Panel highlights legal, business side of using human health data in researchPosted on November 2, 2018
In today’s world where information moves at a rapid pace, how do researchers make sure they are following the proper rules, especially when their studies pertain to sensitive information such as health data?
Four panelists and one moderator joined together on Oct. 11 to discuss matters of cyber security, privacy and health data for an Institute for CyberScience (ICS) CyberScience Seminar titled “Digital Human Data Research: Critical Law, Policy, & Business Considerations.”
Speakers included moderator Anne Toomey McKenna, distinguished scholar of cyber law and policy, ICS and Penn State Dickinson Law; Rachel Herder, assistant professor of clinical law, Penn State Law, and director of Penn State’s Intellectual Property Clinic; Tom Sharbaugh, professor of practice, Penn State Law, and director of Penn State’s Entrepreneur Assistance Clinic located in the Happy Valley LaunchBox; Reuben Kraft, Penn State assistant professor of mechanical and biomedical engineering and ICS faculty co-hire; and Ryan Gilmore, technical director, ICS.
Kraft dedicated the seminar to Dylan Thomas, a high school football player from Georgia who died on Sept. 30 of this year due to cardiac arrest from a traumatic head injury. The seminar featured the work of Kraft’s computational simulations on head injury and the privacy and law implications of such studies. Kraft said he would like to see the results of his research — the goal of which is to model potential brain injuries in real time — have a bigger impact. He is developing technology that may one day allow medical professionals to monitor for potential brain injuries in athletes and military personnel in real time.
Taking products to market that rely on individual and aggregated human health data gathered by private industries presents researchers and businesses with challenges. McKenna noted that research conducted using human data requires that the researcher be aware of how that human data was gathered, including whether the initial gathering of the data was legally compliant — gathered with the notice, knowledge and consent of the humans involved. Researchers should also be aware of whether the use of that data in subsequent research is legally appropriate and has the informed consent of participants.
Herder pointed out that the Intellectual Property Clinic, a free resource for Penn State researchers, can help faculty understand issues around copyright of data and technologies. Similarly, Sharbaugh pointed to another free resource, the Entrepreneurial Assistance Clinic and LaunchBox, that will work with researchers to build knowledge around technology transfer — the process of taking products to market — so that researchers can be more confident in their decisions.
Gilmore highlighted the compliance rules that the ICS Advanced CyberInfrastructure (ICS-ACI) follows, which lets researchers worry less about how their data is stored. ICS-ACI meets the National Institute of Standards and Technology (NIST) 800 171 standards and was also given an authority-to-operate certificate by the University, two indications of data compliance and security.
McKenna noted during the panel that sensitive data is being collected continually today via many methods, such as smart watches or other smart wearable devices, smart phones, and more.
“In the process of setting up most of these devices, individuals often unknowingly consent to allowing their data to be collected, sold and distributed third parties — simply by clicking ‘I Agree,’” said McKenna.
The panel illustrated the complex societal, security and individual problems that can flow from such data aggregation by highlighting a case study involving Strava, a mobile fitness tracking app used in conjunction with Fitbits and other wearable devices. To encourage exercise and good health among troops, the Pentagon supplied soldiers with wearable devices, and thousands downloaded and used the Strava app. Strava collects myriad data including physical activity and geolocations.
“When Strava decided to combine satellite heat imagery and its wide array of data about users, the unthinkable happened. When combined with other publicly available satellite imagery, Strava’s heat map accidentally gave away the location of numerous undisclosed, U.S. special operations bases — for all the world to see,” McKenna said.
This is just one of the many concerns facing data privacy, especially when it comes to how data is used and stored. McKenna, Sharbaugh, Herder and Gilmore provided the audience with knowledge and tips for how to continue conducting research and accomplish goals, such as how to take products to market while following laws.
Kraft’s groundbreaking research — tracking brain impacts sustained by athletes and soldiers — illustrates the complex issues that require interdisciplinary collaboration with science and law.
“When looking at this kind of data, someone could argue that human testing is going on. The question becomes, ‘Did these individuals consent?’ and what are the long-term implications for use of this data?” McKenna asked. “Can an employer or health insurance company turn you away due to old data that was collected? Where does the data get stored? Are you meeting compliance requirements? These are all important questions that researchers need to be able to answer.”