By Wendy Netter Epstein and Charlotte Tschider
This May, Google announced a new partnership with national hospital chain HCA Healthcare to consolidate HCA’s digital health data from electronic medical records and medical devices and store it in Google Cloud.
This move is the just the latest of a growing trend — in the first half of this year alone, there have been at least 38 partnerships announced between providers and big tech. Health systems are hoping to leverage the know-how of tech titans to unlock the potential of their treasure troves of data.
Health systems have faltered in achieving this on their own, facing, on the one hand, technical and practical challenges, and, on the other, political and ethical concerns.
Data Woes
First, the technical — the Health Insurance Portability and Accountability Act (HIPAA) required standardization in health data language, and the Health Information Technology for Economic and Clinical Health Act (HITECH) incentivized electronic medical records, both of which were important steps. But the ability to access large, representative data sets has lagged. Without it, applications used in everything from hospital administrative operations, to quality management programs, to diagnostic and treatment protocols, can result in patient safety issues and have discriminatory impacts.
Hospital systems also have to grapple with the challenge of how to consolidate data. Despite the trend of provider consolidation, getting hospitals on the same electronic medical record (EMR) system — even within the same health system — can be extraordinarily costly. AdventHealth, for example, plans to spend $650 million annually in a three-year implementation of EPIC EMR.
Also, even as larger health systems form, fragmentation in the industry still persists. Smaller players have faced difficulties in accessing larger data sets. Their efforts have also been stymied by the technical difficulty of using such systems and from poor coordination between stakeholders.
But the challenge is also a deeper one. HIPAA, the same law that required data standardization, also requires that covered entities commit to minimize data. This ongoing requirement to collect, use, and maintain only what is needed to complete the health care service is at odds with the desire to use analytics and AI to full potential.
In general, there is an undeniable tension between health care providers’ fervent commitment to protect data in the name of patient privacy and their desire to aggregate data to improve care and efficiency — a tension that the now-antiquated HIPAA statute perpetuates. In a world where telehealth, advanced data analytics, and Internet of Health Things are increasingly commonplace, data essentialism requires a balance between privacy protection and technology maximization goals.
Big Tech to the Rescue?
Big tech can help health systems solve some of these technical problems. For larger health systems, tech titans can solve the consolidation problem and create bigger (and often more useful) data sets. It can also provide the technical know-how to organizations beginning their big data journey.
For example, HCA Healthcare has already done some important data-driven work on its own, such as identifying clinical practices to reduce infections. It is hoping that Google can take it to the next level.
According to the two companies, Google will use its AI-enabled solutions to “identify opportunities to improve clinical care” and “to promote quality, safety, and efficiency.”
This announcement follows a similar one two years ago that Google would help Mayo Clinic to “develop a bold, new digital strategy to advance the diagnosis and treatment of disease.”
Microsoft and Amazon are also competing for the health care cloud market.
While these partnerships provide health systems with technological firepower, existential worries remain. And these partnerships could create new problems, as well.
For example, these collaborations raise questions about what big tech will do with this new health information. Big tech already has access to a ridiculous volume of data on consumers. Its data pool is not a pool, it’s an ocean. Giving these companies even more data is a scary prospect. Presumably, Google will only have access to de-identified data, but these data could be combined with other Google data, causing potential privacy and unfairness issues.
Organizations that are not as sophisticated as HCA Healthcare could benefit from these partnerships, and other contractual relationships, but may lack the bargaining power to restrict Google’s data use. Broad arrangements with several health care providers or other health entities — such as insurers or medical device manufacturers and service providers — likely mean that Google will aggregate data across providers for its own use, and could even sell access to the de-identified data.
And none of these arrangements address the need to consolidate data outside a health system or to give smaller hospitals access to big data, goals clearly articulated under HITECH and reintroduced under the 21st Century Cures Act.
While press releases focus on the potential for improved patient care, they don’t discuss the profit motive and what happens when improving patient care and efficiency is at odds with a health system’s or big tech’s bottom line.
The Public Interest in Hospital Data
If the true end goal is to make use of provider data to improve patient care, there are other options to consider.
One possibility is to take big tech out of the equation and make it easier for hospitals to create large, representative data sets on their own. Incentives to diversify the market for EMR providers, for instance, would reduce the cost of platform standardization, so long as products are designed to transmit, store, and provide access to records in a technically interoperable way. Providers might not need, then, to involve Google or Microsoft, so long as their systems effectively work together.
This only takes us so far, though. It doesn’t solve the problems caused by data fragmentation that disproportionately affect smaller market players. A trusted intermediary, such as a health data rights broker that manages access to health data in a variety of locations on any number of platforms, could consolidate seemingly disparate data sets to unify connectivity and enable consolidation between EMR for patients, providers, and researchers, at the election of the patient.
Finally, in the United States’ patchwork, public/private health care delivery system, it is easy to lose track of the public interest that underlies this enterprise — improving patient care. A central mechanism providing access to data that has been independently endorsed as de-identified similarly holds promise for all sorts of progress in patient care, patient outcomes, and efficiency.
The potential for centralized data access and, potentially, storage, is not impossible to realize. On the payer side, for many of the same reasons, 18 states have mandated all-payer claims databases where private and public payers contribute data that can then be accessed to improve health care affordability and efficiency. A centrally aggregated or managed database for providers could similarly improve health outcomes and even health equity without depending on big tech, which might have diverging, primarily commercial, interests.
There are challenges to be sure, both in guaranteeing de-identification and protecting privacy, and in the technical exercise of collecting provider data and making it accessible for analysis. But if the promise of analytics and AI-powered solutions requires access to big, representative data sets, it might be the best path forward.
Wendy Netter Epstein is Professor of Law and Associate Dean of Research and Faculty Professional Development at DePaul College of Law.
Charlotte Tschider is an Assistant Professor at the Loyola University Chicago School of Law.