INSIGHT: Data Fabrics, Health Data Analytics, and Emerging Legal Issues

Health care data analytics enables better patient care and improved hospital operations. Such analytics rely on “machine learning,” rich datasets, and a range of new information technology tools.

This article addresses how “data fabrics” enable improved analytics by solving the problems faced in accessing data stored in different locations and overlapping software programs in the multi-vendor, multi-user, and multi-shareholder information technology (IT) environments prevalent in leading hospital systems, and the legal issues that result.

What Is a ‘Data Fabric’ and Why Is it Useful?

A “data fabric” is a technology for providing connectivity between data dispersed in different locations and in incompatible formats, and the multiple computer programs running in different IT systems at different sites. This characterizes hospital IT systems where one department operates dozens of different software programs and multiple databases hosted both in the cloud and on computers at hospital facilities.

The advanced functionality provided by data fabrics is the ability to not only connect data, but to connect both data and software, all while leaving the data and programs in place.

Data fabrics are connected to “machine learning,” which is a branch of “artificial intelligence,” where an algorithm (essentially software) is improved by “learning” from the data presented to it. In hospital operations, data fabrics improve revenue cycle management and supply chains efficiency and uncover unauthorized access to controlled substances.

A data fabric is IT architecture and a set of data services that orchestrates the management and use of data from internal and external sources. Richer data allows algorithms to become “smarter,” and the role played by data fabrics is to provide a unified stream of data to enhance machine learning.

What Are the Legal Issues?

Gap Analysis of Existing Contracts

From a technology agreement perspective, a fundamental question is whether the contracts in place are out of date and do not require a hospital’s IT vendors to provide the IT services needed to operate a data fabric and support machine learning and robust analytics. This includes, for example, IT infrastructure agreements, data management agreements, intellectual property agreements and master services agreements, including IP indemnity provisions.

A baseline of current technical and legal requirements should be established, and a “gap analysis” preformed to identify where contracts are not up-to-date, a risk assessment performed, and a decision made on whether to wait for renewal or revise or replace the agreements.

Contract Due Diligence

Due diligence is also needed to determine whether a vendor is using hidden cloud and other systems that introduce risk into analytics used for patient health. Another area of contract due diligence is whether existing contracts require compliance with the hospital’s current information security and remote data access requirements, and whether the vendors are complying with these requirements.

Contracts may need to be amended to secure this protection and avoid potential regulatory sanctions.

Emerging Legal Issues

New legal issues are raised by today’s data needs. These include data ownership, data sharing, and data use. Current law has not developed black-line rules on data IP ownership. Accordingly, data rights should be addressed by contract.

Licenses are the vehicle to define and control the scope of data sharing and data use. Data sharing and use rights are new issues and very often are not addressed at all or in sufficient depth in agreements that were drafted even a few years ago.

A combined business and legal issue is that data fabrics and other new models of IT services often require active cooperation between a hospital’s IT vendors, and new agreements terms and new models for vendor management to reflect this more collaborative way of using IT services.

Open source software has also become a more important issue. Many cloud-based services and software developed at academic institutions use open source software. There are nine basic versions of open source licenses, and an appropriate license must be selected to avoid placing IP in the public domain, which is often an unanticipated and adverse outcome.

Accordingly, it is advisable for a hospital to establish rules for the internal use of open source as well as for the external use of open source by service providers.

Conclusion

More medical data is being generated and captured than ever before. Data is stored in different and often siloed data repositories, and this interferes with the ability to provide a united stream of rich data for use in machine learning. Data fabrics provide a technology solution that can generate the robust datasets that can train algorithms and enable high-level analytics.

Data fabrics require agreements that provide the benefits and minimize the risks that result from combining new data and software technology, and agreements that are drafted to address data ownership, sharing and use. Existing contracts should be reviewed and amended or replaced and new contracts should be drafted to address new legal issues.

This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.

Author Information

William A. Tanenbaum is the practice co-chair of Polsinelli’s Health Care Technology & Innovation Group. He helps clients navigate technology, data and IP agreements and use IT to transform health care delivery.

Polsinelli provides this material for informational purposes only. The choice of a lawyer is an important decision and should not be based solely upon advertisement.