by Min Ju Lee | Photo Credits: HKU Centre for Medical Ethics and Law | May 24, 2014

Hong Kong – You might not remember what your cholesterol level was in 2009, but the National Security Agency might. And you won’t be able to sue your doctor for it.

In a seminar held by the University of Hong Kong Centre for Medical Ethics and Law, Director of Centre of Genomics and Policy Bartha M. Knoppers urged fellow authorities in medical ethics to beware of challenges new data technologies pose to doctor-patient confidentiality.

Bartha explains at HKU what should be done to minimize the risks of using the cloud for medical research. Read more about Bartha here.

Digitization of medical research

Modern biomedical research is often international and collaborative. Its data combines medical, demographic, genetic and environmental factors. Computations of such data require the use cloud computing due to its sheer size and complexity.

Numbers of pan-cancer analysis use public commercial cloud providers such as Google and Microsoft because it’s lower in cost, more environmentally friendly, and accessible remotely.

To ensure the privacy of participants-patients while maintaining efficiency, one may use a Hybrid Cloud, where sensitive workloads are processed in a private cloud infrastructure while less sensitive workloads are run in a public cloud infrastructure.

Big Data and Big Brother

Big Data analysis is a recent phenomenon with its terms of service still underdeveloped. Current legal regulations in computing medical Big Data in the ‘clouds’ are as nebulous as a literal cloud.

In Canada, where Bartha Knoppers serves as a chair at McGill University, the government enacted a general law outlining how personal medical data should be collected, used and if necessary, disclosed. Legal precedents favor personal privacy over competing legislations. It does not interfere with, however: Law of evidence, Power of a court of tribunal to compel testimony or regulatory activities of a body of a health profession or social workers.

“There is no contract that prevents governments from encroaching into our data. You’re not totally protected,” said the speaker.

Catch me if you can

The cloud servers cross borders and hence national jurisdiction. A Canadian citizen’s medical privacy cannot be protected by Canadian laws if his or her data is flown across the Atlantic Ocean and computed in a server located in Munich.

“It will take five years or more to create a governance system that is internationally recognized and capable of handling the terms of service,” she said. Meanwhile, the presentation offered a few advices to follow before signing a medical consent form: 1. Ensure that you can retrieve your genomic data 2. Clarify the terms of usage 3. Keep a mirror copy.

She referenced the Edward Snowden scandal as a wake up call. “We don’t fully understand the power and utility of the system… Researchers need to keep wary when they are bargaining with these giants.”