Two stories today on agencies sharing data:
1. FDA, Defense Department Share Data to Enhance Medical Product Safety Reviews
2. DOD and VA open a new medical data spigot
In both cases there are clear advantages to sharing the data. In the case of the FDA, they can get access to much larger pools of results on clinical trials and actual use of drugs and medical devices; in the case of the DOD/VA share, doctors will be able to get a better picture of their patients’ overall health and care since the VA and DOD populations overlap substantially. One obvious advantage would be the ability to prevent bad drug interactions because doctors would know everything prescribed to their patients.
Differences in the two sharing projects are that the first will be designed as a shared structure from the ground up while the DOD/VA project will work with pre-existing systems. Initially, the VA/DOD systems will not be fully compatible across software, but in time the Bidirectional Health Information Exchange (BHIE) program will evolve into Clinical Data Repository/Health Data Repository (CHDR) which will allow direct input/querying/reporting of health data.
I think we can assume that breaches of patient data will occur, especially as the data is restructured and/or designed from the beginning to facilitate interoperability. After all, one of the agencies above is the VA. So, are the benefits (well-described data is also more easily published and potentially more easily located data) worth the risk of leaked patient data?
Many, many people take multiple medications every day – some which interact, some which have detrimental effects that only become apparent after usage in groups far larger than those included in clinical trials. At the same time, data is lost on a regular basis by many agencies (see GAO’s Personal Information: Data Breaches…). Yet, evidence of actual harm from data breaches is limited (although GAO notes that absence of evidence doesn’t equal evidence of absence). The GAO report on Personal Information says
For example, more than 570 data breaches were reported in the news media from January 2005 through December 2006, according to lists maintained by private groups that track reports of breaches. … The extent to which data breaches have resulted in identity theft is not well known, largely because of the difficulty of determining the source of the data used to commit identity theft. However, available data and interviews with researchers, law enforcement officials, and industry representatives indicated that most breaches have not resulted in detected incidents of identity theft, particularly the unauthorized creation of new accounts. For example, in reviewing the 24 largest breaches reported in the media from January 2000 through June 2005, GAO found that 3 included evidence of resulting fraud on existing accounts and 1 included evidence of unauthorized creation of new accounts. For 18 of the breaches, no clear evidence had been uncovered linking them to identity theft; and for the remaining 2, there was not sufficient information to make a determination.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.