Every time you visit a doctor, your health information is recorded, stored, and hopefully secured. But who actually owns that data and what stops it from being used in ways you never agreed to?
In many countries, laws protect the privacy and security of healthcare data, and data accessibility is highly regulated. A breach of this data can result in severe penalties from authorities. As a result, healthcare data is often siloed within healthcare organizations, health insurance companies, and government agencies, accessible only for patient care or administrative purposes.
These silos, combined with the outdated legacy systems that were not designed for data sharing and secondary uses like clinical research or AI development, have created major barriers for interoperability and data quality. Although the healthcare sector produces vast amounts of data, limited access to high-quality, usable data has been a persistent challenge for AI adoption in healthcare.
So, many would ask: Rather than letting massive amounts of real-world healthcare data sit unused in silos, why not unlock its potential to train large, multimodal models that can assist healthcare professionals at the point of care, or to accelerate the development of next-generation therapeutics to cure diseases? Couldn’t a free flow of information promote transparency, boost competitiveness, and encourage innovation by reducing information asymmetry in the healthcare industry, then further drive down the cost — all while improving quality and patient outcomes?
That vision comes with a big “if.”
While the potential benefits of responsibly using health data for innovation are enormous, there is a core principle that must not be overlooked: trust in the patient-doctor relationship. Patients often seek care at their most vulnerable moment. We entrust healthcare professionals with our most private truths in exchange for compassion and remedy. In this regard, healthcare providers have the moral and ethical responsibility to safeguard patients’ secrets and, thus, it is enshrined in the Hippocratic Oath. It is also reflected in how the public feels: A survey from the American Medical Association found that most people believe their health information should not be purchased by corporations or other individuals.
Unauthorized disclosure of identifiable health information — whether from a patient registry, medical claims, or electronic health records — risks eroding this trust. And if we no longer trust our doctors, health organizations, or electronic health record systems, no advancement in AI and health informatics will ever reach its full potential.
Across the globe, data protection laws have been built on this very foundation of trust. These laws include:
These regulations share a common principle: Individuals have rights over their health data, while healthcare organizations act as custodians responsible for managing and securing it. These frameworks establish a baseline for data privacy, security, and accountability. They grant individuals’ the right to control their own health information while requiring health organizations and other covered entities to meet the compliance standards, with steep sections for violation.
At Dataiku, we understand the regulatory complexities of the healthcare industry and we are committed to helping our customers protect sensitive information and comply with applicable regulations. We offer two options to support customers that work with personal health data:
With the on-premises option, all data remains within our customer’s infrastructure, and Dataiku has no access to the data. This setup is ideal for entities that already have robust infrastructures and compliance measures in place. Additionally, Dataiku has completed a SOC2 Type II assessment, providing assurance of strong internal controls for data protection.
Consistent with many cloud providers, we prohibit the use of protected health information in our cloud service, Dataiku Cloud. However, certain customers that maintain protected health information (PHI) and are subject to HIPAA may sign Dataiku’s Business Associates Agreement, permitting them to provide PHI to Dataiku Cloud. Our trust and security policy outlines relevant compliance documentation, including our HIPAA compliance report.
Disclaimer: The information provided on this website is for general informational purposes only and does not constitute legal advice. You should not take any action based on the information provided without consulting with a qualified legal professional. No attorney-client relationship is created by accessing or using this website. The information on this website may not be current or accurate, and is subject to change without notice.