Your #BigData Assumptions May Be Flat-Out Wrong

23 Jun

 

It’s an article of faith in healthcare circles that leveraging big data stores can improve patient care. But what if this cherished assumption is flat-out wrong?

A new study published in the Proceedings of the National Academy of Sciences suggests that big data number-crunching might actually undermine providers’ ability to improve patient health.

To conduct the study, researchers from UC Berkeley, Drexel University and the University of Groningen compared data collected on hundreds of people, including both individuals with psychiatric disorders and healthy individuals. They found that group results didn’t capture some wide variations in symptoms from person to person.

Researchers concluded that big data analyses are a poor substitute for working with individuals, noting that these analyses are “worryingly imprecise” and that the variance between individuals is four times larger than those captured by big data. In other words, it concludes that big data analyses minimize differences between patients dramatically.

The authors said that it doesn’t work to generalize conclusions about individuals, whose emotions, behavior and physiology can vary greatly.

“Diseases, mental disorders, emotions, and behaviors are expressed within individual people, over time,” said study lead author Aaron Fisher, an assistant professor of psychology at UC Berkeley in a prepared statement. “A snapshot of many people at one moment in time can’t capture these phenomena.”

At this point, you’re probably thinking that this is terrible news. But Fisher believes that there are practical ways to address the problem. “Modern technologies allow us to collect many observations per person relatively easily, and modern computing makes the analysis of these data [points]  possible in ways that were not possible in the past,” Fisher said.

I don’t know about you, but I doubt that gathering loads of individual patient data will be as easy as Fisher suggests. Our current methods for documenting patient encounters in EHRs already impose significant burdens on physicians. Asking them to do more probably won’t fly, at least for the near term.

Not only that, there’s the question of how to work with this new data. We’d all like to see patients get highly individualized care, but current systems used by providers probably aren’t up to the task just yet.

I guess the bottom line here is that while Fisher et al are on to something, it will probably be a long time before healthcare organizations get there. In the meantime, it’s good to see that researchers are challenging our assumptions and keeping us on our toes.

Read More
share on Twitter Like Your Big Data Assumptions May Be Flat-Out Wrong on Facebook

MD Anderson Fined $4.3 Million For HIPAA Violations

Jun 21, 2018 02:10 pm

An administrative law judge has ruled that MD Anderson Cancer Center must pay $4.3 million to the HHS Office of Civil Rights due to multiple HIPAA violations. This is the fourth largest penalty ever awarded to OCR.

OCR kicked off an investigation of MD Anderson in the wake of three separate data breach reports in 2012 and 2013. One of the breaches sprung from the theft of an unencrypted laptop from the home of an MD Anderson employee. The other two involved the loss of unencrypted USB thumb drives which held protected health information on over 33,500 patients.

Maybe — just maybe — MD Anderson could’ve gotten away with this or paid a much smaller fine. But given the circumstances, it was not going to get away that easily.

OCR found that while the organization had written encryption policies going back to 2006, it wasn’t following them that closely. What’s more, MD Anderson’s own risk analyses had found that a lack of device-level encryption could threaten the security of ePHI.

Adding insult to injury, MD Anderson didn’t begin to adopt enterprise-wide security technology until 2011. Also, it didn’t take action to encrypt data on its devices containing ePHI during the period between March 2011 and January 2013.

In defending itself, the organization argued that it was not obligated to encrypt data on its devices. It also claimed that the ePHI which was breached was for research, which meant that it was not subject to HIPAA penalties. In addition, its attorneys argued that the penalties accrued to OCR were unreasonable.

The administrative law judge wasn’t buying it. In fact, the judge took an axe to its arguments, saying that MD Anderson’s “dilatory conduct is shocking given the high risk to its patients resulting from the unauthorized disclosure of ePHI,” noting that its leaders “not only recognized, but [also] restated many times.” That’s strong language, the like of which I’ve never seen in HIPAA cases before.

You won’t be surprised to learn that the administrative law judge agreed to OCR’s sanctions, which included penalties for each day of MD Anderson’s lack of HIPAA compliance and for each record of individuals breached.

All I can say is wow. Could the Cancer Center’s leaders possibly have more chutzpah? It’s bad enough to have patient data breached three times. Defending yourself by essentially saying it was no big deal is even worse. If I were the judge I would’ve thrown the book at them too.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: