Ethical Dimensions of Clinical Data Sharing by U.S. Health Care Organizations for Purposes Beyond Direct Patient Care: Interviews with Health Care Leaders

Overview

Journal Appl Clin Inform

Publisher Thieme

Specialties Health Services
Medical Informatics

Date 2024 Oct 3

PMID 39362293

Authors

Brian R Jackson

Bonnie Kaplan

Richard Schreiber

Paul R DeMuro

Victoria Nichols-Johnson

Larry Ozeran

Anthony Solomonides

Ross Koppel

Affiliations

Soon will be listed here.

Abstract

Objectives: This study aimed to (1) empirically investigate current practices and analyze ethical dimensions of clinical data sharing by health care organizations for uses other than treatment, payment, and operations; and (2) make recommendations to inform research and policy for health care organizations to protect patients' privacy and autonomy when sharing data with unrelated third parties.

Methods: Semistructured interviews and surveys involving 24 informatics leaders from 22 U.S. health care organizations, accompanied by thematic and ethical analyses.

Results: We found considerable heterogeneity across organizations in policies and practices. Respondents understood "data sharing" and "research" in very different ways. Their interpretations of these terms ranged from making data available for academic and public health uses, and to health information exchanges; to selling data for corporate research; and to contracting with aggregators for future resale or use. The nine interview themes were that health care organizations: (1) share clinical data with many types of organizations, (2) have a variety of motivations for sharing data, (3) do not make data-sharing policies readily available, (4) have widely varying data-sharing approval processes, (5) most commonly rely on Health Insurance and Portability and Accountability Act (HIPAA) de-identification to protect privacy, (6) were concerned about clinical data use by electronic health record vendors, (7) lacked data-sharing transparency to the general public, (8) allowed individual patients little control over sharing of their data, and (9) had not yet changed data-sharing practices within the year following the U.S. Supreme Court 2022 decision denying rights to abortion.

Conclusion: Our analysis identified gaps between ethical principles and health care organizations' data-sharing policies and practices. To better align clinical data-sharing practices with patient expectations and biomedical ethical principles, we recommend updating HIPAA, including re-identification and upstream sharing restrictions in data-sharing contracts, better coordination across data-sharing approval processes, fuller transparency and opt-out options for patients, and accountability for data-sharing and consequent harms.

References

Malin B, Sweeney L . How (not) to protect genomic data privacy in a distributed network: using trail re-identification to evaluate and design anonymity protection systems. J Biomed Inform. 2004; 37(3):179-92. DOI: 10.1016/j.jbi.2004.04.005. View

Rockwern B, Johnson D, Snyder Sulmasy L . Health Information Privacy, Protection, and Use in the Expanding Digital Health Ecosystem: A Position Paper of the American College of Physicians. Ann Intern Med. 2021; 174(7):994-998. DOI: 10.7326/M20-7639. View

Geissbuhler A, Safran C, Buchan I, Bellazzi R, Labkoff S, Eilenberg K . Trustworthy reuse of health data: a transnational perspective. Int J Med Inform. 2012; 82(1):1-9. DOI: 10.1016/j.ijmedinf.2012.11.003. View

Graham M . Data for sale: trust, confidence and sharing health data with commercial companies. J Med Ethics. 2021; 49(7):515-522. PMC: 10359563. DOI: 10.1136/medethics-2021-107464. View

Benitez K, Malin B . Evaluating re-identification risks with respect to the HIPAA privacy rule. J Am Med Inform Assoc. 2010; 17(2):169-77. PMC: 3000773. DOI: 10.1136/jamia.2009.000026. View

McCoy M, Allen A, Kopp K, Mello M, Patil D, Ossorio P . Ethical Responsibilities for Companies That Process Personal Data. Am J Bioeth. 2023; 23(11):11-23. DOI: 10.1080/15265161.2023.2209535. View

