From Commercialization to Accountability: Responsible Health Data Collection, Use, and Disclosure for the 21st Century

McGraw, Deven; Petersen, Carolyn

doi:10.1055/s-0040-1710392

Cited by 9 publications

(11 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Experience with HIPAA’s rules for de-identification suggests that if the law sets clear and achievable standards for de-identification, entities will leverage de-identified data for public health, research, and business analytics. On the other hand, anger and frustration over commercialization of HIPAA de-identified health data appears to be increasing—and some entities are responding to those concerns 124 . For example, one renowned medical center has recently adopted an ethical framework for sharing even de-identified data and biospecimens with external entities, including commercial companies 125 .…”

Section: Introductionmentioning

confidence: 99%

Privacy protections to encourage use of health-relevant digital data in a learning health system

McGraw¹,

Mandl

2021

npj Digit. Med.

Self Cite

103

View full text Add to dashboard Cite

The National Academy of Medicine has long advocated for a “learning healthcare system” that produces constantly updated reference data during the care process. Moving toward a rapid learning system to solve intractable problems in health demands a balance between protecting patients and making data available to improve health and health care. Public concerns in the U.S. about privacy and the potential for unethical or harmful uses of this data, if not proactively addressed, could upset this balance. New federal laws prioritize sharing health data, including with patient digital tools. U.S. health privacy laws do not cover data collected by many consumer digital technologies and have not been updated to address concerns about the entry of large technology companies into health care. Further, there is increasing recognition that many classes of data not traditionally considered to be healthcare-related, for example consumer credit histories, are indeed predictive of health status and outcomes. We propose a multi-pronged approach to protecting health-relevant data while promoting and supporting beneficial uses and disclosures to improve health and health care for individuals and populations. Such protections should apply to entities collecting health-relevant data regardless of whether they are covered by federal health privacy laws. We focus largely on privacy but also address protections against harms as a critical component of a comprehensive approach to governing health-relevant data. U.S. policymakers and regulators should consider these recommendations in crafting privacy bills and rules. However, our recommendations also can inform best practices even in the absence of new federal requirements.

show abstract

Section: Introductionmentioning

confidence: 99%

Privacy protections to encourage use of health-relevant digital data in a learning health system

McGraw¹,

Mandl

2021

npj Digit. Med.

Self Cite

103

View full text Add to dashboard Cite

show abstract

“…Although institutional ethics committees are tasked by the World Health Organization ( 2009 ) to protect subjects from anticipated harm, they have few means to do so beyond the initial project approval phase. Common mechanisms recommended for protecting data throughout a project's lifetime, such as anonymization and aggregation, have known limitations that have led to privacy violations (Kroll et al, 2019 ; Cummings and Durfee, 2020 ; McGraw and Petersen, 2020 ). More advanced privacy-enhancing mechanisms, such as based on the notion of differential privacy (Dwork et al, 2006 ) might protect data for the project duration, but are difficult to make use of in many scenarios (Kroll et al, 2019 ) and are too restrictive.…”

Section: Introductionmentioning

confidence: 99%

“…Inspired by Shneiderman, we argue for auditing, independent oversight, and trustworthy certification for data accesses. Building accountability around the applicable laws and the dynamic privacy risks landscape is the way forward (Kroll et al, 2019 ; McGraw and Petersen, 2020 ). Subject's perception of privacy might change over time and depend upon the purpose data is collected for (Sharma et al, 2020 ).…”

Section: Introductionmentioning

confidence: 99%

Up-to-the-Minute Privacy Policies via Gossips in Participatory Epidemiological Studies

et al. 2021

View full text Add to dashboard Cite

Researchers and researched populations are actively involved in participatory epidemiology. Such studies collect many details about an individual. Recent developments in statistical inferences can lead to sensitive information leaks from seemingly insensitive data about individuals. Typical safeguarding mechanisms are vetted by ethics committees; however, the attack models are constantly evolving. Newly discovered threats, change in applicable laws or an individual's perception can raise concerns that affect the study. Addressing these concerns is imperative to maintain trust with the researched population. We are implementing Lohpi: an infrastructure for building accountability in data processing for participatory epidemiology. We address the challenge of data-ownership by allowing institutions to host data on their managed servers while being part of Lohpi. We update data access policies using gossips. We present Lohpi as a novel architecture for research data processing and evaluate the dissemination, overhead, and fault-tolerance.

show abstract

“…Perhaps the most common techniques to process data in compliance with these laws are anonymization and aggregation and are often recommended by ethics committees. However, weaknesses in known methods have led to multiple privacy violations [7,8]. Advancements in statistical inferences and re-identification attack methodologies have made it relatively easy to identify discussed individuals in a study [9,10].…”

Section: Introductionmentioning

confidence: 99%

“…Kroll et al [7] argue the need for having global visibility in data usage to test the next generation of privacy-enhancing technologies. Researchers argue that building accountability around the applicable laws and the dynamic privacy risks landscape, is the way forward [7,8]. Subjects' perception of privacy might change over time and depend upon the purpose data is collected for [15,16].…”

Section: Introductionmentioning

confidence: 99%

Accountable Human Subject Research Data Processing using Lohpi

Sharma

Nilsen

Brenna

et al.

Proceedings of the ICTeSSH 2021 Conference

View full text Add to dashboard Cite

In human subject research, various data about the studied individuals are collected. Through re-identification and statistical inferences, this data can be exploited for interests other than the ones the subjects initially consented to. Such exploitation must be avoided to maintain trust with the researched population. We argue that keeping data-access policies up-to-date and building accountability on research data processing can reflect subjects' consent and mitigate data misuse. With accountability in mind, we are building Lohpi: a decentralized system for research data sharing with up-to-date access policies. We demonstrate our initial prototype with timely delivery of policy changes along with minimal access control overhead.

show abstract

From Commercialization to Accountability: Responsible Health Data Collection, Use, and Disclosure for the 21st Century

Cited by 9 publications

References 20 publications

Privacy protections to encourage use of health-relevant digital data in a learning health system

Privacy protections to encourage use of health-relevant digital data in a learning health system

Up-to-the-Minute Privacy Policies via Gossips in Participatory Epidemiological Studies

Accountable Human Subject Research Data Processing using Lohpi

Contact Info

Product

Resources

About