this data? Any wrong decision may affect quality of life of patient and in lots of cases may even result in death. With such implications, how do we convince someone to rely on our data? But the flip side is with more and more reliable data available with Doctors, the decision making would be fairly accurate. The condition and situation based data will be available for analysis. Say for example, for a patient is suffering from Diabetes and is now diagnosed with Cancer, data would be available with the Doctor as to effectiveness of specific drugs on such patients in Indian conditions. Reliable data collected directly through wireless Body Area Networks (fitness bands etc) or manually collected data after careful scrutiny of experienced medical professional. We definitely do not want cases like Aadhar Card of Lord Hanuman or a dog named Tommy Singh whose father was mentioned as Sheru Singh.

So many of us will ask then why digitize the health records if one has to invest heavily into IT infrastructure and cyber-security, well we will lose far more money, business and reputation of the organisation if we don’t move ahead with the times and remain grossly inefficient in delivering the healthcare. McKinsey Global Institute has estimated a $100Billion annual increase in profits in US alone if big data strategies are leveraged properly. The Digitised Health Records and associated analysis tools makes any organisation far more efficient. India is presently ranked 112 as per WHO in terms of healthcare and with high population and limited GDP, can only move up by adequately leveraging use of technology in the field. Big data in healthcare and its analysis may bring down the insurance costs as well, thereby improving its proliferation. Recent popularity of wearable fitness bands which can be classified in Body Sensor Networks (BSN) provide real-time monitoring and can completely change the way healthcare is distributed if the data can be made available to the healthcare professionals in real time.

The BSNs can facilitate monitoring of vital parameters, medication effectiveness and predict an epidemic. Also, an Indian doctor could very well be providing consultations anywhere in the world by using real- time online data. In the post Covid world, if patient’s data is available to the doctor remotely, it would be a great force multiplier in delivering the healthcare along with telemedicine thus facilitating social distancing. In addition, analysis tools on healthcare data would provide a paradigm shift in the way healthcare industry functions. can be made available to the healthcare professionals in real time. The BSNs can facilitate monitoring of vital parameters, medication effectiveness and predict an epidemic. Also, an Indian doctor could very well be providing consultations anywhere in the world by using real- time online data. In the post Covid world, if patient’s data is available to the doctor remotely, it would be a great force multiplier in delivering the healthcare along with telemedicine thus facilitating social distancing. In addition, analysis tools on healthcare data would provide a paradigm shift in the way healthcare industry functions.

Let us understand the data before we discuss its management aspects. The personal healthcare raw data includes two components namely ‘Patient’s Personal Data’ and ‘Patients Health Information’. The personal data would include the patient’s personal information that help in identifying him as an individual like name, address, mobile number etc.,while the health information would include all documents related to his health like results of medical tests conducted, Doctor’s notes, medical data from his smart devices etc. Additionally, the processed data could include data of numerous patients that have been processed using analytics tools etc. In a patient centric model, the data can include clinical, physical, social, psychological, environmental and genomic data of a patient.

We now discuss the Data Management in two parts,first data reliability (Integrity of data) and then data security (this includes keeping data safe as well as making it available when needed). The ‘Data Governance’ needs to be adopted if we have to regulate and manage healthcare data. This would include having a common data representation which includes industry as well as regional standards. For example data generated by BSN presently requires normalisation, standardization and governance prior analysis. To provide flexibility to the patient and doctor in terms of national and international mobility (let’s take a step ahead and say patient data portability), the multiple stand-alone Electronic Medical Records (EMRs) need to be made interoperable.

This would facilitate real-time sharing of healthcare data among healthcare providers possible. For example, Electronic Health Records (EHRs) are designed to allow patient data to move along with him/ her or made available to healthcare provider as required. The EMRs are richer data structure than EHRs. With the proliferation of personal Wireless Body Area Networks (WBANs) and other smart devices around us, the Personal Health Records (PHRs) are introduced into our world, where the patients are involved in data collection, monitoring of their health conditions etc. by using their smart phones or wearable devices. Data Governance would thus be needed prior collecting the raw data, to tell us how we want the data when it comes to us.

