Big Data, which can be defined as “high-volume, high-velocity and high-variety information assets that demand cost-effective, innovative forms of information processing for enhanced insight and decision making”, has been a hot topic in a variety of disciplines (e.g. computer science, biology, engineering) and sectors (e.g. health, telecommunications, defence) for more than a decade. It has been especially prominent in discussions around healthcare. Will the use of algorithms, machine learning, smartphone apps, and the Internet of Things disrupt provision of healthcare services in a positive way, leading to faster and more accurate diagnoses, more targeted treatments, and even better preventive medicine, which in turn, might reduce our rising healthcare costs? Or, will it lead to negative disruption and societal backlash? These questions necessarily touch on ethical and legal matters of concern. For example, Big Data might wrongly interfere with the privacy rights of individuals. It may wrongly interfere with peoples’ autonomy interests by reducing their opportunity to exercise self-determination or consent to research or healthcare. Or, it may lead to wrongful discrimination of groups of people because their profile is deemed “bad” (e.g. prediction of poor health).
In Big Data, Health Law, and Bioethics, published by Cambridge University Press, four editors (I. Glenn Cohen, Holly Fernandez Lynch, Effy Vayena, and Urs Gasser) have brought together leading law and ethics scholars to contribute 22 comprehensive chapters on a variety of ethical and legal issues in biomedical Big Data. As the editors state in their sharply written introduction, three core themes define the book: 1) the development of a rich phenomenological understanding of the new technologies and their implications for health and society at large (what changes and what remains the same?); 2) how to evaluate the various shifts triggered by technological advancements and form new societal consensus around it?; and 3) what are the best available approaches and instruments to address the challenges and also embrace the opportunities afforded by new technological capabilities such as Big Data the Internet of Things?
This single-volume edited collection is vast (the 22 chapters are divided over seven parts), but it is also rather US-focused. Indeed, only a couple of chapters have an international outlook. Big Data is a transnational issue and a number of the chapters could have been enriched through consideration of the implications of data flows across national borders. Despite this drawback, the chapters are on the whole very well-written. For the purposes of this review, I will select three chapters that I think are especially deserving of praise.
In Chapter 9 (“Avoiding Overregulation in the Medical Internet of Things”), Dov Greenbaum argues that with advancements in mobile health (mHealth) racing far ahead of oversight and regulation, heavy-handed government regulation in this area “is likely impracticable because it is too slow to adequately keep pace with innovation” (p. 129). Given this, he proposes a rather novel innovation: an “industry-agreed-upon, government-sanctioned virtual clearinghouse that can scale as more people look to their smartphones for interaction with the health system. The system is intended to specifically overcome regulatory limitations, as well as even more pressing ethical and legal concerns” (p. 129). Such a third-party clearinghouse (or clearinghouses) could act as “transparent shared interfaces for mHealth data, collecting, tracking, aggregating, and transmitting data to the end user” (p. 139). The clearinghouses could be associated, funded, and/or run by a government, NGO, or multinational organisation that would have the necessary and sufficient levels of trust for this task. The clearinghouses could be regulated by a government agency and “through directing all voluntarily provided patient data through a single or limited number of gateways – could help consumers to keep track of the overwhelming amount of data that they generate and export and warn consumers of any malicious hijacking of those data” (p. 139).
In Chapter 14 (“Is There a Duty to Share Healthcare Data?”), I. Glenn Cohen queries whether those who want data from electronic health records (EHRs) for healthcare improvement purposes (including drug development and monitoring) should be required to obtain the consent of the patients whose EHRs are used (so-called “data sources”). He argues that such use should be permitted without seeking consent in many circumstances. As part of this argument, Cohen makes a case that data sources have a duty to share healthcare data. His two main arguments for this are that 1) healthcare data are not the patient’s property (this depends on being able to achieve a reasonable amount of deidentification and providing recourse for malicious reidentification), and 2) sharing healthcare data fulfils obligations of reciprocity (this requires that those whose data are used have some reasonable chance of benefitting from the use). Cohen argues that a consent requirement should not be imposed for the contribution of EHRs to research and other social endeavours when certain conditions are met. As part of this, he suggests that regional and/or national or research-based “Big Data review boards”, somewhat akin to research ethics committees or institutional review boards, be set up to determine whether such conditions are met.
Finally, in Chapter 12 (“From Individual to Group Privacy in Biomedical Big Data”), Brent Mittelstadt undertakes a more international analysis to consider whether group privacy interests should attach in the context of biomedical Big Data. As he argues: “Algorithmically grouped individuals have a collective interest in the creation of information about the group of actions taken on its behalf. However, a theoretical framework to recognize ad hoc groups as holders of privacy rights does not yet exist” (p. 176). Thus, his chapter examines the feasibility of granting algorithmically assembled (ad hoc) groups a right to privacy. Ultimately, he argues that such a right can and should be recognised and in a way that balances individual privacy rights and the social, commercial, and epistemic benefits of analytics. In a nod to the recently enacted EU General Data Protection Regulation (GDPR), Mittelstadt suggests that Article 22 of the GDPR – which provides data subjects a general right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her – may “prove a turning point for legal recognition of a right to group privacy”, but rightfully adds that “practical implementation of this right will be extremely difficult” (p. 192).
In sum, Big Data, Health Law, and Bioethics offers health lawyers and bioethicists, particularly those situated in the US, a single volume of cutting-edge insight into how law can impact, positively or negatively, the integration of Big Data in the healthcare sphere. And, despite the US focus, readers outside that country can still learn from the core themes that permeate many of the chapters. As the editors state in their introduction, and as becomes clear from the book:
…no single approach or instrument is likely to be a ‘silver bullet’ that solves the myriad challenges or is sufficient to harness the full benefits of the rapidly evolving digital technologies in the health sector. Rather, blended approaches that combine different instruments available in the ‘toolbox’ seem most promising when dealing with both the challenges and opportunities of Big Data and related technologies… (p. 4)
Accordingly, I recommend scholars interested in this topic to consult this volume. The legal and ethical insights offered therein will be of growing importance and use as Big Data becomes further integrated into routine healthcare and healthcare costs continue to rise, be it in the UK or elsewhere, due to an ageing population and under-funded healthcare systems.