I recently attended a terrific panel event on Big Data in health care sponsored by a Philadelphia-based technology networking group. "Big Data" refers to "data of sufficient volume, complexity, or velocity that it exceeds the capability of conventional current technology or methodology to process or analyze" it.1 According to IBM, "Every day, we create 2.5 quintillion bytes of data — so much that 90% of the data in the world today has been created in the last two years alone." 2 Because data is everywhere – in storage, on servers, on private computing devices, in transmission – the opportunities to cull, query, and learn from Big Data are endless. In healthcare, Big Data opens up possibilities in population health, research, personalized medicine, patient education, and advertising. Indeed, the exploration of Big Data is one of the key drivers of healthcare reform.

The panelists at the event offered a sampling of the diverse uses for Big Data: one speaker has developed a sophisticated cognitive computing solution to bring human reasoning to the analytics process; another mines open chat rooms and other sources to find trends in consumer attitudes with respect to specific diseases and treatment options; and a third offers predictive software for risk stratifying patients at admission to anticipate post-discharge needs and reduce readmissions. Another speaker, an analyst for a financial services company, addressed the enormous investment opportunities in electronic health records applications and the data residing in these records. But surprisingly, none of the panelists addressed privacy and security.

Most of us are familiar with HIPAA, the law passed in 1996 to protect personal protected health information (PHI). The HIPAA Privacy Rule safeguards the rights of individuals to control their PHI through notice, consent, access, and other tools. It prohibits the sale of PHI without patient authorization and restricts many uses of PHI for marketing purposes. The HIPAA Security Rule imposes standards to ensure the privacy and integrity of PHI through, for instance, the use of passwords, audits, disaster recovery, and encryption. The Security Rule also imposes extensive (and expensive) notice and other obligations when data is breached. There is a safe harbor for data that has been secured to specific government standards.

To read the full version of this article, please visit the Wharton Healthcare website.

Disclaimer: This Alert has been prepared and published for informational purposes only and is not offered, nor should be construed, as legal advice. For more information, please see the firm's full disclaimer.