Now that we are prepared to receive data, we need to know how to collect data. Towards ensuring reliability of data (data integrity), the original data should be un-editable (Aadhar database is a sound example of the same) and reliable. The reliability of the data can be ensured if we follow the following in data generation: –

Once we have collected the data, next step is to keep data safely. So how do we define data security? In simple terms, if only authorised people can access the data with a limit on who can access how much and what all fields in the data, we have achieved our goal for data security. The data security can be further divided into physical security of data storage site (sites – as one has to cater for Disaster Recovery Site also) as well as web security using firewalls and access control. So basically we have to have a very strict access control both physically and online.

Towards data storage and security, cloud computing is a possible solution in to ensure better availability of data, but has its issues of data security. The most popular solution presently is cloud based Software as a Service (SaaS) solutions hosting Protected Health Information (PHI). This can be used with cryptographic primitives such as those based on public key infrastructure (data may be encrypted prior uploading on cloud). Once the data storage mode has been decided, access control models have to be defined to regulate access to data based on pre- defined access policies. Recent advances in blockchain technology suggest that this option may also be available; however, the same is not yet popular and is still being assessed. In blockchain technology, we are able to build an open and distributed online database, which consist of list of data structures (known as blocks) which are linked to each other (hence the name blockchain).

Blockchain technology can be somewhat disruptive and may require radical rethink with significant investment in the entire eco-system and thus return on investment on the same needs to be studied. Further, like other options discussed, the blockchain technology too has its own challenges like immutability of data, non-availability of right to erasure of data to patients etc. Blockchain for healthcare can be designed as follows: –

To achieve this, the country would definitely need new privacy laws to protect patient’s privacy as analytics on healthcare data gain popularity, these laws would require to clearly bring out all processes in performing big data analytics on patient data. There has been a gradual shift in healthcare data to cloud due to convenience (of patient data availability) and savings (in managing data security, analytics etc.) and hence such privacy laws need to be implemented soon. Also, with patient themselves involved in collection of data, we need to define the legal aspects regarding who is to be blamed for a wrong diagnosis based on incorrect data collected by the smart devices used by the patient (which may be malfunctioning or intentionally feeding wrong data by patient). The leakage or modification of data may be intentional or otherwise and organisations may be penalized or held criminally accountable for such instances.

One of the desirable goal for the country is to have a national data grid, which would also comprise National Digital Health Footprint. Then National e-Health Authority (Neha) would be empowered as a legal authority and adequate powers. Thankfully as a first step, Niti Aayog has announced formation of National Data and Analytics Platform and it is hoped that a national data grid would be on their agenda. The Personal Data Protection (PDP) Bill 2019 was tabled in Parliament in Dec 19 and is presently being scrutinized by a Joint Parliamentary Committee in consultation with experts and stakeholders and is likely to be tabled in the next session of Parliament – this would be an Indian equivalent of General Data Protection Regulation (GDPR) of the European Union. In addition, Digital Information Security in Healthcare Act (DISHA) is being worked upon by Ministry of Health and Family Welfare is expected soon as the draft was put out to public for comments in 2018 – this would be similar to Health Information Technology for Economic and Clinical Health (HITECH) Act of the USA. How long it will go in resolving the issue of data privacy is yet to be seen; however, the expectations are that it will be very progressive and will give complete ownership of the data to the individual. Until then, data security and privacy are the responsibility of the entity that holds the data and in case, a data breach happens, the entity could be penalized for the same. As of now, the enterprises in India are not bound to inform their end customers, or other individuals of a data breach as that happens, excluding banks that are compelled to inform the Reserve Bank of India (RBI) within six hours of a data breach. DISHA proposes three main objectives: –

• Setting up digital health authority at national and state levels
• Enforcing privacy and security measures for electronic health data, and
• Regulating storage and exchange of electronic health records

The Government of India is moving forward in the right direction and all healthcare organisations should move in sync too. Time is critical as every day we ignore moving towards AI and Big Data, we lose profitability, business and reputation.