When Doctor Craig Spencer returned from West Africa to New York, having treated Ebola patients while wearing protective gear and being asymptomatic and non-infectious, he engaged in a rigorous course of self-assessment for symptoms like fever, nausea, vomiting and fatigue.
Dr. Spencer also did things like go to the popular High Line for coffee, travel on the NYC Subway (avoiding it like the plague?) went out for meatballs, and most notoriously, went (e)Bowling. When Nurse Kaci Hickock arrived from West Africa to Newark’s Liberty Airport, she was effectively clamped in irons and lead to an unheated tent, to be detained — sorry — quarantined — for a fortnight and a half.
But Big Data and the Internet of Things can help. If used appropriately.
In this space, I frequently complain about the methods governments and private sector entities use to collect, store, and use sensitive personal information. I rail about protecting privacy, and the use and misuse of buzzwords like “big data” and “the Internet of Things.” Yet data can be useful. And that’s the point.
The goals of privacy law and regulation, and data security are NOT to make data less effective. Au contraire. The goals of privacy and security are actually to make data MORE useful and MORE effective. That’s why the debate between privacy and functionality, or security and effectiveness are false debates. Security and privacy are enabling technologies. They permit the collection and appropriate use of massive amounts of data. If done right. If done wrong, its a pox upon us (pun intended.)
HIPAA Press Conferences
Just an observation. In almost all of the U.S. cases of Ebola (and by this I mean the cases treated in or contracted in the U.S.) we have been treated to the scene of white coated medical professionals seated in a row in front of a banner proclaiming their particular medical center (Presbyterian Hospital, Dallas; National Institutes of Health; Emory University).
Then these while coated professionals describe the name of a particular patient, their diagnosis, their route of infection, their current condition, their prognosis, and even the names of friends or relatives. These professionals also reveal the address of the patient, the patient’s travels, and other details about the patient. I’m surprised they don’t just say, “Oh, by the way, here’s the patient’s social security number, credit card number, date of birth, lab results, and Blue Cross/Blue Shield number.” I thought we had medical privacy laws in the U.S.
Kinda sorta.
The main U.S. medical privacy law, HIPAA prohibits providers from disclosing “Personal Health Information” (PHI) except under specific conditions. But that same law permits the use (and disclosure) of PHI if the disclosure is made for the purposes of medical diagnosis, treatment, administration or payment. Or if it is made with the consent of the patient or the patient’s representative. Diagnosis and treatment can also include not only treatment of a particular patient, but also for public health purposes — to prevent the spread of disease to the public.
So in conducting a contact trace of an infectious patient, it may be necessary to reveal the name of the patient or the diagnosis of the patient. This is as true for Ebola as it is for tuberculosis, measles or smallpox.
Yet the “disclosure” should meet the minimum necessary rule. Think of a patient in the hospital for treatment of chlamydia. The hospital staff jumps to the local television station (and social media) and, without the patient’s consent, posts a picture of the patient, their STD diagnosis, and a warning, “if you have had sexual contact with this person, please get tested now. You may have a sexually transmitted disease.” While you could make a “public health” argument for the disclosure, most people (and probably the HHS Office of Civil Rights) would find the disclosure unnecessary.
So it’s not black and white. Healthcare professionals must weigh the impact of the disclosure on the patient (privacy, stereotyping, panic, fear) on the good that such a disclosure might make (contact with index patient coming forward) and with the harm avoided (limiting the spread of the disease.)
If the disease is airborne, fatal, and easily communicable, you might do something differently (Dustin Hoffman breaking into a California television station to show a picture of an infected [South American] Capuchin monkey who contracted Ebola in Africa.) Did we REALLY need to know the NAME of the Dallas Ebola patients in order to develop a contact list? Minimum necessary.
This “klieg light” mentality among medical professionals seems to be endemic. After the high school shootings near Seattle, the local hospital held a press conference where they described the names and conditions of various patients. Why? Because you asked. That’s why.
[Good] Big Data and [Good] Internet of Things
Back to Doctor Spencer. When he admitted himself into Bellevue hospital, epidemiologists wanted to trace his actions and movements from the time he returned to the U.S. to the time he was admitted — with special emphasis on the past few days. Each of us could probably reconstruct from memory our whereabouts for a day or two. Beyond that, it becomes a blur.
