Variation in Data Sharing Practices and Privacy Gaps in US Hospitals and Health Systems
"Variation in Data Sharing Practices and Privacy Gaps in US Hospitals and Health Systems," B. Jackson, R. Schreiber, R. Koppel, V. Nichols Johnson, A. Solomonides, P. DeMuro, L. Ozeran, B. Kaplan. American Medical Informatics Association Annual Symposium, New Orleans, LA, November 2023.
2 Pages Posted: 26 Aug 2023
Date Written: August 11, 2023
Abstract
US hospitals and health systems commonly share clinical data with third parties for a wide variety of purposes that go beyond the needs of direct treatment and clinical care, payment, and healthcare operations (TPO). In most cases this sharing takes advantage of HIPAA’s de-identification exemption. There is only scant literature on policies and processes through which different healthcare organizations oversee and control such sharing. Hospitals, while well-intended, are not always aware of extensive reuse and resale of their patients’ clinical data that have been shared for research or quality improvement, or via opaque vendor contracts.
The co-authors of this abstract, all members of the Ethical, Legal, and Social Issues (ELSI) Working Group of the American Medical Informatics Association (AMIA), undertook a study to inform future research and policy directions on medical data privacy. The study included data sharing for research, typically overseen by institutional review boards (IRB), which under federal regulation have responsibility for human subjects research. However, there are many other types of data sharing that also emerged in this study: Pharmaceutical and other biotechnology companies obtain and use clinical data for both research and development as well as for targeted marketing. Software firms use clinical data to develop new algorithms intended for sale to the healthcare industry. Data brokers, in some cases, serve as intermediaries. The scale and secrecy of many of these data sharing activities raise important ethical questions about privacy and transparency.
Note:
Funding Information: The study was not funded.
Conflict of Interests: No one has relevant funding or a Conflict of Interest with this work.
Ethical Approval: The University of Utah IRB found the study to be exempt from federal regulations regarding human subjects research.
Keywords: health data, privacy, data sharing, HIPAA, IRBs, consent, ethics, bioethics, ELSI
Suggested Citation: Suggested Citation