Alaap B. Shah, Member of the Firm in the Health Care & Life Sciences practice, in the firm’s Washington, DC, office, was quoted in Information Management, in “Opinion: Data Governance in the Age of AI: Beyond the Basics,” by Gienna Shaw.

Following is an excerpt:

If you want some basic advice about launching a data governance program, it’s easy to find: Get leadership buy-in, appoint some data stewards or champions, and make sure everyone meets regularly to talk about it.

But there’s a lot more to it than that, especially in the age of data-hungry tools born from artificial intelligence. When you’re dealing with data on a machine learning scale, you’re dealing with “garbage in, garbage out” on steroids. …

The American Society of Clinical Oncology’s (ASCO) CancerLinQ initiative collects and analyzes massive amounts of data from patient encounters to give oncologists a quality monitoring system to ensure patients are getting the best care.

“As the representative body for oncologists we wanted to be able to build something that they can trust. Ultimately, you live and die on the trust that you have,” says Alaap Shah, an attorney at Epstein Becker Green, who was the ASCO’s chief privacy officer at the time. …

Step one was to develop a set of governing bodies to provide guidance on issues, to formalize them into policies, to govern how the organization operates and how it builds and uses technology, he says.

The data governance team delved into policy, ethical issues, and legal and regulatory requirements. Those were distilled into principal documents, then more fleshed-out policy statements.

“Those became the internal bellwether by which we operationalized a lot of this program,” Shah says. “They were living and breathing documents which we revisited from time to time, partly through those committees we formed but also through the staff that was operationalizing around it. We were essentially developing a culture of compliance, a culture of privacy, a culture of data protection, a culture of responsible data stewardship. All these are the high-level principles by which we started to operate and think and live and breathe.”

Step two was to “think about, internally and externally, what responsible data use and stewardship looks like and carry that out. We don’t want to say to participants ‘hey, give us all your data, we’re going to do great things with it’ and then go and sell it to some bad actor somewhere in the market,” he says. “The point is, what do we need to be thinking about and doing to make sure that we’re ... acting responsibly relative to the data we’re getting from participants in our network and also using that data for downstream purposes that are responsible from a public perception perspective?”

Setting boundaries means disclosing up front what the organization planned to do with the data and not deviate from that promise. “Ensure you’re safeguarding the data technologically and otherwise and then ultimately create something good with that,” Shah says. “You’ve been charged with this great responsibility because you have all this data; make sure that you don’t screw it up.”

Related reading:

Health Data Management, "Data Governance in the Age of AI: Beyond the Basics."

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.