Will Data Science in Healthcare Overcome Its Many Roadblocks?

The potential for AI development to transform global healthcare culture from one of 'reactive disaster management' to one of 'prevention and early intervention' through predictive systems has become clear over the last ten years. The potential benefits remain compelling^1,2, with the healthcare AI market forecast recently to reach US$51.3 billion by 2027³.  

Possible applications and developments include:

• Automation of medical imaging analysis⁴.

• Identification of molecular biomarkers for disease, without biopsies, from simple fluid samples⁵.

• Predictive health analytics (PHA) powering AI-based home monitoring systems^6,7 for terminal and high-risk patients (a group representing just 5% of patients but 60% of healthcare costs in the US⁸).
• Drug discovery, including prediction, design and drug-target interaction (DTI) phases⁹.

• Machine-driven analysis and logistical strategies for co-morbidities in chronic disease management (CDM)¹⁰.
• Clinical trials for the identification of suitable candidates¹¹; for the identification of biologics¹² (large biological molecules) that may contribute to drug evolution for trials; and for ROI analysis¹³.

• New machine learning insights and applications related to epidemiology, including statistical prediction models¹⁴ and containment¹⁵.
• The use of AI input for virtual, augmented and mixed reality (VAMR) in healthcare research, monitoring and palliative care¹⁶, as well as for adding an 'informed' VR layer to telesurgery procedures¹⁷.
• AI in genomics research^18,19.
• AI-informed chatbots and engagement systems in the telehealth sector²⁰. 

Systems and applications like this require access to patient data — perhaps the most politically and socially volatile topic in debates over the future of data science and machine learning. Since this represents a major impediment to progress²¹, and since it tends to dominate the discourse, let's examine the obstacles, and consider possible remedies.

Public ambivalence and consumer fears^52,53 regarding the growing digitization and sharing of health data center mainly on the possibility that health insurance companies will somehow obtain privileged patient information in order to raise costs for coverage against particular conditions or pre-existing genetic markers in individual patients — or even for broader geographical swathes of patients, where research identifies specific health issues in a neighborhood, town or state^54,55,56.

While insurance rate increases can be explained and justified with actuarial tables, the black-box nature of machine learning presents a novel legal obstacle.

Healthcare companies are rising to this challenge: a new study⁵⁷ from the US uses the Python package SHAP to break down the logic of healthcare premium price rises that are calculated with machine learning methods.

Another machine learning project⁵⁸ can also demonstrably identify potential high-cost claimants (HiCCs) at a 91% accuracy by scraping publicly available data in an explicable and accountable fashion.  

That healthcare insurance providers are keen to switch from actuarial to user-specific data, and that they are willing to use data mining and other oblique techniques to justify increased premiums, has become clear in recent years.

For instance, it was revealed in 2014 that patient information in the UK was repeatedly sold to 178 private health insurance companies⁵⁹, leading to a change in the law⁶⁰ but also long-term financial implications for those affected.

Two years later it was discovered that the Google/DeepMind AI project had obtained a far wider access to the data of millions of UK patients than had been anticipated in an earlier deal with the UK government⁶¹. 

Companies in the US openly vaunt their ability to merge information from data brokers with actuarial data, in order to identify individual health data and case histories⁶², while insurance companies are publiclymoving from actuarial to socially mined data via providers such as LexisNexis⁶³.

The migration from actuarial data is occurring on the pretext of improved early intervention⁶⁴, health risk prediction⁶⁵, and fraud prevention⁶⁶. However, research has found⁶⁷ that these legitimate business uses of web-scraping and other mining techniques can lead to the leveraging of personal health information (PHI) for the purposes of raising consumer premiums.

Where anonymization is used in health databases, re-identification can be achieved by cross-referencing the database with another database (such as a voter register) created for a different purpose. This is similar to the way that advertising companies track web-users across domains⁶⁸ to facilitate targeted marketing.

Two such databases may each be legal and legitimate in scope, regulation and intent; but cross-referencing them can enable re-identification of anonymized data⁶⁹ — a use likely not permitted under the acquisition terms of either dataset.

In the United States and elsewhere, legislation against such abuses has proved easier to implement than enforce. In the US, the HIPAA act of 1996⁷⁰ and the HITECH Act of 2009⁷¹ were conceived, respectively, to address governance and security concerns regarding the use of PHI in machine systems and networks.

In Europe this issue has been covered^72,73 by the GDPR since 2018, and with varying levels of governmental commitment in other frameworks around the world⁷⁴ over the last few decades.

The reach of such laws has been undermined not only by the aforementioned impediments to digitization, but the way that the digitization process massively increases the attack surface for healthcare infrastructure:

• Public healthcare institutions in the US are enduring year-on-year waves of ransomware attacks⁷⁵ as the rate of digitization and network-facing data systems grows, with the U.S. Cybersecurity and Infrastructure Security Agency anticipating a greater rise in incidents⁷⁶.
• A DNA testing service had 92 million accounts breached in 2018, leading to fears⁷⁷ that the stolen data could end up in the hands of insurance companies, if only because publication puts it into the public domain and into the path of insurers' web-scraping and data mining activities.
• The U.S. Department of Health and Human Services Office for Civil Rights currently lists 686 data breaches of health-related companies⁷⁸. The list only reports the previous 24 months, and only covers the United States.
• In 2017, a report on cyber-incursions on healthcare providers detailed the sale of PHI on the deep web, and the common exploitation of unsecured medical IoT devices and networked printers in health-related environments⁷⁹. 

Stolen health data is frequently posted into the public domain, either as punishment for non-payment of ransoms, or as an anarchic act. Mismanagement and poor security practices can also lead to inadvertent publication of PHI^80,81,82. In all cases, there's no way to repair the damage done.

Left entirely to market forces, the evolution of AI-driven machine learning in the healthcare sector risks to reduce global healthcare availability through increased premiums, and turn the known social benefits of affordable coverage into a genetic lottery, among many other potentially negative effects.

However, the technologies that enable this arguable abuse of knowledge also have the potential to prolong and improve life. Society must navigate and mitigate this conflict through legislation that balances a reliance on market forces against the hard-won tenets of civilization. Though many of the specific challenges around this are technical, the central problem is ethical and sociological in nature.