Enter big data.
Dr. Spencer’s MTA Subway card revealed what trains he took and when he took them. Try getting that data from an old subway token. His credit card receipts showed what he bought, where he bought it, and even what register he used and the name of the clerk at that register. (“Thanks for coming. I’m Staci! 🙂 :-)).
His cell phone is effectively a GPS tracking device, following his movements from coffee shop to deli, from meatball emporium to bowling ball emporium (the city that doesn’t sleep.) From there, digital video cameras hooked up to an NYPD intelligence network can track Dr. Spencer’s movements throughout Gotham. These include not only government and traffic cameras, but also those of private entities, your Shake Shacks and 7-11’s. Big brother truly is watching.
This is where it gets creepy.
After tracking Dr. Spencer, the government COULD go further. If the diseases really were communicable (think World War Z) and they needed to identify EVERYONE who had been in proximity to Dr. Spencer, epidemiologists could use big data and big data solutions.
Cell tower data would not only track the Ebola doctor, but all phones NEAR the Ebola doctor, and resolve their SIM modules, telephone numbers, subscriber names, and contact them. Same for credit card receipts — we could look up everyone who bowled between 8 and 930 on Saturday night by tracking those ugly red and blue shoes.
But since this is Brooklyn, who knows — hipsters might have decided that red and blue shoes are trendy. The video cameras could be (and, by the way are) linked to facial recognition programs, which could be (see above) linked to social networking programs like Facebook and LinkedIn. If you see Dr. Spencer in a crowd, you cannot only identify Dr. Spencer, but you could identify the crowd as well. At least it’s theoretically possible. In a true crisis we might try.
So that’s the promise and the potential of big data. Of course, the same technology can be used to sell us sneakers, or track tea party or occupy members movements. The devil lies not only in the data, but also in its use. So big data can help — if it is secured and private.
The Internet of Things To The Rescue
Poor Kaci Hickock. After weeks treating Ebola patients, she arrives in a dank, unsanitary, intemperate and isolating environment. Newark, New Jersey. She is effectively under arrest there because officials don’t believe that she is not contagious.
Even on her return to her home in Maine, she remains in “home isolation” because health officials don’t believe that, despite years of medical training, she is capable of using the sophisticated medical device known as a “thermometer.” That is, if you believe the medical consensus that the current strain of Ebola is not communicable by asymptomatic patients. If you don’t believe that, then by all means, feel free to panic and overreact.
Even if you believe that Ebola is not communicable by asymptomatic patients, you still have the (e)bowling alley problem. The time when a non-isolated individual has symptoms, but doesn’t know it. You minimize that problem either by isolating the patient for the full 21 days (cooties!!) or by having a regimen of frequent, accurate, and documented self-assessment of symptoms and temperature. Sure, we can trust Dr. Spencer and Nurse Hickock to self-assess. But can we trust everyone?
Simple solution
Rather than hospitalizing every person exposed to an Ebola patient (which would by this point include the entire staff of Bellevue Hospital a sizeable portion of NIH, Omaha, Emory and Dallas Presbyterian, and users of the A Train) we can use the Internet of Things.
A simple solution is a thermometer with a biometric authenticator and GPS, linked to a reporting station. Twice a day (or more often if called for) Nurse Hickock would authenticate to the thermometer (a finger swipe), which would take her temperature and send it to whomever is appropriately monitoring her.
If the temp is within guidelines, she goes on her way — even if this is using public transportation, eating at restaurants, etc., within reason. REMEMBER, we are starting with the scientific assumption that asymptomatic patients are NOT contagious.
If the thermometer shows something amiss, then DANGER WILL ROBINSON! The patient is immediately warned to isolate, their location transmitted to public health officials, and appropriate follow up care initiated. Cheaper than a pup tent outside a Newark hospital, or as is the case of isolated patients in Connecticut, round-the-clock police surveillance.
So we can both collect and use data appropriately. If we want to. Or we can panic. It’s up to you.