'Big data' is revolutionising approaches in all major industries, including the health sector, but Australia's current privacy framework lacks flexibility, and there is insufficient guidance to support compliance. Associate Nick Li looks at the challenges in improving patient care and research outcomes through big data in the healthcare and pharmaceutical sectors.
The data revolution
The healthcare and pharmaceutical industries have been actively gearing themselves for the data revolution for some time. This isn't surprising, as the potential benefits offered by big data analytics are substantial, including:
- using aggregated de-identified data from multiple clinical studies to identify new treatments and therapies;
- data-matching to create tailored treatments and improve patient care;
- analysis of real -time patient data to monitor the safety and efficacy of treatments, including the occurrence of adverse events, and
- analysis of consumer and market data to inform strategic and marketing decisions.
Accordingly, there exists a strong commercial incentive for businesses within the pharmaceutical and healthcare sectors to leverage their data. Leveraging health and clinical data is also in the public interest of improving patient care and access to effective treatments.
There is no authoritative definition of what constitutes 'big data', but it is commonly accepted that it relates to high-volume, high-velocity and/or high-variety information assets that require new and innovative processing to reveal insights.
With big data comes big challenges. Taking privacy law as an example, Australia has long been grappling with the right regulatory balance. The collection, use and disclosure of personal information is regulated by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), under which consent is generally required for the collection, disclosure and use of health information, although other Commonwealth, state and territory privacy and health information laws can also apply. The consent sought must be current, specific, informed and voluntarily given. The consent can also be withdrawn at any time, at which point the entity must cease using the relevant information. The challenge is that it can be difficult to obtain specific consents where the data may be used for multiple (secondary) purposes, not all of which are apparent at the time information is collected. One solution to this problem may be to expand the scope of the permitted health situation exceptions under the current Privacy Act. An alternative would be for the legislation to permit 'bundled' consents (ie consents for multiple purposes) in some carefully-considered circumstances. It is in Australia's interests to shift to a privacy framework that facilitates data sharing.
Businesses would also benefit from further guidance to assist compliance. For example, when is personal information considered sufficiently de-identified? At what stage is de-identified information considered re-identified? If seemingly trivial personal information is subsequently re-identified (eg pet ownership status), should consent be sought from the person on each occurrence, or could this be captured by a single consent from the outset?
Leveraging data analytics in the health sector can mutually benefit businesses and the public, but legislative reform and further practical guidance are needed in Australia to enable the health sector to reap the benefits of big data.