Monday, February 24, 2014
I am spending a sabbatical semester as a scholar in residence at the Centers for Disease Control and Prevention (CDC). Several CDC employees have told me that they worry that the public outcry against the National Security Agency’s (NSA) surveillance practices will transform into public opposition to the government’s efforts to use medical records for research and public health purposes. Indeed, long before revelations about NSA surveillance, privacy advocates expressed grave concerns about the privacy implications of health information technology. What I want to emphasize in this posting is that while informational privacy must be safeguarded in every possible way, we ought not prioritize it to such an extent that it prevents us from enjoying the considerable benefits of data analysis. Rather, we should promote both privacy protection and data use simultaneously.
The ongoing transition from paper medical files to electronic health records (EHR) provides unprecedented opportunities to utilize massive amounts of digitized information for many non-clinical or “secondary” uses. Computerized health information will enable researchers to review millions of de-identified records belonging to diverse patient populations all over the country in order to fill some of the many gaps in medical knowledge that still exist in the 21st century. For example, the question of whether mammograms are a valuable preventive health tool has recently reemerged, and it turns out that we still don’t know the answer. Electronic health records can also be used by public health authorities to track chronic diseases, workplace injuries, and disease outbreaks. They can be used by health care providers in order to assess and improve the quality of services they are offering and by the Food and Drug Administration to conduct post-marketing surveillance of drugs and devices for emerging safety problems.
Everyone benefits from medical advances and public health protections. We do not exclude people who failed to contribute to research and public health endeavors. Consequently, in order to avoid a “free rider” problem, it is arguable that everyone should bear the burden of allowing their data to be used.
Unfortunately, there is no fail-safe way to protect privacy in every instance. De-identification in accordance with the HIPAA Privacy Rule, which lists 18 identifiers that are to be removed, comes close. However, in a tiny minority of cases, very skilled attackers may be able to re-identify data if they can access certain publicly available information, such as voter registration records. A few academics who have tried to do this under particular conditions reported a .01-.25% success rate.
De-identification isn’t the only privacy mechanism. Database operators should employ state-of-the-art security measures and technology to safeguard all electronic data collections, including those that are de-identified. Researchers purchasing or obtaining data from databases can be required to undergo web-based privacy training and to sign detailed data use agreements that restrict who can use the data, for what purpose, and for how long. It might even be a good idea to add a provision to the HIPAA Privacy Rule that explicitly prohibits attempts at re-identification and renders violators subject to the Rule’s penalty provisions. Admittedly, there will always be questions about the degree to which privacy mandates can be overseen and enforced, and thus, new and creative privacy solutions should continue to be developed.
It is easy to object categorically to collecting and using patient data on privacy grounds. However, those who suffer from illnesses for which there is yet no cure know well the value of research and wish desperately for any gateway to medical progress. It would be a grave mistake to squander the opportunities that information technology provides.
A much more extensive discussion of these issues appears in my article, “Balancing Privacy, Autonomy, and Scientific Needs in ElectronicHealth Records Research”.
-Guest Blogger Professor Sharona Hoffman