Shadow Health Records Meet New Data Privacy Laws

Science, Vol. 363, No. 6426, 01.02.2019, p. 448-450.

U of Colorado Law Legal Studies Research Paper No. 19-13

Posted: 25 Apr 2019 Last revised: 3 May 2019

See all articles by W. Nicholson Price II

W. Nicholson Price II

University of Michigan Law School

Kayte Spector-Bagdady

University of Michigan at Ann Arbor - Medical School

Timo Minssen

University of Copenhagen - Centre for Advanced Studies in Biomedical Innovation Law (CeBIL) - Faculty of Law

Margot E. Kaminski

University of Colorado Law School; Yale University - Yale Information Society Project; University of Colorado at Boulder - Silicon Flatirons Center for Law, Technology, and Entrepreneurship

Date Written: February 1, 2019

Abstract

Large sets of health data can enable innovation and quality measurement but can also create technical challenges and privacy risks. When entities such as health plans and health care providers handle personal health information, they are often subject to data privacy regulation. But amid a flood of new forms of health data, some third parties have figured out ways to avoid some data privacy laws, developing what we call “shadow health records” — collections of health data outside the health system that provide detailed pictures of individual health — that allow both innovative research and commercial targeting despite data privacy rules. Now that space for regulatory arbitrage is changing. The long arms of Europe's new General Data Protection Regulation (GDPR) and California's new Consumer Privacy Act (CCPA) will reach shadow health records in many companies. In this article, we lay out the contours of the GDPR's and CCPA's impact on shadow health records and health data more broadly, highlight critical remaining uncertainty, and call for increased clarity from lawmakers and industry on the use of such data for research.

Suggested Citation

Price II, William Nicholson and Spector-Bagdady, Kayte and Minssen, Timo and Kaminski, Margot E., Shadow Health Records Meet New Data Privacy Laws (February 1, 2019). Science, Vol. 363, No. 6426, 01.02.2019, p. 448-450., U of Colorado Law Legal Studies Research Paper No. 19-13, Available at SSRN: https://ssrn.com/abstract=3360297

William Nicholson Price II

University of Michigan Law School ( email )

625 South State Street
Ann Arbor, MI 48109-1215
United States

Kayte Spector-Bagdady

University of Michigan at Ann Arbor - Medical School ( email )

Ann Arbor, MI
United States

Timo Minssen (Contact Author)

University of Copenhagen - Centre for Advanced Studies in Biomedical Innovation Law (CeBIL) - Faculty of Law ( email )

Karen Blixens Plads 16
Copenhagen, 2300
Denmark
+46 708 607517 (Phone)

HOME PAGE: http://jura.ku.dk/cebil/staff/profile/?pure=en/persons/381631

Margot E. Kaminski

University of Colorado Law School ( email )

401 UCB
Boulder, CO 80309
United States

Yale University - Yale Information Society Project ( email )

127 Wall Street
New Haven, CT 06511
United States

University of Colorado at Boulder - Silicon Flatirons Center for Law, Technology, and Entrepreneurship ( email )

Wolf Law Building
2450 Kittredge Loop Road
Boulder, CO
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
1,153
PlumX Metrics