Interview

Israel can use medical data to defeat the virus without violating people’s privacy

In exchanging digitized healthcare data for vaccination shots, Prime Minister Benjamin Netanyahu assured citizens their personal data is safe. Dr. Nimrod Kozlovski, Head of Tech and Regulation at HFN, shares his thoughts on the deal

James Spiro 18:0411.01.21

“Israel has unique data assets which are very important for Pfizer, and for good reason, Israel is providing access to this data not only to benefit our society with access to the vaccine but also because the data is valuable for global health. I think Israel has a commitment to provide data for such a cause,” says Dr. Nimrod Kozlovski, Partner and Head of Tech and Regulation at HFN Law Firm.

 

Last week Israeli Prime Minister Benjamin Netanyahu announced that in exchange for the millions of Covid-19 vaccine doses the U.S. drugmaker provided it with, the state of Israel will grant the drugmakers access to vast medical databases containing digital information about the people who have been vaccinated with the Pfizer vaccine. Israel, in effect, agreed to function as a global experimentation laboratory, with the information about its public to be used to determine vaccination strategies in other countries and aid the drug manufacturers in advancing research of coronavirus vaccines and other drugs and treatments.

 

Dr. Nimrod Kozlovski, Head of Tech and Regulation at HFN. Photo: Calcalist Dr. Nimrod Kozlovski, Head of Tech and Regulation at HFN. Photo: Calcalist

 

The agreement heated public discussion around the deal with Pfizer over what kind of data Israel is providing in return for the potentially game-changing vaccine and what are the privacy ramifications of the agreement. But according to Kozlovski, a researcher and a teaching professor on cyber law and information technology, the debate is missing the most basic information, like what data is Israel actually providing Pfizer with? In what form is it being provided? Is it anonymized or not? Is it identified or potentially de-identified? Is it provided with a limited purpose or does it have no limit?

 

“I think immediately we started hearing privacy rights advocates in Israel arguing that digital privacy is an essential right and should be treated carefully. Others were advocating for permissive use of digital records in order to progress public health and public health policy. However, I think the discussion in Israel has so far been a shallow one,” says Kozlovski.

 

“Firstly, we have to understand that Israel does in fact possess unique data assets, which are very important for Pfizer, and that Israel is providing them access to this data for good reasons,” he said. “Providing Pfizer with our data won’t only benefit Israeli society with access to the vaccine, but it is also of great value to global health. I believe Israel has a commitment to provide data to aid the international effort to battle the pandemic as well as the means to do so because unlike many other countries, we have a very centralized healthcare system. We have four professional and well-functioning HMOs, all of whom collect and store unified data records. It means that every piece of medical information on every individual is digitized and accessible.”

 

“Unlike many other countries, where healthcare records are very fragmented, Israel has what we consider to be a national asset— a unified national healthcare records database that is accessible for inquiries. Israel, as a policy, decided years ago to use these data sets to promote research in digital health and public health initiatives,” says Kozlovski.

 

After establishing that Israel has both the means and motivation to help Pfizer and the global effort to form an effective vaccination strategy, Kozlovski addressed the privacy concerns raised by some of the opponents of the deal.

 

Kozlovski differentiated between aggregated records and individual records, noting that the deal with Pfizer involved, as stated by the government, aggregated records, meaning statistical information, such as the age of someone who got sick, or how weight impacts the probability of someone getting sick. These types of statistical records are not as protected as private medical details and would not require any consent to be given by the individuals whose data is on record.

 

“I think Israel, at least from what the Prime Minister said in his speech, has agreed to provide aggregated records about the population at large to Pfizer. Pfizer wants these records because they provide an ideal testing ground for it to properly examine the vaccines’ impact.”

 

Regarding the controversy around the question of whether the Israeli healthcare system compromised the medical confidentiality of its citizens in return for vaccines, a common complaint by privacy advocates, Kozlovski said: “I think many of the people today who commented on privacy were ill-informed because they started to talk as if their records were now being spread globally or could subject them to cyber-attacks. That’s not the kind of records that are being shared. What we’re dealing with is aggregated, non identifiable, data sets.”

“There is no indication, up till now, from the Prime Minister, Health Ministry, or Attorney General that individual health records were shared in a way that could compromise anyone’s privacy,” he added.

 

“Another thing that I think is important is that even if the information was shared, we still have the ability to monitor its use. You can share records but still apply monitoring technologies that can detect wrongdoing with the data. For example, if I was supposed to share the data in a particular analysis, I can protect it from other uses of the data. That’s something we call secure data sharing, and there are relevant technologies for that. There are ways to ensure that the data is only used for the purpose it was shared for,” he said.

 

Kozlovski conceded that on one hand Israel has somewhat outdated privacy laws because its privacy laws were enacted in 1980, and amendments to the law are still waiting for legislative approval. However, according to him, Israeli law draws from European law and is constantly following the European guidelines so Israel can remain in the “safe-haven” of Europe.

 

“When it comes to public health, we do have a specific law that deals with private health records and details the types of consent and protection one should have in their records. There’s also a very detailed regulation in the Israeli privacy laws about the kind of cybersecurity protection you need to apply to sensitive information like health records. In this case, the Israeli 1980 law is rather advanced in protecting health records,” he said.

 

“I think if people were really informed about the records that were being shared, they’d find that many of the alarmist claims we saw over the last few days were kind of like conspiracy theories,” he said. “I don’t think the deal was well articulated, but I think it’s a good deal. I think it was a smart move on behalf of the government to take advantage of the fact we have an advanced health system with advanced digital health records, even though, I think that it could have been better delivered to the public, with more transparency, and more details, which would have prevented this heated discussion.”

 

Kozlovski said he feels that there was not enough discussion around how technology can and is being used to protect medical privacy. “I think people had a shallow discussion and thought that privacy is binary — either you have your data protected or it’s not protected. I think that nowadays technology, and particularly the technologies developed in Israel around privacy, can utilize data while at the same time keep it protected. I think if we were better at educating the public on what technology can do to protect their privacy, it would not only advance the Israeli tech industry but also advance the public at large,” he said.