Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Also, many companies who deal with medical data, but are say startups but not an actual healthcare provider gets audited for compliance - and it is fairly rigorous and so think of it like a SOX audit, but even further. Some companies have dedicated rooms with limited, tracked, badge access to the machines in that area which are the only machines that can access the data.

So if any breach occurs, access can be tracked to individuals.



So programs are allowed access to the data, provided they are audited?

In my country, one programmer who unfortunately lost his newborn daughter to sepsis decided to make a machine learning program to help doctors diagnose the infection early. The software has access to patient data and it recognizes patterns that match the development of sepsis. It decreased the number of severe sepsis cases per month from 1.5 to 0.5 and cut the waiting time before effective treatment was administered by 60%.

People have told me this sort of system would not have been impossible in the USA because of the HIPAA. Is this true?


These types of programs do exist in most insurance companies in the United States. Predictive analytics against claims and clinical data to do early intervention care management is a common thing here.

That said, the company has to make sure that only the people that have a clinical need to access the data have access. So the developers would probably use a de-identified data set to write and test the program. Only the clinicians (care management and disease management nurses) would have access to the identified data so they can contact the patient to offer care.


Yep - de-identified data is the best way to assure compliance when developing/working-on/dealing with large sensitive data-sets.

that said, compliance audits are pretty strict if they are doing it correctly, and not-so-fun. It will be an interesting world when there is a medical-data-firehose pointed at an AI that is looking at all the available med records to do predictive analytics against an entire population....

We are likely a decade from that.


I think there would be significant challenges to do so. I think this is one of the reasons why google's health care initiatives in the US failed so horrifically and one of the reasons why their deepmind NHS initiative is with the NHS and not someone in the US.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: