Every time you visit a doctor, your health information is recorded, stored, and hopefully secured. But who actually owns that data and what stops it from being used in ways you never agreed to?
In many countries, laws protect the privacy and security of healthcare data, and data accessibility is highly regulated. A breach of this data can result in severe penalties from authorities. As a result, healthcare data is often siloed within healthcare organizations, health insurance companies, and government agencies, accessible only for patient care or administrative purposes.
These silos, combined with the outdated legacy systems that were not designed for data sharing and secondary uses like clinical research or AI development, have created major barriers for interoperability and data quality. Although the healthcare sector produces vast amounts of data, limited access to high-quality, usable data has been a persistent challenge for AI adoption in healthcare.
So, many would ask: Rather than letting massive amounts of real-world healthcare data sit unused in silos, why not unlock its potential to train large, multimodal models that can assist healthcare professionals at the point of care, or to accelerate the development of next-generation therapeutics to cure diseases? Couldn’t a free flow of information promote transparency, boost competitiveness, and encourage innovation by reducing information asymmetry in the healthcare industry, then further drive down the cost — all while improving quality and patient outcomes?
That vision comes with a big “if.”
The Foundation of Healthcare: Trust
While the potential benefits of responsibly using health data for innovation are enormous, there is a core principle that must not be overlooked: trust in the patient-doctor relationship. Patients often seek care at their most vulnerable moment. We entrust healthcare professionals with our most private truths in exchange for compassion and remedy. In this regard, healthcare providers have the moral and ethical responsibility to safeguard patients’ secrets and, thus, it is enshrined in the Hippocratic Oath. It is also reflected in how the public feels: A survey from the American Medical Association found that most people believe their health information should not be purchased by corporations or other individuals.
Unauthorized disclosure of identifiable health information — whether from a patient registry, medical claims, or electronic health records — risks eroding this trust. And if we no longer trust our doctors, health organizations, or electronic health record systems, no advancement in AI and health informatics will ever reach its full potential.
The Global Principles Behind Health Information Protection
Across the globe, data protection laws have been built on this very foundation of trust. These laws include:
- HIPAA in the United States
- GDPR in the European Union
- PDPA in Singapore
- And similar regulations in other countries
These regulations share a common principle: Individuals have rights over their health data, while healthcare organizations act as custodians responsible for managing and securing it. These frameworks establish a baseline for data privacy, security, and accountability. They grant individuals’ the right to control their own health information while requiring health organizations and other covered entities to meet the compliance standards, with steep sections for violation.
Dataiku’s Commitment to Health Data Protection
At Dataiku, we understand the regulatory complexities of the healthcare industry and we are committed to helping our customers protect sensitive information and comply with applicable regulations. We offer two options to support customers that work with personal health data:
Dataiku On-Premises Software
With the on-premises option, all data remains within our customer’s infrastructure, and Dataiku has no access to the data. This setup is ideal for entities that already have robust infrastructures and compliance measures in place. Additionally, Dataiku has completed a SOC2 Type II assessment, providing assurance of strong internal controls for data protection.
Dataiku Cloud for Protected Health Information
Consistent with many cloud providers, we prohibit the use of protected health information in our cloud service, Dataiku Cloud. However, certain customers that maintain protected health information (PHI) and are subject to HIPAA may sign Dataiku’s Business Associates Agreement, permitting them to provide PHI to Dataiku Cloud. Our trust and security policy outlines relevant compliance documentation, including our HIPAA compliance report.
Key Takeaways
- Trust is the cornerstone of patient care and protecting personal health data is essential to maintaining it.
- Global regulations like HIPAA, GDPR, and PDPA give individuals ownership of their health information and enforce strong privacy and security standards.
- Dataiku supports responsible AI in healthcare for both on-prem and HIPAA-compliant cloud service.
Disclaimer: The information provided on this website is for general informational purposes only and does not constitute legal advice. You should not take any action based on the information provided without consulting with a qualified legal professional. No attorney-client relationship is created by accessing or using this website. The information on this website may not be current or accurate, and is subject to change without notice.