Hospitals are collecting more data than ever before, and that data is extremely valuable. Should they let digital health partners use de-identified patient data to improve their AI models? Should they leverage data as an asset in future deals?
Many health system C-suite teams are mulling these questions as the data piles up.
“The biggest challenge we have today as technology has evolved for us, it has also evolved for our partners and most of the solutions that used to live within the four walls of our hospital system now live in the cloud. It’s platform-as-a-service,” said Jawad Khan, vice president of enterprise analytics at Akron (Ohio) Children’s Hospital, during a session at the Becker’s 15th Annual Meeting in April. “What that essentially does is it takes the data out of our control and into the partners’ control. There are contracts in place, there is insurance in place, but we don’t have access to the data anymore, or we lose control of the data in a true sense of how we should manage the data if it’s an asset.”
Mr. Khan said the hospital contracts with partners to protect the PHI with consequences built in if the protection fails. The hospital also purchased insurance to protect the data separate from the vendor contract. The hospital now is approaching analytics and data in new solution evaluation. Containerization is possible with new vendors bringing in technology.
“Can you bring your technology or analytics to our data as opposed to us sending our data to you? Because it’s an asset we want to be able to protect it,” said Mr. Khan. “That’s a very important discussion we are having, and we’re seeing that more and more people that used to sell the technology platform as a service are now able to containerize those technologies and bring it to our data. That does two things: one, obviously protects the data. Two, it unleashes the power of data because you can bring more data to play as opposed to a sliver of data that you were sending to the partner.”
The right partner will be excited about the possibilities, said Mr. Khan.
Donna Roach, CIO of University of Utah Health in Salt Lake City, also brings in the compliance and legal team early to ensure the contracts are written favorably. Early on, she said the compliance teams were coming to her asking her advice about data protection; she wanted their interpretation.
“We did a lot of education together with compliance and legal to start to look at components of the deal. Beyond the [business associates agreement], this is around whether the companies can use our data to train large language models or improve our data set. What we had to really understand is what we wanted in the contract,” she said. “We had to work with the vendor and look at risk profiling with different vendors to make certain that the new vendor was someone we wanted to partner with.”
The compliance leaders who trained with Ms. Roach are on the health system’s AI committees in the hospital, clinic and university to help inform the strategy and next steps.
“Rather than feeling deficient in what we knew, they really have come along and that took about 18 months to curate and get them going,” she said. “Now they’re constantly asking for more.”
