Variation in Data Sharing Practices and Privacy Gaps in US Hospitals and Health Systems

"Variation in Data Sharing Practices and Privacy Gaps in US Hospitals and Health Systems," B. Jackson, R. Schreiber, R. Koppel, V. Nichols Johnson, A. Solomonides, P. DeMuro, L. Ozeran, B. Kaplan. American Medical Informatics Association Annual Symposium, New Orleans, LA, November 2023.

2 Pages Posted: 26 Aug 2023

See all articles by Brian Jackson

Brian Jackson

University of Utah

Richard Schreiber

Penn State Health Holy Spirit Medical Center; Johns Hopkins University - Johns Hopkins Medical Institutions; University of Maryland - Center for Bioinformatics and Computational Biology

Ross Koppel

University of Pennsylvania; University at Buffalo (SUNY)

Victoria Nichols-Johnson

Southern Illinois University School of Medicine

Anthony E. Solomonides

NorthShore University HealthSystem / Research Institute

Paul DeMuro

Nossaman LLP

Larry Ozeran

Clinical Informatics, Inc.

Bonnie Kaplan

Yale University; Yale University - Yale Information Society Project; Department of Biostatistics (Health Informatics); Yale Interdisciplinary Center for Bioethics; Yale Law School

Date Written: August 11, 2023

Abstract

US hospitals and health systems commonly share clinical data with third parties for a wide variety of purposes that go beyond the needs of direct treatment and clinical care, payment, and healthcare operations (TPO). In most cases this sharing takes advantage of HIPAA’s de-identification exemption. There is only scant literature on policies and processes through which different healthcare organizations oversee and control such sharing. Hospitals, while well-intended, are not always aware of extensive reuse and resale of their patients’ clinical data that have been shared for research or quality improvement, or via opaque vendor contracts.

The co-authors of this abstract, all members of the Ethical, Legal, and Social Issues (ELSI) Working Group of the American Medical Informatics Association (AMIA), undertook a study to inform future research and policy directions on medical data privacy. The study included data sharing for research, typically overseen by institutional review boards (IRB), which under federal regulation have responsibility for human subjects research. However, there are many other types of data sharing that also emerged in this study: Pharmaceutical and other biotechnology companies obtain and use clinical data for both research and development as well as for targeted marketing. Software firms use clinical data to develop new algorithms intended for sale to the healthcare industry. Data brokers, in some cases, serve as intermediaries. The scale and secrecy of many of these data sharing activities raise important ethical questions about privacy and transparency.

Note:

Funding Information: The study was not funded.

Conflict of Interests: No one has relevant funding or a Conflict of Interest with this work.

Ethical Approval: The University of Utah IRB found the study to be exempt from federal regulations regarding human subjects research.

Keywords: health data, privacy, data sharing, HIPAA, IRBs, consent, ethics, bioethics, ELSI

Suggested Citation

Jackson, Brian and Schreiber, Richard and Koppel, Ross and Nichols-Johnson, Victoria and Solomonides, Anthony E. and DeMuro, Paul and Ozeran, Larry and Kaplan, Bonnie, Variation in Data Sharing Practices and Privacy Gaps in US Hospitals and Health Systems (August 11, 2023). "Variation in Data Sharing Practices and Privacy Gaps in US Hospitals and Health Systems," B. Jackson, R. Schreiber, R. Koppel, V. Nichols Johnson, A. Solomonides, P. DeMuro, L. Ozeran, B. Kaplan. American Medical Informatics Association Annual Symposium, New Orleans, LA, November 2023., Available at SSRN: https://ssrn.com/abstract=4544350

Brian Jackson

University of Utah

Richard Schreiber

Penn State Health Holy Spirit Medical Center ( email )

431 North 21st Street
Suite 101
Camp Hill, PA 17011
United States

Johns Hopkins University - Johns Hopkins Medical Institutions ( email )

550 N. Broadway
Baltimore, MD 21205
United States

University of Maryland - Center for Bioinformatics and Computational Biology ( email )

College Park
College Park, MD 20742
United States

Ross Koppel

University of Pennsylvania ( email )

Philadelphia, PA 19104
United States

University at Buffalo (SUNY) ( email )

12 Capen Hall
Buffalo, NY 14260
United States

Victoria Nichols-Johnson

Southern Illinois University School of Medicine ( email )

PO Box 9556
Springfield, IL 62791
United States
217-725-4665 (Phone)
217-787-2444 (Fax)

Anthony E. Solomonides

NorthShore University HealthSystem / Research Institute ( email )

1001 University Place
Evanston, IL 60201
United States
2243647497 (Phone)

Paul DeMuro

Nossaman LLP ( email )

1585 N. Prosperity Lane
Wilson, WY Teton County 83014
United States
12133087859 (Phone)

Larry Ozeran

Clinical Informatics, Inc. ( email )

P. O. Box 884
Woodland, CA 95777
United States

Bonnie Kaplan (Contact Author)

Yale University ( email )

New Haven, CT CT 06520
United States

HOME PAGE: http://https://medicine.yale.edu/profile/bonnie-kaplan/

Yale University - Yale Information Society Project ( email )

127 Wall Street
New Haven, CT 06511
United States

Department of Biostatistics (Health Informatics) ( email )

Yale School of Public Health
60 College St.
New Haven, CT 06511
United States

Yale Interdisciplinary Center for Bioethics ( email )

238 Prospect Street
New Haven, CT 06515
United States

Yale Law School ( email )

127 Wall Street
New Haven, CT 06510
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
47
Abstract Views
303
PlumX Metrics