Data Dilemma

Data Dilemma

This week we’ve seen two significant events related to breaches of data. First came news of a coordinated attack of the iCloud, next came word that Home Depot was also breeched. These events follow the well-publicized and very expensive attack on Target during the Christmas shopping season. While these attacks may not seem to have anything to do with diabetes, they are actually a very real threat to the future of diabetes management. A future which is increasingly using cloud based technology to store and share patient data.

Increasingly employers are incentivizing employees when they achieve certain health related goals, i.e. losing weight, quitting smoking, lowering cholesterol levels, etc. According to a study by Fidelity Investments and the National Business Group on Health spending on corporate wellness incentives has doubled to $594 per employee since 2009. These programs work in large part not just due to the incentives offered but also because the employer can obtain verifiable data. Whether it’s through the use of wearable technology or systems which transmit data directly to the cloud or the patient’s smartphone, employers can literally track in near real time how the employee is doing.

As we have been stating for some time diabetes management is quickly moving in this direction. Already there are a host of glucose monitors that transmit data to a patient’s smartphone or cloud or both. As we noted this morning it won’t be long before the Dexcom (NASDAQ:DXCM) system transmit data to a smartphone. Quite frankly diabetes is a near perfect disease state for the use of incentives, as there is near universal agreement on what defines good control, data which is easily verifiable.

However as we have seen this highly sensitive and very private data may not be all that private after all. Many privacy experts fear that this highly sensitive and very personal data could be used against the employee. Just as patients are now being rewarded for good behavior, some privacy experts fear that non-compliant patients may be punished for “bad” behavior. Think of it this way, let’s say there’s an employee with diabetes with an HbA1C of 8.6 (well above 7 the standard for good control) whose not regularly monitoring their glucose, not losing weight and failing to exercise. Things the employer could know given all this data is being tracked and stored. Privacy advocates fear that employers could find creative ways to dismiss this out of control as they are pushing the employers’ healthcare costs higher.

This is no small concern especially for patients with diabetes. As we have stated on numerous occasions managing diabetes is 24 hour a day 7 day a week 365 days a year job with no days off. Making matters worse it often takes time for the patient and there healthcare team to find the right combination of medications and behavior modifications to reach solid control. The simple fact what works for one patient doesn’t necessarily work for another, even if they are diagnosed with the same type of diabetes. This is one of the most madding aspects of diabetes management.  Yet even when the patient reaches good control the battle isn’t over as it then becomes a constant battle of keeping them under good control.

Our fear here is that these well-earned fears of data abuse will slow the development and deployment of interconnected diabetes management (IDM) systems.  At the moment IDM is the wild west of diabetes management as few of these systems have undergone the rigors of clinical trials or been subjected to FDA scrutiny. Keep in mind this is the same agency that seems to believe that patients with diabetes act like heroin addicts sharing their lancing devices with reckless abandon while passing along HIV or Hepatitis to unsuspecting patients.

As much as the FDA would like to move into the 21st century this is an agency where change moves at glacial speed, somewhere where reform is a dirty word. We can only imagine the obstacles they will throw in front of Apple, Google and Samsung when they bring before the agency a smartwatch or some other whiz bang device which measures among other things a patients glucose levels.

Now a reasonable person, and yes there are many in the wacky world, would say that the FDA should balance the needs to protect sensitive data against the needs to help patients achieve better outcomes. While this sounds logical, logical and the FDA don’t mix well think oil and water.

Ultimately Diabetic Investor believes it should be up to the patient to decide what if any data is shared. As much as cloud based technology is blessing, it’s also can be a curse just ask the celebrities whose nude photos are now an internet sensation.

This fundamentally is the issue facing IDM how do we protect sensitive highly personal data from being used against the patient.  We aren’t as concerned that a hacker would steal this information as quite frankly we can’t see a profit in it. This isn’t like stealing credit or debit card numbers. A more realistic scenario is not having this data used to terminate an employee or deny them employment.

There are many positive aspect of IDM and we strongly believe it’s just a matter of time before these systems become the norm and not the exception. Still the concerns raised by privacy advocates are very real and must be addressed if for no other reason as ultimately it’s the patient who needs to feel that their data is protected.