Morse B, Kim K, Xu Z, Matsumoto C, Schilling L, Ohno-Machado L . Patient and researcher stakeholder preferences for use of electronic health record data: a qualitative study to guide the design and development of a platform to honor patient preferences. J Am Med Inform Assoc. 2023; . PMC: 10198527. DOI: 10.1093/jamia/ocad058. View

Cohen I, Mello M . Big Data, Big Tech, and Protecting Patient Privacy. JAMA. 2019; 322(12):1141-1142. DOI: 10.1001/jama.2019.11365. View

Dobson R, Wihongi H, Whittaker R . Exploring patient perspectives on the secondary use of their personal health information: an interview study. BMC Med Inform Decis Mak. 2023; 23(1):66. PMC: 10088161. DOI: 10.1186/s12911-023-02143-1. View

10.

Schreiber R, Koppel R, Kaplan B . What Do We Mean by Sharing of Patient Data? DaSH: A Data Sharing Hierarchy of Privacy and Ethical Challenges. Appl Clin Inform. 2024; 15(5):833-841. PMC: 11483170. DOI: 10.1055/a-2373-3291. View

11.

Spector-Bagdady K, Armoundas A, Arnaout R, Hall J, Yeager McSwain B, Knowles J . Principles for Health Information Collection, Sharing, and Use: A Policy Statement From the American Heart Association. Circulation. 2023; 148(13):1061-1069. PMC: 10912036. DOI: 10.1161/CIR.0000000000001173. View

12.

Caine K, Hanania R . Patients want granular privacy control over health information in electronic medical records. J Am Med Inform Assoc. 2012; 20(1):7-15. PMC: 3555326. DOI: 10.1136/amiajnl-2012-001023. View

13.

Kaplan B . Seeing through health information technology: the need for transparency in software, algorithms, data privacy, and regulation. J Law Biosci. 2021; 7(1):lsaa062. PMC: 8240841. DOI: 10.1093/jlb/lsaa062. View

14.

Campos-Castillo C, Anthony D . The double-edged sword of electronic health records: implications for patient disclosure. J Am Med Inform Assoc. 2014; 22(e1):e130-40. PMC: 11888334. DOI: 10.1136/amiajnl-2014-002804. View

15.

Riso B, Tupasela A, Vears D, Felzmann H, Cockbain J, Loi M . Ethical sharing of health data in online platforms - which values should be considered?. Life Sci Soc Policy. 2017; 13(1):12. PMC: 5563504. DOI: 10.1186/s40504-017-0060-z. View

16.

Kaplan B . How Should Health Data Be Used?. Camb Q Healthc Ethics. 2016; 25(2):312-29. DOI: 10.1017/S0963180115000614. View

17.

Cumyn A, Menard J, Barton A, Dault R, Levesque F, Ethier J . Patients' and Members of the Public's Wishes Regarding Transparency in the Context of Secondary Use of Health Data: Scoping Review. J Med Internet Res. 2023; 25:e45002. PMC: 10141314. DOI: 10.2196/45002. View

18.

Rocher L, Hendrickx J, de Montjoye Y . Estimating the success of re-identifications in incomplete datasets using generative models. Nat Commun. 2019; 10(1):3069. PMC: 6650473. DOI: 10.1038/s41467-019-10933-3. View

19.

Cole C, Sengupta S, Rossetti Nee Collins S, Vawdrey D, Halaas M, Maddox T . Ten principles for data sharing and commercialization. J Am Med Inform Assoc. 2020; 28(3):646-649. PMC: 7936510. DOI: 10.1093/jamia/ocaa260. View

20.

Chikwetu L, Miao Y, Woldetensae M, Bell D, Goldenholz D, Dunn J . Does deidentification of data from wearable devices give us a false sense of security? A systematic review. Lancet Digit Health. 2023; 5(4):e239-e247. PMC: 10040444. DOI: 10.1016/S2589-7500(22)00234-5. View