Protecting Patient Data

If knowledge is power, big data has made us a lot more powerful in recent years. But there’s a flipside to the progress in data collection and analytics, and that’s the concern about privacy. Recent highly publicized leaks and misuses of data have made consumers leery to trust anyone with their information, and regulators are also starting to recognize the need to protect us from overly intrusive behavior by governments, corporations, and individuals. In this environment, what’s the right way forward in pharma marketing and patient education?

It’s night, somewhere in suburban America, and through the blinds of a window there’s a weak blueish sheen of light—it’s Sandy, sitting at her computer trying to connect with others who live with the disease she had been diagnosed with earlier that day. She bounces from various disease education websites, fills out online forms to join communities, finds relevant Facebook groups, and is positively overwhelmed to have been interacting that same night with people who understand the predicament she’s in. It gives her hope. But when Sandy goes to bed, she feels anxious. “What if people find out about my diagnosis who have no business knowing about it? What if my friends and family find out? Or my employer?” She isn’t prepared to disclose this information to everyone and wonders if she created a trail of data that can come back to haunt her.

Who could blame Sandy for being worried to share anything with anybody? Health insurance companies have been hacked in the past. Banks as well. Consumer credit reporting firms. And government agencies are also known to have crossed the line of permissible and ethical data gathering on a number of occasions. On top of that, there’s Facebook, a company built entirely on data, attracting other companies that make it their business model to harvest and monetize that same data, for essentially any purpose—from relatively harmless statistics and market research to intrusive targeted advertising, all the way to divisive political manipulation. In the age of big data, Sandy doesn’t need to pay with money for access to content and connection, she pays with her personal data. The money part of the transaction comes later—from those who can do something with it.

The Most Sensitive Personal Data

There’s nothing inherently wrong with exchanging support and information for support and information—as long as you can trust that your data is handled properly, with due care and restraint. Europe has been leading the way in establishing rules around how data may be used, inventing concepts such as the “right to be forgotten.” Now, the European Union has enacted the General Data Protection Regulation, more widely known as GDPR, to better codify and enforce the previously disparate piecemeal regulations. The GDPR is the most comprehensive piece of legislation ever written to protect people’s privacy, and it will have spillover effects on companies outside of the EU. Most immediately, due to the international reach of the internet, this law will impact how companies handle individuals’ privacy on their web properties. Businesses are scrambling to be compliant with the demands of the GDPR, as the financial consequences for violations are severe. The stakes have never been higher.

But concern about people’s privacy is not a European peculiarity. Other jurisdictions are likely to eventually follow suit, including the U.S. As the online space takes on an ever-greater role in our lives, it becomes incumbent on all of us to be mindful consumers ourselves, and as marketers, to be mindful of the data others entrust with us. Healthcare marketers by definition handle some of the most sensitive individual data there is: Information about people’s health. That is a big responsibility. Consumers will do their due diligence on who they’re willing to cooperate with, not least based on our reputation in how we’re handling private data. That’s why it’s not just a regulatory necessity to comply with the GDPR and similar laws—it’s a matter of best practice, of being good stewards of people who are in a vulnerable position. We’re often dealing with people who depend on us, whose trust we need to earn and constantly maintain.

The New Global Benchmark

So, are you getting explicit, informed consent to store people’s data? Are you renewing that consent on a regular basis, and purging old data when the consent period has expired? Is the data you have the minimum for conducting business or does it go beyond that level of detail? Are your vendors held to a standard representative of your company? Complying with the strictest data protection regulations in history means changing the way the vast majority of businesses do business. That’s a big ask, and many companies are going to get burned because they didn’t put into action the necessary safeguards in time to be prepared. Even if the U.S. does not by law require the same stringent measures, American consumers will start to expect them to be taken anyway, so the threat of fines from overseas is only one reason to be proactive.

At the end of the day, today’s data-focused economy presents ample opportunity for all of us to make the lives of patients better. Now that we’ve all seen the excesses that companies have gone to in terms of the mismanagement of data, individuals will increasingly hold us to a higher standard. The time has come to steer the ship in a direction where the benefits of technological progress can still be realized while the negatives can be minimized. And as stewards of some of the most personal and sensitive information, the responsibility is on us to be at the forefront of this effort. Too much is on the line for patients and for industry to be passive. So ask the tough questions about data management—of yourself first and of any parties who represent your company.

Sandy is glad she took the leap of faith and connected with others in her situation. She realized providing some information to the makers of her treatment was worth it in return for the personalized information and support she received. And over time, she knew she could trust this company as a responsible keeper of her information. Sandy realized that she had a lot more to gain from sharing some of her most private information than she had to lose, which is why, year after year, she decided to renew her consent for the pharma company to manage her data.

  • Robert Jones

    Robert Jones is Vice President, Client Services at Snow Companies. Robert is an up-and-coming leader in the space of patient engagement, approaching a decade of experience at the heart of the industry-defining agency Snow Companies.


You May Also Like