Balancing Privacy, Autonomy, and Scientific Needs in Electronic Health Records Research

61 Pages Posted: 7 Sep 2011 Last revised: 25 Apr 2014

See all articles by Sharona Hoffman

Sharona Hoffman

Case Western Reserve University School of Law

Andy Podgurski

Case Western Reserve University

Date Written: April 12, 2012


The ongoing transition from paper medical files to electronic health records will provide unprecedented amounts of data for biomedical research, with the potential to catalyze significant advances in medical knowledge. But this potential can be fully realized only if the data available to researchers is representative of the patient population as a whole. Thus, allowing individual patients to exclude their health information, in keeping with traditional notions of informed consent, may compromise the research enterprise and the medical benefits it produces.

This Article analyzes the tension between realizing societal benefits from medical research and granting individual preferences for privacy. It argues for a shift in the conceptual and regulatory frameworks that govern biomedical research. When studies involve electronic record review rather than human experimentation, the traditional, autonomy-dominated model should give way to one that emphasizes the common good. In record-based studies, the limited benefits of individual informed consent come at too high a cost - difficult administrative burdens, significant expenses, and a tendency to create selection biases that distort study outcomes. Other mechanisms can better protect data subjects’ privacy and dignitary interests without compromising research opportunities. In this Article, we formulate a novel, mufti-faceted approach to achieve these ends. This approach recognizes that technical means for achieving identity concealment and information security are necessary but not sufficient to protect patients’ medical privacy and foster public trust while facilitating research. Hence, we call for supplementing such means with (1) an oversight process that is tailored to record-based research and applies even to De-identified patient records, which are currently exempt from scrutiny, and (2) public notice and education about the nature and potential benefits of such research.

Keywords: Privacy, Clinical research, Human subject autonomy, Electronic health records, Informed consent, HIPAA Privacy Rule, HIPAA Security Rule, Records-based research, De-identification, Re-identification, Common good, Research oversight, Human subject protections, Informational risks

JEL Classification: K23, K32, I18

Suggested Citation

Hoffman, Sharona and Podgurski, Andy, Balancing Privacy, Autonomy, and Scientific Needs in Electronic Health Records Research (April 12, 2012). 65 Southern Methodist University Law Review 85 (2012), Case Legal Studies Research Paper No. 2011-22, Available at SSRN:

Sharona Hoffman (Contact Author)

Case Western Reserve University School of Law ( email )

11075 East Boulevard
Cleveland, OH 44106-7148
United States
216-368-3860 (Phone)


Andy Podgurski

Case Western Reserve University ( email )

10900 Euclid Ave.
Cleveland, OH 44106
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics