Be Aware of Data Mining RisksManaged Health Care Executive August 4, 2014
Adam C. Solander and Evan J. Nagler, Associates in the Health Care and Life Sciences practice in the Washington, DC office, wrote an article titled "Be Aware of Data Mining Risks."
Following is an excerpt:
Use of data analytics holds great promise to inform stakeholders of the quality and cost of a patient's treatment. As a result, healthcare organizations and vendors are rapidly implementing data analytics engines to reduce cost of care and improve patient outcomes. However, legalities could significantly impede expanded implementation of population health measures.
Stakeholders must develop mechanisms for obtaining appropriate data rights and safeguard all sensitive information received. Legal issues surrounding de-identification, aggregation and security of stored data must be addressed when pursuing these population health tools.
Under the Health Insurance Portability and Accountability Act (HIPAA), de-identified data is no longer considered protected health information and may be used for purposes of statistics-based research. However, the act of data de-identification is considered a "use" of protected health information, which must be accounted for in business associate agreements if a vendor performs the de-identification. Entities should ensure the business associate protections are in place prior to providing data to a vendor to de-identify.