Data as currency: Big Healthcare Data

“Data is the new currency. A company can control it as if they owned it, but data cannot currently be subject to ownership in any of the major jurisdictions around the globe. How can your company control Big Healthcare Data without the luxury of traditional ownership?”

Big Healthcare Data, or BHD, as a concept spans a large spectrum of different types of data and sources, including:

• data collected from studies of non-human entities in labs, such as animals, plats, and microorganisms;

• data generated through digital profiling of patients online through social media;[1]

• data generated through consumer genetic services such as ‘23 and me’ or ancestry.com;[2]

• data derived from clinical studies on various human populations; and

• data obtained from sites of diagnosis such as hospitals practices.[3]

The different types of data mentioned vary greatly not only in their format, target and origin but also in the methods, goals and assumptions used by the creator. The individuals or organizations creating the data can often have non-overlapping or conflicting definitions as to what constitutes good, reliable and significant data.

The diversity of data requires technological solutions and data-intensive processes of storage, distribution, visualization and analysis which can handle the large variety to satisfy the full potential of BHD analytics. This characteristic is shared with many different fields in which Big Data have potential uses but is, nonetheless, one of the most pressing problems within BHD. Thus, it is also of utmost importance to capture the flexibility with which computational models and infrastructure architectures are being applied to very different situations and problems. An example of good practice would be the high levels of standardization and automation of data-related processes used within the rather well progressed field of BHD use in genomics and the biomedical fields. Within this field the high standardization grade has enabled the construction of complex data pipelines, which transfer, modify, analyze and share in turn the data across numerous different contexts and through several networked data infrastructures. For example, the Cancer Genome Atlas (TCGA) is a database consisting of identified genetic mutations that is used to feed other databases such as the Catalogue of Somatic Mutations in Cancer (COSMIC) that in turn enriches the information from the TCGA with functional interpretations sourced from published literature and panel studies – which in itself requires data mining and professional consultation from another set of databases or data sources. This enriched information, driven by the use of BHD, then provides data to labs and interpretations services that offer first or second opinions to customers taking genome sequencing tests.[4]

The broad adoption of these types of chains of data processing and enrichment are crucial for the development and progress of life-science and MedTech but also for society as a whole due to the huge potential for early detection of deadly yet preventable diseases. The progress of the area is currently hampered by the lack of facilitating regulation.[5] There is a vast amount of regulations that can have an impact on the control of data to be used in BHD, from the fundamental intellectual property rights and GDPR to patient data protection regulation. However, all of them are more or less ill-suited for the modern use cases of using data as an asset, or even fuel, within areas such as BHD. The actors within the industry currently must navigate through legally unclear and uncertain terrain, which potentially hampers their will to share and innovate. This uncertainty is mainly derived from the fact that it is impossible to claim ownership of data. A company can control it as if they owned it, but data cannot currently be subject to ownership in any of the major jurisdictions around the globe. In the EU, the GDPR introduced precursor to data ownership but still not ownership in the proper sense of real property.

How then should an actor within the BHD industry approach legal issues and control of the data? Despite the complexity with an abundance of aspects to dealing with data, a good way to start is to identify what type of data your company uses. Audit your data by asking:

• Will the data be subject to privacy regulations, such as the GDPR?

• Will it be subject to patient data protection regulation?

• Is the data free of these encumbrances?

• Will you be able to protect the data through the European Sui Generis database protection?

Adapt your company’s approach based on the answers to these questions. Regardless of the results of your data audit, you will need to find a way to control the data you need without actually being able to legally claim ownership of it.

How do you control data without actually owning it? Data, even though not qualified as property, can be protected in principle by two legal instruments: as trade secrets or with robust contractual obligations. Trade secrets is a flexible legal protection method that fits those BHD actors who solely act within a small confined network of data gatherers, processors and refiners. A prerequisite to gain trade secret protection for any kind of information, data included, is that it is kept somewhat secret from the general public. This requirement of confidentiality poses a challenge in the BHD industry where the network of actors is very vast.

The industry is characterized by the large number of different types of actors within its value chain.[6] The actors range from internet service providers and infrastructure providers, data providers and data brokers, the data subjects themselves, analysts to even the general public. All these actors are essential within the data value cycle. The sheer number of essential actors creates a situation where trade secrets, although valid, are a sub-optimal solution to your data control problem. Therefore, even though it might seem like a good idea to protect your data or data sets through trade secrets, it has not been widely adopted by the modern Big Data industry as the principle legal mechanism to protect data.

Another way to control your data is through contractual obligations by binding all your collaborative partners contractually. Protecting your data with contracts is a less fragile way compared to using trade secrets, which by definition rely on confidentiality to protect the data asset. Contracts as a protection mechanism are unlikely to hinder innovation and sharing, unlike with trade secrets. Trade secrets derive their value from the secrecy whereas the value of data to the actors in the field lies in the ability to share analyzed and standardized data sets. Actors are therefore compensated for managing, maintaining but more importantly, making Big Data available.

The fragility of trade secrets and the lack of traditionally tailored legal mechanisms underlines how important it is to properly plan and structure your company’s contracts. Your carefully drafted contracts may be the only control mechanism you have to control your most and sometimes only valuable corporate asset – data. Let us help your company analyze, structure and create the control mechanisms needed within your data driven business.

[1] Kallinikos & Tempini (2014)
[2] Lucivero & Prainsack (2015), as well as Prainsack & Vayena (2013)
[3] Harris, Kelly, & Wyatt (2016)
[4] Forbes et al. 2011; Cambrosio et al. 2016; An et al. 2014; Ramos et al. 2015; Greshake et al. 2014; Cerami et al. 2012
[5] Widén Einarsson (2019), Controlling Data - The Legal System’s Fit in a Modern Economy
[6] OECD (2015), Data-driven Innovation: Big Data for Growth and Well-being, OECD Publishing, p. 195