The Risks, Challenges, And Rewards Of Ensuring Medical Data Privacy

Greg McStravick

In the third of a three-part series on how technology is transforming healthcare, Greg McStravick, GM and Global Head, SAP Platform GTM, takes a look at the very real issue of medical data privacy and the risks of stockpiling high-value and highly personal data. While personalized medicine holds great promise, the hazards associated with extensive medical data stores are real. Find out more about technology and healthcare challenges and opportunities in parts one and two.

  • Part 1: Personalized Medicine – Real Opportunities – And Real Challenges For Doctors
  • Part 2: Personalized Medicine and Big Data: Opportunities And Pitfalls Of IT Innovation

Personalized medicine and the privacy risk

The use of genomic data to personalize healthcare takes many forms, involves multiple types of genetic information, and introduces varying levels of privacy risk. Most people agree that the goals of personalized medicine are noble: to customize healthcare such that all medical decisions, practices, and products can be tailored to the individual patient. To reap such benefits, however, researchers and medical providers must collect and analyze a patient’s genome along with other extensive molecular or cellular analysis. This necessitates gathering and storing personalized information including clinical, research, personal medical, social, and genomic data. The challenge with large stores of personalized medical data: the stores themselves become a target, for the same reason that retailers and banks – organizations holding a wealth of financial and personal data – often find their names in the headlines after their data has been hacked.

The inherent risk of stockpiling high-value data

Centralized databases of high-value information are ideal targets for hackers – and the concentrated, in-depth medical records required for personalized medicine are no exception. Personalized medicine, with its abundance of genomic profiles, biomedical measurements, and associated social and cultural factors, is an ideal candidate for data manipulation – and exploitation. So, yes, data privacy and security are real concerns. But does that imply that we shouldn’t move forward with personalized medicine? We must – but we need to do so in a thoughtful manner, one that applies best practices from other industries and uses safeguards to help minimize risk, while allowing the medical benefits to flourish.

The perception of privacy

Some argue that today personal privacy is just an illusion. Think about the apps on your phone that continually track your location, shopping habits, and communications. Every electronic transition is recorded. Every online keystroke, recorded. Highway FastPasses track your car’s movements. Millennials, having grown up with such technologies, see privacy as more theoretical than actual and tend to more easily accept tradeoffs between privacy and convenience. Therefore, it’s no surprise that they’re more likely than older generations to approve of sharing general health data. However, many in older generations still hold personal privacy as a core value, making them, as a group, less comfortable with sharing personal records beyond the primary care physician.

While most people feel comfortable with primary care doctors reviewing their medical history and information, they’re likely to react less positively to the idea of others – from employers to insurance companies to malicious hackers – accessing the same information. One safeguard that could help control access levels by user and situation is tiered privacy. A patient’s local medical clinic might be able to access his or her entire medical record, while a prospective insurer or national health information exchange would receive only generic, anonymized data.

One of the biggest challenges to data privacy is the lack of absolutes. Each individual perceives privacy differently, and our perceptions change with time and circumstance. No data is inherently private just because it discloses genetic information. Our laws, practices, and privacy technology must catch up to our needs, and the decisions they embody must be both sensitive and practical.

A thoughtful approach

Personalized medicine holds great promise, but the risk associated with extensive medical data stores is real. We need to develop deeply considered, pragmatic guidelines and robust technologies that determine how personal medical information is stored, accessed, and processed. We should make the most of established data privacy best practices and knowledge from other industries – such as governmental bodies and financial institutions. Ideally, a clear set of privacy guidelines and security rules will adequately safeguard and protect all personally identifiable medical data, while still allowing the flow of information needed for high-quality population-based testing, diagnosis, and treatment. The SAP Foundation for Health, for example, offers a secure technology platform that can scale to handle massive amounts of data – and a partner with experience in secure handling of sensitive data.

Balancing data privacy and healthcare advancements

The big question here is: how do we protect our genetic privacy and avoid any form of genetic discrimination, while still supporting critical health research and advancements?

Learn More About SAP Foundation for Health and Personalized Medicine

SAP is passionate about creating transformative technology that can advance healthcare. The SAP Foundation for Health includes a sophisticated platform and advanced analytic solutions that can help unlock the value of biomedical data – from genomes to electronic medical records to clinical trials. Supporting deeper insights and enabling collaboration, SAP Foundation for Health helps connect data silos and bring together mission-critical biomedical data, advancing personalized medicine to new levels.

Visit SAP at #HIMSS16 Booth #5828 February 29-March 4 to learn more, or continue the discussion on Twitter @SAP_Healthcare.


Greg McStravick

About Greg McStravick

Greg McStravick is the president of Database and Data Management at SAP, leading development and go-to-market teams for SAP’s core digital innovation platform, SAP HANA, and databases (including SAP ASE and SAP IQ), enterprise information management, middleware, and SAP Vora. Formerly, Greg led the go-to-market teams and strategy for some of SAP’s largest and fastest-growing businesses, including the SAP HANA platform, analytics, database, and SAP Cloud Platform. With more than 20 years of progressive experience as a leader in technology solution sales management and strategy, Greg has held senior leadership positions throughout SAP, including president (U.S.), where he was responsible for driving customer success and developing new opportunities for SAP to expand its business across the entire U.S. region.