- A recent Century Foundation report funded by an Open Society Foundations grant identifies several policy recommendations that emphasize the critical role of patients in health data exchange and information sharing.
In the report, author Adam Tanner of Harvard University's Institute for Quantitative Social Science emphasizes the importance of allowing individuals a say in how their medical data is used. Legal protections, the report states, should cover “an individual’s health information” as opposed to only “individually identifiable health information” as is presently covered under current federal policy (i.e., HIPAA).
This shift in policy will encourage patients to trust the healthcare industry with their information by promising confidentiality of any information they volunteer to their providers.
The report highlights in particular the dangers of selling anonymized medical data without informed patient consent between pharmacies, labs, and other institutions involved in the buying and selling of data.
Since HIPAA will soon be modified to cover anonymized data, Tanner encourages patients to ask data miners — such as QuintilesIMS and Symphony Healthy — to remove any of their anonymized health information currently in circulation.
In the report, Tanner notes that heath data protections under HIPAA will need to be broadened to include more types of health-related data, including those gathered from websites, forums, fitness apps, and the Internet of Things.
Additionally, he points out the fine line between health data and non-health data, which may warrant an even wider extension of privacy protections.
For this reason, Tanner observes, the Federal Trade Commission recommends the Internet of Things be included under future legislation governing updated privacy regulations resembling the General Data Protection Regulation put forth by the European Union effective in 2018.
Additionally, the report suggests policymakers enumerate patient rights when it comes to their health information in language the public can understand. Making these laws legible, accessible, and clear to the public will increase the chances patients will feel more in control of their health data and health information security.
Well-informed patients, Tanner claims, will be better suited to provide clear consent regarding the use of their health information.
The Century Foundation report also highlights the importance of empowering patient control of personal health information in gathering health data for medical research.
Tanner makes clear that increasing a patient’s ability to control where her information goes should not infringe on health information research in any capacity, and will instead mostly only affect for-profit commercial companies using anonymized health information without explicit consent.
For further reassurance requiring a patient’s consent will not interfere with research, the report mentions that surveys show people are generally inclined to donate to science when asked according to a 2015 Truven-NPR poll in which 53 percent of a sample group of 3,010 people stated they would be willing to contribute health information anonymously for research.
“We don’t ask people for their preference on kinds of charity they approve of and then take money out of their bank without notice. We ask people to donate to a particular charity on a particular day. The same should be true for personal data,” Adrian Gropper, Chief Technology Officer of Patient Privacy Rights, told Tanner.
While allowing patients to explicitly volunteer their health information to the research organizations of their choice seems the best option for some, others suggest a “no default” option is most sensible.
The “no default” option means patients would be presented with the option to either share or not share their data, and patients choosing to share their data would then have the opportunity to choose whether they share their data with scientific researchers, commercial companies, or both.
Ultimately, the Century Foundation report concludes that whether a patient wants to share their anonymized health data should be a personal, conscious decision and commercial companies benefitting from personal health data should aim for increased transparency in the future.