If you’ve been following along, this is the fifth in a series of blog posts from the many different perspectives needed to advance the use of health data for better health and health care. I’m building on the comments from data geeks, policy wonks, digital health innovators, and both academic and clinical researchers to share the patient perspective. 

Much of what has been said in these previous posts resonates with me and other patients and their care partners. Our digital health ecosystem is complex with many different stakeholders. And while there’s a lot of overlap in shared interests for these stakeholders, it’s hard for us to come together with cohesive action to improve the problems that my beautiful brave breast cancer (BRCA) community and other patient groups are facing.

In April 2018, Fred Trotter and I discovered a zero day security vulnerability that affected all closed groups on Facebook, including the closed BRCA group I was co-administrating, exposing what should have been private user data to developers. This led to a Congressional Inquiry. That then led to a talk at DEFCON 27, and a meeting with some of the world’s leading experts in cybersecurity, and the co-founding of a nonprofit called The Light Collective. Falling down this cybersecurity rabbit hole has led to a true calling in my career. 

Before we kick off the co-located meeting of the Health Datapalooza and the National Health Policy Conference, I have some reflections to offer from the perspective of an ePatient BRCA Mutant, turned ethical hacker.

Patient Rights Cannot Exist In Silos

I believe the path to ensure we handle this new wave of data access – much of which will be outside the bounds of HIPAA – is to think of health care as an immune system. Patient experts are the “Good Bacteria” helping navigate gaps, blind spots, and emerging threats as we navigate policy. In order to navigate uncertainty as my community faces new technologies, we need to enable patient communities in practicing data governance that is driven by real examples from the trenches of the patient experiences - inside and outside of the walls of a HIPAA covered entities

Here’s just one example that translates into an emerging threat for me and my community: if there is no legislation to prevent technology platforms from training AI on sensitive health data on social media in harmful or discriminatory ways, then people are at risk of losing their jobs and their health care. It’s clear that when technology platforms are agnostic to our human rights, we risk lives, and undermine the public’s trust in both the government and health care. 

Regardless of whether emerging tech is developed by a HIPAA covered entity or a tech platform in Silicon Valley, these new health technologies can either create untold benefits or unknown harm. On the side of beneficial tech: AI epidemiologies sent the first early warnings of the Wuhan outbreak. But when in the wrong hands, powerful predictive ML algorithms can be weaponized or used to deny patients jobs, allow health insurers to raise insurance rates, or deny patients coverage and care for pre-existing conditions.  

We must evolve: This is not business as usual.  

Given the legal, medical, and technical expertise of those who shape health policy, it’s not surprising that patients often are not in the room when the laws affecting them are created. Right now patients exist at the very bottom of the health data-sharing food chain, starving for knowledge about our health and a path to learn about our health that simply doesn’t exist outside a 15 minute clinical visit. It is time to work with these expert patients, instead of speaking for patients.  It is time to share power with us, because doing so enables the entire ecosystem to thrive.  

My own community of hereditary cancer previvors and survivors desperately need access to the knowledge that would be disabled by the proposed HHS information blocking rules. Only a few years ago the BRCA genes were patented by the company that performed my own genetic testing, and I have seen firsthand the harm that information blocking caused to people affected by BRCA.

As we debate this week about policy that affects our futures, I hope that tech platform entrepreneurs and EHR vendors will recognize that we can no longer move forward with business as usual. I hope we can stop framing these fights over data as a zero sum fight among data holders. 

Fair representation of our interests is a path to building trust when designing new rules, new technologies that will help us to navigate our uncertain futures. Great frameworks already exist to help guide the way, such as this is a classic resource co-authored by patients and clinicians by the Society For Participatory Medicine in 2007. 

Data Governance Takes A Village

Governance takes a village of stakeholders who share the same goals, and who amplify each other’s expertise, while protecting each other’s vulnerabilities or blind spots. Each patient community is as unique as their condition; they are villages seeking to take part in their own self-governance. Data privacy policies that work for the breast cancer community are going to be very different from those that work for the heart disease community, or the rare disease community. And no one knows those communities better than those of us who share that lived experience of a diagnosis. We will only thrive when we understand how data-sharing impacts privacy needs as a part of this bigger ecosystem.  

A key part of this strategic and thoughtful approach must be building institutional legitimacy for, and data governance driven by, technically well-trained or legally savvy patients. Governance takes leaders who are equipped to understand deep technical and legal concepts. Let’s open pathways for patient leaders as researchers and PI’s on equal footing. Let’s cultivate patient informaticians to turn their lived experiences into solutions

I think an incredible next step for all of us – policymakers, researchers, EHR vendors, health care providers, tech entrepreneurs – would be to commit to fostering leadership and teams that include patients at every step of data governance and policy design. Cultivating patient leaders is a long term investment that will pay off in better teams, better ideas, and ultimately, better health and health care.

If you would like to learn more about the work that we and many other patients are doing to empower our communities through data stewardship, join me.  We’ll be having a film screening at 7pm on Monday night, and meeting with The Light Collective at 10:45am on Tuesday, details here.

Andera Downing. Headshot

Andrea Downing

Co-Founder - The Light Collective

Andrea Downing is a BRCA Community Data Organizer and an ePatient security researcher. Read Bio

Blog comments are restricted to AcademyHealth members only. To add comments, please sign-in.