Balancing Privacy, Autonomy, and Scientific Needs in Electronic Health Records Research
Case Western Reserve University School of Law
Case Western Reserve University
April 12, 2012
65 Southern Methodist University Law Review 85 (2012)
Case Legal Studies Research Paper No. 2011-22
The ongoing transition from paper medical files to electronic health records will provide unprecedented amounts of data for biomedical research, with the potential to catalyze significant advances in medical knowledge. But this potential can be fully realized only if the data available to researchers is representative of the patient population as a whole. Thus, allowing individual patients to exclude their health information, in keeping with traditional notions of informed consent, may compromise the research enterprise and the medical benefits it produces.
This Article analyzes the tension between realizing societal benefits from medical research and granting individual preferences for privacy. It argues for a shift in the conceptual and regulatory frameworks that govern biomedical research. When studies involve electronic record review rather than human experimentation, the traditional, autonomy-dominated model should give way to one that emphasizes the common good. In record-based studies, the limited benefits of individual informed consent come at too high a cost - difficult administrative burdens, significant expenses, and a tendency to create selection biases that distort study outcomes. Other mechanisms can better protect data subjects’ privacy and dignitary interests without compromising research opportunities.
In this Article, we formulate a novel, mufti-faceted approach to achieve these ends. This approach recognizes that technical means for achieving identity concealment and information security are necessary but not sufficient to protect patients’ medical privacy and foster public trust while facilitating research. Hence, we call for supplementing such means with (1) an oversight process that is tailored to record-based research and applies even to De-identified patient records, which are currently exempt from scrutiny, and (2) public notice and education about the nature and potential benefits of such research.
Number of Pages in PDF File: 61
Keywords: Privacy, Clinical research, Human subject autonomy, Electronic health records, Informed consent, HIPAA Privacy Rule, HIPAA Security Rule, Records-based research, De-identification, Re-identification, Common good, Research oversight, Human subject protections, Informational risks
JEL Classification: K23, K32, I18
Date posted: September 7, 2011 ; Last revised: April 25, 2014
© 2015 Social Science Electronic Publishing, Inc. All Rights Reserved.
This page was processed by apollo2 in 0.391 seconds